tim hieu ve mpls vpn va cai dat thuc nghiem

B GIO DC V O TO

TRNG I HC S PHM K THUT TP. H CH MINH

KHOA CNG NGH THNG TIN

KHA LUN TT NGHIP

TM HIU V MPLS VPN V CI T

THC NGHIM

SINH VIN THC HIN : NG NH THNG

MSSV : 05110139

SINH VIN THC HIN : L DIN TM

MSSV : 05110119

GIO VIN HNG DN : KS. HUNH NGUYN CHNH

TP. H CH MINH 2010

I HC S PHM K THUT TP.H CH MINH KHOA CNG NGH THNG TIN

CNG HA X HI CH NGHA VIT NAM c lp T do Hnh phc

NHIM V THC HIN KHA LUN TT NGHIP

H tn SV: Ng nh Thng MSSV:05110139

H tn SV: L Din Tm MSSV:05110119

Chuyn ngnh: Mng my tnh v vin thng.

Tn ti: Tm hiu v MPLS VPN v ci t thc nghim.

Ni dung thc hin:

L thuyt:

Gii thiu v cng ngh VPN.

Tm hiu v cng ngh chuyn mch nhn a giao thc - MPLS: khi nim, li ch,

v cch hot ng ca MPLS.

Tm hiu v MPLS VPN: cc thnh phn, cch hot ng.

Thc hnh:

Cu hnh MPLS VPN trn sn phm ca cisco

Thi gian thc hin: 10/09/09 31/12/09

Ch k ca SV: .............................................................................................................

Ch k ca SV: .............................................................................................................

TP.HCM, Ngy. thng. Nm 2010

TRNG KHOA CNTT GING VIN HNG DN

(K v ghi r h tn) (K v ghi r h tn)

i

NHN XT CA GIO VIN HNG DN

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

Tp. H Ch Minh, ngy thng nm 2010

Gio vin hng dn

KS. Hunh Nguyn Chnh

ii

NHN XT CA GIO VIN PHN BIN

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................


Gio vin phn bin

ThS. inh Cng oan

iii

NHN XT CA HI NG PHN BIN

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................

.......................................................................................................................................


Hi ng phn bin

LI CM N iv

LI CM N

Nhm em xin chn thnh cm n thy Hunh Nguyn Chnh hng dn

nhm thc hin ti. Thy nhc nh v theo st hng dn trong qu trnh thc

hin ti. Thy cung cp cc ti liu v gii p cc thc mc, cc sai st ca

nhm. Xin cm n thy nhit tnh gip trong qu trnh nhm thc hnh. Xin

chn thnh cm n thy.

Xin cm n cc nhm khc gip nhm trong qu trnh thc hin ti,

cc bn nhn xt, nh gi gp rt nhiu, bn cnh cc bn cn gip ti

liu tham kho v ng vin nhm trong qu trnh thc hin.

Chng em cng xin chn thnh gi li cm n n tt c nhng thy c trong

Khoa Cng Ngh Thng Tin gip v ng gp kin cho chng em trong

sut qu trnh thc hin ti.

Xin chn thnh cm n!

Nhm thc hin

MC LC v

MC LC

NHN XT CA GIO VIN HNG DN ........................................................ I

NHN XT CA GIO VIN PHN BIN .......................................................... II

NHN XT CA HI NG PHN BIN .......................................................... III

LI CM N .......................................................................................................... IV

DANH MC HNH MINH HA .......................................................................... VIII

DANH SCH T VIT TT ................................................................................. XI

PHN M U .................................................................................................... - 1 -

1. Tnh cp thit ca ti .................................................................................. - 2 -

2. Mc tiu ca ti .......................................................................................... - 3 -

3. i tng nghin cu ..................................................................................... - 3 -

4. Phng php nghin cu ................................................................................ - 3 -

5. Phm vi nghin cu ........................................................................................ - 3 -

6. ngha thc tin ca ti ............................................................................ - 3 -

PHN NI DUNG ................................................................................................ - 4 -

CHNG 1. GII THIU V CNG NGH VPN ............................................ - 5 -

1.1 VPN l g? ..................................................................................................... - 5 -

1.2 Phn loi VPN .............................................................................................. - 6 -

1.2.1 VPN cho cc nh doanh nghip ............................................................. - 6 -

1.2.1.1 Remote access VPN ......................................................................... - 6 -

1.2.1.2 Sitetosite VPN .............................................................................. - 7 -

1.2.2 VPN i vi cc nh cung cp dch v .................................................. - 8 -

1.2.2.1 M hnh overlay VPN ...................................................................... - 8 -

1.2.2.2 M hnh Peer-to-peer VPN .............................................................. - 9 -

1.3 Tng kt chng ......................................................................................... - 11 -

CHNG 2. CHUYN MCH NHN A GIAO THC MPLS ................. - 12 -

2.1 S lc v cng ngh IP v cng ngh ATM ............................................. - 12 -

MC LC vi

2.1.1 Cng ngh IP ........................................................................................ - 12 -

2.1.2 Cng ngh ATM ................................................................................... - 12 -

2.2 Khi nim c bn v MPLS ........................................................................ - 14 -

2.2.1 Li ch ca MPLS ................................................................................ - 14 -

2.2.2 Mt s ng dng ca MPLS ................................................................. - 15 -

2.3 Cc thnh phn trong MPLS ....................................................................... - 16 -

2.3.1 Nhn ..................................................................................................... - 16 -

2.3.2 Ngn xp nhn ...................................................................................... - 17 -

2.3.3 Lp chuyn tip tng ng FEC ...................................................... - 18 -

2.3.4 ng chuyn mch nhn LSP ............................................................ - 18 -

2.3.5 C s d liu nhn LIB ........................................................................ - 19 -

2.3.6 Topo mng MPLS ................................................................................ - 19 -

2.3.7 Thnh phn c bn ca MPLS ............................................................. - 20 -

2.3.7.1 Thit b LSR ................................................................................... - 20 -

2.3.7.2 Thit b LER .................................................................................. - 20 -

2.4 Giao thc phn phi nhn LDP .................................................................. - 20 -

2.4.1 Qu trnh khm ph lng ging LSR .................................................... - 21 -

2.4.2 Cc kiu phn phi nhn ...................................................................... - 22 -

2.5 Cu trc MPLS ........................................................................................... - 23 -

2.5.1 Mt phng iu khin ........................................................................... - 25 -

2.5.2 Mt phng d liu ................................................................................. - 26 -

2.5.3 Cc thnh phn bn trong mt phng iu khin v mt phng d liu- 26

-

2.6 Cc giao thc nh tuyn ............................................................................ - 28 -

2.6.1 Giao thc nh tuyn OSPF.................................................................. - 28 -

2.6.2 Giao thc nh tuyn EIGRP................................................................ - 29 -

2.6.3 Giao thc nh tuyn BGP ................................................................... - 29 -

2.7 Phng thc hot ng ca MPLS ............................................................. - 30 -

2.8 Tng kt chng ......................................................................................... - 37 -

MC LC vii

CHNG 3. MPLS VPN .................................................................................... - 38 -

3.1 MPLS VPN l g? ....................................................................................... - 38 -

3.2 Li ch ca MPLS VPN .............................................................................. - 39 -

3.3 Cc thnh phn trong MPLS VPN.............................................................. - 40 -

3.3.1 Virtual Routing and Forwarding Table (VRF) ..................................... - 40 -

3.3.2 Multiprotocol BGP (MP-BGP) ............................................................ - 41 -

3.3.3 Route Distinguisher (RD) ..................................................................... - 41 -

3.3.4 Route Targets (RT) ............................................................................... - 43 -

3.4 Cch hot ng MPLS VPN ....................................................................... - 44 -

3.5 Hot ng ca mt phng iu khin MPLS VPN ..................................... - 45 -

3.6 Hot ng ca mt phng d liu MPLS VPN........................................... - 47 -

3.7 So snh VPN truyn thng v MPLS VPN ................................................ - 48 -

3.7.1 VPN truyn thng ................................................................................. - 48 -

3.7.2 MPLS VPN ........................................................................................... - 50 -

3.8 Tng kt chng ......................................................................................... - 51 -

CHNG 4. THC NGHIM ........................................................................... - 52 -

4.1 Cu hnh ...................................................................................................... - 53 -

4.2 Thng tin nh tuyn ................................................................................... - 63 -

4.3 Kim tra ...................................................................................................... - 66 -

