A Closer Look At Forward Equivalence Class (FEC)

Before I start anything on this topic, I would highly recommend you to read an excellent article by Jeff Doyle in NetworkWorld on the same subject. In conventional IP forwarding, two packets are said to be in be in same FEC if the Layer 3 longest prefix match lookup returns the same next hop. The case is different when some kind of load sharing exists, but Cisco routers by default uses per-destination (source/destination pair) based load sharing. So a stream of packets will have the same next hop and can be said to be in same FEC. What happens next? When the packet reaches the next hop router, it also does the same thing – does a Layer 3 Lookup, find the next hop and then send the packet to that router till it reaches its destination.

How does the above given process differ when you use MPLS? When you use MPLS, FEC assignment and next hop determination are done only once – at the ingress router. Once a label has been assigned to a router, the subsequent routers will not do a Layer 3 lookup and it will just ‘switch’ the packet from one interface to another. This is one of the advantages of using MPLS.
Advantages of MPLS FEC
  1. MPLS forwarding in the core can be done by switches capable of label lookup and swapping.
  2. Since FEC is assigned at the ingress point, it may use parameters other than that are present in the IP Header to select an FEC. Eg: Packets arriving on a particular interface may be assigned a different FEC.
  3. A packet entering one ingress point may be given a different treatment than the same packet entering another router. ISPs can use this feature so that they can terminate their premium customers on a different router or a switch. This combined with #2 can serve as a good method of classifying customers accordingly.
  4. Explicit paths for a particular FEC can be specified. This is simpler, compared to traditional methods where routing protocol determines the next hop and path. Any change if needed, will be CPU intensive and requires alteration of many parameters. In MPLS, this can be done using a Label.
FEC And Labels in Action
Let us consider the same topology which we considered in the last post also.  It is shown below:
A Closer Look At FEC
So I am going to ping the loopback interface and WAN IP of R4 from R1. So here it is:
Ping and Labels
 The diagram also shows the labels assigned with the destinations which we are pinging. So if I want to ping a destination 192.168.4.1 it uses the label 19, while label 16 is used for a destination 172.16.34.0/30. What this essentially means is that both the packets are assigned to different FECs although they are going to same router. The FEC and next hop is determined here. Let us see how the Layer 2 frame is organized for the both cases:
Packet to 192.168.4.1
Ping R4 Loopback
Packet to 172.16.34.2
Ping R4 WAN
You can see the corresponding labels assigned and stack bit is also set, since this is the only label.
Now let us see what happens at R2, when this packet arrives:
R2 Label Bindings
Packet to 172.16.34.2
Ping R4 WAN - Packet at R2
Packet to 192.168.4.1
Ping R4 Loopback - Packet at R2 out

R2 removes the label on packet when it is destined towards 172.16.34.0 /30 network. This is very evident from the implicit null shown for that network in the above figure. For a packet destined towards 192.168.4.1, the label would be swapped and the new label would be 19 if the when the next LSR in question is R3. And there not much happening in R2 to forward this packet to next LSR. It just does a label swap and switching which is very evident from the next screenshot.
MPLS Processing at R2
 This was a topic which I needed to pay more attention when I studied MPLS. When I use debug ip packet command, it shows no output in R2. Even when MPLS is not used, debug ip packet does not display any output. Otherwise, we could see what is happening inside the router.

