intro mpls ldeghein

© 2009 Cisco Systems, Inc. All rights reserved. Cisco PublicIntro to MPLSLuc De Ghein 1

Introduction to MPLS

Luc De [email protected]

Cisco Public 2© 2009 Cisco Systems, Inc. All rights reserved.Intro to MPLSLuc De Ghein

Agenda

History of MPLS

Benefits of MPLS

MPLS Technology Introduction

MPLS Applications


Before MPLS

Several WAN protocols existed

•ATM, Frame-Relay

• They were cost-effective

• Lacked ease of deployment, provisioning, and management

• IP was winning the battle

• Ethernet was cheaper and easier than ATM

• People began to look for

•a good integration of IP over ATM

•an easy way to deploy virtual private networks over an IP backbone


History of MPLS

1998 1999 2000 2001

Time

2002 2003 2004 2009+2005 2006 2007 2008


Benefits of MPLS

One unified network infrastructure

Better IP over ATM integration

BGP-free core

Peer-to-peer Virtual Private Network (VPN) model

Optimal traffic flow across provider network

Flexible way to do traffic engineering

economics


One Unified Network Infrastructure MPLS = Multi Protocol Label Switching

An MPLS backbone is an enabler for multiservice

Carry all kinds of traffic across one MPLS enabled network :

–IPv4

–IPv6

–Layer 2 frames (Ethernet, ATM, Frame-Relay, HDLC, PPP)

–TDM

Adding labels to the packet enables the possibility to carry other protocols than just IP over an MPLS-enabled Layer 3 IP backbone, similarly to what was previously only possible with Frame Relay or ATM Layer 2 networks

Ethernet

ATM

IP VPN

Frame RelayPPP

IP/MPLS

Internet

VoIP

IPv6

PSTN


Better IP over ATM Integration

Before MPLS, there were three ways to implement MPLS:

–(RFC) 1483, “Multiprotocol Encapsulation over ATM Adaptation Layer 5,”•all ATM circuits had to be manually established and all mappings between IP next hops and ATM endpoints had to be manually configured on every ATM-attached router in the network

–LANE (LAN Emulation)•this technology never achieved the scalability or reliability requirements of large service provider networks

–MPOA (Multiprotocol over ATM )•the tightest integration of IP over ATM, but also the most complex solution

All these methods were cumbersome to implement and troubleshoot. A better solution for integrating IP over ATM was one of the driving reasons for the invention of MPLS.

The prerequisites for MPLS on ATM switches were that the ATM switches had to become more intelligent. The ATM switches had to run an IP routing protocol and implement a label distribution protocol.


BGP sessions

edge MPLS router

edge MPLS router

edge MPLS router

BGP Route Reflector

(RR)

edge MPLS router

MPLS network

BGP-free core

BGP-Free Core

•MPLS labeling is done on edge routers – the label assigned is the one associated with the BGP next-hop address

•The BGP next-hop address is known in the network via the IGP

•Forwarding on core routers is done by looking at MPLS label – there is no IP lookup

•Core routers do not need to run BGP


The Peer-to-Peer Model for MPLS VPN

A Virtual Private Network (VPN) is a network that emulates a private network over a common infrastructure.

In the overlay model:

–Examples are ATM and Frame-Relay

–The service provider provides a service of point-to-point links or virtual circuits across his network between the routers of the customer

–The customer routers form routing peering between them directly across the links or virtual circuits from the service provider

In the peer-to-peer VPN model:

–The service provider’s routers carry the customer’s data across the network, but they also participate in the customers’ routing

–Easier provisioning

•Adding one customer site means that on the PE router only the peering with the CE router must be added

•There is no hassle with creating many virtual circuits as with the overlay model or with configuring packet filters or route filters with the peer-to-peer VPN model over an IP network


service providers’ Frame Relay or ATM network

The Overlay Model for VPN

In the overlay model:

–The service provider provides a service of point-to-point links or virtual circuits across his network between the routers of the customer

–The customer routers form routing peering between them directly across the links or virtual circuits from the service provider

VPN green customer routerVPN red

customer router

virtual circuit

Frame Relay or ATM switch

VPN red customer router

VPN red customer router

VPN green customer router

VPN green customer router


Peer-to-Peer Model for MPLS VPN

routing peering

routing peeringrouting peering

Provider Edge router



Customer Edge router



routing peering = iBGP

In the peer-to-peer model:

