bnl mpls intro services
TRANSCRIPT
-
8/2/2019 BNL MPLS Intro Services
1/118
1Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Basics and In-Depth
BNL UpdateJune 29, 2004
Overview of MPLS Fundamentals, Basic Operation,and In-Depth overview of Service Capabilities
Craig HillEmail: [email protected] SE IP Core
Federal Area
-
8/2/2019 BNL MPLS Intro Services
2/118
22MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 2
MPLS Brief Overview and In-depth Session
MPLS Overview
This session will provide the fundamentals for understanding MPLStechnology basics. The discussion will include MPLS evolution,terminology, functions of labels, label format, label distribution, as well asencapsulations and basic operation of an MPLS-enabled network. Ciscoproducts supporting MPLS will also be briefly covered.
MPLS In-Depth
Difficulty understanding what advantages MPLS can offer and "why"network architects would consider implementing MPLS into the core oftheir network?
This section will provide in-depth answers to these questions and explainthe advantages and "Services" MPLS can offer Federal customers who areeither looking to build an MPLS enabled core or utilize a service offeringthat is MPLS enabled. Services discussed will include VPN, Layer-2transport, QoS, and IPv6 transport among others.
-
8/2/2019 BNL MPLS Intro Services
3/118
33MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 3
Agenda
MPLS History
Technology Basics
Operation Examples
Cisco Product OverviewCisco Products Supporting MPLS
-
8/2/2019 BNL MPLS Intro Services
4/118
44MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 4
Evolution of MPLS
Origins from Tag Switching
Proposed in IETFLater combined with ideas from otherproposals from IBM (ARIS), Toshiba (CSR)
1996 1997 1998 1999 2000 2001
Time
Cisco Calls aBOF at IETF to
StandardizeTag Switching
Traffic EngineeringDeployed
MPLS VPNDeployed
Large ScaleDeployments
Cisco ShipsMPLS (Tag
Switching)
Cisco ShipsMPLS TE
MPLS CroupFormally Chartered
by IETF
2004
AToM, VPLS,
DS-TE Deployed
-
8/2/2019 BNL MPLS Intro Services
5/118
55MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 5
Why MPLS?
Integrate best of Layer 2 and Layer 3
-Intelligence of IP Routing
- performance of high-speed
switching-Legacy service transport
-QoS
-VPN Semantics
-Link layers include:-Ethernet, PoS, ATM, FR
Note: MPLS and IP could be optimal solution for overall IPServices Architecture.
-
8/2/2019 BNL MPLS Intro Services
6/118
66MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 6
MPLS as a Foundation for ValueAdded Services
VPNs
MPLS
Traffic
Engineering
IP+ATM
Network Infrastructure
IP+Optical
GMPLS
AnyTransport
Over MPLS
-
8/2/2019 BNL MPLS Intro Services
7/1187Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Technology Basics
-
8/2/2019 BNL MPLS Intro Services
8/11888MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 8
MPLS Technology Basics
IP Routing
Labels
Control and Forwarding Plane Separation
Label Distribution
MPLS Environment Label-based Forwarding
-
8/2/2019 BNL MPLS Intro Services
9/11899MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 9
IP Routing
171.69
Packets ForwardedBased on IP Address
Data
AddressPrefix
128.89
171.69
1
1
I/F
AddressPrefix
128.89
171.69
0
1
01
I/F
128.890
1
128.89.25.4 Data
AddressPrefix
128.89 0
I/F
Data Data128.89.25.4128.89.25.4
128.89.25.4
Route Update
-
8/2/2019 BNL MPLS Intro Services
10/1181010MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 10
MPLS Technology Basics
IP Routing
Labels
Control and Forwarding Plane Separation
Label Distribution
MPLS Environment Label-based Forwarding
-
8/2/2019 BNL MPLS Intro Services
11/1181111MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 11
Encapsulations
Label HeaderPPP Header Layer 3 HeaderPPP Header
(Packet over SONET/SDH)
Label Header Layer 3 Header* LAN MAC Label Header
Label HeaderFrame Relay Layer 3 HeaderFrame Relay Label Header
MAC Header
* LAN MAC Label Header also used for MPLS packets over an ATMForum PVC SNAP Header. (Ethertype = 0x8847/8848)
-
8/2/2019 BNL MPLS Intro Services
12/1181212MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 12
Label Header for Packet Media
Can be used over Ethernet, 802.3, or PPP links
Uses two new Ethertypes/PPP PIDs (in MAC hdr)
Contains everything needed at forwarding time
One word per label
Label = 20 bits COS/EXP = Class of Service, 3 bitsS = Bottom of Stack, 1 bit TTL = Time to Live, 8 bits
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tag COS S TTL
MTU beyond 1518 for Ethernet can be accounted for when adding labels by the mpls
mtu command.
-
8/2/2019 BNL MPLS Intro Services
13/1181313MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 13
Label Stacking
Arrange labels in a stack
Inner labels can be used to designate services/FECs, etc.
E.g. VPNs, fast re-route, alternate forwarding
Outer label used to route/switch the MPLS packets in
the network(e.g. for VPN, outer label used for forwarding to remote PEs and bottomlabel for differentiating VPN at remote PE).
Allows building services such as:MPLS VPNs
Traffic engineering and fast re-route
VPNs over traffic engineered core
Any transport over MPLSInner Label
Outer Label
IP Header
TE Label
IGP Label
VPN Label
-
8/2/2019 BNL MPLS Intro Services
14/1181414MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 14
MPLS Technology Basics
IP Routing
Labels
Control and Forwarding Plane Separation
Label Distribution
MPLS Environment Label-based Forwarding
-
8/2/2019 BNL MPLS Intro Services
15/1181515MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 15
Control and Forward Plane Separation
LFIB
RoutingProcess
MPLSProcess
RIB
LIB
FIB
Route
Updates/
Adjacency
Label Bind
Updates/
Adjacency
IP TrafficMPLS Traffic
Control Plane
Data Plane
-
8/2/2019 BNL MPLS Intro Services
16/1181616MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 16
MPLS Technology Basics
IP Routing
Labels
Control and Forwarding Plane Separation
Label Distribution
MPLS Environment Label-based Forwarding
-
8/2/2019 BNL MPLS Intro Services
17/1181717MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 17
Label Distribution Protocol (LDP)
Defined in RFC 3036 and 3037
Used to distribute labels in a MPLS network
Forwarding Equivalence Class (FEC)
How packets are mapped to LSPs (LabelSwitched Paths)
Advertise labels per FEC
Reach destination a.b.c.d with label x (per IPL3DA in RIB)
Neighbor discovery
UDP and TCP Ports
UDP port for LDP Hello messages = 646
TCP port for establishing LDP session connections = 646
-
8/2/2019 BNL MPLS Intro Services
18/1181818MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 18
TDP and LDP
Tag Distribution Protocol
Pre-cursor to LDP
Used for Cisco tag switching
TDP and LDP supported on the same box
Per neighbor/link basisPer target basis
-
8/2/2019 BNL MPLS Intro Services
19/1181919MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 19
RSVP and Label Distribution
Used in MPLS Traffic Engineering
Additions to base RSVP signaling protocol Leverage the admission control mechanism
of RSVP
Label requests are sent in PATH messagesand binding is done with RESV messages
Note: CR-LDP is another option for label distribution, but is no longer used or implemented
-
8/2/2019 BNL MPLS Intro Services
20/118
2020MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 20
BGP-Based Label Distribution
Used in the context of MPLS VPNs Need multi-protocol extensions to BGP
Referred to at M-BGP
Uses AFI/SAFI
Extension to the BGP protocol in order to carry routing information about
other protocolsMulticast
MPLS
IPv6
VPN-IPv4
Labeled IPv6 unicast (6PE)VPN-IPv6 (6VPE)
Exchange of Multi-Protocol NLRI must be negotiated at session set up Utilizes BGP Capabilities Advertisement negotiation procedures
VPN edge routers need to be BGP peers
Label mapping info carried as part of NLRI (Network Layer Reachability
Information)
-
8/2/2019 BNL MPLS Intro Services
21/118
2121MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 21
MPLS Technology Basics
IP Routing
Labels
Control and Forwarding Plane Separation
Label Distribution
MPLS Environment Label-based Forwarding
-
8/2/2019 BNL MPLS Intro Services
22/118
2222MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 22
General Context
In Core:
Forward using labels(as opposed to IP addr)
Label indicates service
class and destination
Label SwitchRouter (LSR)
Label DistributionProtocol (LDP/TDP,RSVP,BGP)
Edge LabelSwitch Router
At Edge(ingress):
Classify packets
Label them
At Edge(egress):
Remove Label
(PE) Provider Edge
(P) Provider
(CE) Customer Edge
(PE) Provider Edge
-
8/2/2019 BNL MPLS Intro Services
23/118
2323MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 23
Operation
Traditional routing
Each router holds entire routing table and forwards tonext hop (destination based routing); routes on L3Destination address
MPLS combines L3 routing with label swappingand forwarding
MPLS Forwarding
Label imposed at ingress (ingress to label-switchedportion of network) router. Generally, all forwardingdecisions then made on label only no routing tablelookups but TFIB table lookups.
