Why CEF needed in MPLS Network??

I have read the MPLS Fundamentals book by Luc De Ghein, So I understand from the from book that cef needs to enabled in edge routers to tag or untag labels (for Ip packets). I am eager to know why Mpls (Not a cisco proprietary) depends on a cisco proprietary CEF?? If I use Non-Cisco routers in the mpls edge how come the labels get tagged for ip packets??
<<<<<<<<<Taken from Book>>>>>>>>>>>>>
MPLS Fundamentals - Luc De Ghein
Why Is CEF Needed in MPLS Networks?
Concerning MPLS, CEF is special for a certain reason; otherwise, this book would not explicitly
cover it. Labeled packets that enter the router are switched according to the label forwarding
information base (LFIB) on the router. IP packets that enter the router are switched according to
the CEF table on the router. Regardless of whether the packet is switched according to the LFIB
or the CEF table, the outgoing packet can be a labeled packet or an IP packet
<<<<<<<<>>>>>>>>>>

Hello Bava,
the key point is that LDP or RSVP TE are able to generate distribute labels for FECs but they do not create the FECs from stratch.
FEC = Forwarding Equivalent Class
a destination IP subnet is a typical FEC.
cisco MPLS code takes advantage of the work done by CEF and uses as input data the FIB (Forwarding Information Base) mantained by CEF, to build the LFIB that is the table where for each FEC there is an association with a label taken from the local node label space.
The work done by CEF is not so different from what is needed by MPLS: the biggest difference is that the CEF table is kept local and not exported to any other device. MPLS FEC/label bindings are advertised.
In MPLS frame mode the labels are distributed in unsolicited downstream mode.
Unsolicited means that the label/FEC association is buiilt based on the topology FIB instead  of waiting for some device to ask a label for the FEC.
downstream means the labels are sent in the opposite direction of that used by traffic.
Other attributes are:
indipendent : means each LSR is free to create its own FEC/label association before receiving the label from the edge LSR that owns the prefix or from a device that is nerarest to the IP subnet (upstream)
liberal retention: the device will keep note of labels advertised by neighbors even if they are currently not on the best path. This can be seen in the output of show mpls ldp binding and allows for faster recover in case of failure of the best path.
The unsolicited and liberal retention in standard frame mode comes from the relatively big label space (roughly one milllion labels)
This was not possible in MPLS cell mode where the label space was small. So MPLS cell mode used on demand downstream label binding and no retention.
Also MPLS allows for label stacking = use of multiple levels of MPLS Label for services like L3 VPNs
to be noted other implementations are different in some aspects and each vendor has its internal tecnique to build a table of FECs to be used as starting point for MPLS code.
For example indipendent label/FEC mapping has its own drawbacks it may be better to wait for a label to be received from a device upstream = nearest to the IP prefix in order to ensure the path is end to end.
Hope to help
Giuseppe

Similar Messages

  • Why we need mpls mtu command?

    if interface mtu is not big enough to take mpls packet. we just increase interface mtu. why we need mpls mtu command.
    if we just only increase mpls mtu.there is problem if mpls mtu biger than interface mtu. so it seem mpls mtu command is useless.
    why we need mpls mtu command!
    thank you!
    Jun

    Hi,
    i test it in netowork,like this\
    topology is simple
    7609-1pe--sip GE spa----7609-2p--pos---7609-3p--flexwan E1-----7604-1pe--ge--ce
    i config mpls mtu 1524 between 7609-1 and 7609-2 . and keep interface mtu 1500 default.
    ping packet from 7609-1 to 7604-1 loopback 0.
    ping 1500 byte packet is ok, but ping 1501 byte packet is totally lost.then i config mtu 1524 between 7604-1pe and 7609-3, it is useless,not work, i can't see packet coming from 7609-1 on 7604-1.
    then i add config mtu 1524 between 7609-1pe and 7609-2. config mtu 1500 between 7604-1 and 7609-3,ping 1501 bytes from 7609-1 to 7604-1 loopback0 is ok. but i can see fragment from show ip traffic command in 7609-3.
    i have a question, why we need mpls mtu command. if we don't change interface mtu,just only config mpls mtu 1524, it doesn't work, if we just change mpls mtu,how it work in the ios. if we config interface mtu 1524,interface mtu size is big enough, it seems mpls mtu command is useless, we don't need mpls mtu command, just increase interface mtu 1524 is ok.
    why we need mpls mtu command. we just only change interface mtu is enough.
    when i config mpls mtu override 1524,this is a warning in ios:
    Setting the mpls mtu to 1524 on interface serial1/0/0:0, which is higher than the interface MTU
    1500. This could lead to packet forwarding problems including packet drops.
    You must set the MPLS MTU values equal to or lower than the interface MTU values.
    thank you!
    jun