–One peering: between the CE router and the PE router

–Internal BGP takes care of the VPN routing in SP network


Optimal Traffic Flow


VPN red CE

VPN red CE

VPN red CE

VPN red CE

VPN red CE

VPN red CE

overlay model peer-to-peer model

Layer 2 devices in the core: customer routers interconnect through them by means of virtual circuits (VC) created

In order for any router to send traffic directly to any other router at the edge, a virtual circuit must be created between them directly

–For optimal traffic flow in all cases: full mesh needed

–For n customer routers: (n-1) * n / 2 number of VCs needed

Peer-to-peer MPLS VPN model has optimal traffic flow in all cases

No VCs per customer


VPN red CE

VPN red CE

VPN red CE

VPN red CE

VPN red CE

VPN red CE


Traffic Engineering – MPLS TE

If this network is an IP only network, you could never have router B send the traffic along the bottom path by configuring anything on router A. Router B’s decision to send traffic on the top or bottom path is solely its own decision.

If you enable MPLS traffic engineering in this network, you can have router A send the traffic towards router D along the bottom path. The MPLS TE forces router B to toward the traffic A-D onto the bottom path. This can be done in MPLS because of the label forwarding mechanism.

A B D

C

E F

traffic engineered path

least cost pathMPLS network with TE enabled

MPLS TE = optimally use the network

TE looks how much BW is free on any link

Use underutilized links

TE must provide the possibility to steer traffic through the network on paths different than the preferred path (least cost path)

IP IP


MPLS Technology Introduction


MPLS Label and Label Encapsulation

LabelPPP Header Layer 2/L3 PacketPPP Header(Packet over SONET/SDH)

Label MAC Header Layer 2/L3 PacketLAN MAC Label Header

MPLS Label Encapsulation

COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

Label # – 20bits EXP S TTL-8bits

MPLS Label


Label Stacking

There may be more than one label in an MPLS packet

Each label at a different place in the label stack has its meaning•Example—there can be one label for routing the packet to an egress point and another that separates a customer A packet from customer B

•Inner labels can be used to designate services

•e.g. L3VPNs, L2VPN

Outer label used to route/switch the MPLS packets in the network

Last label in the stack is marked with EOS bit

Allows building services such as MPLS VPNs

Traffic engineering and fast reroute

VPNs over traffic engineered core

Any transport over MPLS

TE Label

LDP Label

VPN Label

Inner Label

Outer Label

IP Header


MPLS Label

MPLS Label has local significance

One router assigns the MPLS label independently

There is no global assignment for the whole network

–No global authority

20 bits for the label gives label range of 0-1048575

–Default label range might be lower

–Label range is limited on some platforms

Normal MPLS labels are: 16-1048575

Reserved label range is: 0-15

–See later slides for some examples


LDP Label Advertisment

P PPE PE

10.0.0.0/8 label L3

LDP label advertisement

10.0.0.0/8 label L2


10.0.0.0/8 label L1


10.0.0.0/8

Local/In label

Prefix Out Intf Remote/Out Label

L1 10.0.0.0/8 POS0/0/0 L2

LFIB

LDP = Label Distribution Protocol, defined in RFC 3035 and 3036

LDP advertises label bindings

Label binding = IP prefix + MPLS label

LDP is a superset of Tag Distribution Protocol

IGP LDP


Label Packet Forwarding

IGP LDP

IP Label L1IP Label L2IP Label L3IP IP

P PPE PE

Local/In label

Prefix Out Intf Remote/Out Label

L1 10.0.0.0/8 POS0/0/0 L2

swapping incoming label with outgoing label


Control and Forward Plane Separation

LFIB

Routing

Process

MPLS Process

RIB

LIB

FIB

control plane

Label BindingUpdates/

Adjacency

IP TrafficMPLS Traffic

control plane used to distribute labels and build label-switched paths (LSPs)

Route Updates/

Adjacency

forwarding plane

forwarding plane used to forward IP or labeled packets


LIB Label Information Base holds the label bindings

–One local label (in label) allocated by the router per prefix

–One or more remote labels (out label) per prefix LIB stores all received label bindings

PE1#show mpls ldp binding

tib entry: 10.1.1.0/24, rev 3

local binding: tag: imp-null

remote binding: tsr: 10.100.1.3:0, tag: imp-null

remote binding: tsr: 10.100.1.6:0, tag: 16

tib entry: 10.1.5.0/24, rev 20



remote binding: tsr: 10.100.1.6:0, tag: imp-null

tib entry: 10.100.1.2/32, rev 4




tib entry: 10.100.1.4/32, rev 18

local binding: tag: 22



...