Tag stripped at egress
-
8/2/2019 BNL MPLS Intro Services
24/118
2424MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 24
MPLS Technology Basics
IP Routing
Labels
Control and Forwarding Plane Separation
Label Distribution
MPLS Environment Label-based Forwarding
-
8/2/2019 BNL MPLS Intro Services
25/118
2525MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 25
MPLS Example: Routing Information
128.89
1
01
0
Routing Updates(OSPF, EIGRP, )
You Can Reach 128.89 and171.69 Thru Me
You Can Reach 171.69 ThruMe
You Can Reach 128.89 ThruMe
InLabel
AddressPrefix
128.89
171.69
1
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89
171.69
0
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89 0
OutIface
OutLabel
171.69
-
8/2/2019 BNL MPLS Intro Services
26/118
2626MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 26
MPLS Example: Assigning Labels
128.89
1
01
0
Label DistributionProtocol (LDP)
(downstream allocation)
Use Label 4 for 128.89 andUse Label 5 for 171.69
Use Label 7 for 171.69
InLabel
AddressPrefix
128.89
171.69
1
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89
171.69
0
1
OutIface
OutLabel
InLabel
AddressPrefix
128.89 0
OutIface
OutLabel
-9
9
7
4
5
4
5
-
-
171.69
Use Label 9 for 128.89
-
8/2/2019 BNL MPLS Intro Services
27/118
2727MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 27
InLabel
AddressPrefix
128.89
171.69
1
1
OutIface
OutLabel
4
5
-
-
MPLS Example: Forwarding Packets
Label Switch ForwardsBased on Label
InLabel
AddressPrefix
128.89
171.69
0
1
OutIface
OutLabel
9
7
4
5
InLabel
AddressPrefix
128.89 0
OutIface
OutLabel
-9
Data 128.89.25.4 Data
128.89.25.4 Data
128.89
1
01
0
128.89.25.4 4
9
MPLS networkegress point
128.89.25.4 Data
-
8/2/2019 BNL MPLS Intro Services
28/118
28Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
Cisco Products SupportingMPLS
-
8/2/2019 BNL MPLS Intro Services
29/118
2929MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 29
Cisco Platforms Supporting MPLS(in a Single Slide)
Important: Some features are dependent on product model, interface modules (i.e. Line
Cards & Port Adapters), and/or require a software feature license.
2691
3631
3640
3660
3725
3745
7200 7300
7400
7500
10000
10700
12000 12000-PRP
AS5350
IGX 8400-URM/RPM-RP/XF
Catalyst 6K/7600 SUP2/MSFC2
Cisco 7600 SUP720-3BXL
Platforms shown were derived forsupporting MPLS-VPN and LDP.
Some lower-end platforms supportseveral basic MPLS CE features
Multi-VRF CE (aka VRF-Lite). Theseinclude:
3550 (Requires EMI)
2600 Series Routers
Cisco 7600 Supports L2/L3 MPLSFeatures w/ MSFC2/PFC2
New SUP720-3bXL processor,primary choice for MPLS functionin Catalyst 6500/Cisco 7600
Platform Support
Notes
-
8/2/2019 BNL MPLS Intro Services
30/118
30Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS In-DepthOverview of MPLS Services and Applications
currently being Deployed
-
8/2/2019 BNL MPLS Intro Services
31/118
3131MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 31
Agenda
MPLS Drivers
- Reasons for deploying MPLS
MPLS Applications
- MPLS VPN Layer-3
- Detailed Overview
- IOS Examples
- MPLS Layer-2 Transport- PWE3/AToM
- Application Example
- MPLS Traffic Engineering
- Fast-ReRoute for Bandwidth Protection
- MPLS QoS
- Diffserv over MPLS- Diffserv TE (DS-TE)
- Guaranteed Bandwidth Service Applications
-Useful Implementations Combining Multiple MPLS Services
-IP version 6 (IPv6) Transport Methods over MPLS
- 6PE/6VPE (IPv6 Edge and VPN Support)
Useful URLs (Reference Information)
-
8/2/2019 BNL MPLS Intro Services
32/118
3232MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 32
Why MPLS? - Major Drivers
Provide IP VPN Services
Scalable IP VPN service Build once and sell many
Managed Central Services Building value add services andoffering them across VPNs (i.e. Multicast, Address Mgmt)
Managing traffic on the network using MPLS TrafficEngineering
Providing tighter SLA/QoS (Guaranteed B/W Services)
Protecting bandwidth - Bandwidth Protection Services are enablingService Providers to look at alternate approaches to SONET APS
Integrating Layer 2 & Layer 3 Infrastructure
Layer 2 services such as Frame Relay and ATM over MPLS
Mimic layer 2 services over a highly scalable layer 3 infrastructure
-
8/2/2019 BNL MPLS Intro Services
33/118
3333MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 33
Customer Deployment
We are now up to 225+ (Total SP+Enterprise)deployed customers in production networks
Some case studies Documented
Very large deployments include a single customer requiring:
30K CEs, ~1000 PEs
MPLS VPNs continues to be majoritydeployments
AToM is the majority in the recent deployments
TE Catching on fast
Simple mechanism unequal cost load balancing
QoS Service offering in the MPLS Services
-
8/2/2019 BNL MPLS Intro Services
34/118
34Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Applications
-
8/2/2019 BNL MPLS Intro Services
35/118
35Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Layer 3 VPNs
-
8/2/2019 BNL MPLS Intro Services
36/118
3636MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 36
Virtual Networks
Virtual Private Networks Virtual Dialup Networks Virtual LANs
Overlay VPN Peer-to-Peer VPN
Layer-2 VPN Layer-3 VPN Access lists(Shared router)
Split routing(Dedicated router)
MPLS/VPN
X.25 F/R ATM GRE IPSec
Virtual Network Models
-
8/2/2019 BNL MPLS Intro Services
37/118
3737MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 37
Overlay Network
Provider sells a circuit service
Customers purchases circuits toconnect sites, runs IP
N sites, (N*(N-1))/2 circuits forfull meshexpensive
The big scalability issuehere is routing peersN sites, each site has N-1 peers
Hub and spoke is popular,suffers from the same N-1number of routing peers
Hub and spoke with static routesis simpler, still buying N-1circuits from hub to spokes
Spokes distant from hubs couldmean lots of long-haul circuits
Provider(FR, ATM, etc.)