  • Path Selection for Routes Across MPLS Network

    Customer hub site has two CE routers with two links connected to two seperate PE routers in the Carrier's MPLS network. At the customer's remote site one CE router on a single link is connected to PE router in MPLS network.
    How can I configure the CE routers at the hub site to advertised the same network across the MPLS network to the CE router at the remote site? Also, how can I configure the CE router at the remote site to select on of the router as the primary and the other as secondary? Can I use local-preference on the CE router at the remote site to selected on path over the other.
    I'm not sure if this makes any sense. Any help will be appreciated. Thanks

    Even with multiple RDs for VRFs belonging to the same VPN, you still need IBGP multipath, correct? Multiple RDs is just to get around the RR restriction.
    Also, you posted this message a while back:
    "If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core
    cust1 advertises 192.168.1.0/24 with RD 1:1 therefore
    VPNv4 prefix is 1:1:192.168.1.0
    cust2 advertises 192.168.1.0/24 with RD 1:2 therefore
    VPNv4 prefix is 1:2:192.168.1.0"
    My test lab does not support the IBGP multipath command, and thus even with different RDs, it still only installs one best path.
    I understand that RD = make unique VPNv4 routes in SP space, and that RT = what to import into the VRF. However, I am having a hard time visualizing the scenario with mutiple RDs for the same VPN for load balancing purposes. I am trying to understand the logic behind it.
    Per your example, if both 1:1 and 1:2 are received by the remote PE, assuming IBGP multipath is enabled, why would the remote PE load balance between the two links? Why would it assume that the hub subnets are reachable via two different PEs, and that it's not two different, isolated VPNs altogether?
    Is it b/c you imported both 1:1 and 1:2 into a VRF at the remote PE?

  • VOIP MPLS network only 40-50% utilized

    We are in the process of upgrading our bandwidth at our branch locations into 3 Mbps MPLS networ and we only run Citrix traffic and IP Voice (Interoffice calls) from our Branch locations into our HQ.
    We expect Bandwith utilization to typically max out at 1.6 MBPS. Do you think we need to configure QoS for the voice traffic since the circuit will only be 40-50 percent utilized? My thinking was why should I configure QoS if the bandwidth is only at 40 - 50 percent. The voice traffic should have enough bandwidth to communicate over the wire.
    Is my thinking correct or should I configure QoS across this MPLS network? If I should confiure QoS what type do you recommend.
    Any responses are greatly appreciated

    Hi,
    I would configure QoS, because there are not only sunny days in life ...
    What if you catch Nimda version 7.2beta, i.e. the newest worm out there trying to blast any valid IP in your network? I would not want to explain to my CEO why we lost telephony as well ...
    So on a more technical level: QoS is needed to do resource management. As such you are right in that QoS is not needed if you have enough resources. Yet, who can guarantee this in an IP network at any point in time? I would put it QoS just as an insurance though it would not be needed during normal operation.
    Saying this I might add that this is the appropriate usage anyhow, as QoS will not solve issues arising from constant lack of bandwidth. Queueing is meant to handle exceptions. There is always the possibility of the unforseen.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • Venturing into MPLS Network

    Hi all, it is just my curiousity that ended up with a small discussion like this. Here's about it...
    My company has a main client which have tonnes of remote sites connecting to both their HQ and Disaster Recovery Centre. Some of the remote sites still running on frame-relay, while other is purely leased-line. There's a few question I wish I can clear up as follows:
    i. When the client have frame-relay device, what we do is create a tunnel and route all the frame-relay traffic over. Is there any advantage if we change it over to MPLS?
    ii. Even if comparing to leased-line services, what kind of advantages I can expect if our cliet migrate over to leased-line?
    iii. If one customer is running purely on frame-relay connectivity, any difficulties will arise when they want to switch over to MPLS network?
    I still never has any hands on experience on the MPLS, that's why need to gather some info in the first place, I'm currently have a glance through those MPLS guides and configuration examples, but I knew that perhaps in real-life network, things may differs, in the meanwhile I'm studying through it, hope to gather some precious opinions. Regards

