MPLS VPN—Per VRF Label
First Published: June 29, 2007
Last Updated: December 5, 2008
The MPLS VPN—Per VRF Label feature (hereafter, in this document, referred to as the Per VRF Label feature or the Per VRF feature) allows you to configure a single Virtual Private Network (VPN) label for all local routes in the entire VPN routing and forwarding (VRF) domain on Cisco 6500 routers. This MPLS VPN—Per VRF Label feature incorporates a single (per VRF) VPN label that for all local routes in the VRF table.
You can enable (or disable) the MPLS VPN—Per VRF Label feature in global configuration mode. This feature is available for the Cisco 6500 router only.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the "Feature Information for MPLS VPN—Per VRF Label" section.
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Contents
This document includes the following topics:
•Prerequisites for the Per VRF Label Feature
•Restrictions for the Per VRF Label Feature
•Information About the Per VRF Label Feature
•How to Configure the Per VRF Label Feature
•Configuration Examples for the Per VRF Label feature
•Additional References
•Command Reference
•Feature Information for MPLS VPN—Per VRF Label
Prerequisites for the Per VRF Label Feature
•If your VRF domain has the external/internal Border Gateway Protocol (EIBGP) multipath feature or the Carrier Supporting Carrier (CSC) feature enabled, disable those features before you configure the Per VRF Label feature.
•Before configuring Multiprotocol Label Switching (MPLS) Layer 3 VPNs, you must have MPLS, Label Distribution Protocol (LDP), and Cisco Express Forwarding (CEF) installed in your network. All routers in the core, including the Provider Edge (PE) routers, must be able to support CEF and MPLS forwarding.
Restrictions for the Per VRF Label Feature
•Enabling the Per VRF Label feature causes BGP reconvergence, which can result in data loss for traffic coming from the MPLS VPN core.
Note You can minimize network disruption by enabling this feature during a scheduled MPLS maintenance window. Also, if possible, avoid enabling this feature on a live router.
•There is no performance degradation when you configure up to 511 VRFs; however, when you add more than 511 VRFs, your network might experience some minor performance degradation (similar to the normal degradation experienced by any of the directly connected VRF prefixes present in the router).
•Per-prefix MPLS counters for VPN prefixes are lost when you enable the Per VRF Label feature.
•You cannot use this feature with CSC and EIBGP multipath features.
Information About the Per VRF Label Feature
To configure the MPLS VPN—Per VRF Label feature, you should understand the following concept:
•MPLS VPN—Per VRF Label Functionality
MPLS VPN—Per VRF Label Functionality
The PE stores both local and remote routes and includes a label entry for each route. For distributed platforms, the per-prefix labels consume memory. When there are many VRFs and routes, the amount of memory that the per-prefix labels consume can become an issue.
This new Per VRF Label feature allows the advertisement of a single VPN label for local routes throughout the entire VRF. The router uses a new VPN label for the VRF decoding and IP-based lookup to learn where to forward packets for the PE or customer edge (CE) interfaces.
The following conditions apply when you configure the Per VRF Label feature:
•The VRF uses one label for all local routes.
•When you enable the Per VRF Label feature, any existing Per VRF Aggregate label is used. If no Per VRF Aggregate label is present, the software creates a new Per VRF label.
•When you enable the Per VRF Label feature, the CE router's learned local routes will experience some data loss.
The CE does not lose data when you disable the Per VRF Label feature because when you disable the feature, the configuration reverts to the default labeling configuration of the Cisco 6500 platform, which uses the Per VRF Aggregate label from the local nonCE-sourced routes.
•When you disable the Per VRF Label feature, the configuration reverts to the default configuration of the Cisco 6500 routers.
•A Per VRF label forwarding entry is deleted only if the VRF or the BGP configuration is removed.
Summarization of Label Allocation Modes
Table 1 defines the label allocations used with various route types.
Table 1 Label Allocation Modes
|
Label Mode:
Cisco 6500 Default
|
Label Mode:
Per VRF Label Feature
|
Local to the PE (connected, static route to NULL0, BGP aggregates), redistributed to BGP |
Per VRF Aggregate label |
Per VRF label |
Locally learned from CE (through EBGP or other PE or CE protocols) |
Per Prefix label |
Per VRF label |
How to Configure the Per VRF Label Feature
This section describes the following required task:
•Configuring the Per VRF Label Feature
Configuring the Per VRF Label Feature
To configure the Per VRF Label feature, perform the following task.