 Recommended Reading

  1. MPLS and VPN Architectures by Pepelnjak, Ivan, Guichard, Jim
  2. MPLS and VPN Architectures, Volume II 

Understanding The MPLS Header

The basic understanding of MPLS starts with the concepts of MPLS header and some related information. Let us analyze what happens when a plain IP packet enters an MPLS enabled router. Before that, I would like to introduce some terms which are related to our discussion.
LSR: Label Switch Router is any router in the network which can process MPLS labels. Processing includes PUSH (add a new label to a frame), POP (remove a label from a frame), SWAP a label. An Edge LSR is a device which can process unlabelled packet, use Layer 3 lookup and assign a label.
FEC: Forwarding Equivalence Class is a set of packets which receive the same treatment in the forward direction. The treatment may be dependent on the destination IP address, source IP address, DSCP value etc.
LSP: Label Switched Path can be thought of as a virtual circuit from one end point (Edge LSR) to another end point (Edge LSR). A number of LSRs contribute to a full LSP. LSP is setup before the actual data flow.
Let us see what happens when a plain IP packet enters an MPLS enabled router. The router (Edge LSR) would analyze the packet and assign an FEC to the packet. Secondly the packet is assigned a label based on the FEC. So how does this change incoming frame? Following picture depicts the transformation which a Layer 2 frame undergoes.
MPLS Label Stack Header
It clearly shows that another label is inserted between Layer 3 datagram and Layer 3 Header. That is MPLS label. Sometimes, it is also called as Shim Header. Let us pay some more attention to MPLS label format. The total length of the MPLS header is 32 bits ( 4 bytes or octets ). The first 20 bits constitute a label, which can have 2^20 values. Next comes 3 bit value called Traffic Class. It was formerly called as experimental (EXP) field. Now it has been renamed to Traffic Class (TC). This field is used for QoS related functions. Ingress router can classify the packet according to some criterion and assign a 3 bit value to this filed. If an incoming packet is marked with some IP Precedence or DSCP value and the ingress router may use such a field to assign an FEC to the packet. Next bit is Stack bit which is called bottom-of-stack bit. This field is used when more than one label is assigned to a packet, as in the case of MPLS VPNs or MPLS TE. Next byte is MPLS TTL field which serves the same purpose as that of IP TTL byte in the IP header.
How does an MPLS enabled router distinguish between a labelled and unlabelled frame? To facilitate this, some more protocol types were defined above Layer 2. These protocols modify Layer 2 protocol’s protocol identifier. In case of Ethernet, Ethertype value is changed to 0x8847 or 0x8848. On a point to point link using PPP as layer 2 protocol, a new Network Control Protocol called MPLS Control Protocol (MPLSCP) was made. For MPLS packets, PPP protocol field value is changed to 0x8281. To better understand the changes happening in a Layer 2 frame, when it enters a MPLS router, let us consider a scenario as shown in the following diagram.
Understanding MPLS Header Topology
All the routers in the above diagram run OSPF as IGP with Loopback0 as router-id. All the interfaces are Ethernet Interfaces and are MPLS enabled. The relevant configuration is shown below:





!
hostname R1
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface Ethernet0/0
description Connection to R2
ip address 172.16.12.1 255.255.255.252
half-duplex
tag-switching ip
!
router ospf 100
router-id 192.168.1.1
log-adjacency-changes
network 172.16.12.0 0.0.0.3 area 0
network 192.168.1.1 0.0.0.0 area 0
!

!
hostname R2
!
interface Loopback0
ip address 192.168.2.1 255.255.255.255
!
interface Ethernet0/0
description Connection to R1
ip address 172.16.12.2 255.255.255.252
half-duplex
tag-switching ip
!
interface Ethernet0/1
description Connection to R3
ip address 172.16.23.1 255.255.255.252
half-duplex
tag-switching ip
!
router ospf 100
router-id 192.168.2.1
log-adjacency-changes
network 172.16.12.0 0.0.0.3 area 0
network 172.16.23.0 0.0.0.3 area 0
network 192.168.2.1 0.0.0.0 area 0
!

!
hostname R3
!
interface Loopback0
ip address 192.168.3.1 255.255.255.255
!
interface Ethernet0/0
description Connection to R2
ip address 172.16.23.2 255.255.255.252
half-duplex
tag-switching ip
!
interface Ethernet0/1
description Connection to R4
ip address 172.16.34.1 255.255.255.252
half-duplex
tag-switching ip
!
router ospf 100
router-id 192.168.3.1
log-adjacency-changes
network 172.16.23.0 0.0.0.3 area 0
network 172.16.34.0 0.0.0.3 area 0
network 192.168.3.1 0.0.0.0 area 0
!

!
hostname R4
!
interface Loopback0
ip address 192.168.4.1 255.255.255.255
!
interface Ethernet0/0
description Connection to R3
ip address 172.16.34.2 255.255.255.252
half-duplex
tag-switching ip
!
router ospf 100
router-id 192.168.4.1
log-adjacency-changes
network 172.16.34.0 0.0.0.3 area 0
network 192.168.4.1 0.0.0.0 area 0
!




Now let us see what happens when I ping the loopback interface of R1 from R4. Following diagram is the packet capture of such a ping request. The capture is taken from the segment R2 – R3 so that we can view the MPLS label.


MPLS Label Header


You can clearly see the Modified Ethertype and MPLS label which is inserted in the ICMP packet. To make things easier, a frame without MPLS header is also shown below:




























Plain Layer 2 Frame

 Recommended Reading

  1. MPLS and VPN Architectures by Pepelnjak, Ivan, Guichard, Jim
  2. MPLS and VPN Architectures, Volume II

What Is MPLS and Why do we need it?

