Noction Flow Analyzer v23.05 is here. This version comes with a number of new features...
BGP Labeled Unicast (BGP-LU)
BGP speaker uses BGP-LU to attach the MPLS label to an advertised Interior Gateway protocol (IGP) prefix and distribute the MPLS label mapped to the prefix to its peers. The speaker may advertise more than a single route to a destination as long as such route has its own label.
The speaker indicates its capability to carry the labels mapping information inside of an OPEN message. If the peer does not support this capability, it sends a NOTIFICATION message to the speaker with the Error Subcode set to Unsupported Optional Parameter, as it is defined in RFC5492. This ensures that the speaker sends the label mapping information inside of the BGP UPDATE message only when the peer can actually process an UPDATE message.
Picture 1 depicts an Address Family Identifier (AFI) value 1 – IPv4 as well as the Subsequent Address family identifier (SAFI) value 4 – Labeled Unicast inside of an OPEN message.
Picture 1: AFI 1 and SAFI 4 shared in a BGP OPEN Message
Label mapping information is carried as part of the Network Layer Reachability Information (NLRI) in the Multiprotocol Extensions attributes inside of a BGP UPDATE message (Picture 2). AFI value 1 identifies the address family of the associated route. SAFI 4 indicates that NLRI contains a label. A single UPDATE message can carry multiple routes, each route has its own label.
Picture 2 depicts a BGP UPDATE Message with the Label Stack 0 (Withdrawn). According to RFC 3107, a BGP speaker can withdraw a previously advertised route as well as the binding between the route and label by advertising a new route and label with the same NLRI as a previously advertised route. The route can also be withdrawn by listing the NLRI of the previously advertised route in the withdrawn Routes field of an UPDATE message.
Picture 2: BGP UPDATE Message with the Label Stack 0 (Withdrawn)
IPv6 labeled unicast is used in a 6PE scenario, where the provider’s core MPLS network is IPv4 and is being used to connect the IPv6 speaking PE routers. IPv4 labeled unicast is used to connect multiple regions that may run different IGPs, with no redistribution from one IGP to another. For instance, one region can operate IS-IS while other region can operate OSPF. When a single IGP is used, regions consist of individual OSPF areas or IS-IS levels. No IGP routing information, LDP or RSVP signaling are exchanged between the regions, BGP-LU is used for the routes distribution along with their labels. For this reason, we must implement a configuration that prevents exchanging routing information outside of a region within the OSPF area or the IS-IS level.
BGP-LU is used to provide connectivity between regions by advertising PE loopbacks and label bindings to the Regional Border Routers (RBR). RBRs then advertise the loopbacks and label bindings to remote PEs in other regions. BGP-LU advertisements only impact the PE routers and the border routers and not the transport routers in the middle of the connectivity chain. When the BGP peers are adjacent, a BGP speaker can push the label advertised by its neighbor for a certain prefix onto an MPLS packet for forwarding. However, when the BGP peers are not adjacent, separated by the MPLS network, there must be a label-switched path (LSP) between the label switch routers (LSRs). Every LSR router in the region must take an appropriate action (push or swap) on LDP or a label distributed by LSR (RFC3107). To explain it better, imagine that there are four routers R1, R2, R3 and R4 with R1 and R4 being BGP peers. Let’s say that router R4 advertises a prefix and a label L for this prefix using BGP-LU to R1. R1 cannot forward this label L on the top of the stack. Only router R4 must see the label. Instead, R1 must push another label on top of the one, that the router R2 distributed. Similarly, R2 must swap the top label so that R3 sees the label that it distributed. R3 swaps the label so there is label L on top of the stack. Router R4 then can process label L.
Picture 3 depicts the control plane (BGP) and the forwarding-plane for a network topology consisting of the two aggregation regions and one core region. The loopback prefix 10.1.1.7/32 is advertised from PE2 router towards PE1 router by PE2, ABR2 and ABR1 routers. The BGP label for the RFC 3107 route 10.1.1.7/32 received by ABR2 from PE2 is 3. This is the implicit null label that indicates the penultimate-hop popping (PHP). P3 is a PHP router for LSP. It pops the LDP label and forwards traffic to the egress PE2 switch with a L3VPN label only. The PE2 switch then performs an IP route lookup and forwards the traffic. ABR2 advertises prefix 10.1.1.7/32 with the label 14003 towards ABR1. Similarly, ABR1 router advertises route 10.1.1.7/32 with a label 14005 towards PE1. Label 14000 is the LDP label learned from P2 by PE1 for prefix 10.1.1.3/32. Label 14005 is is BGP RFC3107 label learned for prefix 10.1.1.7/32. Label 14005 is swapped with a label 14003 on ABR1. Label 14003 is then swapped with label 14001 on ABR2.
Picture 3: Label Advertisement in Multi-region Network
|Note: The MPLS L3VPN service is deployed between PE1 and PE2 routers. Learn more about BGP L3VPNs here.|
Service provides who divide their MPLS networks into multiple-regions with different IGP instances running within those regions benefit from the increased scale of their networks and faster convergence times when the BGP LU is used. A failure in one region does not affect another region in such scenarios, the IGP convergence times are faster while the forwarding tables of the routers are smaller.
Boost BGP Preformance
Automate BGP Routing optimization with Noction IRP
SUBSCRIBE TO NEWSLETTER
You May Also Like
Diverting DDoS traffic using the FlowSpec redirect-to-IP next-hop capability (configuration example)
Distributed denial-of-service (DDoS) attacks can be a major threat to the availability and security of networks. These...
Diverting DDoS traffic using the FlowSpec redirect via VRF capability. Configuration example.
In the previous article, we described different DDoS attacks and their impact on network infrastructure. We focused on...
BGP traffic rerouting, Flowspec, and the DDoS Scrubbing Centers
When it comes to distributed denial-of-service (DDoS) attacks, they are far from a downward trend. Although the...