PHN KT LUN .............................................................................................. - 71 -

TI LIU THAM KHO .................................................................................... - 74 -

DANH MC HNH MINH HA viii

DANH MC HNH MINH HA

Hnh 1.1 M hnh remote access VPN ................................................................... - 6 -

Hnh 1.2 M hnh Site-to-site VPN ....................................................................... - 7 -

Hnh 1.3 M hnh overlay VPN ............................................................................. - 8 -

Hnh 1.4 M hnh peer-to-peer VPN ..................................................................... - 9 -

Hnh 1.5 M hnh shared-router v dedicated-router ........................................... - 11 -

Hnh 2.1 M hnh chuyn tip gi tin trong IP .................................................... - 12 -

Hnh 2.2 M hnh ATM ....................................................................................... - 13 -

Hnh 2.3 Khi nim v MPLS .............................................................................. - 14 -

Hnh 2.4 Cu trc mo u MPLS ....................................................................... - 16 -

Hnh 2.5 Nhn MPLS ........................................................................................... - 16 -

Hnh 2.6 Nhn ca stack ...................................................................................... - 18 -

Hnh 2.7 Topo mng MPLS ................................................................................. - 19 -

Hnh 2.8 Qu trnh khm ph lng ging bng LDP ............................................ - 22 -

Hnh 2.9 Qu trnh trao i thng tin nhn trong LDP ........................................ - 22 -

Hnh 2.10 Mt phng iu khin v mt phng d liu ....................................... - 24 -

Hnh 2.11 Cc modul iu khin MPLS .............................................................. - 25 -

Hnh 2.12 Cc thnh phn MPLS trong mt phng iu khin v mt phng d liu.

.............................................................................................................................. - 28 -

Hnh 2.13 nh tuyn, chuyn mch, chuyn tip ............................................... - 31 -

Hnh 2.14 Mng MPLS ........................................................................................ - 32 -

Hnh 2.15 Qu trnh xy dng bng routing table ............................................... - 33 -

Hnh 2.16 Qu trnh gn nhn ca router B ......................................................... - 33 -

Hnh 2.17 Qu trnh phn phi nhn ca router B ............................................... - 34 -

Hnh 2.18 Qu trnh to bng LIB ....................................................................... - 34 -

Hnh 2.19 Qu trnh phn phi nhn ca router C ............................................... - 35 -

Hnh 2.20 Qu trnh to bng LFIB ..................................................................... - 35 -

DANH MC HNH MINH HA ix

Hnh 2.21 Qu trnh kim gn nhn ti ingress LSR ........................................... - 36 -

Hnh 2.22 Qu trnh hon i nhn ...................................................................... - 36 -

Hnh 2.23 Qu trnh tho nhn ti egress LSR .................................................... - 37 -

Hnh 3.1 M hnh MPLS VPN ............................................................................. - 38 -

Hnh 3.2 Bng VRF .............................................................................................. - 40 -

Hnh 3.3 Gi tr RD .............................................................................................. - 41 -

Hnh 3.4 Qu trnh gn RD .................................................................................. - 42 -

Hnh 3.5 Qu trnh tho RD ................................................................................. - 42 -

Hnh 3.6 Hot ng ca MPLS lp 3 ................................................................... - 44 -

Hnh 3.7 Hot ng ca MPLS lp 2 ................................................................... - 45 -

Hnh 3.8 Mt phng iu khin MPLS VPN ....................................................... - 45 -

Hnh 3.9 Mt phng d liu MPLS VPN ............................................................. - 47 -

Hnh 3.10 M hnh VPN truyn thng ................................................................. - 48 -

Hnh 3.11 MPLS VPN ......................................................................................... - 50 -

Hnh 4.1 M hnh thc nghim MPLS VPN ....................................................... - 52 -

Hnh 4.2 Thng tin nh tuyn ca A1 ................................................................. - 63 -

Hnh 4.3 Thng tin nh tuyn ca A2 ................................................................. - 63 -

Hnh 4.4 Thng tin nh tuyn ca B1 ................................................................. - 64 -

Hnh 4.5 Thng tin nh tuyn ca B2 ................................................................. - 64 -

Hnh 4.6 Thng tin nh tuyn ca PE01 ............................................................. - 65 -

Hnh 4.7 Thng tin nh tuyn ca PE02 ............................................................. - 65 -

Hnh 4.8 Thng tin nh tuyn ca P ................................................................... - 66 -

Hnh 4.9 show mpls ldp bindings PE01 ............................................................... - 66 -

Hnh 4.10 show mpls ldp bindings P ................................................................... - 67 -

Hnh 4.11 show mpls ldp bindings PE02 ............................................................. - 67 -

Hnh 4.12 bng LFIB trn PE01 .......................................................................... - 67 -

Hnh 4.13 bng LFIB trn P ................................................................................. - 68 -

Hnh 4.14 bng LFIB trn PE02 .......................................................................... - 68 -

Hnh 4.15 bng nh tuyn vrf A1 trn PE01 ...................................................... - 68 -

DANH MC HNH MINH HA x

Hnh 4.16 bng nh tuyn vrf A2 trn PE02 ..................................................... - 69 -

Hnh 4.17 bng nh tuyn vrf B1 trn PE01 ...................................................... - 69 -

Hnh 4.18 bng nh tuyn vrf B2 trn PE02 ...................................................... - 70 -

Hnh 4.19 A1 ping A2 .......................................................................................... - 70 -

Hnh 4.20 B1 ping B2 .......................................................................................... - 70 -

Hnh 4.21 A1 ping B2 .......................................................................................... - 70 -

DANH SCH T VIT TT xi

DANH SCH T VIT TT

T vit tt T ting Anh

AS Autonomous system

ATM Asynchronous Transfer Mode

BGP Border Gateway Protocol

B-ISDN Broadband Integrated Services Digital Network

CE customer edge

CEF Cisco Express Forwarding

CIDR Classless Interdomain Routing

CLP Cell Loss Priority

CPE Customer Premise Equipment

CSR Cell switch router

DLCI data link connection identifier

DoS Denial of Service

eBGP External Border Gateway Protocol

EGP Exterior Gateway Protocol

EIGRP Enhanced Interior Gateway Routing Protocol

FEC Fowarding Equivalent Class

FIB Forwarding Information Base

DANH SCH T VIT TT xii

FR Frame Relay

GFC Generic Flow Control

HDLC High Level Data Link Control

HEC Header error check

iBGP Internal Border Gateway Protocol

ICMP Internet Control Message Protocol

IGP Interior Gateway Protocol

IP Internet Protocol

IPSec Internet protocol security

IPv4 Internet protocol v4

ISDN Integrated Services Digital Network

ISP Internet Service Providers

LDP Label Distribute Protocol

LERs Label Edge Router

LFIB Label Forwarding Information Base

LIB Label Information Base

LSP Label Switched Path

LSRs Label Switch Router

MED Media Endpoint Discovery

DANH SCH T VIT TT xiii

MP-BGP Multiprotocol BGP

MPLS Multiprotocol Label Switching

MTU Maximum Transmission Unit

NBMA Non-Broadcast Multiple Access

NGN Next Generation Network

OSI Open Systems Interconnection

OSPF Open Shortest Path First

PE provider edge

PPP Point to Point Protocol

PT Payload Type

PVC permanent virtual circuit

QoS Quality of service

RD Route Distinguisher

RIB Routing Information Base

RT Route Targets

SP Service Provider

SDN Software Defined Networks

SVC Switch virtual circuit

TCP Transport Control Protocol

DANH SCH T VIT TT xiv

TTL Time To Live

UDP User Datagrame Protocol

VC Virtual channel

VCI Virtual Channel Identifier

VLSM Variable Length Subnet Mask

VPI Virtual Path Identifier

VPDN Virtual private dial-up network

VPN Virtual Private Network

VRF Virtual Routing and Forwarding Table

WAN Wide Area Network

- 1 -

PHN M U

A

Phn m u - 2 -

1. Tnh cp thit ca ti

Hin nay vi tc pht trin chng mt ca Internet v li ch to ln do vic

p dng cng ngh thng tin vo mi lnh vc, c bit l trong lnh vc vn phng,

qun l th mng ring o dng nh l th khng th thiu i vi cc cng ty.