-
8/2/2019 BNL MPLS Intro Services
38/118
3838MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 38
Peer Network
Provider sells an MPLS-VPN service
Customers purchases circuits toconnect sites, runs IP
N sites, N circuits into provider
Access circuits can be any media
at any point (FE, POS, ATM, T1,dial, etc.)
Full mesh connectivity without fullmesh of L2 circuits
Hub and spoke is also easy to build
Spokes distant from hubs connectto their local providers POP, loweraccess charge because ofproviders size
The Internet is a large peer network
Provider(MPLS-VPN)
-
8/2/2019 BNL MPLS Intro Services
39/118
3939MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 39
MPLS L3 VPNs using BGP (RFC2547)
End user perspectiveVirtual Private IP service
Simple routing just point default to provider
Full site-site connectivity without the usual drawbacks(routing complexity, scaling, configuration, cost)
Major benefit for provider scalability
VPN B VPN CVPN BVPN C
VPN AVPN A
VPN BVPN C
VPN AVPN C
VPN B
VPN A
VPN B
VPN C
-
8/2/2019 BNL MPLS Intro Services
40/118
4040MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 40
MPLS VPN Topology
VPN A/Site 1
VPN C/Site 2
VPN A/Site 2
VPN B/Site 2
VPN B/Site 1
VPN C/Site 1
CEA1
CEB3
CEA3
CEA2
CE1B1
CE2B1PE1
PE2
PE3
P1
P2
P3
16.1/16
12.1/16
16.2/16
11.1/16 11.2/16RIP
Static
RIP
RIP
BGP
Static
RIP
BGP
12.2/16
CEB2
VPN Routing and Forwarding
-
8/2/2019 BNL MPLS Intro Services
41/118
4141MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 41
VPN Routing and ForwardingInstance (VRF)
PE routers maintain separate routing tables
Global routing table
Contains all PE and P routes (perhaps BGP)
Populated by the VPN backbone IGPVRF (VPN routing and forwarding)
Routing and forwarding table associated with one or moredirectly connected sites (CE routers)
VRF is associated with any type of interface, whetherlogical or physical (e.g. sub/virtual/tunnel)
Interfaces may share the same VRF if the connected sitesshare the same routing information
Not virtual routers, just virtual routing and forwarding
-
8/2/2019 BNL MPLS Intro Services
42/118
4242MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 42
PE Router Global Routing Table Output
PE2#sh ip route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, Ethernet0/0
192.168.100.0/32 is subnetted, 3 subnets
O 192.168.100.1 [110/11] via 192.168.1.1, 00:04:27, Ethernet0/0C 192.168.100.2 is directly connected, Loopback0
O 192.168.100.3 [110/11] via 192.168.1.3, 00:04:27, Ethernet0/0
CE2 PE2
192.168.100.2 192.168.100.1
PE1OSPF
Routes from PE1s Global Routing Table
-
8/2/2019 BNL MPLS Intro Services
43/118
4343MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 43
PE Router VRF Routing Table Output
PE2#sh ip route vrf RED
Routing Table: RED
Gateway of last resort is 192.168.100.1 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks
C 172.16.25.0/30 is directly connected, Serial4/0
C 172.16.25.2/32 is directly connected, Serial4/0
B 172.16.20.0/24 [20/0] via 172.16.25.2, 00:07:04
10.0.0.0/24 is subnetted, 1 subnets
B 10.0.0.0 [200/307200] via 192.168.100.1, 00:06:28
B* 0.0.0.0/0 [200/0] via 192.168.100.1, 00:07:03
CE2 PE2172.16.25.2
172.16.25.1
PE1iBGP VPNv4
Routes from PE110.0.0.0/24
172.16.20.0/24
Virtual Routing and
-
8/2/2019 BNL MPLS Intro Services
44/118
4444MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 44
Virtual Routing andForwarding Instances
Define a unique VRF forinterface 0
Define a unique VRF forinterface 1
Packets will never gobetween int. 0 and 1
Uses VPNv4 to exchangeVRF routing informationbetween PEs
No MPLS yet
VPN-A
VPN-A
CEVPN-B
VRF for VPN-A
VRF for VPN-B
CE
146.12.7.0/24
195.12.2.0/24
0
1
Global RoutingTable
VPN RoutingTable
PE
-
8/2/2019 BNL MPLS Intro Services
45/118
4545MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 45
CE
iBGP Domain
Customer-1
VPN1Customer-2
CE
MPLS Domain
PE
Separate Physical Links
Separate router per Customer/VPN
VRF Route Population
VRF is populated locally through PE and CE routing protocol exchangeRIP Version 2, OSPF, BGP-4, EIGRP, & Static routing
connected is also supported (i.e. Default-gateway is PE)
Separate routing context for each VRF
routing protocol context (BGP-4 & RIP V2)
separate process (OSPF)
eBGP, EIGRP,OSPF, RIPv2,Static
-
8/2/2019 BNL MPLS Intro Services
46/118
4646MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 46
Carrying VPN Routes in BGP
VRFs by themselves arent all that useful
Need some way to get the VRF routinginformation off the PE and to other Pes
This is done with BGP
-
8/2/2019 BNL MPLS Intro Services
47/118
4747MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 47
Additions to BGP to Carry MPLS-VPN Info
RD: Route Distinguisher
VPNv4 address family
RT: Route Target
Label
!
-
8/2/2019 BNL MPLS Intro Services
48/118
4848MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 48
Route Distinguisher
To differentiate 10.0.0.0/8 in VPN-A from10.0.0.0/8 in VPN-B
64-bit quantity
Configured as ASN:YY or IPADDR:YYAlmost everybody uses ASN
Purely to make a route unique
Unique route is now RD:Ipaddr (96 bits) plus a mask onthe IPAddr portion
So customers dont see each others routes
!ip vrf redrd 1:1route-target export 1:1route-target import 1:1
!
-
8/2/2019 BNL MPLS Intro Services
49/118
4949MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 49
Route Target
To control policy about who sees what routes 64-bit quantity (2 bytes type, 6 bytes value)
Carried as an extended community
Typically written as ASN:YY Each VRF imports and exports one or
more RTs
Exported RTs are carried in VPNv4 BGP
Imported RTs are local to the box
A PE that imports an RT installs that route in itsrouting table
!ip vrf redrd 1:1route-target export 1:1route-target import 1:1
-
8/2/2019 BNL MPLS Intro Services
50/118
5050MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 50
VPNv4
In BGP for IP, 32-bit address + mask makes a uniqueannouncement
In BGP for MPLS-VPN, (64-bit RD + 32-bit address) + 32-bitmask makes a unique announcement
Since the route encoding is different, need a differentaddress family in BGP
VPNv4 = VPN routes for IPv4
As opposed to IPv4 or IPv6 or multicast-RPF, etc
VPNv4 announcement carries a label with the route
If you want to reach this unique address, get me packets with thislabel on them
-
8/2/2019 BNL MPLS Intro Services
51/118
51Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Layer-3 VPNOperation Example
-
8/2/2019 BNL MPLS Intro Services
52/118
5252MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 52
Service Provider Network
PE-1 PE-2
CE CE
PE routers translate into VPN-V4 route
Assigns an RD, SOO (if configured) and RT based on configurationRe-writes Next-Hop attribute (to PE loopback)
Assigns a label based on VRF and/or interface
Sends MP-BGP update to all PE neighbors
BGP, OSPF, RIPv2 update
149.27.2.0/24,NH=CE-1
VPN-v4 update:RD:1:27:149.27.2.0/24,Next-hop=PE-1RT=VPN-A
Label=(28)
VRF Population of MP-BGP
ParisLondon
-
8/2/2019 BNL MPLS Intro Services
53/118
5353MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 53
Service Provider Network
PE-1 PE-2
CE CE
BGP, OSPF, RIPv2 update
149.27.2.0/24,NH=CE-1
Receiving PE routers translate to IPv4
Insert the route into the VRF identified by the RTattribute (based on PE configuration)
The label associated to the VPN-V4 address will be set onpackets forwarded towards the destination
VPN-v4 update:RD:1:27:149.27.2.0/24,Next-hop=PE-1
RT=VPN-A
Label=(28)
VPN-v4 update is translatedinto IPv4 address and putinto VRF VPN-A as RT=VPN-A and optionally advertisedto any attached sites
VRF Population of MP-BGP
ParisLondon
-
8/2/2019 BNL MPLS Intro Services
54/118
5454MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 54
MPLS/VPN Packet Forwarding
Between PE and CE, regular IP packets (currently)
Within the provider networklabel stack
Outer label: get this packet to the egress PE
Inner label: get this packet to the egress CE
MPLS nodes forward packets based on TOP label!!!
