Configuring MPLS over ATM
Problem
You want to run MPLS over an ATM network.
Solution
There are really two solutions to this problem, depending on the capabilities of your ATM switches. The first and conceptually simpler solution is to configure your ATM switch to just pass ATM cells, but not to interact with MPLS at the IP layer.
First we will configure the two PE routers to run MPLS over ATM. Note that for these configurations we show only the additional configuration required for the MPLS over ATM functionality. Please refer to Recipe 26.2 for the remainder of the configuration for MPLS PE functionality:
Router-PE1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE1(config)#ip cef Router-PE1(config)#mpls ip Router-PE1(config)#interface ATM1/0 Router-PE1(config-if)#no ip address Router-PE1(config-if)#exit Router-PE1(config)#interface ATM1/0.1 mpls Router-PE1(config-if)#ip address 10.1.1.2 255.255.255.252 Router-PE1(config-if)#mpls ip Router-PE1(config-if)#exit Router-PE1(config)#end Router-PE1#
The other PE router's configuration is identical, except for the IP address:
Router-PE3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE3(config)#ip cef Router-PE3(config)#mpls ip Router-PE3(config)#interface ATM1/0 Router-PE3(config-if)#no ip address Router-PE3(config-if)#exit Router-PE3(config)#interface ATM1/0.1 mpls Router-PE3(config-if)#ip address 10.1.1.1 255.255.255.252 Router-PE3(config-if)#mpls ip Router-PE3(config-if)#exit Router-PE3(config)#end Router-PE3#
And the ATM switch configuration simply requires connecting two PVCs: one for the MPLS Control-VC and the other for data. We use the defaults of 0/32 for the Control-VC and 1/33 for data for simplicity:
Switch-P2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch-P2(config)#interface ATM0/1/2 Switch-P2(config-if)#no ip address Switch-P2(config-if)#exit Switch-P2(config)#interface ATM0/1/3 Switch-P2(config-if)#no ip address Switch-P2(config-if)#atm pvc 0 32 interface ATM0/1/2 0 32 Switch-P2(config-if)#atm pvc 1 33 interface ATM0/1/2 1 33 Switch-P2(config-if)#exit Switch-P2(config)#end Switch-P2#
The second solution, which is possible on most newer Cisco ATM switches, is to configure the switch to take part in the IP and MPLS packet forwarding as a P router:
Router-PE1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE1(config)#ip cef Router-PE1(config)#mpls ip Router-PE1(config)#interface ATM1/0 Router-PE1(config-if)#no ip address Router-PE1(config-if)#exit Router-PE1(config)#interface ATM1/0.1 mpls Router-PE1(config-if)#ip address 10.1.1.2 255.255.255.252 Router-PE1(config-if)#mpls ip Router-PE1(config-if)#exit Router-PE1(config)#end Router-PE1#
Once again, the other PE router's configuration is identical, except for the IP address. However, note that we have changed the IP address this time, as the two routers are no longer on the same subnet:
Router-PE3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router-PE3(config)#ip cef Router-PE3(config)#mpls ip Router-PE3(config)#interface ATM1/0 Router-PE3(config-if)#no ip address Router-PE3(config-if)#exit Router-PE3(config)#interface ATM1/0.1 mpls Router-PE3(config-if)#ip address 10.1.1.6 255.255.255.252 Router-PE3(config-if)#mpls ip Router-PE3(config-if)#exit Router-PE3(config)#end Router-PE3#
The switch configuration then includes the MPLS configuration on the interfaces, and it also must take part in OSPF:
Switch-P2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch-P2(config)#ip cef Switch-P2(config)#mpls ip Switch-P2(config)#interface ATM0/1/2 Switch-P2(config-if)#ip address 10.1.1.5 255.255.255.252 Switch-P2(config-if)#mpls ip Switch-P2(config-if)#exit Switch-P2(config)#interface ATM0/1/3 Switch-P2(config-if)#ip address 10.1.1.1 255.255.255.252 Switch-P2(config-if)#mpls ip Switch-P2(config-if)#exit Switch-P2(config)#interface Loopback0 Switch-P2(config-if)#ip address 10.0.0.1 255.255.255.255 Switch-P2(config-if)#exit Switch-P2(config)#router ospf 99 Switch-P2(config-router)#router-id 10.0.0.1 Switch-P2(config-router)#network 10.0.0.0 0.255.255.255 area 0 Switch-P2(config-router)#exit Switch-P2(config)#end Switch-P2#
Discussion
In both of these examples, our ATM switch is a Cisco Lightstream LS1010. This makes for a convenient example device because these switches are inexpensive and they run IOS. However, Cisco has terminated support for these switches and recommends that users upgrade to MGX 8800, Catalyst 4500, or Catalyst 6500 series devices. The configuration for all of these devices is similar in concept, although some feature different syntaxes for connecting physical interfaces to the Layer 3 switching layer.
MPLS behaves particularly nicely over ATM because there is a standard protocol for inserting the MPLS tags into the ATM cell header. The result is that the ATM switches in the middle of the network can handle the MPLS tag switching without ever having to reassemble the cell payloads into IP packets. Consequently, organizations with existing ATM infrastructure can easily convert to MPLS.
We show two essential methods for running an MPLS network over an ATM switched infrastructure. The first method is to essentially just create end-to-end PVCs between PE routers at the edges of the MPLS cloud. This has two advantages: it's simple to deploy and the ATM switches don't need to support MPLS tagging of ATM cells. However, it has the disadvantage that you must manually create all of your ATM PVCs. Alternatively, you could use ILMI and QSAAL to create these VCs automatically, but you would still need to do a lot of manual configuration to make this work. Neither of these methods scales well to larger networks.