SUMMARY STEPS
1. enable
2. configure terminal
3. mpls label mode {vrf vrf-name | all-vrfs} protocol bgp-vpnv4 {per-prefix | per-vrf}
4. end
5. show ip vrf detail
DETAILED STEPS
|
|
|
Step 1 |
enable
Router> enable |
Enables privileged EXEC mode. •Enter your password if prompted. |
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
mpls label mode {vrf vrf-name | all-vrfs} protocol bgp-vpnv4 {per-prefix | per-vrf}
Router(config)# mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf |
Configures the Per VRF Label feature. |
Step 4 |
end
Router(config)# end |
Returns to privileged EXEC mode. |
Step 5 |
show ip vrf detail
Router# show ip vrf detail |
Displays the VRF label mode. |
Examples
The following command example shows how to verify the Per VRF Label configuration:
In this example output, the bold text indicates the label modes:
Router# show ip vrf detail
VRF vpn1; default RD 1:1; default VPNID <not set>
Ethernet0/0 Serial5/0 Loopback1
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-vrf (Label 19)
VRF vpn2; default RD 2:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-vrf (Label 20)
VRF vpn3; default RD 3:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-vrf (Label 23)
Router# show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 1:1 (vpn1)
127.0.0.1/32 192.168.1.1 IPv4 VRF Aggr:19/nolabel
127.0.0.5/32 127.0.0.4 nolabel/19
192.168.1.0/24 192.168.1.1 IPv4 VRF Aggr:19/nolabel
0.0.0.0 IPv4 VRF Aggr:19/aggregate(vpn1)
192.168.4.0/24 127.0.0.4 nolabel/20
172.16.0.0/16 0.0.0.0 IPv4 VRF Aggr:19/aggregate(vpn1)
172.16.128.0/32 192.168.1.1 IPv4 VRF Aggr:19/nolabel
Route Distinguisher: 2:1 (vpn2)
127.0.2.2/32 0.0.0.0 IPv4 VRF Aggr:20/aggregate(vpn2)
127.0.0.6/32 192.168.5.1 IPv4 VRF Aggr:20/nolabel
192.168.5.0/24 0.0.0.0 IPv4 VRF Aggr:20/aggregate(vpn2)
172.17.128.0/32 192.168.5.1 IPv4 VRF Aggr:20/nolabel
Route Distinguisher: 3:1 (vpn3)
127.0.3.2/32 0.0.0.0 IPv4 VRF Aggr:23/aggregate(vpn3)
127.0.0.8/32 192.168.7.1 IPv4 VRF Aggr:23/nolabel
192.168.7.0/24 0.0.0.0 IPv4 VRF Aggr:23/aggregate(vpn3)
172.16.128.0/32 192.168.7.1 IPv4 VRF Aggr:23/nolabel
Router# show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.3.0/24 0 Et1/0 192.168.2.3
17 Pop tag 127.0.0.3/32 0 Et1/0 192.168.2.3
18 17 127.0.0.4/32 0 Et1/0 192.168.2.3
19 Pop Label IPv4 VRF[V] 0 aggregate/vpn1
20 Pop Label IPv4 VRF[V] 0 aggregate/vpn2
23 Pop Label IPv4 VRF[V] 0 aggregate/vpn3
Configuration Examples for the Per VRF Label feature
This section shows examples for three different configurations:
•No Label Mode (Cisco 6500 Router Default): Example
•Mixed Mode (with Global Per-Prefix): Example
•Mixed Mode (with Global Per-VRF): Example
No Label Mode (Cisco 6500 Router Default): Example
The following example shows the default label mode configuration (no label mode) for the Cisco 6500 router.