any subsequent labels are ignored
Penultimate Hop Popping procedures used one hop prior
to egress PE router (shown in example)
-
8/2/2019 BNL MPLS Intro Services
55/118
5555MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 55
In Label FEC Out Label
- 197.26.15.1/32 41
Paris
149.27.2.27
PE-1
London149.27.2.0/24
Ingress PE receives normal IP packets
PE router performs IP Longest Match from VPNFIB, finds iBGP next-hop and imposes a stack oflabels
149.27.2.272841
VPN-A VRF149.27.2.0/24,
NH=197.26.15.1Label=(28)
MPLS/VPN Packet Forwarding
-
8/2/2019 BNL MPLS Intro Services
56/118
5656MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 56
In Label FEC Out Label
41 197.26.15.1/32 POP
Paris
149.27.2.27
PE-1
London149.27.2.0/24
149.27.2.272841
VPN-A VRF149.27.2.0/24,
NH=197.26.15.1Label=(28)
149.27.2.2728
In Label FEC Out Label
28(V) 149.27.2.0/24 -
VPN-A VRF149.27.2.0/24,
NH=Paris
149.27.2.27
Penultimate PE router removes the IGP label
Penultimate Hop Popping procedures (implicit-null label)
Egress PE router uses the VPN label to select whichVPN/CE to forward the packet to
VPN label is removed and the packet is routed toward the
VPN site
MPLS/VPN Packet Forwarding
-
8/2/2019 BNL MPLS Intro Services
57/118
5757MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 57
Things to Note
Core does not run VPNv4 BGP!Same principle can be used to run a BGP-free corefor an IP network
CE does not know its in an MPLS-VPN
Outer label is from LDP/RSVP
Getting packet to egress PE is mutually independent toMPLS-VPN
Inner label is from BGP
Inner label is there so the egress PE can have the samenetwork in multiple VRFs
-
8/2/2019 BNL MPLS Intro Services
58/118
5858MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 58
CE
iBGP Domain
Customer-1
VPN1Customer-2
CE
MPLS Domain
PE
Separate Physical Links
Separate router per Customer/VPN
VRF Route Population
VRF is populated locally through PE and CE routing protocol exchange
RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing
connected is also supported (i.e. Default-gateway is PE)
Separate routing context for each VRF
routing protocol context (BGP-4 & RIP V2)
separate process (OSPF)
eBGP, EIGRP,OSPF, RIPv2,Static
-
8/2/2019 BNL MPLS Intro Services
59/118
5959MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 59
Each VRF separation on the PE is extended to the CE
Separation is maintained via layer-2 transport that support logical separation (e.g. 802.1Q,FR/ATM VCs
CE router must be capable of supporting VRFs
CE is not required to support MPLS labels
Routing protocol options from CE-PE remain the same (e.g. BGP, RIPv2, OSPF, EIGRP, static)
iBGP Domain
Routing Updates
Multi-VRF CE (VRF-lite)
VPN2
VPN1VPN1
CE
MPLS Domain
PE
Single Physical Link
Logical Link per VRFLayer-2 must support logical separation
802.1q, FR/ATM VCs
Single router supporting
Multiple VRF Instances
NO Labels Required
-
8/2/2019 BNL MPLS Intro Services
60/118
6060MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 60
Customers Connecting to a Layer-3 VPN Service
What routing protocol is supported by the carrier (CE-PE)?
What address space do they allow for CE-PE subnet?
What layer-2 transport is required/supported from CE-PE?
Do they provide a QoS SLA?
Concerning QoS, do they require DSCP or ToS settings from the CEto their PE?
Do they manipulate DSCP/ToS based on congestion in theirnetwork?
What other services do they have on their roadmap of Service
Offerings (Example: IPv6, IP Multicast, Tighter QoS SLA offering,other??)
Understand the resiliency in the core
Do they offer LEC diversification or bypass?
Validating Cisco MPLS Based IP-VPN
-
8/2/2019 BNL MPLS Intro Services
61/118
6161MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 61
Validating Cisco MPLS Based IP VPNas a Secure Network
Security
Miercom independent testingconfirmed Cisco MPLS VPN issecure: Customers network topology is not
revealed to the outside world
Customers can maintain ownaddressing plans and the freedomto use either public or privateaddress space
Attackers cannot gain access into
VPNs or Service Providers network Impossible for attacker to insert
spoofed label into a Cisco MPLSnetwork and thus gain access to aVPN or the MPLS core
RED-Glascow
2611100.200.200.104
3.4.4.4
10.4.4.4
SER 5/0:0100.200.104.1
POS 1/0100.200.106.2
T1 FRdlci 102
eBGP AS72T1 FR
dlci 104RIP v2
Ser 3/0100.200.102.1
SiSi
SiSi
SER 1/0:0100.200.104.2
ATM2/0/0
100.200.111.1
SER 1/0/1:0100.200.110.1
POS 2/1/0100.200.112.2
3.5.5.5
RED-Dover
1750100.200.200.109
10.3.3.3
T1 FRdlci 109RIP v2
T1 FRdlci 110
Static
10.3.3.3
DOVER
7505
100.200.200.112
ATM1/0100.200.111.2
Ser 0100.200.109.2
BLUE-Dover
2611100.200.200.110
YELLOW-Dover
3640100.200.200.111
Ser 1/0100.200.110.2
Ser 5/0:0100.200.101.1
BLUE-Oxford
1750100.200.200.101
Ser 0100.200.101.2
T1 FRdlci 101
OSPF
10.4.4.4
pvc 0/11eBGP AS71
BLUE-Glascow
3640100.200.200.105
SER 1/0/0:0100.200.109.1
ATM1/0100.200.105.2
10.5.5.5
ATM 1/0100.200.105.1
pvc 1/1OS PF
OC3 POS
GLASCOW
7206
100.200.200.106
OXFORD
7206
100.200.200.103
LONDON
GSR12008
100.200.200.107
POS 1/0100.200.103.1
POS 1/1100.200.106.1
POS 1/0100.200.112.1
POS 2/0100.200.110.1
OC3 POSOC3 POS
YELLOW-Oxford
3640100.200.200.102
Ser 0/0100.200.102.2
SiSi
POS 2/0100.200.103.2
Test Network Topology
http://mier.com/reports/cisco/MPLS-VPNs.pdf
Managed Shared Services Are The Future
-
8/2/2019 BNL MPLS Intro Services
62/118
6262MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 62
Managed Shared Services Are The Futureof Centralized Services
CentralizedServices
Co-LocationCentralized
HostingServices
CentralizedApplication
Services
L2/L3
Connectivity
DataCenterSpace
L2/L3
ConnectivityFor VPNs
Basic
Hosting
Managed
Security
ManagedNetworkServices
Platform
Services
E-Comm
App Mgmt
Business
Logic
Customer
Relation
Value Added Services
VPN Aware NAT
IP Address Management
VPN AwareHSRP/VRRP
Cisco IOS - Key enabler to Centralized Add-on Services in MPLS-VPNs
Multicast VPN
VPN Select
-
8/2/2019 BNL MPLS Intro Services
63/118
6363MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 63
mVPN : Concept & Fundamentals
Receiver 4
B1
D
F
CE
A
CE
CE
High bandwidth
multicast source
Receiver 3
Receiver 2
C
CE
CE
MPLS VPN
Core
CE
Receiver 1
E
PE
BPE
PE
E
PEA
PED
C
Join highbandwidth source
Join highbandwidth source
The MPLS Core forms aDefault MDT for a givenCustomer
Customer CE devicesjoins the MPLS Corethrough providers PEdevices
Data-MDT is formed forthis High-Bandwidthsource
A High-bandwidth sourcefor that customer startssending traffic
Interested receivers 1 & 2
join that High Bandwidthsource
CE
DataMDT
For HighBandwidth
traffic only.