one LIB entry


LFIB

Label Forwarding Information Base LFIB stores one local and one remote label per prefix LFIB is used to forward labeled incoming packet

–Outgoing packet can be labeled

–Outgoing packet can be unlabeled

PE1#show mpls forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

16 Pop tag 10.1.2.0/24 0 Et0/0 10.1.5.6

17 Pop tag 10.1.3.0/24 0 Se3/0 point2point



20 Pop tag 10.100.1.6/32 0 Et0/0 10.1.5.6

21 Aggregate 11.1.1.0/24[V] 0

22 19 10.100.1.4/32 0 Se3/0 point2point

23 Untagged 11.100.1.1/32[V] 0 Se2/0 point2point


Label Forwarding Operations

16

IPIP

34

SWAP

16

IPIP

34

55

PUSH

IPIP

16

POP

16

23

IPIP

UNTAG/ NO LABEL

16

23


Implicit Null Label -> PHP

P PPE PE

Label L1IP Label L2IPIP IP

penultimate hop router

Implicit null label (label 3) is used in a few cases–for example for connected routes

Purpose: avoid double lookup: first MPLS lookup, followed by IP lookup

Penultimate Hop Popping (PHP)

removing the MPLS label at the one-but-last MPLS router

P#show mpls forwarding-table 10.100.1.0 255.255.255.0Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 17 Pop tag 10.100.1.0/24 5948 Se3/0 point2point

P#show mpls ldp bindings 10.100.1.0 24 tib entry: 10.100.1.0/24, rev 14 local binding: tag: 17 remote binding: tsr: 10.100.1.6:0, tag: 19 remote binding: tsr: 10.100.1.1:0, tag: imp-null remote binding: tsr: 10.100.1.4:0, tag: 19

10.0.0.0/8 label 3


10.100.1.0/24

POP is outgoing label in LFIB

(no label is added in the label stack)


Explicit Null Label Label 0 is advertised

Label 0 is put in the label stack

Double lookup needed

Label 0 does not entail a forwarding vector, but QOS information (EXP bits) is used of explicit null label

–The QOS information is retained till the last hop, whereas with PHP, the QOS information in the top label is lost, because the top label was popped

P PPE PE

Label L1IP Label L2IPIP

penultimate hop router

replacing label with explicit-null label

10.0.0.0/8 label 0


10.100.1.0/24Label 0IP

!

mpls label protocol ldp

mpls ldp explicit-null

!

P#show mpls ldp bindings 10.100.1.0 24

tib entry: 10.100.1.0/24, rev 14

local binding: tag: 17



remote binding: tsr: 10.100.1.1:0, tag: exp-null

P#show mpls forwarding-table 10.100.1.0

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

17 0 10.100.1.0/24 0 Se3/0 point2point


Overview of MPLS Applications

MPLS Layer 3 VPNs

MPLS Layer 2 VPNs

•Point-to-point

•Point-to-multipoint

MPLS Traffic Engineering


MPLS VPN – Control Plane

P PPE PE

red VPN

red VPN

eBGPIGP

eBGPIGP

iBGP exchanging vpnv4 prefixes + MPLS label

VRF interface

VRF interface

Route Distinguisher (RD): 8-byte field—unique value assigned by a provider to each VPN to make different VPN routes unique

VPNv4 address: RD+VPN IP prefix Route Target (RT): 8-byte field, unique value assigned by a provider to define the import/export rules for the routes from/to

each VPN MP-iBGP: facilitates advertisement of VPNv4* prefixes + labels between BGP peers Virtual Routing Forwarding Instance (VRF): contains VPN site routes; only on PE routers Multi-VRF CE (VRF-Lite): CE device supporting multiple VRFs w/o MP-iBGP & VPN labels

IGPLDP

IGPLDP

IGPLDP

CECE


MPLS VPN – Data Forwarding

IGP LDP

P PPE PE

VPN Label IP Label L2 VPN Label IP Label L1 VPN Label IP IP

Penultimate Hop Popping (PHP)

Ingress PE router: lookup in VRF RIB, adds vpn label, add LDP label P routers: label swapping (top label only) Egress PE router: looks up vpn label in LFIB, forwards IP packet onto VRF interface