In this example output, the bold text indicates the label modes:
Router# show ip vrf detail
VRF vpn1; default RD 1:1; default VPNID <not set>
Ethernet0/0 Serial5/0 Loopback1
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-prefix
per-vrf-aggr for connected and BGP aggregates (Label 19)
VRF vpn2; default RD 2:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-prefix
per-vrf-aggr for connected and BGP aggregates (Label 20)
VRF vpn3; default RD 3:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-prefix
per-vrf-aggr for connected and BGP aggregates (Label 23)
Router# show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 1:1 (vpn1)
127.0.0.1/32 192.168.1.1 27/nolabel
127.0.0.5/32 127.0.0.4 nolabel/19
192.168.1.0/24 192.168.1.1 IPv4 VRF Aggr:19/nolabel
0.0.0.0 IPv4 VRF Aggr:19/aggregate(vpn1)
192.168.4.0/24 127.0.0.4 nolabel/20
172.16.0.0/16 0.0.0.0 IPv4 VRF Aggr:19/aggregate(vpn1)
172.16.128.0/32 192.168.1.1 28/nolabel
Route Distinguisher: 2:1 (vpn2)
127.0.2.2/32 0.0.0.0 IPv4 VRF Aggr:20/aggregate(vpn2)
127.0.0.6/32 192.168.5.1 21/nolabel
192.168.5.0/24 0.0.0.0 IPv4 VRF Aggr:20/aggregate(vpn2)
172.17.128.0/32 192.168.5.1 22/nolabel
Route Distinguisher: 3:1 (vpn3)
127.0.3.2/32 0.0.0.0 IPv4 VRF Aggr:23/aggregate(vpn3)
127.0.0.8/32 192.168.7.1 24/nolabel
192.168.7.0/24 0.0.0.0 IPv4 VRF Aggr:23/aggregate(vpn3)
172.16.128.0/32 192.168.7.1 25/nolabel
Router# show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.3.0/24 0 Et1/0 192.168.2.3
17 Pop tag 127.0.0.3/32 0 Et1/0 192.168.2.3
18 17 127.0.0.4/32 0 Et1/0 192.168.2.3
19 Pop Label IPv4 VRF[V] 0 aggregate/vpn1
20 Pop Label IPv4 VRF[V] 0 aggregate/vpn2
21 Untagged 127.0.0.6/32[V] 0 Et2/0 192.168.5.1
22 Untagged 172.17.128.0/32[V]0 Et2/0 192.168.5.1
23 Pop Label IPv4 VRF[V] 0 aggregate/vpn3
24 Untagged 127.0.0.8/32[V] 0 Et3/0 192.168.7.1
25 Untagged 172.16.128.0/32[V]0 Et3/0 192.168.7.1
27 Untagged 127.0.0.1/32[V] 0 Et0/0 192.168.1.1
28 Untagged 172.16.128.0/32[V]0 Et0/0 192.168.1.1
Mixed Mode (with Global Per-Prefix): Example
For this example, the following commands set VPN 1 for per-vrf label mode, VPN 2 for per-prefix label mode, and all remaining VPNs for per-prefix (globally).
In this example output, the bold text indicates the label modes:
Router# mpls label mode vrf vpn1 protocol bgp-vpnv4 per-vrf
Router# mpls label mode vrf vpn2 protocol bgp-vpnv4 per-prefix
Use the following show commands to display the label mode settings:
Router# show ip vrf detail
VRF vpn1; default RD 1:1; default VPNID <not set>
Ethernet0/0 Serial5/0 Loopback1
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-vrf (Label 26)
VRF vpn2; default RD 2:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-prefix
per-vrf-aggr for connected and BGP aggregates (Label 27)
VRF vpn3; default RD 3:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-prefix
per-vrf-aggr for connected and BGP aggregates (Label 28)
Router# show ip bgp vpnv4 all label
Network Next Hop In label/Out label
Route Distinguisher: 1:1 (vpn1)
127.0.0.1/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel
127.0.0.5/32 127.0.0.4 nolabel/19
192.168.1.0/24 0.0.0.0 IPv4 VRF Aggr:26/aggregate(vpn1)
192.168.1.1 IPv4 VRF Aggr:26/nolabel
192.168.4.0/24 127.0.0.4 nolabel/20
172.16.0.0/16 0.0.0.0 IPv4 VRF Aggr:26/aggregate(vpn1)
172.16.128.0/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel
Route Distinguisher: 2:1 (vpn2)
127.0.2.2/32 0.0.0.0 IPv4 VRF Aggr:27/aggregate(vpn2)
127.0.0.6/32 192.168.5.1 20/nolabel
192.168.5.0/24 0.0.0.0 IPv4 VRF Aggr:27/aggregate(vpn2)
172.17.128.0/32 192.168.5.1 21/nolabel
Route Distinguisher: 3:1 (vpn3)
127.0.3.2/32 0.0.0.0 IPv4 VRF Aggr:28/aggregate(vpn3)
127.0.0.8/32 192.168.7.1 22/nolabel
192.168.7.0/24 0.0.0.0 IPv4 VRF Aggr:28/aggregate(vpn3)
172.16.128.0/32 192.168.7.1 23/nolabel
Router# show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.3.0/24 0 Et1/0 192.168.2.3
17 Pop tag 127.0.0.3/32 0 Et1/0 192.168.2.3
18 17 127.0.0.4/32 0 Et1/0 192.168.2.3
20 Untagged 127.0.0.6/32[V] 0 Et2/0 192.168.5.1
21 Untagged 172.17.128.0/32[V]0 Et2/0 192.168.5.1
22 Untagged 127.0.0.8/32[V] 0 Et3/0 192.168.7.1
23 Untagged 172.16.128.0/32[V]0 Et3/0 192.168.7.1
26 Pop Label IPv4 VRF[V] 0 aggregate/vpn1
27 Pop Label IPv4 VRF[V] 0 aggregate/vpn1
28 Pop Label IPv4 VRF[V] 0 aggregate/vpn1
Mixed Mode (with Global Per-VRF): Example
For this example, the following commands set VPN 1 for per-vrf label mode, VPN 2 for per-prefix label mode, and all remaining VPNs for per-vrf (globally).