    Hello,
    Regarding answer iii: What you have to use inside the MPLS cloud is MBGP to route the customer prefixes. In your LAN however you will have an IGP like EIGRP. This means you need mutual redistribution between MBGP and your IGP. So a routing loop can occur once you have at least two pathes. An Example:
    N1-CE1 - PE1 - PE2 - CE2
    with: CE1 - PE1 using RIP, CE2 - PE2 using RIP, PE1 - PE2 using MBGP and a FR PVC between CE1 - CE2 using RIP
    This would be the case when you migrate from FR to MPLS VPN and do not shut down FR the very moment you activate the MPLS links.
    What can happen in this scenario is: CE1 is announcing Network N1 through RIP to CE2 directly over the FR PVC and also to PE1. PE1 will redistribute N1 into MBGP, send the prefix to PE2, which will redistribute N1 into RIP and send the update to CE2.
    Now depending on implementation and metrics this will result in all traffic flowing over FR or MPLS (when adjusting metrics). No major problem yet.
    The problem might occur once CE1 looses network N1. It will send an update directly to CE2 and to PE1 and a race condition exists. CE2 will still have one valid path to N1 learned from PE2 and announce this one to CE1, which will announce it to PE1 and then PE2, CE2, CE1 again and so on.
    This is an intermittend or even persistent routing loop, depending on what you have done with hop count during redistribution.
    By designing your overall routing solution carefully you can avoid this scenario.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • MPLS network CE1A pinging CE1B other side

    Im trying to expand my knowledge about MPLS but have a bunch of questions. Here is one. In a MPLS network, should the CEA1 from one side ping the the other CEB1 and viceversa? I can see the route in the routing table from both side, however ping doesnt past thru.  Explain?             

    Hi Pedro,
    Yuu should be able to ping, if you have setup MPLS L3 VPN correctly  and if you don't have any configs to drop the ping
    First you need to chec kif your LSP is fine.
    1. Check if  you have MPLS IP configured on the core devices and Core facing interfaces of PE. make sure you have cef enabled on the routers
    To check if the LSP is fine, try a ping between PEs using source and destination as VRF IPs
    Share your topoplogy. That will hep

  • MTU Ethernet MPLS Network

    Actually I have implemented MPLS in my Ethernet network using Cisco 75XX as part of my core (P) and Huawei equipments for access (PE). We realized that customers can not navigate to certain pages like hotmail, msn, hi5, etc. Reviewing possible solutions we found two options:
    - Change the MTU 1492 in the CE equipment
    - Adjust TCP MSS size to 1440 in CE.
    Making this our customers finished complianing. Besides this all interface working under MPLS are using MPLS MTU 1508 command but Huawei PE?s dont support a similar command.
    My question is what is the real effect of mpls mtu command? is it change the mtu size for predefined Ethernet??
    Do you have any suggestion or similar cases, to make "transparent" for customes transition to MPLS network and not change values in CE equipment??
    I really appreciate your answers and sugestions,
    Best Regards
    Jack

    Hi Jack,
    1) Why a Datagram is Fragmented:
    When a frame is carrying an unlabeled IP datagram, the Frame
    Payload is just the IP datagram itself. When a frame is
    carrying a labeled IP datagram, the Frame Payload consists of
    the label stack entries and the IP datagram.
    Now when this frame payload as defined as above exceeds the
    conventional layer 2 media MTU then the frame is fragmented.
    In case of ethernet this MTU is 1500.
    So for example when a unlabelled frame with payload of 1500
    bytes is received and the same has to be sent further to
    the remote destination by labelling it, then the payload
    has to be fragmented.
    2) Why the MPLS MTU command:
    Once you receive an unlabelled frame, first the PE router
    receives it, labels it and then its put out for forwarding,
    when its to be forwarded, it needs to be fragmented.
    The problem comes here, when before being forwarded out of
    the interface if it gets fragmented, it would create two
    fragments or frames.
    By conventional fragmentation, the label which is inserted
    in the header may not be preserved into the new fragments
    created and the frame may be simply discarded as it loses
    the forwarding address which was the label.
    So to avoid this MPLS MTU command needs to be configured,
    so when there is fragmentation, it takes care of putting
    in the same label into the fragments created.
    Now in IOS even is MPLS MTU command is not configured
    it takes the default MTU as the MPLS MTU value.
    3) Solution to your problem:
    To aviod configuring the CE devices with MTU 1492,
    what you need to take care of is configure all you
    core facings links, with an physical MTU of 1508.
    So automatically your TCP packets which if total
    to 1500 bytes payload with a DF bit set wont need
    to be fragmented from PE at one end to other end.
    For this your PE <--->P link ethernet media MTU
    should be 1508, (if you can configure 1512 or 1516
    that would also be great if you plan to increase the
    stack size or later provide IPV6 VPN's.)
    You P<-->P links ethernet media MTU should also be
    the same as set between PE to P. if you have any
    SONET/POS links in your backbone then you dont have
    to do anything for the MTU.
    So the net effect of this would be any TCP sessions
    as which are prone to setting the DF bit can be
    transparently sent across without send ICMP error message.
    HTH-Cheers!
    Swaroop
    You may also like to see the RFC 3032 about label stack.

