MPLS(4) | Device Drivers Manual | MPLS(4) |
mpls
—
Multiprotocol Label Switching
options MPLS
pseudo-device mpls
#include <sys/types.h>
#include <netmpls/mpls.h>
MultiProtocol Label Switching represents a mechanism which directs and carries data in high-performance networks, its techniques being applicable to any network layer protocol.
In an MPLS domain the assignment of a particular packet a particular Forward Equivalence Class is done just once, as the packet enters the network. The FEC to which the packet is assigned is encoded as a short fixed length value known as a “label”. When a packet is forwarded to the next hop, the label is sent along with it; that is, the packets are “labeled” before they are forwarded.
A router capable of receiving and forwarding MPLS frames is called “Label Switch Router” or LSR. Label scope is generally router-wide meaning that a certain label has a specific meaning only for a certain LSR.
Currently, NetBSD supports MPLS over Ethernet interfaces and GRE tunnels. For these kind of interfaces, a label is contained by a fixed sized “shim” that precedes any network layer headers, just after data link layer headers.
In network bit order:
------------------------------------------- | | | | | | Label | TC | BoS | TTL | | 20 bits | 3 bits | 1 bit | 8 bits | | | | | | -------------------------------------------
RFC 5462
)
documents.The MPLS behavior is controlled by the
net.mpls
sysctl(8) tree:
net.mpls.accept
net.mpls.forwarding
net.mpls.ttl
net.mpls.inet_mapttl
net.mpls.inet6_mapttl
net.mpls.inet_map_prec
net.mpls.inet6_map_prec
net.mpls.icmp_respond
net.mpls.rfc4182
RFC
4182
MPLS routes may be created using AF_MPLS
sa_family
sockaddrs for destination and tag fields.
Other protocols can be encapsulated using routes pointing to mpls
pseudo-interfaces, and AF_MPLS
sockaddrs for tags.
Decapsulation can be made using values of reserved labels set in the tag
field (see below). For more information about doing this using userland
utilities see the EXAMPLES section of
this manual page.
The netstat(1) and route(8) utilities should be used to manage routes from userland.
The NetBSD implementation stores route tagging information into a sockaddr_mpls structure that is referenced by the rt_tag field of rtentry struct. For storing multiple labels associated with the next-hop, the current implementation abuses the sockaddr_mpls structure, extending it in order to fit a stack of labels.
ldpd(8) should be used in order to automatically import, manage and distribute labels among LSRs in the same MPLS domain.
MPLS labels 0 through 15 are reserved. Out of those, only four are currently defined:
# ifconfig mpls0 create up # ifconfig mpls0 inet 192.168.0.1/32
# route add 10.0.0.0/8 -ifp mpls0 -tag 25 -inet 192.168.1.100
# route add -mpls 50 -tag 33 -inet 192.168.1.101 add host 50: gateway 192.168.1.101 # route -n get -mpls 50 route to: 50 destination: 50 gateway: 192.168.1.101 Tag: 33 local addr: 192.168.1.180 interface: sk0 flags: <UP,GATEWAY,HOST,DONE,STATIC> recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire 0 0 0 0 0 0 0 0 sockaddrs: <DST,GATEWAY,IFP,IFA,TAG>
# route add 10.0.0.0/8 -ifa 192.168.1.180 -ifp mpls0 -tag 25 -inet 192.168.1.100
# route add -mpls 60 -tag 3 -inet 192.168.1.100
# route add 10/8 -ifa 192.168.1.200 -ifp mpls0 -tag 20,30,40 -inet 192.168.1.100
# route add -mpls 60 -tag 30,40,41 -inet 192.168.1.100
netstat(1), route(4), ldpd(8), route(8), sysctl(8)
Multiprotocol Label Switching Architecture, RFC 3031.
MPLS Label Stack Encoding, RFC 3032.
Removing a Restriction on the use of MPLS Explicit NULL, RFC 4182.
MPLS Label Stack Entry: EXP Field Renamed to Traffic Class Field, RFC 5462.
The mpls
support appeared in
NetBSD 6.0.
User must be aware that encapsulating IP packets in MPLS implies a major security effect when using firewalls. Currently neither ipf(4) nor pf(4) implement the heuristics in order to look inside an MPLS frame. Moreover, it's technically impossible in most cases for an LSR to know information related to encapsulated packet. Therefore, MPLS Domains should be strictly controlled and, in most cases, limited to trusted connections inside the same Autonomous System.
Users must be aware that the MPLS forwarding domain is entirely separated from the inner (IP, IPv6 etc.) forwarding domain and once a packet is encapsulated in MPLS, the former forwarding is used. This could result in a different path for MPLS encapsulated packets than the original non-MPLS one.
IP or IPv6 forwarding is not necessary for MPLS forwarding. Your
system may still forward IP or IPv6 packets encapsulated into MPLS if
net.mpls.forwarding
is set.
September 14, 2018 | NetBSD 10.99 |