Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

Junos VPLS Label Block Operations - Example with BGP signaling
Page 1 of 1

Author:  mandrei99 [ Thu Jul 04, 2013 7:44 am ]
Post subject:  Junos VPLS Label Block Operations - Example with BGP signaling

Juniper book makes a good explanation on the Label Block operation in VPLS vpn.
Understanding VPLS Label Block Operations

Let's see this in a real example with BGP used for signaling. Below is a BGP update message containing a VPLS NLRI from a site ID 10 that is received by a site ID 11:

Border Gateway Protocol - UPDATE Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 88
    Type: UPDATE Message (2)
    Unfeasible routes length: 0 bytes
    Total path attribute length: 65 bytes
    Path attributes
        ORIGIN: IGP (4 bytes)
            Flags: 0x40 (Well-known, Transitive, Complete)
            Type code: ORIGIN (1)
            Length: 1 byte
            Origin: IGP (0)
        AS_PATH: empty (3 bytes)
            Flags: 0x40 (Well-known, Transitive, Complete)
            Type code: AS_PATH (2)
            Length: 0 bytes
            AS path: empty
        LOCAL_PREF: 100 (7 bytes)
            Flags: 0x40 (Well-known, Transitive, Complete)
            Type code: LOCAL_PREF (5)
            Length: 4 bytes
            Local preference: 100
        EXTENDED_COMMUNITIES: (19 bytes)
            Flags: 0xc0 (Optional, Transitive, Complete)
            Type code: EXTENDED_COMMUNITIES (16)
            Length: 16 bytes
            Carried Extended communities
        MP_REACH_NLRI (32 bytes)
            Flags: 0x90 (Optional, Non-transitive, Complete, Extended Length)
            Type code: MP_REACH_NLRI (14)
            Length: 28 bytes
            Address family: Layer-2 VPN (25)
            Subsequent address family identifier: VPLS (65)
            Next hop network address (4 bytes)
                Next hop: IPv4= (4)
            Subnetwork points of attachment: 0
            Network layer reachability information (19 bytes)
                RD:, CE-ID: 10, Label-Block Offset: 9, Label-Block Size: 8, Label Base 262201 (bottom)

So the receiving site ID 11 will use Label 262203 from the Label base provided by the egress (CE-ID 10). This is because the starting label is 262201 for a siteID 9 (Label-Block Offset: 9).

Here is the confirmation on the receiving end:
user@host> show route forwarding-table family vpls   
Routing table: APOLLO.vpls
Destination        Type RtRef Next hop           Type Index NhRef Netif
default            perm     0                    rjct   546     1
fe-0/0/5.0         user     0                    comp   626     2
lsi.1049351        user     0                    comp   625     2
00:0c:29:d7:77:67/48 dynm     0                  ucst   592     3 fe-0/0/5.0
00:40:ca:18:30:c9/48 dynm     0                  indr 262142     4
                                                Push 262203   591     2 gr-0/0/0.1

So the receiving end (ingress) chose label 262203 from the Label Base provided by the egress. This is a packet traveling through the tunnel:
Frame 14: 140 bytes on wire (1120 bits), 140 bytes captured (1120 bits)
Ethernet II, Src: JuniperN_d2:35:c1 (f8:c0:01:d2:35:c1), Dst: Cisco_28:5e:40 (00:26:0b:28:5e:40)
Internet Protocol Version 4, Src: (, Dst: (
Generic Routing Encapsulation (MPLS label switched packet)
MultiProtocol Label Switching Header, Label: 262203, Exp: 0, S: 1, TTL: 255                                      --> VPLS LABEL 262203
Ethernet II, Src: Vmware_d7:77:67 (00:0c:29:d7:77:67), Dst: FirstInt_18:30:c9 (00:40:ca:18:30:c9)
Internet Protocol Version 4, Src: (, Dst: (
Internet Control Message Protocol

Below is the content of the "bgp.l2vpn.0" Junos routing table on the ingress:
> show route table bgp.l2vpn.0

bgp.l2vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
Restart Complete
+ = Active Route, - = Last Active, * = Both               
                   *[BGP/170] 01:02:32, localpref 100, from
                      AS path: I
                    > via gr-0/0/0.1               
                   *[L2VPN/170/-101] 23:01:13, metric2 1

Below is the egress configuration of the vpls vrf:
set routing-instances SAMANTHA instance-type vpls
set routing-instances SAMANTHA interface ge-0/0/3.0
set routing-instances SAMANTHA route-distinguisher
set routing-instances SAMANTHA vrf-import IVORDE-INTRA-IMPORT
set routing-instances SAMANTHA vrf-export IVORDE-INTRA-EXPORT
set routing-instances SAMANTHA protocols vpls no-tunnel-services
set routing-instances SAMANTHA protocols vpls site APOLLo site-identifier 10

What I need to know from first route ( that: - ROUTE DISTINGUISHER :10 - EGRESS SITE ID :9 LABEL BASE OFFSET

It's good practice to set route-distinguisher in following format <LOOPBACK IP>:<TARGET COMMUNITY>.

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group