L3 packets are encapsulated with L3VPN label and are sent over MPLS tunnel in the ingress node. In the L3VPN ingress node, VRF is identified from the incoming L3 interface. Packets undergo route lookup to identify the route to forward the packet. Based on the route information, outgoing L3VPN label is decided. Out Label information is obtained as part of the BGP route exchange.
Note
ECMP for L3VPN is supported along with other native property of underlying MPLS tunnel.Extreme Networks devices support uniform mode. Pipe and Short-pipe modes are not supported.
In Layer 3 VPN, tunnel termination occurs at egress node.
L3 VPN packets at egress node come with the header that must have L3VPN label (MPLS), and the DA Mac must be the incoming interface (physical or Virtual Ethernet) MAC address.
On egress node, the L3VPN label is terminated, and the VRF-id is be derived to initiate the IP lookup with the VRF-ID and in case of matching DIP entry, traffic forwarding is processed.
Incoming packets on egress node are processed in different ways depending on different modes configured (RFC 3270) on the device. Extreme Networks devices support uniform and pipe mode. Short-pipe mode is not supported.
Packets with L3VPN label TTL=1 and TTL=0 are trapped to CPU and they are dropped. If a tunnel termination occurs, the packet size is reduced. If the outgoing port MTU configured size is lesser than this outgoing packet size, packets are sent to CPU for fragmentation depending on DF bit setting. Extreme Networks SLX-OS supports tunnel-termination statistics per VPN label
Tunnel termination happens at egress node. The L3VPN packet at egress node comes withL3VPN label (MPLS) and the DA Mac is the incoming interface MAC address. On egress node, the L3VPN label is terminated and the vrf-id is derived from the label value. After the label termination, IP lookup is launched with the derived vrf-id and in case of matching DIP entry, traffic forwarding happens. The outgoing packet from this node is the regular L3 packet.
Note
Currently, support is only for PHP. MPLS Tunnel Label is terminated at PHP node. Egress PE will always receive packet with only L3VPN label.After the L3VPN label termination, IP lookup is launched based on packet header's next nibble field after the L3VPN Label. If it is 4, IPv4 route lookup is launched. If it is 6, IPv6 lookup is launched.
Note
IPv4/IPV6 lookup is not dependent on VRF address-family configuration. If DA MAC is not MyMAC (incoming interface MAC), regular L2 flooding happens.
When packets are received at the Border Leaf PE from the MPLS network, towards the IP-Fabric network, the VTEP/GW (PE) uses the EXP-to-DSCP map to derive the QoS for the IP packet before transmission. The EXP-to-DSCP map is used to map the MPLS EXP value to the corresponding DSCP value which would then be used to encapsulate the VxLAN header.
When packets are received at the PE from the VxLAN IP-Fabric, towards the MPLS network, the VTEP/GW (PE) uses the DSCP-to-EXP map to derive the outgoing EXP value. The packets are then encapsulated with the MPLS header and the appropriate EXP value before being transmitted. This EXP value is copied to the Transport Label (Tunnel Label) and the L3VPN label of the packet.
MPLS L3VPN QOS support is available for SLX 9740 and Extreme 8820 platforms only.