Multi Protocol Label Switching (MPLS) in simple terms, which enables a Service Provider (SP) to offer scalable and internetworking solutions for its clients. In addition to scalability, MPLS offers Traffic Engineering (TE) and Quality of Service (QoS). While TE is more oriented towards SP, scalability and QoS features will benefit both SP and its customers. What MPLS does is an addition of one or more labels which is inserted between Layer 2 header and Layer 3 header in a datagram. An additional label offers one more way of packet forwarding in addition to the traditional IP lookup. Since the MPLS label is placed just before Layer 3 header and after Layer 2 header, an SP router uses MPLS label in its core to make forwarding decisions, instead of Layer 3 information. Now, let me try to answer the question : ‘Why do we need MPLS?’.
Scalability: In this age of globalisation, business is expanding like never before. As businesses reach more destinations, their need of being connected with other locations increases. Expansion can introduce difficulties for organizations as well as Service Providers. When the number of locations getting connected to each other increases, it becomes very difficult to manage. Service Providers face more problems because they have to serve multiple customers and everyone is reaching out for more and more locations. To add to this problems, the competition in the market has also grown up significantly, which forces Service Providers to offer cost effective and easy to manage solutions to their customers. MPLS is an answer to all such issues. MPLS gives service providers ability to scale up very easily and without difficulty. In the early days of Internetworking, a service provider had to manage many virtual circuits, deal with different technologies and all. But with MPLS enabled cores, it has become very easy for them to manage such situations. Further, they can reach out to other expanding markets – even those markets where they have no physical presence, also without much complications through Network-to-Network Interface (NNI). NNI is a kind of partnership with another service provider who can deliver connectivity links in the target market.
For customers, they can expand their core business without having to worry about the connectivity issues. Since SP can also participate in the connectivity for them, they do not have to deal with many issues like managing their own routing – which many organizations used to do earlier. With the emergence of Managed Solutions, customers can free themselves of managing the network connectivity. The SP will take care of all their connectivity needs.
Quality of Service: With multimedia applications gaining popularity and migration towards IP based PABX systems, it is essential to have QoS in place. IP based voice service needs to have more priority as it is very sensitive to delay, jitter etc. Also, more and more video applications are finding its place in enterprise networks as Video Conferencing and Telepresence solutions can bring down the cost of travel and save time. Such applications also need to be given priority in addition to the business critical applications. Earlier, ATM was the answer for many people to have QoS. But the things have changed as usage of ATM itself needs migration to another technology and it requires capital expenditure also. MPLS can provide ATM like QoS features. MPLS label has a 3 bit field called Traffic Class (TC) which was formerly known as EXP (Experimental) field. Core routers can provide different set of treatment for each MPLS frame based on the value of TC.
Flexibility: As a technology, MPLS imposes few restrictions on interoperability with other technologies. Suppose, for a customer who has got global presence needs to connect his various offices across the globe. Most of the Service Providers in North America would be offering SONET/ATM based connectivity, while their European counterparts may be using SDH. Many countries in Asia are using Ethernet as a preferred technology for WAN connectivity. In such cases, it becomes a pain to make all these technologies to work together using plain IP VPN. Different technologies may need more technological as well as capital expenditure. But MPLS makes this easy. MPLS can interoperate with various technologies. With Any Traffic over MPLS (AToM) a Service Provider can transport Layer 2 frames over MPLS backbone. This makes life easier for both customers and providers. Also, with Interworking IP, one can have a Layer 2 VPN with Serial link on one side and Ethernet on the other side.
Besides the flexibility with technology itself, the Service Provider can offer both Layer 2 and Layer 3 VPNs on the same platform. Customers who want to manage their routing can do it themselves with Layer 2 VPN and others can use Layer 3 VPN. Such a common platform can would make the life easy for a sales guy who can very well address the customer requirements and offer exciting solutions.
Traffic Engineering: This is a feature that every Service Provider would love to use. Mostly, SPs would be having more than one link between different routers, both for redundancy and for meeting customer requirements. The problem arises, when the bandwidth of these links are different. SP can configure the load sharing between these links using various IGP features, but that may prove to be very difficult and the model itself is not scalable. If the configurations are not properly documented, troubleshooting can be a pain. MPLS traffic Engineering can address such scenarios. The use of TE along with IGP can provide better solution.
MPLS is more oriented towards Service Providers. A customer network need not be aware of MPLS and for most of the links a default route from Customer router to Provider router is enough. While a provider can address the network scalability and redundancy issues, customer can concentrate on his core business without having too much bothered about network connectivity.

 Recommended Reading

  1. MPLS and VPN Architectures by Pepelnjak, Ivan, Guichard, Jim
  2. MPLS and VPN Architectures, Volume II