IP

red VPN

red VPN

CECE


VPLSVirtual Private LAN Service

Point to Multipoint

VPLSVirtual Private LAN Service

Point to Multipoint

VPWSVirtual Private Wire Service

Point to Point

VPWSVirtual Private Wire Service

Point to Point

L2VPN ModelsL2VPN Models

L2VPN Options

AToMAToML2TPv3L2TPv3

IP CoreIP Core

Frame RelayFrame Relay

ATM (AAL5 and Cell)ATM (AAL5 and Cell)

EthernetEthernet

PPP and HDLCPPP and HDLC

MPLS CoreMPLS Core

Frame RelayFrame Relay

ATM (AAL5 and Cell)ATM (AAL5 and Cell)

EthernetEthernet

PPP and HDLCPPP and HDLC

MPLS CoreMPLS Core

EthernetEthernet

AToM = Any Transport over MPLS


Any Transport over MPLS ArchitectureIETF’s Pseudo-Wire Reference Model

PE PE

PSN Tunnel

pseudo wires

AC

AC

AC

AC

emulated services

IETF working group PWE3 ‘Pseudo wire emulation edge to edge’ requirements detailed in

draft-ietf-pwe3-requirements now RFC3916

draft-ietf-pwe3-architecture(framework) now RFC3985

• The pseudowire (PW) is a connection between 2 PE routers emulating an end-to-end service and connecting 2 Attachments Circuits (AC)


IETF’s L2VPN Logical Context

An L2VPN is comprised of switched connections between subscriber endpoints over a shared network

Non-subscribers do not have access to those same endpoints

Ethernet

ATM

HDLCPPP

FR

Pseudo Wire

SP Network

SP InterconnectionProviderEdge

Many Subscriber Encapsulations Supportable

ProviderEdge


AToM Building Blocks

Emulated VC encapsulation (control word) Information on enclosed Layer 2 PDU

4 bytes sitting in between the label stack and the MPLS payload

Control

Connection

Transport

Component

Tunneling

Component

Emulated L2

PDU

Targeted LDP (Label Distribution Protocol) SessionUsed for VC-label negotiation, withdrawal, error notification

Tunnel header (tunnel label)To get PDU from ingress to egress PE using MPLS LSP

Demultiplexer field (VC label)To identify individual circuits within a tunnel (VC label is a MPLS Label)


Any Transport over MPLS ControlPlane — How PWs Are Established

PE1 PE2

3. PE1 Allocates VC Label for new interface and binds to configured VC ID

4. PE1 sends label mapping message to PE2 over LDP session

5. PE2 Receives VC Type and VC Label that matches Local VCID

1. CE-PE: AC connection

PP

Note: PE2 Repeats Steps1–5 so that BidirectionalLabel/VCID MappingsAre Established

CECE

2. PE1 Starts Targeted LDP session with PE2 if one does not already exist


Any Transport over MPLS — How Traffic Is Forwarded on an Emulated Circuit

PE1 PE2PP CECE

VC Label L2 frame Label L1 VC Label L2 frameL2 frame L2 frame

VC label

LDP label

VC Label L2 frame Label L2

VC label is only looked up at egress PE Tunnel label (LDP/IGP label) is changed at every hop


Virtual Private LAN Service Overview

PE1 PE2

MPLS WAN

Site3CE

Site2CE

Site1CE

VPLS defines an architecture that delivers Ethernet Multipoint Services (EMS) over an MPLS network

VPLS operation emulates an IEEE Ethernet bridge. VPLS network acts like a virtual switch that emulates conventional L2 bridge.

•Forwarding of ethernet frames

•Forwarding of unicast frames with unknown destination MAC address

•Forwarding of multicast and broadcast frames

•Dynamic learning of MAC addresses

•MAC address aging

It supports communication between fully meshed L2 sites without the spanning tree complexities


Full mesh of PWs between VSIs

VPLS Components

Virtual Switching Instance: VSI or VFI (Virtual Forwarding Instance)

VPN ID: Unique value for each VPLS VPN

Attachment VCs are port mode or VLAN ID

Directed LDP session between participating PEs

n-PE n-PE

PW

PW

PW

CE

CE

CE

CE

CE

CE

CE

Tunnel LSP

Green VSIBlue VSIRed VSI

Green VSIBlue VSIRed VSI

Attachment Circuit

full mesh of Targeted-LDP sessions exchange VC labels

Tunnel LSP Tu

nnel

LS

P


R2

R1

R8

IP/MPLS

R2

R1

R8

IP/MPLS

R2

R1

R8

IP/MPLS

R2

R1

R8

IP/MPLS

MPLS TE Deployment Models

Bandwidth OptimizationStrategic Tactical

Protection Point-to-Point SLA

move BW away from congested pointsdeploy TE everywhere; optimise BW everywhere

Virtual Leased Lines; QOS; BW guaranteesFast ReRouting (FRR)