T nhu cu truy cp d liu ca cng ty t xa, n vic to mi quan h vi khch

hng, gip h c th khai thc mt phn ngun ti nguyn ca mnh m vn m

bo tnh bo mt cn thit cho thng tin.

VPN truyn thng da trn cng ngh ATM, Frame Relay v IP gp khng it

nhc im nh kh nng qun l, tnh bo mt, cht lng dch v. Hu qua la co

th mt lu lng, mt kt ni, thm chi giam c tinh cua mang . Ngoi ra cn phi

k n cac chi ph khng nho dnh cho vic thu dch v vin thng kt ni

mng.

Gn y, Cng ngh chuyn mch nhn a giao thc - MPLS c cc hng

cung cp dch v quan tm c bit bi kh nng vt tri trong vic cung cp dch

v cht lng cao qua mng IP, bi tnh n gin, hiu qu v quan trng nht l

kh nng trin khai VPN.

Vi u im chuyn tip lu lng nhanh , kh nng linh hot , n gian , iu

khin phn lung v phuc vu linh hoat cac dich vu inh tuyn , tn dung c ng

truyn giup giam chi phi . Cng ngh MPLS ang dn thay th cc cng ngh truyn

thng khc nh IP v ATM.

MPLS VPN gii quyt c nhng hn ch ca cc mng VPN truyn thng

da trn cng ngh ATM, Frame Relay v IP nh tit kim thi gian, gim chi ph

lp t v c bo mt cao cho doanh nghip. Do vy vic tm hiu v ng dng

VPN trn nn MPLS c xem la v n cp thit gip doanh nghip c th d

dng tip cn vi cng ngh mi ny v t c th ng dng vo vic pht trin

ca doanh nghip mnh cng vi s i ln ca ngnh mng vin thng quc t.

Phn m u - 3 -

2. Mc tiu ca ti

Mc tiu ca ti l:

Tm hiu v MPLS VPN v p dng MPLS VPN ci t thc nghim.

Gip cho ngi c c nhng khi nim c bn v MPLS v t c th

xy dng mt mng MPLS VPN n gin.

3. i tng nghin cu

Tm hiu v trin khai MPLS VPN.

4. Phng php nghin cu

Khi thc hin ti ny, nhm nghin cu dng cc phng php sau:

Phng php phn tch ti liu: dng tm hiu thng tin v ngha ca

cc khi nim lin quan n MPLS v VPN. Thng qua phng tin l

Internet tm ti liu phc v cho ti.

Phng php thc nghim: da trn m hnh trin khai thc nghim,

nhm thc hnh cu hnh MPLS VPN. Qua b sung kin thc l

thuyt cho tng phn.

5. Phm vi nghin cu

Do tnh cht ca ti v iu kin thc t nn nhm nghin cu ch tin

hnh nghin cu cc vn lin quan n VPN trong MPLS v trin khai trn

m hnh thc nghim.

6. ngha thc tin ca ti

Vic tm hiu v MPLS VPN gip cho cc nh cung cp dch v c th

trin khai v ng dng trong thc t ng thi khc phc c nhng nhc

im ca cc mng VPN truyn thng.

- 4 -

PHN NI DUNG

B

Chng 1. Gii thiu v cng ngh VPN - 5 -

CHNG 1. GII THIU V CNG NGH VPN

1.1 VPN l g?

VPN l cng ngh cho php kt ni cc thnh phn ca mt mng ring

(private network) thng qua h tng mng cng cng (Internet). VPN hot ng

da trn k thut tunneling: gi tin trc khi c chuyn i trn VPN s c

m ha v c t bn trong mt gi tin c th chuyn i c trn mng cng

cng. Gi tin c truyn i n u bn kia ca kt ni VPN. Ti im n

bn kia ca kt ni VPN, gi tin b m ha s c ly ra t trong gi tin

ca mng cng cng v c gii m.

Cc giai on pht trin ca VPN:

Th h VPN th nht do AT&T pht trin c tn l SDN.

Th h th 2 l ISND v X25.

Th h th 3 l Frame relay v ATM.

V th h hin nay, th h th 4 l VPN trn nn mng IP.

Th h tip theo s l VPN trn nn mng MPLS.

VPN gm cc vng sau:

Mng khch hng (Customer network): gm cc router ti cc site khch

hng khc nhau. Cc router kt ni cc site c nhn vi mng ca nh

cung cp c gi l cc router bin pha khch hng CE.

Mng nh cung cp (Provider network): c dng cung cp cc kt

ni point-to-point qua h tng mng ca nh cung cp dch v. Cc thit

b ca nh cung cp dch v m ni trc tip vi CE router c gi l

router bin pha nh cung cp PE. Mng ca nh cung cp cn c cc

thit b dng chuyn tip d liu trong mng trc (SP backbone) c

gi l cc router nh cung cp (P- provider).


1.2 Phn loi VPN

Phn loi VPN bao gm:

VPN cho cc nh doanh nghip

VPN i vi cc nh cung cp dch v

1.2.1 VPN cho cc nh doanh nghip

1.2.1.1 Remote access VPN

VPN truy cp t xa hay mng ring o quay s - VPDN uc trin

khai, thit k cho nhng khch hng ring l xa nh nhng khch

hng i ng hay nhng khch hng truy cp v tuyn. Trc y, cc

t chc, tp on h tr cho nhng khch hng t xa theo nhng h

thng quay s. y khng phi l mt gii php kinh t, c bit khi

mt ngi gi li theo ng truyn quc t. Vi s ra i ca VPN

truy cp t xa, mt khch hng di ng gi in ni ht cho nh cung

cp dch v Internet (ISP) truy cp vo mng tp on ca h ch vi

mt my tnh c nhn c kt ni Internet cho d h ang bt k

u. VPN truy cp t xa l s m rng nhng mng quay s truyn

thng. Trong h thng ny, phn mm PC cung cp mt kt ni an ton,

nh mt ng hm cho t chc. Bi v nhng ngi s dng ch thc

hin cc cuc gi ni ht nn chi ph gim.

Hnh 1.1 M hnh remote access VPN


1.2.1.2 Sitetosite VPN

VPN site-to-site c trin khai cho cc kt ni gia cc vng khc

nhau ca mt tp on hay t chc. Ni cch khc mng mt a

im, v tr c ni kt vi mng mt v tr khc s dng mt VPN.