The second method is much more flexible. The switches take part in the IGP, and exchange tag information using either TDP or LDP. Then every new PE router you add to your network will automatically join the MPLS infrastructure, even if it isn't directly connected to an ATM switch.
You can see the TDP neighbor information on the ATM switch with the show tag-switching tdp neighbor command:
Switch-P2#show tag-switching tdp neighbor Peer TDP Ident: 10.0.0.2:1; Local TDP Ident 10.0.0.1:2 TCP connection: 10.1.1.2.11001 - 10.1.1.1.711 State: Oper; PIEs sent/rcvd: 160/160; Downstream on demand Up time: 02:14:39 TDP discovery sources: ATM0/1/3, Src IP addr: 10.1.1.2 Peer TDP Ident: 10.0.0.3:1; Local TDP Ident 10.0.0.1:1 TCP connection: 10.1.1.6.11001 - 10.1.1.5.711 State: Oper; PIEs sent/rcvd: 158/158; Downstream on demand Up time: 02:14:39 TDP discovery sources: ATM0/1/2, Src IP addr: 10.1.1.6 Switch-P2#
Now that we have added a second path to the MPLS network, the routing tables become more interesting. First we'll look at the routing within the MPLS cloud. Note that this output does not show any of the tunneled customer routing tables:
Router-PE3#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 10 subnets, 3 masks O 10.0.0.11/32 [110/65] via 10.1.1.10, 00:39:11, Serial0/0 C 10.1.1.8/30 is directly connected, Serial0/0 O 10.1.1.12/30 [110/66] via 10.1.1.5, 00:39:11, ATM1/0.1 O 10.0.0.2/32 [110/3] via 10.1.1.5, 00:39:11, ATM1/0.1 O 10.1.2.0/24 [110/11] via 10.1.1.5, 00:39:11, ATM1/0.1 C 10.0.0.3/32 is directly connected, Loopback0 O 10.1.1.0/30 [110/2] via 10.1.1.5, 00:39:11, ATM1/0.1 O 10.0.0.1/32 [110/2] via 10.1.1.5, 00:39:12, ATM1/0.1 O 10.0.0.4/32 [110/66] via 10.1.1.10, 00:39:12, Serial0/0 C 10.1.1.4/30 is directly connected, ATM1/0.1 Router-PE3#
If we want to see the client routing tables, we need to include the vrf keyword:
Router-PE3#show ip route vrf NetworkA Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/32 is subnetted, 1 subnets B 10.8.8.8 [200/4] via 10.0.0.4, 00:41:00 B 192.168.1.0/24 [200/0] via 10.0.0.2, 00:41:15 C 192.168.2.0/24 is directly connected, Ethernet0/0 B 192.168.3.0/24 [200/0] via 10.0.0.4, 00:41:00 Router-PE3#
In this case, we see an interesting mixture of customer route prefixes that point to MPLS core IP address destinations. The destinations listed are the iBGP peer addresses of the PE routers. So, for example, the highlighted line shows that the customer route prefix 192.168.1.0/24 in the NetworkA customer network is reachable through the PE router, 10.0.0.2.
The show mpls forwarding-table command gives useful information on the MPLS tag information:
Router-PE3#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 1/36 10.0.0.2/32 0 AT1/0.1 point2point 17 Pop tag 10.0.0.11/32 0 Se0/0 point2point 18 1/34 10.1.1.0/30 0 AT1/0.1 point2point 19 1/37 10.1.1.12/30 0 AT1/0.1 point2point 20 1/35 10.1.2.0/24 0 AT1/0.1 point2point 21 1/33 10.0.0.1/32 0 AT1/0.1 point2point 22 Aggregate 192.168.2.0/24[V] 1976 23 Aggregate 192.168.10.0/24[V] 936 24 21 10.0.0.4/32 0 Se0/0 point2point Router-PE3#
This output shows that the tag values 22 and 23 are aggregates. In our network, both of these addresses are customer VRF prefixes that we reach through the same PE router, so they can easily be aggregated through the same path.
Tag value 16 is used for internal MPLS routing to the destination prefix 10.0.0.2/32, which is the loopback address of one of our PE routers. Everything tagged with this value is sent out the ATM interface using a VPI/VCI value of 1/36. Similarly, tag value 24 is used for the destination prefix 10.0.0.4/32, another of our PE routers. In this case the outgoing tag value is not an ATM VPI/VCI pair because the outgoing interface is a serial link, which in our network connects to Router-P1. The same command on that router allows us to trace the tag values through the MPLS core:
Router-P1#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 Pop tag 10.0.0.2/32 7404 Se0/0 point2point 17 Pop tag 10.1.1.0/30 0 Se0/0 point2point 18 Pop tag 10.0.0.3/32 5940 Se0/1 point2point 19 Pop tag 10.1.1.4/30 0 Se0/1 point2point 20 21 10.0.0.1/32 0 Se0/0 point2point 21 10.0.0.1/32 0 Se0/1 point2point 21 Pop tag 10.0.0.4/32 14342 Fa0/0 10.1.2.4 Router-P1#
Here you can see that tag value 21 is indeed used for prefix 10.0.0.4/32, as you would expect. Also, in this output you can see that the next hop device is given as an IP address. All of the other tags that we have looked at so far have been connected via point-to-point media, such as ATM VCs or serial connections. In this case, however, the next hop device is connected through an Ethernet, so the command output lists the next hop device's IP address.
The outgoing tag value is listed as Pop tag for this entry. This router is doing something called Penultimate Hop Popping (PHP), which means that the second from the last router in the path through the MPLS cloud is removing the MPLS label so that the PE router can process the packet slightly faster. The PE router in this case doesn't need to remove the MPLS information before routing the packet based on the IP header; the previous router has already done the first step for it.