xref: /netbsd-src/share/man/man4/mpls.4 (revision b1c86f5f087524e68db12794ee9c3e3da1ab17a0) 
1.\" $NetBSD: mpls.4,v 1.2 2010/06/29 15:05:43 wiz Exp $
2.\"
3.\" Copyright (c) 2010 The NetBSD Foundation, Inc.
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\"  1. Redistributions of source code must retain the above copyright
10.\"     notice, this list of conditions and the following disclaimer.
11.\"  2. Redistributions in binary form must reproduce the above copyright
12.\"     notice, this list of conditions and the following disclaimer in the
13.\"     documentation and/or other materials provided with the distribution.
14.\"
15.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
16.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
17.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
18.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
19.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
20.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
21.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
23.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
24.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
25.\" POSSIBILITY OF SUCH DAMAGE.
26.\"
27.Dd June 29, 2010
28.Dt MPLS 4
29.OS
30.Sh NAME
31.Nm mpls
32.Nd Multiprotocol Label Switching
33.Sh SYNOPSIS
34.Cd options MPLS
35.Cd pseudo-interface ifmpls
36.In sys/types.h
37.In netmpls/mpls.h
38.Sh DESCRIPTION
39MultiProtocol Label Switching represents a mechanism which directs
40and carries data in high-performance networks, its techniques being
41applicable to any network layer protocol.
42.Pp
43In an MPLS domain the assignment of a particular packet a particular
44Forward Equivalence Class is done just once, as the packet enters the
45network.
46The FEC to which the packet is assigned is encoded as a
47short fixed length value known as a
48.Dq label .
49When a packet is forwarded to the next hop, the label is sent along
50with it; that is, the packets are
51.Dq labeled
52before they are forwarded.
53.Pp
54A router capable of receiving and forwarding MPLS frame is called
55.Dq Label Switch Router
56or LSR.
57Label scope is generally router-wide meaning that a certain
58label has a specific meaning only for a certain LSR.
59.Pp
60Currently,
61.Nx
62supports MPLS over Ethernet interfaces and GRE tunnels.
63For these kind of interfaces, a label is contained by a fixed
64sized
65.Dq shim
66that precedes any network layer headers, just after data
67link layer headers.
68.Ss MPLS shim header structure
69In network bit order:
70.Bd -literal
71-------------------------------------------
72|               |        |       |        |
73| Label         | Exp.   | BoS   | TTL    |
74| 20 bits       | 3 bits | 1 bit | 8 bits |
75|               |        |       |        |
76-------------------------------------------
77.Ed
78.Bl -tag -width "Bottom of stack"
79.It Label
8020 bits representing FEC, consequently the only information
81used to forward the frame to next-hop
82.It Experimental
833 bits that are sometimes used for specifying a type of service
84.It Bottom of stack
851 bit that is set for the last entry in the shim
86stack and 0 for all others.
87This way, multiple labels can
88be prepended to a single packet.
89.It TTL
908 bits, representing Time to Live, decremented at every LSR.
91.El
92.Sh USAGE
93The MPLS behavior is controlled by the
94.Li net.mpls
95.Xr sysctl 8
96tree:
97.Bl -tag -width "net.mpls.inet6_map_prec"
98.It Li net.mpls.accept
99If zero, MPLS frames are dropped on sight on ingress interfaces.
100.It Li net.mpls.forwarding
101If zero, MPLS frames are not forwarded to next-hop.
102.It Li net.mpls.ttl
103The default ttl for self generated MPLS frames.
104.It Li net.mpls.inet_mapttl
105If set, TTL field from IP header will be mapped
106into the MPLS shim on encapsulation, and the TTL field from MPLS shim
107will be copied into IP header on decapsulation.
108.It Li net.mpls.inet6_mapttl
109The IPv6 version of the above.
110.It Li net.mpls.inet_map_prec
111If set, precedence field from IP header will be
112mapped into MPLS shim EXP bits on encapsulation, and the MPLS EXP
113field will be copied into IP Precedence field on decapsulation.
114.It Li net.mpls.inet6_map_prec
115The IPv6 version of the above.
116.It Li net.mpls.icmp_respond
117Returns ICMP TTL exceeded in transit when an MPLS
118frame is dropped because of TTL = 0 on egress interface.
119.El
120In order to encapsulate and decapsulate to and from MPLS, an mpls
121pseudo-interface must be created and packets that should be encapsulated
122must be routed to that interface.
123.Pp
124.Dq Pure
125MPLS routes can be created using
126.Dv AF_MPLS
127.Li sa_family
128sockaddrs for destination and tag fields.
129Other protocols can be encapsulated using
130routes pointing to mpls pseudo-interfaces, and
131.Dv AF_MPLS
132sockaddrs for tags.