Truc y, mt kt ni gia cc v tr ny l knh thu ring hay Frame

relay. Tuy nhin, ngy nay hu ht cc t chc, on th, tp on u

s dng Internet, vi vic s dng truy cp Internet, VPN site-to-site c

th thay th knh thu ring truyn thng v Frame relay. VPN site-to-

site l s m rng v k tha c chn lc mng WAN. Hai v d s

dng VPN site-to-site l VPN Intranet v VPN Extranet. VPN Intranet

c th xem l nhng kt ni gia cc v tr trong cng mt t chc,

ngi dng truy cp cc v tr ny t b hn ch hn so vi VPN

Extranet. VPN Extranet c th xem nh nhng kt ni gia mt t chc

v i tc kinh doanh ca n, ngi dng truy cp gia cc v tr ny

c cc bn qun l cht ch ti cc v tr ca mnh.

Hnh 1.2 M hnh Site-to-site VPN


1.2.2 VPN i vi cc nh cung cp dch v

Da trn s tham gia ca nh cung cp dch v trong vic nh tuyn

cho khch hng, VPN c th chia thnh hai loi m hnh:

M hnh overlay VPN

M hnh Peer-to-peer VPN

1.2.2.1 M hnh overlay VPN

Hnh 1.3 M hnh overlay VPN

Khi Frame relay v ATM cung cp cho khch hng cc mng ring,

nh cung cp khng th tham gia vo vic nh tuyn khch hng. Cc

nh cung cp dch v ch vn chuyn d liu qua cc kt ni o. Nh

vy, nh cung cp ch cung cp cho khch hng kt ni o ti lp 2.

l m hnh Overlay.

Nu mch o l c nh, sn sng cho khch hng s dng mi lc

th c gi l mch o c nh PVC. Nu mch o c thit lp theo

yu cu (on-demand) th c gi l mch o chuyn i SVC.

Hn ch chnh ca m hnh Overlay l cc mch o ca cc site

khch hng kt ni dng full mesh. Nu c N site khch hng th tng

s lng mch o cn thit N(N-1)/2.


Overlay VPN c thc thi bi SP cung cp cc kt ni layer 1

(physical) hay mch chuyn vn lp 2 (Data link dng d liu frame

hoc cell) gia cc site khch hng bng cch s dng cc thit b

Frame relay hay ATM Switch. Do , SP khng th nhn bit c vic

nh tuyn khch hng.

Overlay VPN cn thc thi cc dch v qua layer 3 vi cc giao thc

to ng hm nh GRE, IPSec Tuy nhin, d trong trng hp no

th mng ca nh cung cp vn trong sut vi khch hng, v cc giao

thc nh tuyn chy trc tip gia cc router ca khch hng.

1.2.2.2 M hnh Peer-to-peer VPN

Hnh 1.4 M hnh peer-to-peer VPN

M hnh peer-to-peer khc phc nhng nhc im ca m hnh

Overlay v cung cp cho khch hng c ch vn chuyn ti u qua SP

backbone, v nh cung cp dch v bit m hnh mng khch hng v do

c th thit lp nh tuyn ti u cho cc nh tuyn ca h.

Nh cung cp dch v tham gia vo vic nh tuyn ca khch hng.

Thng tin nh tuyn ca khch hng c qung b qua mng ca nh

cung cp dch v. Mng ca nh cung cp dch v xc nh ng i ti

u t mt site khch hng n mt site khc.


Vic pht hin cc thng tin nh tuyn ring ca khch hng bng

cch thc hin lc gi (packet) ti cc router kt ni vi mng khch

hng.

Peer-to-peer VPN chia lm 2 loi:

Shared-router

Router dng chung, tc l khch hng VPN chia s cng router bin

mng nh cung cp PE. phng php ny, nhiu khch hng c th

kt ni n cng router PE.

Trn router PE phi cu hnh access-list cho mi interface PE-CE

m bo chc chn s cch ly gia cc khch hng VPN, ngn

chn VPN ca khch hng ny thc hin cc tn cng t chi dch v

DoS vo VPN ca khch hng khc. Nh cung cp dch v chia mi

phn trong khng gian a ch ca n cho khch hng v qun l vic

lc gi tin trn Router PE.

Dedicated-router

L phng php m khch hng VPN c router PE dnh ring. Trong

phng php ny, mi khch hng VPN phi c router PE dnh ring

v do ch truy cp n cc nh tuyn trong bng nh tuyn ca

router PE . M hnh Dedicated-router s dng cc giao thc nh

tuyn to ra bng nh tuyn trn mt VPN trn Router PE. Bng

nh tuyn ch c cc nh tuyn c qung b bi khch hng VPN

kt ni n chng, kt qu l to ra s cch ly gia cc VPN.


Hnh 1.5 M hnh shared-router v dedicated-router

Nhc im ca m hnh peer-to-peer:

Khng gian a ch cc khch hng khng c trng nhau.

a ch khch hng do nh cung cp kim sot.

1.3 Tng kt chng

Chng ny trnh by tng quan v cng ngh VPN.Trong VPN bao

gm VPN dnh cho cc doanh nghip v VPN dnh cho cc nh cung cp dch

v. Da trn s tham gia ca nh cung cp dch v trong vic nh tuyn cho

khch hng, c hai loi m hnh c bn l: overlay VPN v peer-to-peer VPN,

mi m hnh u c nhng u v nhc im nht nh. MPLS VPN kt hp

c u im ca 2 m hnh overlay VPN v peer-to-peer VPN ng thi k

tha c nhng u im ca cng ngh MPLS vi nhng th mnh v mt bo

mt, tnh mm do khi trin khai, cht lng ng truyn... v c bit l u

th v gi c.

Chng 2. Chuyn mch nhn a giao thc - MPLS - 12 -

CHNG 2. CHUYN MCH NHN A GIAO THC MPLS

2.1 S lc v cng ngh IP v cng ngh ATM

2.1.1 Cng ngh IP

IP l thnh phn chnh ca kin trc ca mng Internet. Trong kin trc

ny, IP ng vai tr lp 3 v n nh ngha c cu nh s, c cu chuyn

tin, c cu nh tuyn v cc chc nng iu khin mc thp (ICMP). Gi

tin IP gm a ch ca bn nhn, a ch l mt s duy nht trong ton mng

v mang y thng tin cn cho vic chuyn gi tin ti ch.

u im ni bt ca giao thc TCP/IP l kh nng nh tuyn v truyn

gi tin mt cch ht sc mm do, linh hot. Nhng IP khng m bo cht

lng dch v v tc truyn tin theo yu cu.

Hnh 2.1 M hnh chuyn tip gi tin trong IP

2.1.2 Cng ngh ATM

ATM l mt k thut truyn tin tc cao. ATM nhn thng tin

nhiu dng khc nhau nh thoi, s liu, video v ct ra thnh nhiu phn

nho gi l t bo (cell). Cc t bo ny sau c truyn qua cc kt ni

o VC. V ATM c th h tr thoi, s liu v video vi cht lng dch v

trn nhiu cng ngh bng rng khc nhau nn n c coi l cng ngh

chuyn mch hng u.


Cng ngh ATM c th mnh u vit v tc truyn tin cao, m bo

thi gian thc v cht lng dch v theo yu cu nh trc. Nhng ATM

cng c nhc im l tn bng thng ( do chia gi tin thnh cc gi nho

53 byte), lng ph ng truyn, kch thc gi tin nho b hn ch tc dng

khi tc truyn vt l tng nhiu.

Hnh 2.2 M hnh ATM

Tm li: Bn cnh nhng u im ca cng ngh IP v cng ngh ATM

cn c nhng nhc im ca n. Chnh v vy cng ngh chuyn mch nhn

a giao thc (MPLS) c xut ti cc gi tin trn cc knh o v khc

phc c cc vn m mng ngy nay ang phi i mt, l tc , kh

nng m rng cp mng, qun l cht lng, qun l bng thng da trn

ng trc v c th hot ng vi cc mng Frame relay v ch truyn ti

khng ng b (ATM) hin nay p ng cc nhu cu dch v ca ngi s

dng mng. Cng ngh MPLS kt hp nhng u im ca IP ( mm do, kh

nng m rng) v ca ATM (tc cao, QoS, iu khin lung).