In this example output, the bold text indicates the label modes:
Router# mpls label mode vrf vpn1 protocol bgp-vpnv4 per-vrf
Router# mpls label mode vrf vpn2 protocol bgp-vpnv4 per-prefix
Router# mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf
Router# show ip vrf detail
VRF vpn1; default RD 1:1; default VPNID <not set>
Ethernet0/0 Serial5/0 Loopback1
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-vrf (Label 26)
VRF vpn2; default RD 2:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-prefix
per-vrf-aggr for connected and BGP aggregates (Label 27)
VRF vpn3; default RD 3:1; default VPNID <not set>
Connected addresses are not in global routing table
Export VPN route-target communities
Import VPN route-target communities
VRF label allocation mode: per-vrf (Label 28)
Router# show ip bgp vpnv4 all label
Network Next Hop In label/Out label
Route Distinguisher: 1:1 (vpn1)
127.0.0.1/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel
127.0.0.5/32 127.0.0.4 nolabel/19
192.168.1.0/24 0.0.0.0 IPv4 VRF Aggr:26/aggregate(vpn1)
192.168.1.1 IPv4 VRF Aggr:26/nolabel
192.168.4.0/24 127.0.0.4 nolabel/20
172.16.0.0/16 0.0.0.0 IPv4 VRF Aggr:26/aggregate(vpn1)
172.16.128.0/32 192.168.1.1 IPv4 VRF Aggr:26/nolabel
Route Distinguisher: 2:1 (vpn2)
127.0.2.2/32 0.0.0.0 IPv4 VRF Aggr:27/aggregate(vpn2)
127.0.0.6/32 192.168.5.1 20/nolabel
192.168.5.0/24 0.0.0.0 IPv4 VRF Aggr:27/aggregate(vpn2)
172.17.128.0/32 192.168.5.1 21/nolabel
Route Distinguisher: 3:1 (vpn3)
127.0.3.2/32 0.0.0.0 IPv4 VRF Aggr:28/aggregate(vpn3)
127.0.0.8/32 192.168.7.1 IPv4 VRF Aggr:28/nolabel
192.168.7.0/24 0.0.0.0 IPv4 VRF Aggr:28/aggregate(vpn3)
172.16.128.0/32 192.168.7.1 IPv4 VRF Aggr:28/nolabel
Router# show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.3.0/24 0 Et1/0 192.168.2.3
17 Pop tag 127.0.0.3/32 0 Et1/0 192.168.2.3
18 17 127.0.0.4/32 0 Et1/0 192.168.2.3
20 Untagged 127.0.0.6/32[V] 0 Et2/0 192.168.5.1
21 Untagged 172.17.128.0/32[V]0 Et2/0 192.168.5.1
26 Pop Label IPv4 VRF[V] 0 aggregate/vpn1
27 Pop Label IPv4 VRF[V] 0 aggregate/vpn2
28 Pop Label IPv4 VRF[V] 0 aggregate/vpn3
Additional References
The following sections provide references related to the Per VRF Label feature.
Related Documents
Standards
|
|
No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. |
— |
MIBs
|
|
No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs |
RFCs
Technical Assistance
|
|
The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. |
http://www.cisco.com/techsupport |
Command Reference
The following commands are introduced or modified in the feature or features documented in this module. For information about these commands, see the Cisco IOS Multiprotocol Label Switching Command Reference at http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_book.html. For information about all Cisco IOS commands, use the Command Lookup Tool at http://tools.cisco.com/Support/CLILookup or the Cisco IOS Master Command List, All Releases, at http://www.cisco.com/en/US/docs/ios/mcl/allreleasemcl/all_book.html.
•debug ip bgp vpnv4 unicast
•mpls label mode
Feature Information for MPLS VPN—Per VRF Label
Table 2 lists the release history for this feature.
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Table 2 Feature Information for MPLS VPN—Per VRF Label
|
|
|
MPLS VPN—Per VRF Label |
12.2(33)SRD |
This feature allows a user to configure a single VPN label for all local routes in the entire VPN routing and forwarding (VRF) domain on Cisco 6500 routers. The feature incorporates a single (per VRF) VPN label for all local routes in the VRF table. You can enable (or disable) the MPLS VPN—Per VRF Label feature in global configuration mode using a new, hidden, command. This feature is available for the Cisco 6500 router only In 12.2(33)SRD, this feature was integrated. |
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2008 Cisco Systems, Inc. All rights reserved.