Multiprotocol Label Switching
This module describes Multiprotocol Label Switching (MPLS) and how to configure it on Cisco switches.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This module describes Multiprotocol Label Switching (MPLS) and how to configure it on Cisco switches.
MPLS fragmentation is not supported.
MPLS maximum transmission unit (MTU) is not supported.
Cisco Catalyst 9600 Series Supervisor 2 Module only supports the per-VRF MPLS label allocation mode for local label allocation. This is also the default mode. However, Cisco Catalyst 9600 Series Supervisor 2 Module can interoperate with remote peers operating in the per-prefix mode.
MPLS combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. MPLS enables you to meet the challenges of explosive growth in network utilization while providing the opportunity to differentiate services without sacrificing the existing network infrastructure. The MPLS architecture is flexible and can be employed in any combination of Layer 2 technologies. MPLS support is offered for all Layer 3 protocols, and scaling is possible well beyond that typically offered in today’s networks.
Label switching is a high-performance packet forwarding technology that integrates the performance and traffic management capabilities of data link layer (Layer 2) switching with the scalability, flexibility, and performance of network layer (Layer 3) routing.
In conventional Layer 3 forwarding mechanisms, as a packet traverses the network, each switch extracts all the information relevant to forwarding the packet from the Layer 3 header. This information is then used as an index for a routing table lookup to determine the next hop for the packet.
In the most common case, the only relevant field in the header is the destination address field, but in some cases, other header fields might also be relevant. As a result, the header analysis must be done independently at each switch through which the packet passes. In addition, a complicated table lookup must also be done at each switch.
In label switching, the analysis of the Layer 3 header is done only once. The Layer 3 header is then mapped into a fixed length, unstructured value called a label .
Many different headers can map to the same label, as long as those headers always result in the same choice of next hop. In effect, a label represents a forwarding equivalence class --that is, a set of packets which, however different they may be, are indistinguishable by the forwarding function.
The initial choice of a label need not be based exclusively on the contents of the Layer 3 packet header; for example, forwarding decisions at subsequent hops can also be based on routing policy.
After a label is assigned, a short label header is added at the front of the Layer 3 packet. This header is carried across the network as part of the packet. At subsequent hops through each MPLS switch in the network, labels are swapped and forwarding decisions are made by means of MPLS forwarding table lookup for the label carried in the packet header. Hence, the packet header does not need to be reevaluated during packet transit through the network. Because the label is of fixed length and unstructured, the MPLS forwarding table lookup process is both straightforward and fast.
Each label switching router (LSR) in the network makes an independent, local decision as to which label value to use to represent a forwarding equivalence class. This association is known as a label binding. Each LSR informs its neighbors of the label bindings it has made. This awareness of label bindings by neighboring switches is facilitated by the following protocols:
Label Distribution Protocol (LDP)--enables peer LSRs in an MPLS network to exchange label binding information for supporting hop-by-hop forwarding in an MPLS network
Border Gateway Protocol (BGP)--Used to support MPLS virtual private networks (VPNs)
When a labeled packet is being sent from LSR A to the neighboring LSR B, the label value carried by the IP packet is the label value that LSR B assigned to represent the forwarding equivalence class of the packet. Thus, the label value changes as the IP packet traverses the network.
For more information about LDP configuration, see the see MPLS: LDP Configuration Guide at http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/config_library/xe-3s/mp-xe-3s-library.html
Note |
As the scale of label entries is limited in, especially with ECMP, it is recommended to enable LDP label filtering. LDP labels shall be allocated only for well known prefixes like loopback interfaces of routers and any prefix that needs to be reachable in the global routing table. |
A MPLS VPN consists of a set of sites that are interconnected by means of an MPLS provider core network. At each customer site, one or more customer edge (CE) routers attach to one or more provider edge (PE) routers.
Before configuring MPLS Layer 3 VPNs, you should have MPLS, LDP, and Cisco Express Forwarding (CEF) installed in your network. All routers in the core, including the PE routers, must be able to support CEF and MPLS forwarding.
The QoS EXP Matching feature allows you to organize network traffic by setting values for the MPLS EXP field in MPLS packets. By choosing different values for the MPLS EXP field, you can mark packets so that packets have the priority that they require during periods of congestion. Setting the MPLS EXP value allows you to:
Classify traffic: The classification process selects the traffic to be marked. Classification accomplishes this by partitioning traffic into multiple priority levels, or classes of service. Traffic classification is the primary component of class-based QoS provisioning.