2.2 Khi nim c bn v MPLS

Cng ngh Chuyn mch nhn a giao thc - MPLS l kt qu pht trin

ca nhiu cng ngh chuyn mch IP (IP switching) s dng c ch hon i

nhn nh ca ATM tng tc truyn gi tin m khng cn thay i cc

giao thc nh tuyn ca IP.

tng khi a ra MPLS l: nh tuyn bin, chuyn mch li

Hnh 2.3 Khi nim v MPLS

2.2.1 Li ch ca MPLS

MPLS l phng php ci tin cho vic chuyn tip cc gi tin IP trn

mng bng cch thm vo nhn (label). MPLS kt hp cc u im ca k

thut chuyn mch (switching) ca lp 2 v k thut nh tuyn (routing)

lp 3. Do s dng nhn quyt nh chng tip theo trong mng nn router

t lm vic hn v hot ng gn ging nh switch.

MPLS h tr mi giao thc lp 2, trin khai hiu qu cc dch v IP

trn mt mng chuyn mch IP. MPLS h tr vic to ra cc tuyn khc

nhau gia ngun v ch trn mt ng trc Internet. Bng vic tch hp

MPLS vo kin trc mng, cc ISP c th gim chi ph, tng li nhun,

cung cp nhiu hiu qu khc nhau v t c hiu qu cnh tranh cao.


Kh nng m rng n gin.

Tng cht lng mng, c th trin khai cc chc nng nh tuyn m

cc cng ngh trc khng th thc hin c nh nh tuyn hin (explicit

routing), iu khin lp.

Tch hp gia IP v ATM cho php tn dng ton b cc thit b hin

ti trn mng.

Tch bit n v iu khin vi n v chuyn mch cho php MPLS h

tr ng thi MPLS v B-ISDN. Vic b sung cc chc nng mi sau khi

trin khai mng MPLS ch cn thay i phn mm iu khin.

2.2.2 Mt s ng dng ca MPLS

Internet c ba nhm ng dng chnh: voice, data, video vi cc yu cu

khc nhau.

Voice yu cu tr thp, cho php tht thot d liu tng hiu

qu.

Video cho php tht thot d liu mc chp nhn c, mang tnh

thi gian thc (realtime).

Data yu cu bo mt v chnh xc cao. MPLS gip khai thc ti

nguyn mng t hiu qu cao.

Mt s ng dng ang c trin khai l:

MPLS VPN: nh cung cp dch v s dng c s h tng mng

cng cng c sn thc thi cc kt ni gia cc site khch hng.

MPLS Traggic Engineer: Cung cp kh nng thit lp mt hoc

nhiu ng i iu khin lu lng mng v cc c trng thc

thi cho mt loi lu lng.

MPLS QoS (Quality of service): Dng QoS cc nh cung cp dch

v c th cung cp nhiu loi dch v vi s m bo ti a v QoS

cho khch hng.


2.3 Cc thnh phn trong MPLS

2.3.1 Nhn

Nhn l mt thc th c di ngn, c nh v khng c cu trc bn

trong. Nhn khng trc tip m ho thng tin ca mo u lp mng nh

a ch lp mng. Nhn c gn vo mt gi tin c th s i din cho mt

FEC m gi tin c n nh.

Dng ca nhn ph thuc vo phng tin truyn m gi tin c ng

gi. V d cc gi ATM (t bo) s dng gi tr VPI/VCI nh nhn, Frame

relay s dng DLCI lm nhn. i vi cc phng tin gc khng c cu

trc nhn, mt on m c chn thm s dng cho nhn. Khun

dng on m 4 byte c cu trc nh sau:

Hnh 2.4 Cu trc mo u MPLS

MPLS nh ngha mt tiu c di 32 bit v c to nn ti LSR

vo. N phi c t ngay sau tiu lp 2 bt k v trc mt tiu lp

3, y l IP v c s dng bi LSR li vo xc nh mt FEC, lp

ny s c xt li trong vn to nhn. Sau cc nhn c x l bi

LSR chuyn tip.

Hnh 2.5 Nhn MPLS

Ti Mo u IP

m MPLS

Mo u lp 2

Nhn (20) COS(3) S(1)

TTL(8)


Khun dng v tiu MPLS c ch ra trong hnh 2.4. N bao gm

cc trng sau:

Nhn: Gi tr 20 bit, gi tr ny cha nhn MPLS.

EXP (3 bit): dnh cho thc nghim, c th dng cc bit EXP tng

t nh cc bit u tin.

S: bit ngn xp, s dng xp xp a nhn.

TTL: Thi gian sng, 8 bit, t ra mt gii hn m cc gi MPLS c

th i qua.

i vi cc khung PPP hay Ethernet gi tr nhn dng giao thc P-ID

(hoc Ethertype) c chn thm vo mo u khung tng ng thng

bo khung l MPLS unicast hay multicast.

2.3.2 Ngn xp nhn

L k thut s dng trong vic ng gi IP. N cho php mt gi c th

mang nhiu hn mt nhn. N c cung cp bi vic a vo mt nhn

mi (mc 2) bn trn nhn tn ti (mc 1), gi c chuyn tip qua

mng da trn c s cc nhn mc 2, sau khi qua mng ny th nhn mc

2 b loi ra v vic chuyn tip ny hot ng da trn cc nhn mc 1.

Nhn trn cng (top) ng sau header lp 2, cn nhn cui (bottom)

ng trc header lp 3.

Ti mi hop router ch x l nhn trn cng ca stack.

Chuyn mch nhn c thit k co dn cc mng ln v MPLS h

tr chuyn mch nhn vi hot ng phn cp, hot ng phn cp ny da

trn kh nng ca MPLS c th mang nhiu hn mt nhn trong gi. Ngn

xp nhn cho php thit k cc LSR trao i thng tin vi nhau v hnh

ng ny ging nh vic to ng vin node to ra mt min mng

rng ln v cc LSR khc. C th ni rng cc LSR ny l cc node bn

trong mt min v khng lin quan n ng vin node. Vic x l mt

gi nhn c hon thnh c lp vi tng mc ca s phn cp.


Ch rng trong stack nhn th nhn cui lun c gi tr S l 1, cc

nhn cn li S l 0.

Hnh 2.6 Nhn ca stack

2.3.3 Lp chuyn tip tng ng FEC

L mt nhm cc gi IP:

C cng mt ng i trn mng MPLS.

C cng x l ging nhau ti bt k LSR no.

Trong nh tuyn truyn thng, mt gi c gn ti mt FEC ti mi

hop. Cn trong MPLS ch gn mt ln ti LSR ng vo. Trong MPLS cc

gi tin n vi cc prefix khc nhau c th gp chung mt FEC, bi v qu

trnh chuyn tip gi trong min MPLS ch cn c vo LSR ng vo gn

ti FEC cho vic xc nh LSP, cn cc LSR cn li da vo nhn

chuyn gi. Vi nh tuyn IP, gi c chuyn da vo IP nn ti mi hop

gi u c gn ti mt FEC xc nh ng dn.

2.3.4 ng chuyn mch nhn LSP

L tuyn to ra t u vo n u ra ca mng MPLS dng chuyn

tip gi ca mt FEC no s dng c ch chuyn i nhn (label-

swapping forwarding).


2.3.5 C s d liu nhn LIB

L bng kt ni trong LSR c cha cc gi tr nhn/FEC c gn vo

cng ra cng nh thng tin v ng gi phng tin truyn.

2.3.6 Topo mng MPLS

Min MPLS (MPLS domain) l mt tp k tip cc nt hot ng nh

tuyn v chuyn tip MPLS. Min MPLS c th chia thnh Li MPLS

(MPLS Core) v Bin MPLS (MPLS Edge).