DefaultMDT
For lowBandwidth &
controltraffic only.
B2
SanFrancisco
Los
Angeles
Dallas
New York
-
8/2/2019 BNL MPLS Intro Services
64/118
64Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Layer-2 Transport
Pseudo Wire
-
8/2/2019 BNL MPLS Intro Services
65/118
6565MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 65
Layer 2 Transport L2TPv3
draft-ietf-l2tpext-l2tp-base-07.txt
draft-ietf-l2tpext-l2tpmib-base-01.txt
MPLS (P2P, formerly draft-martini)
draft-ietf-pwe3-control-protocol-01.txt
draft-ietf-pwe3-[atm, frame-relay, ethernet, etc.]
Layer 2 VPN (VPLS)
draft-lasserre-vkompella-ppvpn-vpls-02.txt
Auto-Provisioning
draft-ietf-ppvpn-bgpvpn-auto-02.txt (BGP auto-discovery)
Cisco IETF Technology Adoption
-
8/2/2019 BNL MPLS Intro Services
66/118
6666MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 66
Layer 2 Transport for MPLS Networks
HDLC/PPP
Frame Relay
Ethernet (802.1Q)
ATM AAL5 & Cell Relay
AToMAny Transport Over MPLS
-
8/2/2019 BNL MPLS Intro Services
67/118
6767MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 67
Motivation for AToM
Protect existing investment while building packet core
Frame Relay and ATM
Non-IP protocols SNA, IPX
Trunk customer traffic
Trunk customers IGP across the provider backbone
Especially when the customer is connecting over disparate media
Provider devices forward customer packets based on Layer 2information
Circuits (ATM/FR), MAC address
CPE-based Tunnels (e.g. IPSEC) analogous to circuitsPossibility of a new service (VPLS emulated LAN)
Good fit for customers that either
Simply want connectivity
Have non-IP protocols
AToM
-
8/2/2019 BNL MPLS Intro Services
68/118
6868MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 68
VC Information Exchange
VC labels are exchanged across a directed LDPsession between PE routers
Carried in Generic Label TLV within LDP Label Mapping
Message (RFC3036 -LDP)
New LDP FEC element defined to carry VCinformation
FEC element type 128 Virtual Circuit FEC Element;
Carried within LDP Label Mapping Message
VC information exchanged using DownstreamUnsolicited label distribution procedures
Described in draft-martini-l2circuit-trans-mpls
AToM
-
8/2/2019 BNL MPLS Intro Services
69/118
6969MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 69
PE2PE1
CECE1
Bi-directional Label/VCID mapping exchange
Label Mapping Exchange
PE2 repeats steps 1-5 so that bi-directional label/VCID mappingsare established
1. L2 transport routeentered on ingress PE
2. PE1 starts LDPsession with PE2 ifone does not alreadyexist
3. PE1 allocates VClabel for new interface& binds to configuredVCID
4. PE1 sends labelmapping messagecontaining VC FEC
TLV & VC label TLV 5. PE2 receives VCFEC TLV & VC labelTLV that matcheslocal VCID
Tunnel Label VC Label PDU
-
8/2/2019 BNL MPLS Intro Services
70/118
7070MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 70
Layer 2 Integration ATM/FR over MPLS
PE
MPLSBackbone
PE
ATM/FR
CPE Router
ATM/FR
CPE Router
Virtual Circuits
Any Transport overMPLS (AToM)
Tunnel
Cells/frames withlabels
Virtual Leased Line
Two different requirements for
the transport of ATM across anMPLS backbone
- Transport of AAL5 encapsulatedframes (RFC1483);
- Transport of ATM cells (cell relay)
AToM FR will support DLCI to DLCI switching
Both local and distributed connectivity;
PE will act as DCE or NNI Interface;
Different encapsulation may be used on both ends of
the PVC e.g Cisco encapsulation on one end and
IETF (RFC 1490) encapsulation on the other end
QoS Options, Mapping: L2IPEXP
-
8/2/2019 BNL MPLS Intro Services
71/118
7171MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 71
Layer 2 Integration - Ethernet over MPLS
Port-mode
Allows a frame coming into an interface to be packed into an MPLS packet
VLAN-mode
Forwards frames from a SRC 802.1Q VLAN to a DST 802.1Q VLAN
PE PE
MPLS Network
PE PE
EnterpriseLAN
ISP 1
EnterpriseLAN
PE PE
ISP 2
ISP A
ISP 3
ISP B
ISP C
EthernetSegment
EthernetSegment
-
8/2/2019 BNL MPLS Intro Services
72/118
7272MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 72
PPP/HDLC over MPLS
End to End PPP/HDLC Session
PPP/HDLC over MPLS
Customer Edge
Customer Edge
MPLS Network
Broadband Access
DSL
Cable
BBFWContent CacheDNS, AAA
End to End PPP SessionRemote Hosting& Backhaul
Example:
-
8/2/2019 BNL MPLS Intro Services
73/118
7373MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 73
PE1PE2
P
L0: 192.168.100.10/32 L0: 192.168.100.12/32
L0: 192.168.100.11/32
2.0/24 4.0/24
3.0/24
.1
.1
.1
.2
.2
.2
192.168.0.0/24 FE
FE
FE
ATM KG ATM KG
OC-3OC-3
7505 7200
7507PVC0/200
PVC0/200
7505-AToM-PE#sh atm vc
VCD / Peak Avg/Min BurstInterface Name VPI VCI Type Encaps Kbps Kbps Cells Sts
2/0/0.100 4 0 100 PVC AAL0 149760 N/A UP
Pseudo-wire LSP
interface ATM2/0/0no ip address
no atm ilmi-keepalive
no atm enable-ilmi-trap!
!
interface ATM2/0/0.200 point-to-point
no atm enable-ilmi-trap
pvc 0/200 l2transport
encapsulation aal0
xconnect 192.168.100.12 200 encapsulation mpls
interface ATM2/0/0no ip address
no atm ilmi-keepalive
no atm enable-ilmi-trap!
!
interface ATM2/0/0.200 point-to-point
no atm enable-ilmi-trap
pvc 0/200 l2transport
encapsulation aal0
xconnect 192.168.100.10 200 encapsulation mpls
pATM KG connection over ATM Cell Relay (AToM)
-
8/2/2019 BNL MPLS Intro Services
74/118
7474MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 74
MPLS AToM show Output
7200-AToM-PE# show mpls l2 vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
AT4/0 ATM VPC CELL 0 192.168.100.10 200 UP
7200-AToM-PE# show mpls l2 vc detail
Local interface: AT2/0/0 up, line protocol up, ATM VPC CELL 0
Destination address: 192.168.100.10, VC ID: 200, VC status: up
Preferred path: not configured
Default path: active
Tunnel label: imp-null, next hop point2point
Output interface: Tu200, imposed label stack {16}
Create time: 23:16:48, last status change time: 16:53:49
Signaling protocol: LDP, peer 192.168.100.12:0 up
MPLS VC labels: local 16, remote 16
Group ID: local 0, remote 0
MTU: local n/a, remote n/a
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 9693985, send 777914411
byte totals: receive 581639100, send 3725191700
packet drops: receive 0, send 0
Building on the theme One Network Any
-
8/2/2019 BNL MPLS Intro Services
75/118
7575MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 75
g yAccess
Any to Any connectivity (Future)Interworking between disparate transports
Use AToM control plane to do service interworking
Frame Relay to ATM
Frame Relay to EthernetEthernet to ATMFrame Relay to HDLC/PPPEthernet to POS..
