Configuring NSF SSO--MPLS VPN

The NSF/SSO--MPLS VPN feature allows a provider edge (PE) router to preserve data forwarding information in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when the primary Route Processor (RP) restarts. This module describes how to enable nonstop forwarding (NSF) in a basic MPLS VPN network.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for NSF SSO--MPLS VPN

  • You must have a supported MPLS VPN network configuration. See Configuring MPLS VPNs for more information.

  • The networking device that is to be configured for NSF must first be configured for stateful switchover (SSO). See Stateful Switchover for more information

  • You must enable NSF on the routing protocols running between the provider (P) routers, provider edge (PE) routers, and customer edge (CE) routers. The supported routing protocols are Border Gateway Protocol (BGP), Open Shortest Path First (OSPF), and Intermediate System-to-Intermediate System (IS-IS). See Configuring Nonstop Forwarding for more information.

  • You must configure Cisco NSF support on the routers for Cisco Express Forwarding. See Configuring Nonstop Forwarding for more information.

  • All neighbor networking devices must be NSF-aware. Peer routers must support the graceful restart of the protocol used to communicate with the NSF/SSO--MPLS VPN-capable router.

Restrictions for NSF SSO--MPLS VPN

  • Tag Distribution Protocol (TDP) sessions are not supported. Only Label Distribution Protocol (LDP) sessions are supported.

  • The NSF/SSO--MPLS VPN feature cannot be configured on label-controlled ATM (LC-ATM) interfaces.

Information About NSF SSO--MPLS VPN

Elements That Enable NSF SSO--MPLS VPN

VPN NSF requires several elements in order to work:

  • VPN NSF uses the BGP Graceful Restart mechanisms to create MPLS forwarding entries for VPNv4 prefixes in NSF mode. The forwarding entries are preserved during a restart. BGP also saves prefix and corresponding label information and recovers the information after a restart.

  • The NSF/SSO--MPLS VPN feature also uses NSF for the label distribution protocol in the core network (either MPLS Label Distribution Protocol, traffic engineering, or static labeling).

  • The NSF/SSO--MPLS VPN feature uses NSF for the Interior Gateway Protocol (IGP) used in the core (OSPF or IS-IS).

  • The NSF/SSO--MPLS VPN feature uses NSF for the routing protocols between the PE and CE routers.

How VPN Prefix Information Is Checkpointed to the Backup Route Processor

When BGP allocates local labels for prefixes, it checkpoints the local label binding in the backup RP. The checkpointing function copies state information from the active RP to the backup RP, thereby ensuring that the backup RP has an identical copy of the latest information. If the active RP fails, the backup RP can take over with no interruption in service. Checkpointing begins when the active RP does a bulk synchronization, which copies all of the local label bindings to the backup RP. After that, the active RP dynamically checkpoints individual prefix label bindings when a label is allocated or freed. This allows forwarding of labeled packets to continue before BGP reconverges.

How BGP Graceful Restart Preserves Prefix Information During a Restart

When a BGP Graceful Restart-capable router loses connectivity, it performs the following actions as the restarting router:

  1. The restarting router establishes BGP sessions with other routers and relearns the BGP routes from other routers that are also capable of Graceful Restart. The restarting router waits to receive updates from the neighboring routers. When the neighboring routers send end-of-Routing Information Base (RIB) markers to indicate that they are done sending updates, the restarting router starts sending its own updates.

  2. The restarting router accesses the checkpoint database to find the label that was assigned for each prefix. If it finds the label, it advertises it to the neighboring router. If it does not find the label, it allocates a new label and advertises it.

  3. The restarting router removes any stale prefixes after a timer for stale entries expires.

A BGP Graceful Restart-capable peer router performs the following actions when it encounters a restarting router:

  1. The peer router sends all the routing updates to the restarting router. When it has finished sending updates, the peer router sends an end-of-RIB marker to the restarting router.

  2. The peer router does not immediately remove the BGP routes learned from the restarting router from its BGP routing table. As it learns the prefixes from the restarting router, the peer refreshes the stale routes if the new prefix and label information matches the old information.

If a router is not configured for the NSF/SSO--MPLS VPN feature and it attempts to establish a BGP session with a router that is configured with the NSF/SSO--MPLS VPN feature, the two routers create a normal BGP session but do not have the ability to perform the NSF/SSO--MPLS VPN feature.

How to Configure NSF SSO--MPLS VPN

Configuring NSF Support for Basic VPNs

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip cef [distributed]

    4.    router bgp autonomous-system-number

    5.    bgp graceful-restart

    6.    bgp graceful-restart restart-time seconds

    7.    bgp graceful-restart stalepath-time seconds

    8.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.

     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip cef [distributed]


    Example:
    Router(config)# ip cef distributed
     

    Enables Cisco Express Forwarding.