133Decapsulation can be made using values of reserved labels set in
134the tag field (see below).
135For more information about doing this using
136userland utilities see the
137.Sx EXAMPLES
138section of this manual page.
139.Pp
140The
141.Xr netstat 1
142and
143.Xr route 8
144utilities should be used to manage routes from userland.
145.Pp
146.Xr ldpd 8
147should be used in order to automatically import, manage and
148distribute labels among LSRs in the same MPLS domain.
149.Ss RESERVED LABELS
150MPLS labels 0 through 15 are reserved.
151Out of those, only four are currently defined:
152.Bl -tag -width X
153.It 0
154IPv4 Explicit NULL label.
155This label value is only legal at the bottom of the label stack.
156It indicates that the label stack must be popped,
157and the forwarding of the packet must then be based on the IPv4 header.
158.It 1
159Router Alert Label.
160Currently not implemented in
161.Nx .
162.It 2
163IPv6 Explicit NULL label.
164It indicates that the label stack must be popped, and the forwarding
165of the packet must then be based on the IPv6 header.
166.It 3
167Implicit NULL label.
168This is a label that an LSR may assign and
169distribute, but which never actually appears in the encapsulation.
170When an LSR would otherwise replace the label at the top of the stack
171with a new label, but the new label is
172.Dq Implicit NULL ,
173the LSR will pop the stack instead of doing the replacement.
174.El
175.Sh EXAMPLES
176.Bl -enum
177.It
178Create an MPLS interface and set an IP address:
179.Bd -literal
180# ifconfig mpls0 create up
181# ifconfig mpls0 inet 192.168.0.1/32
182.Ed
183.It
184Route IP packets into MPLS domain with a specific tag
185.Bd -literal
186# route add 10.0.0.0/8 -ifp mpls0 -tag 25 192.168.1.100
187.Ed
188.It
189Create a static MPLS forwarding rule - swap the incoming
190label 50 to 33 and forward the frame to 192.168.1.101 and verify
191the route
192.Bd -literal
193# route add -mpls 50 -tag 33 -inet 192.168.1.101
194add host 50: gateway 192.168.1.101
195# route -n get -mpls 50
196   route to: 50
197destination: 50
198    gateway: 192.168.1.101
199        Tag: 33
200 local addr: 192.168.1.180
201  interface: sk0
202      flags: \*[Lt]UP,GATEWAY,HOST,DONE,STATIC\*[Gt]
203recvpipe  sendpipe  ssthresh  rtt,msec    rttvar  hopcount      mtu     expire
204      0         0         0         0         0         0         0         0
205sockaddrs: \*[Lt]DST,GATEWAY,IFP,IFA,TAG\*[Gt]
206.Ed
207.It
208Route IP packets into MPLS domain but use a different source
209address for local generated packets.
210.Bd -literal
211# route add 10.0.0.0/8 -ifa 192.168.1.180 -ifp mpls0 -tag 25 192.168.1.100
212.Ed
213For the latter example, setting an IP address for the mpls0 interface
214is not necessary.
215.It
216Route MPLS packets encapsulated with label 60 to 192.168.1.100 and POP label
217.Bd -literal
218# route add -mpls 60 -tag 3 -inet 192.168.1.100
219.Ed
220.El
221.Sh SEE ALSO
222.Xr netstat 1 ,
223.Xr route 4 ,
224.Xr ldpd 8 ,
225.Xr route 8 ,
226.Xr sysctl 8
227.Rs
228.%R RFC 3031
229.%T Multiprotocol Label Switching Architecture
230.Re
231.Rs
232.%R RFC 3032
233.%T MPLS Label Stack Encoding
234.Re
235.Sh HISTORY
236The
237.Nm
238support appeared in
239.Nx 6.0 .
240.Sh SECURITY CONSIDERATIONS
241User must be aware that encapsulating IP packets in MPLS implies a
242major security effect when using firewalls.
243Currently neither
244.Xr ipf 4
245nor
246.Xr pf 4
247implement the heuristics in order to look inside an MPLS frame.
248Moreover, it's technically impossible in most cases for an LSR to
249know information related to encapsulated packet.
250Therefore, MPLS Domains should be strictly controlled and, in most
251cases, limited to trusted connections inside the same Autonomous
252System.
253.Pp
254Users must be aware that the MPLS forwarding domain is entirely separated
255from the inner (IP, IPv6 etc.) forwarding domain and once a packet is
256encapsulated in MPLS, the former forwarding is used.
257This could result in a different path for MPLS encapsulated packets
258than the original non-MPLS one.
259.Pp
260IP or IPv6 forwarding is not necessary for MPLS forwarding.
261Your system may still forward IP or IPv6 packets encapsulated into
262MPLS if
263.Li net.mpls.forwarding
264is set.
265