Hnh 2.7 Topo mng MPLS

Khi mt gi tin IP i qua min MPLS, n i theo mt tuyn c xc

nh ph thuc vo FEC m n c n nh khi i vo min. Tuyn ny

gi l ng chuyn mch nhn LSP. LSP ch mt chiu, tc l cn hai

LSP cho mt truyn thng song cng.

Cc nt c kh nng chy giao thc MPLS v chuyn tip cc gi tin

gc IP c gi l b nh tuyn chuyn mch nhn LSR.

LSR li vo (Ingress LSR) x l lu lng i vo min MPLS.

LSR chuyn tip (Transit LSR) x l lu lng bn trong min

MPLS.

LSR li ra (Egress LSR) x l lu lng ri khoi min MPLS.

LSR bin (Edge LSR) thng c s dng nh l tn chung cho c

LSR li vo v LSR li ra.


2.3.7 Thnh phn c bn ca MPLS

Cc thit b tham gia trong mt mng MPLS c th c phn loi

thnh cc b nh tuyn bin nhn LER v cc b nh tuyn chuyn mch

nhn LSR.

2.3.7.1 Thit b LSR

Thnh phn quan trng nht ca mng MPLS l thit b nh tuyn

chuyn mch nhn LSR. Thit b ny thc hin chc nng chuyn tip

gi tin trong phm vi mng MPLS bng th tc phn phi nhn.

2.3.7.2 Thit b LER

LER l mt thit b hot ng ti bin ca mng truy nhp v mng

MPLS. Cc LER h tr cc cng c kt ni ti cc mng khng

ging nhau (nh Frame Relay, ATM, v Ethernet ) v chuyn tip lu

lng ny vo mng MPLS sau khi thit lp LSP, bng vic s dng

cc giao thc bo hiu nhn ti li vo v phn b lu lng tr li

mng truy nhp ti li ra. LER ng vai tr quan trng trong vic ch

nh v hu nhn, khi lu lng vo trong hay ra khoi mng MPLS.

LER l ni xy ra vic gn nhn cho cc gi tin trc khi vo mng

MPLS.

Cc thit b bin khc vi cc thit b li ch l: ngoi vic phi

chuyn tip lu lng n cn phi thc hin vic giao tip vi cc mng

khc.

2.4 Giao thc phn phi nhn LDP

Giao thc phn phi nhn LDP l giao thc trao i thng tin nhn gia cc

LSR.

Cung cp k thut gip cho cc LSR c kt ni trc tip nhn ra nhau

v thit lp lin kt c ch khm ph (discovery mechanism).


C 4 loi bn tin:

Bn tin Discovery: thng bo v duy tr s c mt ca mt

LSR trong mng.

Bn tin Adjency: c nhim v khi to, duy tr v kt thc

nhng phin kt ni gia cc LSR.

Bn tin Label advertisement: thc hin vic thng bo, a ra

yu cu, hy bo v gii phng thng tin nhn.

Bn tin Notification: c s dng thng bo li.

Thit lp kt ni TCP trao i cc bn tin (ngoi tr bn tin

Discovery).

Cc bn tin l tp hp nhng thnh phn c cu trc < type, length,

value>.

2.4.1 Qu trnh khm ph lng ging LSR

Giao thc ny hot ng trn kt ni UDP v c th c xem l giai

on nhn bit nhau ca hai LSR trc khi chng thit lp kt ni TCP.

Mt LSR s qung b bn tin hello ti tt c LSR kt ni trc tip vi n

trn mt cng UDP mc nh theo mt chu k nht nh. Tt c cc LSR

u lng nghe bn tin hello ny trn cng UDP. Nh LSR bit c a

ch ca tt c cc LSR kt ni trc tip vi n. Sau khi bit c a ch ca

mt LSR no , mt kt ni TCP s c thit lp gia hai LSR ny. Ngay

c khi khng kt ni trc tip vi nhau th LSR vn c th gi nh k bn

tin hello n cng UDP mc nh ca mt a ch IP xc nh. V LSR nhn

cng c th gi li bn tin hello cho LSR gi thit lp kt ni TCP.


Hnh 2.8 Qu trnh khm ph lng ging bng LDP

2.4.2 Cc kiu phn phi nhn

Trong mt min MPLS, mt nhn gn ti mt a ch ch c phn

phi ti cc lng ging ngc dng sau khi thit lp session. Vic kt ni

gia mng c th vi nhn cc b v mt nhn trm k (nhn t router xui

dng) c lu tr trong LFIB v LIB. MPLS dng cc phng thc phn

phi nhn nh sau:

Phn phi nhn theo yu cu.

Phn phi nhn khng theo yu cu.

Hnh 2.9 Qu trnh trao i thng tin nhn trong LDP


2.5 Cu trc MPLS

C hai c ch hot ng trong MPLS l:

C ch Frame Mode

C ch ny c s dng vi cc mng IP thng thng, trong c ch ny

nhn ca MPLS l nhn thc s c thit k v gn cho cc gi tin, trong mt

phng iu khin s m nhim vai tr gn nhn v phn phi nhn cho cc

nh tuyn gia cc router chy MPLS, v trong c ch ny cc router s kt ni

trc tip vi nhau qua 1 giao din Frame mode nh l PPP, cc router s s

dng a ch IP thun ty trao i thng tin cho nhau nh l: thng tin v

nhn v bng nh tuyn routing table.

Cn vi mng ATM hay Frame relay chng khng c cc kt ni trc tip

gia cc interface, ngha l khng th dng a ch IP thun ty trao i

thng tin cho nhau, v vy ta phi thit lp cc knh o gia chng (PVC).

C ch cell mode.

Thut ng ny dng khi c mt mng gm cc ATM LSR dng MPLS

trong mt phng iu khin trao i thng tin VPI/VCI thay v dng bo hiu

ATM. Trong kiu t bo, nhn l trng VPI/VCI ca t bo. Sau khi trao i

nhn trong mt phng iu khin, mt phng chuyn tip, router ng vo

(ingress router) phn tch gi thnh cc t bo ATM, dng gi tr VCI/CPI

tng ng trao i trong mt phng iu khin v truyn t bo i. Cc ATM

LSR pha trong hot ng nh chuyn mch ATM chng chuyn tip mt t

bo da trn VPI/VCI vo v thng tin cng ra tng ng. Cui cng, router

ng ra (egress router) sp xp li cc t bo thnh mt gi.


Trong :

GFC : iu khin lung chung.

VPI : nhn dng ng o.

VCI : nhn dng knh o.

PT : ch th kiu trng tin.

CLP : chc nng ch th u tin hu bo t bo.

HEC : kim tra li tiu .

MPLS chia thnh 2 mt phng: mt phng iu khin MPLS ( Control plane )

v mt phng chuyn tip MPLS hay cn gi l mt phng d liu (Data plane).

Hnh 2.10 Mt phng iu khin v mt phng d liu


2.5.1 Mt phng iu khin

Thc hin chc nng lin quan n vic nhn bit kh nng c th i

n c cc mng ch. Mt phng iu khin cha tt c thng tin nh

tuyn lp 3 nhm trao i thng tin c th i c n mng ch.

V d in hnh v chc nng ca mt phng iu khin thng l trao

i thng tin ca cc giao thc nh tuyn nh OSPF v BGP, cc giao

thc c th p ng cho vic trao i thng tin nhn gia cc router lng

ging vi nhau trong mt phng iu khin thng qua cc giao thc phn

phi nhn.

Cc modul iu khin MPLS gm:

nh tuyn Unicast (Unicast Routing).

nh tuyn Multicast (Multicast Routing).

K thut lu lng (Traffic engineering).

Mng ring o (Virtual private network).

Cht lng dch v (Quality of service).

Hnh 2.11 Cc modul iu khin MPLS


2.5.2 Mt phng d liu

Thc hin chc nng lin quan n chuyn tip gi d liu.