How MPLS TE Works

Link information Distribution

– ISIS-TE

– OSPF-TE

Path Calculation (CSPF)

Path Setup (RSVP-TE)

Forwarding Traffic down Tunnel

– Auto-route

– Static

– PBR

– CBTS

– Forwarding Adjacency

– Tunnel select

IP/MPLS

Head end

Mid-point Tail end


TE Fundamentals

1. Information Distributionneed Link State protocol IS-IS or OSPF

2. Path selection/calculation

3. Path setup

4. Trunk admission control

5. Forwarding trafficon to tunnel

6. Path maintenance

RSVP/TE used to distribute labels, provide CAC, failure notification, etc.

Unidirectional Tunnel Upstream Downstream

headendtailend

midpoints

Path Calculation (PCALC/CSPF) — uses IGP advertisements to compute “constrained” paths

IGP (OSPF or ISIS) used to flood BW information

TE tunnel


Path Setup Example

headendtailend

TE tunnel

PATH

RESVRESV

RESV

PATH

PATH

PCALC calculates path on headend or explicit path configured

PATH messages are sent with requested bandwidth

RESV messages are sent with MPLS label for the TE tunnel

There is admission control at each hop to see if the bandwidth requirement can be met

Headend router has view of complete network topology

in TE database

thanks to link state topology on headend router


MPLS TE Fast Re-Route (FRR)

Subsecond recovery against node/link failures

Fast because backup tunnel is pre-signaled

Scalable 1:N protection

Greater protection granularity

Cost-effective alternative to optical protection

Bandwidth protection

Primary TE LSP

Backup TE LSP

IP/MPLS

R2

R1

R8


Requires next-hop (NHOP) backup tunnel

Point of Local Repair (PLR) swaps label and pushes backup label

Backup terminates on Merge Point (MP) where traffic rejoins primary

Restoration time expected under ~50 ms

FRR Link Protection Operation

Primary TE LSP

Backup TE LSP

IP/MPLS

R1

2525

2222

1616 2222

2222

R2 R6 R7

R3

R5


FRR Node Protection Operation

Primary TE LSP

Backup TE LSP

IP/MPLS

R1

2525

3636

1616 2222

3636

R2 R5 R6

R3

R4

Requires next-next-hop (NNHOP) backup tunnel

Point of Local Repair (PLR) swaps next-hop label and pushes backup label

Backup terminates on Merge Point (MP) where traffic rejoins primary

Restoration time depends on failure detection time

3636

R5


Path Protection Operation

Primary TE LSP

Backup TE LSP

IP/MPLS

R1 R2 R3 R4

R6R5 R7

No local repair

Requires second end-to-end signalled TE LSP

Point of Repair (PLR) is headend router

Restoration time expected under ~200 ms


Q&A


Terminology ReferenceTerminology Description

AC Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.

ECMP Equal Cost Multipath

IGP Interior Gateway Protocol

LAN Local Area Network

LDP Label Distribution Protocol, RFC 3036.

LER Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains.

LFIB Labeled Forwarding Information Base

LIB Labeled Information Base

LSP Label Switched Path

LSR Label Switching Router

P Router An Interior LSR in the Service Provider's Autonomous System

PE RouterAn LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Backbone Network.

PSN Tunnel Packet Switching Tunnel


Terminology ReferenceTerminology Description

Pseudo-WireA Pseudo-Wire Is a Bidirectional “Tunnel" Between Two Features on a Switching Path.

PWE3 Pseudo-Wire End-to-End Emulation

RD Route Distinguisher

RIB Routing Information Base (Routing Table)

RR Route Reflector

RT Route Target

RSVP-TE Resource Reservation Protocol based Traffic Engineering

VPN Virtual Private Network

VFI Virtual Forwarding Instance

VPLS Virtual Private LAN Service

VPWS Virtual Private WAN Service

VRF Virtual Route Forwarding Instance

VSI Virtual Switching Instance

intro mpls ldeghein

Documents