The other day I was troubleshooting a particular MPLS network and I was wondering if it was supposed to have either three labels or four labels stacked in that design. As it turns out, three labels is the normal situation, i.e. when there are no network failure events, and four labels when RSVP link-protection (facility backup) kicks in. If you don’t need a detailed explanation about this design and configuration, just jump straight to Table 1, you’ll probably find what you want, enjoy!
This MPLS network design has both RSVP and LDP enabled as illustrated in Figure 1. RSVP is running in the core (
vMX6), for LSP traffic engineering, and all PEs (
vMX8) run LDP as the MPLS infrastructure protocol and they provide L3VPN as a service. To make these LDP LSPs end-to-end,
vMX6 are tunneling LDP over RSVP. The third label in the MPLS stack appers as a result of this LDP tunneling. As you’ll see shortly, the fourth label will appear in the label stack when the link being protected by facility backup fails, which is the link
vMX5 - Figure 1. Table 1 summarizes the purpose of each label involved in this MPLS network:
|MPLS Label Stack||Reason why the label is pushed|
|1st innermost label (L3VPN)||L3VPN
|2nd label (LDP)||LDP LSP between PE routers (
|3rd label (RSVP)||RSVP LSP with LDP tunneling. It tunnels the 2nd label by swaping the LDP label and pushing the RSVP label on top of that, e.g.,
|4th outermost label (RSVP Facility Backup)||Bypass RSVP LSP, facility backup. Another RSVP label is pushed on top of the 3rd label, when the downstream protected link fails|
fast-reroute were set instead of facility backup (i.e.
bypass tunnels/LSPs), the fourth label wouldn’t show up because
detour tunnels/LSPs don’t push another label in the stack. More details on 1.
Figure 1 shows the topology, basically, it is composed of LDP domains tunneled over an RSVP MPLS Core with facility backup (orange link down bellow) between
The following sections show the configuration of
vMX8 (PE2) and specific configuration of
link-protection is enabled on
LDP tunneling is enabled by setting
ldp-tunneling under the
VMX1_TO_VMX6 LSP. Notice that LDP are only enabled on PE facing interfaces and loopbacks. Conversely, since this core is meant to run RSVP, P facing interfaces have RSVP enabled.
link-protection downstream by setting this attribute under
[protocols mpls label-switched-patch VMX1_TO_VMX6].
vMX6 (P6) has a similar configuration to
vMX1 (P1) (more details explained in the previous subsection), except the RSVP LSP
VMX6_TO_VMX1 goes in the opposite direction of
VMX1_TO_VMX6. Check Figure 1 out for a visual representation of this difference.
vMX7 (PE1) is running LDP exclusively and L3VPN as a service, peering
vMX8 (PE2). Plus, a connected route in the
Customer1 VRF will be annouced for checking connectivity.
vMX8 (PE2) pretty much mirrors
vMX1 (PE1)'s configuration, more details on the previous subsection.
The following sections will show the MPLS label stack of this network with packet captures.
Initially, assuming we haven’t had any network failure events, everything is UP, we’d normally see three labels in the MPLS stack (RSVP/LDP/L3VPN), as you can see in Figure 2, which shows a particular ICMP capture from a host in the VRF
CustomerA of the MPLS L3VPN:
vMX7, in the VRF, pushes two labels
299808/16. When this packet comes to
as you can see bellow, label
299808 is swapped with
299792 is pushed on top, Figure 2 shows this packet after
vMX1 performs this push operation. So the final result, with tree labels is stacked like this
First, let’s disable ge-0/0/0.45 on
vMX5 to simulate this network failure to see the fourth label in the stack, before I do that, let’s double check that the
bypass tunnel have been precomputed successfully by the CSPF on both
We’re all set. As you can see bellow, since the link between
vMX5 is gone,
vMX4 will sent traffic through
vMX2 using the bypass LSP
Bypass->10.4.5.5, which pushes another RSVP label
299792 on top of that. The final MPLS stack, in this particular link, will be (RSVP_Bypass/RSVP/LDP/L3VPN)
299792/299792/299796/16 as shown in Figure 3