Cc gi ny va c th l gi IP lp 3 hoc l gi IP c gn

nhn.Thng tin trong mt phng d liu, chng hn nh gi tr nhn thng

c ly t mt phng iu khin. Vic trao i thng tin gia cc router

lng ging, to ra cc nh x ca cc mng ch n cc nhn trong mt

phng iu khin, thng s dng chuyn cc gi gn nhn trong mt

phng d liu.

2.5.3 Cc thnh phn bn trong mt phng iu khin v mt phng d

liu

2.5.3.1 Chuyn mch CEF

CEF l mt s thit lp ca Cisco da trn MPLS, s dng cc dch

v ca n hot ng trn router Cisco. L iu kin tin quyt thc

hin MPLS, CEF cung cp c ch chuyn mch c quyn c dng

trn cc router Cisco nhm lm tng tnh n gin v kh nng thc thi

chuyn mch IPv4 ca mt router.

2.5.3.2 C s thng tin chuyn tip FIB

CEF s dng FIB chuyn tip cc gi tin n ch, l bn sao

ca ni dung bng nh tuyn IP, cha nh x mt mt gia bng FIB

v cc mc trong bng nh tuyn.

Khi CEF c dng trn router, router duy tr ti thiu mt FIB,

cha mt nh x ca cc mng ch trong bng nh tuyn n cc hop

k thch hp c kt ni trc tip.

FIB nm trong mt phng d liu, dng chuyn tip cc gi bi

router.


2.5.3.3 C s thng tin nhn LIB v c s thng tin chuyn tip nhn

LFIB

Ngoi FIB cn c hai cu trc khc c xy dng trn router,

l LIB v LFIB.

Cc giao thc phn phi c s dng gia cc router lng ging

trong min MPLS nhm p ng cho vic to ra cc mc trong LIB v

LFIB:

LIB nm trong mt phng iu khin v thng c dng bi

giao thc phn phi nhn. Cc nhn hop k c nhn t cc

Downstream, cn cc nhn cc b c to ra bi giao thc

phn phi nhn.

LFIB nm trong mt phng d liu, cha mt nh x t nhn

cc b n nhn hop k.

2.5.3.4 C s thng tin nh tuyn RIB

Thng tin v cc mng ch c kh nng i n c ly t cc

giao thc nh tuyn cha trong c s thng tin nh tuyn RIB hoc

bng nh tuyn. Bng nh tuyn cung cp thng tin cho mt FIB. LIB

s dng thng tin t giao thc phn phi nhn, v khi LIB kt hp cng

vi cc thng tin ly t FIB s to ra c s thng tin chuyn tip nhn

LFIB.


Hnh 2.12 Cc thnh phn MPLS trong mt phng iu khin v mt phng d liu.

2.6 Cc giao thc nh tuyn

2.6.1 Giao thc nh tuyn OSPF

OSPF l mt giao thc nh tuyn dng link-state hot ng trong mt

h t tr tm ra ng i ngn nht u tin, s dng thut ton Dijkstra

Shortest Path First (SPF) xy dng bng nh tuyn.

u im:

OSPF p ng c nhu cu cho cc mng ln.

C thi gian hi t ngn.

H tr CIDR v VLSM.

Kch thc mng thch hp cho tt c cc mng t va n ln.

S dng bng thng hiu qu.

Chn ng da trn chi ph thp nht.

Cu hnh OSPF:

Router(config)#router ospf process-id

Router(config-router)#network address wildcast-mask area

area-id


2.6.2 Giao thc nh tuyn EIGRP

EIGRP l mt giao thc nh tuyn lai (hybrid routing), n va mang

nhng c im ca distance vector va mang mt s c im ca link-

state.

u im:

EIGRP hi t nhanh v tiu tn t bng thng.

EIGRP h tr VLSM v CIDR nn s dng hiu qu khng gian a

ch.

Cu hnh EIGRP:

Router(config)#router eigrp autonomous-system

Router(config-router)#network network-number

2.6.3 Giao thc nh tuyn BGP

Giao thc ny c thit k kt ni cc AS, khng kt ni cc

subnets vi mt AS. Mt AS l mt nhm cc router cng chia s mt chnh

sch v hot ng trong cng mt min nht nh. Mi AS c nh danh

bi mt s v c cung cp bi mt nh cung cp AS hoc bi cc ISPs.

Con s ny c chia ra lm hai loi: Public c gi tr t 1 n 64511,

privite c gi tr t 64512 n 65535.

BGP l mt giao thc nh tuyn dng path-vector v vic chn ng

i tt nht thng thng da vo mt tp hp cc thuc tnh (attribute).

BGP s dng kt ni TCP trong mi vic thng tin lin lc (to kt ni

TCP 179).

BGP c th s dng gia cc router trong cng mt AS v khc AS.

Khi BGP c dng trong cng mt AS th c gi l iBGP, cn dng

kt ni cc AS khc nhau th gi l eBGP.


Cu hnh BGP

Router(config)#router bgp as-number

Router(config-router)#neighbor {ip address/peer-group-name} remote-

as as-number

Router(config-router)#neighbor {ip address/peer-group-name} update-

source interface-type interface-number

Router(config-router)#address-family vpnv4

Router(config-router-af)#neighbor {ip address/peer-group-name}

activate

Router(config-router)# neighbor {ip address/peer-group-name} send-

community {extended/both}

Router(config-router)# neighbor {ip address/peer-group-name} next-

hop-self

2.7 Phng thc hot ng ca MPLS

Khi mt gi tin vo mng MPLS, cc b nh tuyn chuyn mch nhn

khng thc hin chuyn tip theo tng gi m thc hin phn loi gi tin vo

trong cc lp tng ng chuyn tip FEC, sau cc nhn c nh x vo

trong cc FEC. Mt giao thc phn b nhn LDP c xc nh v chc nng

ca n l n nh v phn b cc rng buc FEC/nhn cho cc b nh tuyn

chuyn mch nhn LSR. Khi LDP hon thnh nhim v ca n, mt ng dn

chuyn mch nhn LSP c xy dng t ng vo ti ng ra. Khi cc gi vo

mng, LSR ng vo kim tra nhiu trng trong tiu gi xc nh xem gi

thuc v FEC no. Nu c mt rng buc nhn/FEC th LSR ng vo gn

nhn cho gi v chuyn tip n ti ng ra tng ng. Sau gi c hon i

nhn qua mng cho n khi n n LSR ng ra, lc nhn b loi bo v gi

c x l ti lp 3. V vy qu trnh chuyn tip gi tin din ra nhanh hn so

vi vic chuyn tip da vo nh tuyn IP.


Ngoi ra MPLS cn c c ch Fast reroute. Do MPLS l cng ngh chuyn

mch hng kt ni, kh nng b nh hng bi li ng truyn thng cao

hn cc cng ngh khc. Trong khi , cc dch v tch hp m MPLS phi h

tr li yu cu dung lng cao. Do vy, kh nng phc hi ca MPLS m bo

kh nng cung cp dch v ca mng khng ph thuc vo c cu khi phc li

ca lp vt l bn di.

Mt phng iu khin qun l tp cc tuyn m mt gi c th s dng,

trong m hnh ny mt gi i vo thit b mng qua giao din u vo, c x

l bi mt thit b m n ch x l thng tin v gi a ra quyt nh logic.

Quyt nh logic ny c thng tin c cung cp t mt phng iu khin cha

cc tuyn, cho cc thng tin v gi c cp nht ti thit b khc chuyn

tip gi thng qua giao din u ra ti ch ca gi tin .

