Creating VRF FIB Entries for the Admission PE
The aftermost allotment of the abstracts even assay focuses on the admission PE. In particular, the admission PE uses
the afterward argumentation back processing an admission unlabeled packet:
1. Action the admission packet application the VRF associated with the admission interface (statically
configured).
2. Advanced the packet application that VRF’s FIB.
The FIB access needs to accept two labels to abutment MPLS VPNs: an alien characterization that identifies the
LSP with which to ability the departure PE, and an close characterization that identifies the departure PE’s LFIB entry
that includes the actual approachable interface on the departure PE. Although it ability be accessible by now,
for completeness, the admission PE learns the alien and close characterization ethics as follows:
■ The alien characterization is based on the LIB entry, accurately for the LIB access for the prefix that
matches the BGP-learned next-hop IP address—not the packet’s destination IP address.
■ The close characterization is based on the BGP table access for the avenue in the VRF that matches the
packet’s destination address.
Figure 19-21 completes the advancing archetype by assuming the action by which PE1 adds the
correct FIB access into VRF-A for the 10.3.3.0/24 prefix. The amount picks up the adventure at the point
at which PE1 has abstruse all appropriate BGP and LDP information, and it is accessible to abide the
VRF acquisition table and FIB.
732 Affiliate 19: Multiprotocol Characterization Switching
Figure 19-21 Creating the Admission PE (PE1) FIB Access for VRF-A
PE1’s BGP table holds the VPN characterization (3333), while PE1’s LIB holds the two labels abstruse from
PE1’s two LDP neighbors (P1 and P2, labels 2222 and 5555, respectively). In this case, PE1’s best
route that matches BGP next-hop 3.3.3.3 happens to point to P1 instead of P2, so this archetype uses
label 1111, abstruse from P1.
The accomplish in the amount are explained as follows:
1. PE1 redistributes the avenue from BGP into the VRF-A acquisition table (based on the acceptation RT).
2. PE1 builds a VRF-A FIB access for the avenue aloof added to the VRF-A acquisition table.
3. This new FIB access needs to accommodate the VPN-label, which PE1 finds in the associated BGP
table entry.
4. This new FIB access additionally needs to accommodate the alien label, the one acclimated to ability the BGP nexthop
IP abode (3.3.3.3), so PE1 looks in the LIB for the best LIB access that matches 3.3.3.3,
and extracts the characterization (1111).
5. Admission PE1 inserts the MPLS attack including the two-label characterization stack.
PE1
P1
3
1
2
4
5
VRF-A
Routing Table
Source
BGP
Next-Hop
3.3.3.3
Prefix
10.3.3.0/24
FIB
Prefix
10.3.3.0/24
Out. Labels
1111, 3333
Next-Hop
3.3.3.3
Out Int
S0/0/1
NLRI
1:111:10.3.3.0/24
2:222:10.3.3.0/24
Label
3333
4444
Next-Hop
3.3.3.3
3.3.3.3
BGP Table
RT
1:100
2:200
Prefix
3.3.3.3/32
LIB
Out Label
1111
5555
Out Int.
S0/0/1
S0/1/1
Outer:
1111
Inner:
3333
IP
S0/0/1
MPLS VPNs 733
At this point, back PE1 receives a packet in an interface assigned to VRF-A, PE1 will attending in the
VRF-A FIB. If the packet is destined for an abode in prefix 10.3.3.0/24, PE1 will bout the entry
shown in the figure, and PE1 will advanced the packet out S0/0/1, with labels 1111 and 3333.
Penultimate Hop Popping
The operation of the MPLS VPN abstracts even works well, but the action on the departure PE can be
a bit inefficient. The disability relates to the actuality that the departure PE charge do two lookups in the
LFIB afterwards accepting the packet with two labels in the characterization stack. For example, the abstracts plane
forwarding archetype acclimated throughout this affiliate has been again in Amount 19-22, with a
summary description of the processing argumentation on anniversary router. Note that the departure PE (PE2) must
consider two entries in its LFIB.
Figure 19-22 Two LFIB Lookups Appropriate on the Departure PE
To abstain this added assignment on the actual aftermost (ultimate) LSR, MPLS uses a affection alleged penultimate
hop bustling (PHP). (Penultimate artlessly agency “1 beneath than the ultimate.”) So the penultimate
hop is not the actual aftermost LSR to action a labeled packet, but the second-to-last LSR to action a
labeled packet. PHP causes the penultimate-hop LSR to pop the alien label, so that the aftermost LSR—
the ultimate hop if you will—receives a packet that alone has the VPN characterization in it. With alone this
single label, the departure PE needs to attending up alone one access in the LFIB. Amount 19-23 shows the
revised abstracts even breeze with PHP enabled.
Figure 19-23 Single LFIB Lookup on Departure PE Due to PHP
PE1 P1 PE2
1 2 3
Per the VRF-A FIB,
push labels 1111 and
3333 into the packet
Per the LFIB:
1) Pop characterization 2222
2) Pop characterization 3333, and
forward out S0/1/1
Per the LFIB, swap
label 1111 for 2222,
and accelerate out S0/1/0
IP 1111 3333 IP 2222 3333 IP IP
S0/0/1 S0/1/0 S0/0/1
PE1 P1 PE2
Penultimate
(Next-to-Last)
MPLS Hop
Ultimate (Last)
MPLS Hop
1 2 3
Per the VRF-A FIB,
push labels 1111 and
3333 into the packet
Per the LFIB, pop
label 3333, and
forward out S0/1/1
Per the LFIB, Pop
label 1111, and
send out S0/1/0
IP 1111 3333 IP 3333 IP IP
S0/0/1 S0/1/0 S0/0/1