ILM forwarding on a trusted interface behaves as in prior releases and is not changed. The ILM forwarding bit map is ignored and packets are forwarded normally.
ILM forwarding on an untrusted interface follows these rules:
Only the top-most label in the label stack in a received packet is checked against the next set of rules. The top label can correspond to any one of the following applications:
a transport label with a pop or swap operation of static, RSVP-TE, SR-TE, LDP, SR-ISIS, SR-OSPF, or BGP-LU
a BGP VPRN inter-AS option B label with a swap operation when the router acts in the ASBR role for VPN routes
a service delimiting label for a local VRF when the router acts as a PE in a VPRN service
The data path checks the bit position in the bit map in the ILM record, when present, that corresponds to the untrusted interface identification number in the interface record and then makes a forwarding decision to drop or forward.
A decision to forward means that a labeled packet proceeds to the regular ILM processing and its label stack is checked against the table of programmed ILMs to decide if the packet should be:
dropped
forwarded to CPM
forwarded as an MPLS packet
forwarded as an IP packet in a GRT or a VRF context
forwarded as a packet in a Layer 2 service context
The following are the processing rules of the ILM:
interface default-forwarding=forward and ILM bit-map not present ⇒ forward packet
interface default-forwarding=forward and interface forwarding bit position in the ILM bit-map 1 ⇒ forward packet
interface default-forwarding=forward and interface forwarding bit position in the ILM bit-map zero ⇒ drop packet
interface default-forwarding=drop and ILM bit-map not present ⇒ drop packet
interface default-forwarding=drop and interface forwarding bit position in the ILM bit-map zero ⇒ drop packet
interface default-forwarding=drop and interface forwarding bit position in the ILM bit-map 1 ⇒ forward packet
When the EBGP neighbor is not directly connected, BGP does not track that neighbor (see CPM behavior). In this case, the VPRN packet is received with a transport label or without a transport label if implicit-null is enabled in LDP or RSVP-TE for the transport label. Either way, the forwarding decision for the packet is solely dictated by the configuration of the default-forwarding value on the incoming interface.
If the direct EBGP neighbor sends a VPRN packet using the MPLS-over-GRE encapsulation, the data path does not check the interface forwarding bit position in the ILM bit map. In this case, the forwarding decision of the packet is solely dictated by the configuration of the default-forwarding value on the incoming interface.
SR OS EBGP neighbors never use the MPLS-over-GRE encapsulation over an inter-AS link, but third party implementations may do this.