Police and mark traffic: Policing causes traffic that exceeds the configured rate to be discarded or marked to a different drop level. Marking traffic is a way to identify packet flows to differentiate them. Packet marking allows you to partition your network into multiple priority levels or classes of service.
Only Uniform mode and Pipe mode are supported; Short-pipe mode is not supported.
Support range of QoS-group values range between 0 and 30. (Total 31 QoS-groups).
EXP marking using QoS policy is supported only on the outer label; inner EXP marking is not supported.
From the Cisco IOS XE Dublin 17.11.1 release, MPLS packets can be encrypted with a MACsec tag. Media Access Control security (MACsec) protocol is a IEEE 802.1AE standard for authenticating and encrypting packets between two MACsec-capable devices. To use MPLS with MACsec both MPLS and MACsec need to be configured on both the devices. When an MPLS packet is forwarded by one device, the MPLS packet is treated as the inner payload and is encrypted with a MACsec tag. This encrypted packet is then securely forwarded to the other device. MACsec encryption safeguards the network against a range of attacks including denial of service, intrusion, man-in-the-middle and eavesdropping. The other device receives the MACsec tagged MPLS packet. It decrypts the MACsec tag and forwards the MPLS packet.
This section explains how to perform the basic configuration required to prepare a switch for MPLS switching and forwarding.
Before you configure MPLS switching on Cisco switches, ensure that the Cisco Express Forwarding (CEF) is enabled.
Note |
The command ip unnumbered is not supported in MPLS configuration. |
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password, if prompted. |
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
Step 3 |
ip cef distributed Example:
|
Enables Cisco Express Forwarding on the switch. |
Step 4 |
mpls label range minimum-value maximum-value Example:
|
Configure the range of local labels available for use with MPLS applications on packet interfaces. |
Step 5 |
mpls label protocol ldp Example:
|
Specifies the label distribution protocol for the platform. |
Before you configure MPLS forwarding on Cisco switches, ensure that the forwarding of IPv4 packets is enabled.
Note |
The command ip unnumbered is not supported in MPLS configuration. |
Command or Action | Purpose | |||
---|---|---|---|---|
Step 1 |
enable Example:
|
Enables privileged EXEC mode. Enter your password, if prompted. |
||
Step 2 |
configure terminal Example:
|
Enters global configuration mode. |
||
Step 3 |
interface type slot / subslot / port Example:
|
|
||
Step 4 |
mpls ip Example:
|
Enables MPLS forwarding of IPv4 packets along routed physical interfaces (Gigabit Ethernet), Switch Virtual Interface (SVI), or port channels. |
||
Step 5 |
mpls label protocol ldp Example:
|
Specifies the label distribution protocol for an interface.
|
||
Step 6 |
end Example:
|
Exits interface configuration mode and returns to privileged EXEC mode. |
This section explains how to verify successful configuration of MPLS switching and forwarding.
To verify whether Cisco Express Forwarding has been configured properly, enter the show ip cef summary command, which generates output similar to that shown below:
show ip cef summary Example:
|
To verify whether MPLS forwarding has been configured properly, enter the show mpls interfaces detail command, which generates output similar to that shown below:
Note |
The MPLS MTU value is equivalent to the IP MTU value of the port or switch by default. MTU configuration for MPLS is not supported. |
Step 1 |
show mpls interfaces detail Example:
|
Step 2 |
show running-config interface Example:
|
Step 3 |
show mpls forwarding Example:
|
Related Topic |
Document Title |
---|---|
For complete syntax and usage information for the commands used in this chapter. |
See the Multiprotocol Label Switching (MPLS) Commands section of the Command Reference (Catalyst 9600 Series Switches) |
This table provides release and related information for features explained in this module.
These features are available on all releases subsequent to the one they were introduced in, unless noted otherwise.
Release |
Feature |
Feature Information |
---|---|---|
Cisco IOS XE Gibraltar 16.11.1 |
Multiprotocol Label Switching |
Multiprotocol Label Switching combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. |
Cisco IOS XE Cupertino 17.7.1 |
Multiprotocol Label Switching |
This feature was implemented on Cisco Catalyst 9600 Series Supervisor 2 Module (C9600X-SUP-2). |
Cisco IOS XE Dublin 17.11.1 |
LAN MACsec over MPLS |
LAN MACsec over MPLS allows MPLS packets to be encrypted with a MACsec tag. This allows for the flexibility and capability of MPLS to be used with the encryption and security of MACsec. |
Use Cisco Feature Navigator to find information about platform and software image support. To access Cisco Feature Navigator, go to https://cfnng.cisco.com/.