Frame RelayATMEthernetPPP
Cisco HDLC
Frame RelayATMEthernetPPPCisco HDLC
MPLS
VPLS Building Blocks
-
8/2/2019 BNL MPLS Intro Services
76/118
7676MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 76
Common VC ID
between PEs creates aVirtual Switching
Instance
Based on:draft-lasserre-vkompella-ppvpn-vpls-02.txt
PE PE
MPLS
MPLS enabled coreforms Tunnel LSPs
CE
Attachment VCs arePort Mode or VLAN ID
CE
CE
Full Mesh of directedLDP sessions
exchange VC Labels
-
8/2/2019 BNL MPLS Intro Services
77/118
77Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Traffic Engineering
Bandwidth Protectionusing
MPLS Traffic Engineeringwith
Fast ReRoute (FRR)
-
8/2/2019 BNL MPLS Intro Services
78/118
7878MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 78
Traffic Engineering - Theory
MPLS-TE was designed to move traffic along a path other
than the IGP shortest path
Bring ATM/FR traffic engineering abilities to an IP network
Avoid full IGP mesh and n(n 1)/2 flooding
Bandwidth-aware connection setup
Fast ReRoute (FRR) is emerging as another application ofMPLS-TE
Bandwidth Protection: Allows for tighter control onbandwidth packet loss, delay & jitter
Minimal packet loss (msec) when a link goes downCan be used in conjunction with MPLS-TE for primary paths,can also be used in standalone
Provide Virtual Leased Lines DS-TE + QoS
Intelligent network infrastructure for better bandwidth guarantees
(DS-TE, Online Bandwidth Protection, Voice VPNs etc)
S
-
8/2/2019 BNL MPLS Intro Services
79/118
7979MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 79
Router F
The Problem with Shortest-Path
Changing to A->C->D->Ewont help
Router C Router D
Router G
Router A
Router B
Node Next-Hop Cost
B 10B
F 30B
C 10CD 20CE 20B
G 30B
OC-3
OC-3
DS3
DS3
DS3OC-3
OC-3
Some links are DS3, some
are OC-3 Router A has 40Mb of traffic for
Route F, 40Mb of traffic forRouter G
Massive (44%) packet loss at
Router B->Router E!
Router E
P h C l l i
-
8/2/2019 BNL MPLS Intro Services
80/118
8080MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 80
Node Next-Hop Cost
B 10B
F 30Tunnel 0
C 10CD 20CE 20B
G 30Tunnel 1
Router F
Path Calculation
PCALC takes bandwidth, otherconstraints into account
Link state protocol advertisesunreserved capacity
Constraints (required bandwidth andpolicy) are specified for a TE trunk
End result: Bandwidth used moreefficiently!
OC-3
OC-3
DS3
DS3
DS3OC-3
Router C
Router E
Router D
Router G
Router A
Router B
OC-3
F di T ffi D T l
-
8/2/2019 BNL MPLS Intro Services
81/118
8181MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 81
Forwarding Traffic Down a Tunnel
There are three ways traffic can beforwarded down a TE tunnel
Auto-route
Static routes
Policy routing
With the first two, MPLS-TE gets youunequal cost load balancing
F t R R t
-
8/2/2019 BNL MPLS Intro Services
82/118
8282MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 82
Fast ReRoute
FRR: A mechanism to minimize packet lossduring a failure
Pre-provision protection tunnels that carry trafficwhen a protected resource (link/node) goesdown
Use MPLS-TE to signal the FRR protectiontunnels, taking advantage of the fact that MPLS-TE traffic doesnt have to follow the IGP shortestpath
Used as a mechanism (along with DS-TE) fortight SLA offerings for Guaranteed BandwidthServices
Li k P t ti *
-
8/2/2019 BNL MPLS Intro Services
83/118
8383MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 83
Link Protection*
Primary Tunnel: A -> B -> D -> E
BackUp Tunnel: B -> C -> D (Pre-provisioned)
Recovery = ~50ms
Router D
Router C
Router A Router B Router E
Router YRouter X
*Introduced in 12.0(11)ST
N d P t ti
-
8/2/2019 BNL MPLS Intro Services
84/118
8484MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 84
Node Protection
Primary Tunnel: A -> B -> D -> E -> F
BackUp Tunnel: B -> C -> E (Pre-provisioned)
Recovery = ~100ms
Router E
Router C
Router A Router B Router F
Router YRouter X
Router D
Introduced in 12.0(22)S
St d di ti IETF
-
8/2/2019 BNL MPLS Intro Services
85/118
8585MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 85
Standardization - IETF
MPLS Working GroupFast Reroute Extensions:
draft-ietf-mpls-rsvp-lsp-fastreroute-01.txt
Fast Reroute MIB:
draft-ietf-mpls-fastreroute-mib-01.txt
IETF Drafts
Bandwidth Protection
draft-vasseur-mpls-backup-computation-01.txt
Path Computation (eg. Inter-AS)
draft-vasseur-mpls-computation-rsvp-02.txt
-
8/2/2019 BNL MPLS Intro Services
86/118
86Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS QoS
DiffS MPLS
-
8/2/2019 BNL MPLS Intro Services
87/118
8787MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 87
DiffServ over MPLS
MPLS doesnt define a new QoSarchitecture
Most of the work on MPLS QoS hasfocused on supporting current IP QoSarchitectures
Same traffic conditioning and Per-Hopbehaviors as defined by DiffServ
Label Header for Packet Media
-
8/2/2019 BNL MPLS Intro Services
88/118
8888MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 88
Label 20 bitsEXP Experimental Field, 3 bitsS Bottom of Stack, 1 BitTTL Time to Live, 8 Bits
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label EXP S TTL
Label Header for Packet Media
Can be used over other layer-2 technologies
Contains all information needed at forwarding time
One 32-bit word per label
EXP field size limitation by standards
Diff Serv Support Over MPLS
-
8/2/2019 BNL MPLS Intro Services
89/118
8989MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 89
E-LSPLDP/RSVP LDP/RSVP
EF
AF1
Diff-Serv Support Over MPLS
Diff-Serv is supported today over MPLS
RFC3270
Neither more nor less than plain old Diff-Serv
Example above illustrates support of EF and AF1 on
single E-LSPEF (Expedited Forwarding) and AF1 (Assured Forwarding) packetstravel on single LSP (single label) but are enqueued in differentqueues (different EXP values)
DiffServ MPLS QoS Implementation
-
8/2/2019 BNL MPLS Intro Services
90/118
9090MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 90
DiffServ MPLS QoS Implementation
EnterpriseLAN PE
CE
EnterpriseLAN
MPLS Core
CE
PE
CE OutFR TSLLQ
WREDFRF.12cRTP
PE OutLLQ
WREDP - PLLQWRED
PE - P
LLQWRED
P - PE
LLQWRED
PE InPolice
Mark
Notes:-Traffic Classified by EXP- Core is MPLS Frame-mode- LLQ on MPLS packets- WRED based on EXP
- No need for inbound policyin Core-LLQ for Min B/W guarantee-Unmanaged CE exampleshown
P P
FR LinkFR Link
Relationship betweenMPLS TE and MPLS Diff Serv
-
8/2/2019 BNL MPLS Intro Services
91/118
9191MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 91
MPLS TE and MPLS Diff-Serv
Diff-Serv specified independently of Routing/PathComputation
MPLS Diff-Serv (RFC3270) specified independently ofRouting/Path Computation
MPLS TE designed as tool to improve backbone efficiency
independently of QoS:MPLS TE compute routes for aggregates across all Classes
MPLS TE performs admission control over global bandwidth pool for allClasses (i.e., unaware of bandwidth allocated to each queue)
MPLS TE and MPLS Diff-Serv:
can run simultaneously
can provide their own benefit (ie TE distributes aggregate load, Diff-Servprovides differentiation)
are unaware of each other (TE cannot provide its benefit ona per class basis such as CAC and constraint based routing)
MPLS TE with Best Effort Network
-
8/2/2019 BNL MPLS Intro Services
92/118
9292MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 92
MPLS TE with Best Effort Network
Find Route and Set-Up Tunnel for20 Mb/s (Aggregate) From POP1to POP4
Find Route and Set-Up Tunnel for
10 Mb/s (Aggregate) From POP2to POP4
CORE
POP 4
POP
POPPOP
POP 2
POP 1
MPLS TE with DiffServ Network
-
8/2/2019 BNL MPLS Intro Services
93/118
9393MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 93
CORE
POP 4
POP
POPPOP
POP 2
POP 1
MPLS TE with DiffServ Network
Find Route and Set-Up Tunnel for
20 Mb/s (Aggregate) From POP1to POP4
Find Route and Set-Up Tunnel for
10 Mb/s (Aggregate) From POP2to POP4
DiffServ aware Traffic Engineering (DS-TE)
-
8/2/2019 BNL MPLS Intro Services
94/118
9494MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 94
DiffServ aware Traffic Engineering (DS-TE)
DS-TE is more than MPLS TE + MPLS DiffServ DS-TE makes MPLS TE aware of DiffServ:
DS-TE establishes separate tunnels for different classes
DS-TE takes into account the bandwidth available to each
class (e.g. to queue)DS-TE takes into account separate engineering constraintsfor each class
e.g. I want to limit Voice traffic to 70% of link max, but Idont mind having up to 100% of BE traffic.