  • When I try to upgrade and install to iOS 5.1, error message prompt "operation stop running". I have tried several time but failed. Also, would like to know why always need to have wifi access in order to upgrade the version of iPad iOS, why not 3G ?

    When I try to upgrade and install to iOS 5.1, error message prompt "operation stop running". I have tried several time but failed. Also, would like to know why always need to have wifi access in order to upgrade the version of iPad iOS, what is the purpose of 3G then? This is really nonsense using wifi + 3G iPad. need help ! Thanks.

    The file is too large to download via 3G. There is a 20MB limit with 3G. The purpose of having 3G is that you have internet access everywhere and do not need to be near a WiFi hotspot or network.
    Not every single thing that you do every single minute of the day on the iPad involves downloading files larger than 20MB. You can surf the internet all day long sitting out in a park somewhere with 3G - but not with a WiFi only iPad - unless you use a hotspot with it.
    Try turning off your firewall and anti virus software while you try to download the iOS update.

  • Can i access internet, if I am connected to MPLS Network in my Data Center

    I am planning a connectivity to MPLS network of a Service Provider. Do I need a separate internet connectivity or the MPLS connection it self will provide me the access to internet.
    The main idea is to provide access to applications hosted in Data center to all the remote users who are working using their laptops and wireless broadband.
    Kindl suggest.
    Thanks for the support, in advance. 

    I am planning a connectivity to
    MPLS network of a Service Provider. Do I need a separate internet
    connectivity or the MPLS connection it self will provide me the access
    to internet.
    The
    main idea is to provide access to applications hosted in Data center to
    all the remote users who are working using their laptops and wireless
    broadband.
    Kindl suggest.
    Thanks for the support, in advance. 
    Hi,
    MPLS service provider can do the same check out the below link for more information
    https://www.cisco.com/en/US/tech/tk436/tk428/technologies_white_paper09186a00801281f1.shtml
    Hope to Help !!
    Ganesh.H
    If helpful do rate the post

  • Routing Protocol recommendation for MPLS Network

    I am in the process of building a 14 site MPLS network for voice and data traffic. The vendor installing the network has configured RIPv2 as the routing protocol. I am considering switching this over to EIGRP. Can anyone explain to me why this would be better or should I just stay with RIP.
    Thanks

    Hi Chip,
    Its not very clear whether you are implementing a MPLS network or implementing a Network over MPLS for an end user with 14 sites.
    1) If MPLS network then other IGP variants than OSPF and ISIS best avoided. Now if the choice is between ISIS and OSPF then my personal recommendation would be OSPF. And this decision is purely driven by Operational Considerations rather than any technical advantages. Since at the end of the day what matters is how easy it is to implement add delete or troubleshoot the network.
    2)If for End User then it would not be right to recommend EIGRP or RIP or OSPF without knowing the current size & topology of each of these 14 sites, as well as the desired expansion plans. But if these 14 sites are the only sites and are all standalone branch sites connecting over MPLS VPN then RIP,EIGRP or OSPF can be implemented as per your and customer comfort.
    HTH-Cheers,
    Swaroop

  • Routing to MPLS network

    Hi,
    We have several branch offices connected via a managed MPLS network. Each MPLS router in the branch office is connected to the local LAN switch, with its separate firewall and internet access router. How do we direct traffic from the local network (unmanaged) to the private IP addresses in the MPLS network (managed)? Can static routes be configured on the ASA5505 firewall to route traffic to MPLS router?
    ISP router>local router>ASA5505 firewall>LAN switch>MPLS router>MPLS cloud.