    • Use this command if Cisco Express Forwarding is not enabled by default on the router.

     
    Step 4 router bgp autonomous-system-number


    Example:
    Router(config)# router bgp 1
     

    Configures a BGP routing process and enters router configuration mode.

     
    Step 5 bgp graceful-restart


    Example:
    Router(config-router)# bgp graceful-restart
     

    Enables BGP Graceful Restart on the router.

     
    Step 6 bgp graceful-restart restart-time seconds


    Example:
    Router(config-router)# bgp graceful-restart restart-time 200
     

    (Optional) Specifies the maximum time to wait for a graceful-restart-capable neighbor to come back up after a restart.

     
    Step 7 bgp graceful-restart stalepath-time seconds


    Example:
    Router(config-router)# bgp graceful-restart stalepath-time 400
     

    (Optional) Specifies the maximum time to hold on to the stale paths of a gracefully restarted peer. All stale paths are deleted after the expiration of this timer.

     
    Step 8 end


    Example:
    Router(config-router)# end
     

    Exits to privileged EXEC mode.

     

    Verifying the Configuration

    SUMMARY STEPS

      1.    show ip bgp vpnv4 all labels

      2.    show ip bgp vpnv4 all neighbors

      3.    show ip bgp labels

      4.    show ip bgp neighbors


    DETAILED STEPS
      Step 1   show ip bgp vpnv4 all labels

      This command displays incoming and outgoing BGP labels for each route distinguisher. The following is sample output from the command:



      Example:
      Router# show ip bgp vpnv4 all labels
 
Network          Next Hop      In label/Out label
Route Distinguisher: 100:1 (vpn1)
   10.3.0.0/16      10.0.0.5        25/20
                    10.0.0.1        25/23
                    10.0.0.2        25/imp-null
   10.0.0.9/32      10.0.0.1        24/22
                    10.0.0.2        24/imp-null
      Step 2   show ip bgp vpnv4 all neighbors

      This command displays whether the BGP peers are capable of Graceful Restart. The following is sample output from the command:



      Example:
      Router# show ip bgp vpnv4 all neighbors
BGP neighbor is 10.0.0.1,  remote AS 100, internal link
  BGP version 4, remote router ID 10.0.0.1
  BGP state = Established, up for 02:49:47
  Last read 00:00:47, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Address family VPNv4 Unicast: advertised and received
    Graceful Restart Capabilty: advertised and received
      Remote Restart timer is 120 seconds
      Address families preserved by peer:
        VPNv4 Unicast
.
.
.
      Step 3   show ip bgp labels

      This command displays information about MPLS labels in the Exterior Border Gateway Protocol (EBGP) route table. The following is sample output from the command:



      Example:
      Router# show ip bgp labels
   Network          Next Hop      In label/Out label
   10.3.0.0/16      10.0.0.1        imp-null/imp-null
                    0.0.0.0         imp-null/nolabel
   10.0.0.9/32      10.0.0.1        21/29
   10.0.0.11/32     10.0.0.1        24/38
   10.0.0.13/32     0.0.0.0         imp-null/nolabel
   10.0.0.15/32     10.0.0.1        29/nolabel
                    10.0.0.1        29/21
      Step 4   show ip bgp neighbors

      This command displays whether the BGP peers are capable of Graceful Restart. The following is sample output from the command:



      Example:
      Router# show ip bgp neighbors
BGP neighbor is 10.0.0.1,  remote AS 100, external link
  BGP version 4, remote router ID 10.0.0.5
  BGP state = Established, up for 02:54:19
  Last read 00:00:18, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Address family IPv4 Unicast: advertised and received
    ipv4 MPLS Label capability: advertised and received
    Graceful Restart Capabilty: advertised and received
      Remote Restart timer is 120 seconds
      Address families preserved by peer:
        IPv4 Unicast
.
.
.

      Configuration Examples for NSF SSO--MPLS VPN

      Example NSF SSO--MPLS VPN for a Basic MPLS VPN

      The following sample output shows the configuration of the NSF/SSO--MPLS VPN feature on the CE and PE routers. SSO is enabled by default, and LDP is the default MPLS label protocol.