e.g I want overbook ratio of 1 for voice but 3 for BE
DS-TE ensures specific QoS level of each DiffServ classis achieved
DS-TE Configuration ExampleTunnel Midpoint
-
8/2/2019 BNL MPLS Intro Services
95/118
9595MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 95
Tunnel Midpoint
!
class-map match-all PREMIUMmatch mpls experimental 5
!
class-map match-all BUSINESS
match mpls experimental 3 4
!
policy-map OUT-POLICY
class GOLD
priority 16384
class SILVER
bandwidth 65536
random-detect
class class-default
random-detect
!
interface POS1/0ip address 10.150.1.1 255.255.255.0
ip rsvp bandwidth 155000 155000 sub-pool 16384
service-policy output OUT-POLICY
mpls traffic-eng tunnels
mpls ip
!
Data PlaneBandwidthAllocation
Control Plane
Bandwidth
Allocation
BandwidthAllocation
MPLS DS TE with DiffServ Network
-
8/2/2019 BNL MPLS Intro Services
96/118
9696MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 96
CORE
POP 4
POP
POPPOP
POP 1
MPLS DS-TE with DiffServ Network
Find Route and Set-Up Tunnel for
5 Mb/sof EFFrom POP1 to POP4
Find Route and Set-Up Tunnel for
3 Mb/sof EFFrom POP2 to POP4
Find Route and Set-UpTunnel for 15 Mb/s of BEFrom POP1 to POP4
Find Route and Set-Up Tunnel for7 Mb/s of BEFrom POP2 to POP4
POP 2
-
8/2/2019 BNL MPLS Intro Services
97/118
97Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS QoS Applicationsfor Multi-Service
MPLS QoS Applications for Multi-Service
-
8/2/2019 BNL MPLS Intro Services
98/118
9898MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 98
MPLS QoS Applications for Multi-Service
MPLS QoS GeneralMPLS Diffserv
MPLS TE
MPLS FRR (applies to strict QoS)
Diffserv-TE (DS-TE)
Combination = Guaranteed Bandwidth Services
ApplicationsVoice Trunking over TE
Virtual Leased Line Services
Solution 1: Toll Bypass with VoiceNetwork
-
8/2/2019 BNL MPLS Intro Services
99/118
9999MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 99
Network
PE
PBX withPacket
Interface
PBX withPacket
Interface
PSTN Traditional TDM
Network
TraditionalPhone
TraditionalPhone
Toll Bypass
QoS on PERouter
SolutionRequirements
MappingTraffic toTunnels
TE or
DS-TE
QoS onCoreRouters
PETE Tunnel
+ + +
FRR Protection ofTunnel
Solution 2: Toll Bypass withVoice/Data Converged Network
-
8/2/2019 BNL MPLS Intro Services
100/118
100100MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 100
Voice/Data Converged Network
PE
CE
PSTN Traditional TDM
Network
EnterpriseLAN
EnterpriseLAN
Toll Bypass
QoS on PERouter
SolutionRequirements
MappingTraffic toTunnels
TE or
DS-TE
QoS onCoreRouters
CE
QoS on CERouter
PETE Tunnel
PBX withCircuitEmulationInterface
+ + + +
FRR Protection ofTunnel
Solution 3: Virtual Leased LinesATM Networks Using AToM
-
8/2/2019 BNL MPLS Intro Services
101/118
101101MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 101
ATM Networks Using AToM
PE
MPLSBackbone
PE
ATM
CPE Router
ATM
CPE Router
ATM Virtual Circuits
Any Transport overMPLS (AToM)
Tunnel
DS-TE TunnelVirtual Leased Line(DS-TE + QoS)
TE Tunnel Selection for AToM Attachment VCs
Two different requirements forthe transport of ATM across anMPLS backbone
Transport of AAL5 encapsulatedframes (RFC1483);
Transport of ATM cells (cell relay)
Future QoS Mapping: L2IPEXPFRR Protection of Tunnel
DS- TE - Standardization - IETF
-
8/2/2019 BNL MPLS Intro Services
102/118
102102MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 102
DS- TE - Standardization - IETF
Standardization effort initiated by Cisco mid 2000
Now major work item of TEWG with broad support from SPs &vendors
DS-TE Requirements: on its way to RFC (IETF Last Call)
draft-ietf-tewg-diff-te-reqts-06.txt
DS-TE Protocol Extensions: Working Group document
Draft-ietf-tewg-diff-te-proto-02.txt
Consensus on protocol extensions
Selection of Bandwidth Constraints model still under discussion Uses the Russian Dolls Bandwidth Constraint Model
-
8/2/2019 BNL MPLS Intro Services
103/118
103Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
IPv6 over MPLS
(6PE/6VPE)
MPLS as a Foundation for Services
-
8/2/2019 BNL MPLS Intro Services
104/118
104104MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 104
MPLS as a Foundation for Services
VPNs
MPLS
TrafficEngineering
QoS/TightSLAs
Network Infrastructure
GMPLS AnyTransportOver MPLS
IPv6overMPLS
6PE
6VPE
IPv6 Edge Router (6PE) over MPLS
-
8/2/2019 BNL MPLS Intro Services
105/118
105105MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 105
IPv6 Edge Router (6PE) over MPLS
144.254.0.0
2001:0421::
2001:0420::
P P
PP 6PE
6PE IPv4
IPv6
IPv6
192.76.170.0
134.95.0.0
2001:0621::
IPv4
6PE
6PEIPv4
IPv6
2001:0620::
IPv6
MP-iBGP sessions
v6
v6
v6
v6
v4
v4
v4
Many Carriers, large ISP and Mobile SP have invested on MPLSinfrastructure
Core devices may be ATM switches, GSR or other vendors routersLeverages MPLS features, eg. MPLS/VPN, TE, CoS,...