    Said
    Is the LAN switch layer 2 only or layer 3 capable. If you do not have access to the MPLS router you have 2 options
    1) Add a route on the ASA for the private MPLS networks pointing to the MPLS router. You will need to enable hairpinning on the ASA.
    Set the default-gateway of the clients on your LAN switch to be the ASA.
    2) If your switch is a Layer 3 switch then you can do this in a much cleaner way. Create the L3 vlan interface(s) for the client vlan(s) on the switch and then you can use statics on the L3 switch eg.
    ip route 0.0.0.0 0.0.0.0 "ASA inside interface"
    ip route "MPLS private net" "subnet mask" "MPLS router inside interface"
    Jon

  • MPLS Network for an Enterprise

    Hi,
    I am desiging an MPLS network for an enterprise customer. He would like to have both L2 and L3 VPNs (EoMPLS and VPLS). Initially I thought of positioning ASR1000 but later I ruled it out as it does not support VPLS. So it comes down to 7600. Then I have seen that we have 67XX, ES20 and SIP400 line cards. So what should be my choice for CE facing and Core facing line cards to run all the MPLS services (including MVPN). The customer needs only 3 ports to the access and 1 port as uplink.
    Regards,
    Prakash

    Hi Prakash,
    Definately go for the 7600 ES Line Cards:
    http://www.cisco.com/en/US/prod/collateral/routers/ps368/data_sheet_c78-570730.html
    They look like more than enough to do the job for your requirements.
    HTH.
    Regards,
    Joe.

  • Why we need a proxy server while we are using Web services?

    Hi guys,
    i am new to web service.
    i tried to implement the web services thru Sun One Application server.
    thru one of my web service operation only i am establishing connection with the database.
    by that time it has thrown the exception "*connection with the host could not be established*".
    but i created a proxy setting thru netbeans and the the database connection established.
    What is the difference?
    When i tried to conect with database thru a normal java program i never created a proxy.
    Why i need in case of web service.
    For kind information: We have firewall in the network...
    can any one tell me briefly What is the need of proxy setting over there???
    thanx,
    subbu

    hi guys,
    after a long struggle, i found the answer for this question.
    that is In Sun One Application Server, we have the WS-Plugin (Web Server Plugin)
    that plugin is used to redirect the HTTP request to a Web Server from the Application server.
    In default this plugin will be in enable mode.
    As long as WS-plugin is enabled, we need to proxy setting to handle any HTTP service.
    is i am right?
    if anyone have better solution that this, pls post that here.
    --Subbu                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           

  • Connecting 2 MPLS networks together

    Need some advice on connecting 2 MPLS networks together from two different ISPs. The compnay I am working with is using AT&T MPLS and they aquired a smaller company using SBC MPLS. We want to connect the two networks together for the shorterm and eventually the goal would be to add te new sites to the AT&T MPLS.

    You have two options here,
    1) you can talk to you SP regarding the situation and they should be able to put across a inter-AS solution for you, and this should be possible looking at the close ties between ATnT and SBC.
    2) If you plan to go ahead with this on your own, since its only a transitionary situation, you can think of interconnecting both the networks core at the closest possible location terming them as border gateway routers. And then keep migrating the smaller companies sites to the your existing SP's network.
    But do note that if there are overlapping IP addresses between both the networks then you may have to consider a NAT gateway in addition to the border gw routers. If you plan to use the Inter-as option, the SP would have a NAT gw solution for the same.
    Overall you need a crystal clear plan before you go ahead with any of the options.
    HTH-Cheers,
    Swaroop

  • Why we need to use the RMI if you have JSPs? or vice versa

    Hi friends,
    Can anyone please explain me whats the difference between RMI and JSP?
    All I know is how to code and implement them both but can't figure out which one has more advantage than the other.
    Actually this was the Interview question asked to me once,
    The question was "Why we need to use the RMI if you have JSPs? or vice versa"
    Please let me know if you have any answers for this.
    Thank you.

    harsh884 wrote:
    Well I may not have very deep knowledge about them both but from the little bit of coding practice and implementation I know that too, that they are different technology and the implementation is also different. But didnt know what to answer for this question to interviewer.My answer would have been along the lines of using the right tool for the requirements. Use RMI when you want to work with remote objects "directly", but don't want to hassle with handling all the networking manually or restrict yourself to the HTTP protocol and an inappropriate use of the view layer in model 2 applications.
    Thanks anyways for the reply.You're welcome. How did the rest of the interview go?
    ~

Maybe you are looking for