      CE1 Router 

      ip cef
no ip domain-lookup
!
interface Loopback0
 ip address 10.10.10.10 255.255.255.255
!
interface GigabitEthernet1/0/4
 ip address 10.0.0.1 255.0.0.0
 media-type 10BaseT
!
router ospf 100
 redistribute bgp 101
 nsf enforce global
 passive-interface GigabitEthernet1/0/4
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 101
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart network 10.0.0.0
 network 10.0.0.0
 neighbor 10.0.0.2 remote-as 100

      PE1 Router

      redundancy 
mode sso 
!
ip cef distributed
mpls ldp graceful-restart 
mpls label protocol ldp
ip vrf vpn1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
no mpls aggregate-statistics
!
interface Loopback0
 ip address 10.12.12.12 255.255.255.255
!
interface GigabitEthernet1/0/4
 ip vrf forwarding vpn1
 ip address 10.0.0.2 255.0.0.0
 !
 mpls ip
interface ATM3/0/0
 no ip address
!
interface ATM3/0/0.1 point-to-point
 ip unnumbered Loopback0
 mpls ip
!
router ospf 100
 passive-interface GigabitEthernet1/0/4
 nsf enforce global
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 100
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart 
 no bgp default ipv4-unicast
 neighbor 10.14.14.14 remote-as 100
 neighbor 10.14.14.14 update-source Loopback0
!
address-family ipv4 vrf vpn1
 neighbor 10.0.0.1 remote-as 101
 neighbor 10.0.0.1 activate
 exit-address-family
!
address-family vpnv4
 neighbor 10.14.14.14 activate
 neighbor 10.14.14.14 send-community extended
 exit-address-family

      PE2 Router

      redundancy 
mode sso 
!
ip cef distributed
mpls ldp graceful-restart 
mpls label protocol ldp
!
ip vrf vpn1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
no mpls aggregate-statistics
!
!
interface Loopback0
 ip address 10.14.14.14 255.255.255.255
!
interface ATM1/0
 no ip address
!
interface ATM1/0.1 point-to-point
 ip unnumbered Loopback0
 mpls ip
!
interface FastEthernet3/0/0
 ip vrf forwarding vpn1
 ip address 10.0.0.1 255.0.0.0
 ip route-cache distributed
!
router ospf 100
 nsf enforce global
 passive-interface FastEthernet3/0/0
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 100
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart 
 no bgp default ipv4-unicast
 neighbor 10.12.12.12 remote-as 100
 neighbor 10.12.12.12 update-source Loopback0
!
address-family ipv4 vrf vpn1
 neighbor 10.0.0.2 remote-as 102
 neighbor 10.0.0.2 activate
 exit-address-family
!
address-family vpnv4
 neighbor 10.12.12.12 activate
 neighbor 10.12.12.12 send-community extended
 exit-address-family

      CE2 Router 

      ip cef
!
interface Loopback0
 ip address 10.13.13.13 255.255.255.255
!
interface FastEthernet0/1
 ip address 10.0.0.2 255.0.0.0
 no ip mroute-cache
!
router ospf 100
 redistribute bgp 102
 nsf enforce global 
 passive-interface FastEthernet0/1
 network 10.0.0.0 0.255.255.255 area 100
!
router bgp 102
 no synchronization
 bgp graceful-restart restart-time 120 
 bgp graceful-restart stalepath-time 360 
 bgp graceful-restart 
 network 10.0.0.0
 network 10.0.0.0
 neighbor 10.0.0.1 remote-as 100

      Additional References

      The following sections provide references related to the MPLS High Availability feature.

      Related Documents

      Related Topic

      Document Title

      MPLS VPNs Non Stop Forwarding

      NSF/SSO—MPLS VPN

      MPLS LDP Non Stop Forwarding

      NSF/SSO—MPLS LDP and LDP Graceful Restart

      AToM Non Stop Forwarding

      NSF/SSO: Any Transport over MPLS and Graceful Restart

      Cisco Express Forwarding

      Cisco Express Forwarding: Command Changes

      MIBs

      • MPLS VPN: SNMP MIB Support

      • MPLS Label Distribution Protocol MIB Version 8 Upgrade

      • MPLS Label Switching Router MIB

      • MPLS Enhancements to Interfaces MIB

      • MPLS Traffic Engineering (TE) MIB

      NSF/SSO

      Cisco Nonstop Forwarding

      MPLS High Availability: Command Changes

      Standards

      Standard

      Title

      draft-ietf-mpls-bgp-mpls-restart.txt

      Graceful Restart Mechanism for BGP with MPLS

      draft-ietf-mpls-idr-restart.txt

      Graceful Restart Mechanism for BGP

      MIBs

      MIB

      MIBs Link

      • MPLS VPN MIB

      • MPLS Label Distribution Protocol MIB Version 8 Upgrade

      To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

      http:/​/​www.cisco.com/​go/​mibs

      RFCs

      RFC

      Title

      RFC 3478

      Graceful Restart Mechanism for Label Distribution

      Technical Assistance

      Description

      Link

      The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register on Cisco.com.

      http:/​/​www.cisco.com/​techsupport

      Feature Information for NSF SSO--MPLS VPN

      The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

      Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.
      Table 1 Feature Information for NSF/SSO--MPLS VPN

      Feature Name

      Releases

      Feature Information

      NSF/SSO--MPLS VPN

      Cisco IOS XE Release 2.1

      This feature allows a provider edge router to preserve data forwarding information in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) when the primary Route Processor restarts.