Multiple implementations options to integrate IPv6IPv6 on CE, IPv6 over AToM, IPv6 Edge router (6PE), native IPv6 MPLS6PE allows the SP to offer IPv6 at lower cost and risk
OC48/192
IPv6 VPN Provider Edge Router: 6VPE
-
8/2/2019 BNL MPLS Intro Services
106/118
106106MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 106
P
P
P
PV6 and v4
v4
V6 and V4
v4
V6 and v4MP-iBGP sessions
CE
CE
6VPE
6VPE 6VPE
6VPE 192.254.10.02001:0421::
2001:0420::
192.76.10.0
145.95.0.0
2001:0621::
2001:0620::
CE
IPv6 VPN Provider Edge Router: 6VPE
IPv4MPLS
V6 and v4
145.96.0.0
Dual Stack IPv4-IPv6 routersDual Stack IPv4-IPv6 routers
For VPN customers (RFC 2547bis), IPv6 VPN service is exactly the same as IPv4 VPN
service IPv6 packets transported from 6VPE to 6VPE inside IPv4 LSPs (IPv4 Core)
For ISP offering MPLS/VPN for IPv4 that wish to add IPv6 services as well
- No modification on the MPLS core
- Support both IPv4 and IPv6 VPNs concurrently on the same interfaces
- Configuration and operations of IPv6 VPNs exactly like IPv4 VPNs
Generalized MPLS (GMPLS)
-
8/2/2019 BNL MPLS Intro Services
107/118
107107MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 107
Generalized MPLS (GMPLS)
Reduces the multiple layers into a single, integrated,control layer
Extends MPLS control plane to address optical layer
constraints and attributes Leverages IP layer management simplicity and
distributed intelligence
Provides sophisticated traffic engineering capabilitiesfor resource management and control
UCP GMPLS Phase 4Integrated IP+Optical Intelligence
-
8/2/2019 BNL MPLS Intro Services
108/118
108108MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 108
Integrated IP+Optical Intelligence
IP+Optical
GMPLS-Based Standard NNI
Single MPLS and GMPLSIP+Optical Control Plane
Concurrent Peer and UNI
Overlay Operation Topology Visibility for
Coordinated Routing andRestoration
Advanced Smart BW Services
Client
MetroMulti-Service
OTN
MetroMulti-Service
OTN
Router Router
UNI
NNI NNI
NNINNI
Management Plane
GMPLS Enabled Control Plane
Summary
-
8/2/2019 BNL MPLS Intro Services
109/118
109109MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 109
Summary
MPLS is much more than label switching
MPLS allows an IP infrastructure to be ServiceEnabled
Allows the SP/Enterprise to offer multiple Servicesacross a single infrastructure
AToM allows layer-2 transport across an MPLSinfrastructure
Combining TE, TE-FRR, and DS-TE, allows very tight
SLAs offerings with high-availability for low-latencyapplications (e.g. Voice and Virtual Leased Line)
MPLS Services will continue to evolve and allow theintegration of more Services across a singleinfrastructure
-
8/2/2019 BNL MPLS Intro Services
110/118
110Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
MPLS Further Reading
Further Reading - Books
-
8/2/2019 BNL MPLS Intro Services
111/118
111111MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 111
Further Reading Books
BooksMPLS: Technology and Applicationsby Bruce S. Davie, Yakov Rekhter ISBN: 1558606564
Traffic Engineering with MPLSby Eric Osborne, Ajay Simha ISBN: 1587050315
MPLS and VPN Architectures, Volume Iby Ivan Pepelnjak, Jim Guichard ISBN: 1587050811
MPLS and VPN Architectures, Volume IIby Ivan Pepelnjak, Jim Guichard, Jeff Apcar ISBN: 1587051125
Advanced MPLS Design and Implementationby Vivek Alwayn ISBN: 158705020X
MPLS Links
-
8/2/2019 BNL MPLS Intro Services
112/118
112112MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 112
MPLS Links
Link to MPLS Home Page (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/
MPLS Technical Documents (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml
Link to Tunnel Builder Home Page:
http://www.cisco.com/warp/public/732/Tech/mpls/tb/
Link to MPLS Working Group Page (IETF):
http://www.ietf.org/html.charters/mpls-charter.html
Select MPLS RFCs
http://www.cisco.com/warp/public/732/Tech/mpls/http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtmlhttp://www.cisco.com/warp/public/732/Tech/mpls/tb/http://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.cisco.com/warp/public/732/Tech/mpls/tb/http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtmlhttp://www.cisco.com/warp/public/732/Tech/mpls/ -
8/2/2019 BNL MPLS Intro Services
113/118
113113MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 113
Select MPLS RFCs
Requirements for Traffic Engineering over MPLS (RFC 2702)
Multiprotocol Label Switching Architecture (RFC 3031)
MPLS Label Stack Encoding (RFC 3032)
MPLS using LDP and ATM VC Switching (RFC 3035)LDP Specification (RFC 3036)
Carrying Label Information in BGP-4 (RFC 3107)
RSVP-TE: Extensions to RSVP for LSP Tunnels (RFC 3209)
MPLS Support of Differentiated Services (RFC 3270)MPLS/BGP VPNs (RFC 2547 Informational, de factostandard)
All but the first have one or more Cisco co-authors
MPLS Links
-
8/2/2019 BNL MPLS Intro Services
114/118
114114MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 114
S s
Link to MPLS Home Page (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/
MPLS Technical Documents (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml
Link to Tunnel Builder Home Page:
http://www.cisco.com/warp/public/732/Tech/mpls/tb/
Link to MPLS Working Group Page (IETF):
http://www.ietf.org/html.charters/mpls-charter.html
http://www.cisco.com/warp/public/732/Tech/mpls/http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtmlhttp://www.cisco.com/warp/public/732/Tech/mpls/tb/http://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.ietf.org/html.charters/mpls-charter.htmlhttp://www.cisco.com/warp/public/732/Tech/mpls/tb/http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtmlhttp://www.cisco.com/warp/public/732/Tech/mpls/ -
8/2/2019 BNL MPLS Intro Services
115/118
115115MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 115115115115 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID
-
8/2/2019 BNL MPLS Intro Services
116/118
116Intro to MPLS AT Seminar 2004, Cisco Systems, Inc. All rights reserved.
Backup Slides
Terminology, 1/2
-
8/2/2019 BNL MPLS Intro Services
117/118
117117MPLS Intro and Services Update 2004, Cisco Systems, Inc. All rights reserved. 117
gy,
RRRoute ReflectorA router (usually not involved in packet forwarding) that distributes BGP routeswithin a providers network
PEProvider Edge routerThe interface between the customer and the MPLS-VPN network; only PEs (andmaybe RRs) know anything about MPLS-VPN routes
PProvider routerA router in the core of the MPLS-VPN network, speaks LDP/RSVP but not VPNv4
CECustomer Edge routerThe customer router which connects to the PE; does not know anything aboutlabels, only IP (most of the time)
LDPLabel Distribution Protocol
Distributes labels with a providers network that mirror the IGP, one way to getfrom one PE to another
LSPLabel Switched PathThe chain of labels that are swapped at each hop to get from one PE to another
Terminology, 2/2
-
8/2/2019 BNL MPLS Intro Services
118/118
gy,
VPNVirtual Private NetworkA network deployed on top of another network, where the two networks areseparate and never communicate
VRFVirtual Routing and Forwarding instance
Mechanism in IOS used to build per-interface RIB and FIB
VPNv4Address family used in BGP to carry MPLS-VPN routes
RD
Route Distinguisher, used to uniquely identify the same network/mask fromdifferent VRFs (i.e., 10.0.0.0/8 from VPN A and 10.0.0.0/8 from VPN B)
RT
Route Target, used to control import and export policies, to build arbitrary VPNtopologies for customers