Cc lp trn

Duy tr tuyn

La chn cng ra

Nhn gi u vo

Cc cng u vo

Nhn gi u ra

Cc cng u ra

Lin mng

Mt phng chuyn tip

Mt phng iu khin nh tuyn

Chuyn mch

Hnh 2.13 nh tuyn, chuyn mch, chuyn tip


Gi s ta c mt mng n gin nh sau trong Router A l Ingress router

(router bin ng vo), Router C l Egress router (router bin ng ra).

Hnh 2.14 Mng MPLS

y s trnh by cch cc router xy dng bng FIB v LFIB cho Network X

l mng m cn truyn d liu n.

Phng thc gn v phn tn nhn gm nhng bc nh sau:

Bc 1: Giao thc nh tuyn (OSPF hay EIGRP ) xy dng bng

routing table.

Bc 2: Cc LSR ln lt gn 1 nhn cho mt IP ch trong bng routing

table mt cch c lp.

Bc 3: LSR ln lt phn tn nhn cho tt c cc router LSR k cn.

Bc 4: Tt c cc LSR xy dng cc bng LIB, LFIB, FIB da trn

nhn nhn c.


u tin cc router s dng cc giao thc nh tuyn nh OSPF hay

EIGRP tm ng i cho gi tin ging nh mng IP thng thng v xy

dng nn bng routing table cho mi router trong mng. Gi s, y router A

mun n mng X th phi qua router B, B chnh l Next-hop ca router A

n mng X.

Hnh 2.15 Qu trnh xy dng bng routing table

Sau khi bng routing table hnh thnh, cc router s gn nhn cho cc

ch n m c trong bng routing table ca n, v d y router B s gn

nhn bng 25 cho mng X, ngha l nhng nhn vo c gi tr 25 router B s

chuyn n n mng X.

Hnh 2.16 Qu trnh gn nhn ca router B


Router B phn tn nhn 25 cho tt c cc router LSR k cn n vi ngha

Nu bn mun n X th hy gn nhn 25 ri gi n ti, cng lc bng

tra LIB hnh thnh trong router B v c entry nh hnh 2.17.

Hnh 2.17 Qu trnh phn phi nhn ca router B

Cc router LSR nhn c nhn t router lng ging s cp nht vo bng

LIB, ring vi router bin (Edge LSRs) s cp nht vo bng LIB v c FIB ca

n.

Hnh 2.18 Qu trnh to bng LIB


Cng ging nh B, router C s gn nhn l 47 cho Network X v s qung

b nhn ny cho cc router k cn, C khng qung b cho router D v D khng

chy MPLS.

Hnh 2.19 Qu trnh phn phi nhn ca router C

Cng lc router C hnh thnh 2 bng tra LIB v LFIB c cc entry nh

hnh 2.19. Sau khi nhn c qung b ca router C, router B s thm nhn 47

va nhn c vo trong bng tra FIB v LIB ng thi xy dng bng tra

LFIB c cc entry nh hnh 2.20, router E ch thm nhn 47 vo trong LIB v

FIB.

Hnh 2.20 Qu trnh to bng LFIB


Nh vy ta c c ng i t bin router A n mng cn n l mng

X, hay ni cch khc mt LSP hnh thnh. By gi gi tin c th truyn theo

ng ny ti ch nh sau: Mt gi tin IP t mng IP n router bin Ingress,

router A s thc hin tra bng FIB ca n tm ra next hop cho gi tin ny,

y A s gn nhn 25 cho gi tin ny theo entry c trong bng FIB ca n v s

gi ti next hop l router B n mng X.

Hnh 2.21 Qu trnh kim gn nhn ti ingress LSR

Gi tin vi nhn 25 c truyn n cho router B, router B s tra bng

LFIB ca n v tm ra gi tr nhn ng ra cho gi tin c nhn ng vo 25 l 47,

router B s swap nhn thnh 47 v truyn cho next hop l router C.

Hnh 2.22 Qu trnh hon i nhn


Gi tin vi nhn 47 c truyn n router C, router C s tra bng LFIB

ca n v tm ra hot ng tip theo cho gi tin c nhn vo 47 l s pop nhn

ra khoi gi tin v truyn cho next hop l router D, nh vy gi tin n D l gi

tin IP bnh thng khng nhn.

Hnh 2.23 Qu trnh tho nhn ti egress LSR

Gi tin IP ny n D, router D s tra bng routing table ca n v truyn

cho mng X.

2.8 Tng kt chng

Qua chng ny ta c th bit c cc thnh phn v cch hot ng ca MPLS.

Nm c u v nhc im ca MPLS, v ti sao MPLS s c trin khai rng

ri. S dng MPLS ta c th d dng m rng mng li mng m khng cn phi

cu hnh router li, chi ph cho s m rng t,

MPLS c kh nng linh hot v chuyn mch tc cao da trn s kt hp ca IP

v ATM. C th ni mng MPLS hin nay ang l s la chn tt nht cho cc nh

qun tr mng. MPLS c cc modul: MPLS VPN, MPLS QoS, MPLS TE,.. Trong

MPLS VPN l mt trong nhng vn quan trng khi truyn d liu gia cc

mng, n thay th cho mng VPN truyn thng.

Chng 3. MPLS VPN - 38 -

CHNG 3. MPLS VPN

3.1 MPLS VPN l g?

Hnh 3.1 M hnh MPLS VPN

MPLS VPN kt hp nhng c im tt nht ca Overlay VPN v peer-to-peer

VPN:

Cc router PE tham gia vo qu trnh nh tuyn ca khch hng

(customer), ti u vic nh tuyn gia cc site ca khch hng.

Cc router PE s dng cc bng nh tuyn o (virtual routing table) cho

tng khch hng nhm cung cp kh nng kt ni vo mng ca nh cung

cp cho nhiu khch hng.

Cc khch hng c th s dng a ch IP trng nhau (overlap addresses)

MPLS VPN backbone v cc site khch hng trao i thng tin nh

tuyn lp 3.


MPLS VPN gm cc vng sau:

Mng khch hng: thng l min iu khin ca khch hng gm cc

thit b hay cc router tri rng trn nhiu site ca cng mt khch hng.

Cc router CE l nhng router trong mng khch hng giao tip vi mng

ca nh cung cp.

Mng ca nh cung cp: l min thuc iu khin ca nh cung cp gm

cc router bin (edge) v li (core) kt ni cc site thuc vo cc

khch hng trong mt h tng mng chia s. Cc router PE l cc router

trong mng ca nh cung cp giao tip vi router bin ca khch hng.

Cc router P l router trong li ca mng, giao tip vi cc router li

khc hoc router bin ca nh cung cp.

Trong mng MPLS VPN, router li cung cp chuyn mch nhn gia cc

router bin ca nh cung cp v khng bit n cc tuyn VPN. Cc router CE

trong mng khch hng khng nhn bit c cc router li, do cu trc

mng ni b ca mng nh cung cp trong sut i vi khch hng.

3.2 Li ch ca MPLS VPN

Chi ph thp, tc n nh, p ng c yu cu v bo mt thng tin,

n gin trong vic qun l v d dng trong vic chuyn i.

Gim thiu chi ph so vi cc cng ngh tng ng trong vic qun l, xy

dng, trin khai trong mt mng din rng.

Tnh n nh v kh nng m rng: p ng nhu cu m rng mt cch

nhanh chng, c th kt ni nhanh chng vi cc mng khc.

Thch ng vi nhiu loi cng ngh khc nhau v khng thay th h thng

mng hin ti ca khch hng. Vi kh nng h tr nhiu loi cng ngh khc

nhau do MPLS c th h tr nhiu kiu truy cp khc nhau nh Frame relay,

IP, lm gim thiu chi ph cho khch hng hoc c th tn dng thit b mng

sn c.

An ton mng: vi tnh nng m ha v to ng hm ca cng ngh VPN

gip MPLS t c mc an ton cao nh trong mi trng mng ring.


Cht lng dch v: m bo phn bit th t u tin cho cc lai d liu

khc nhau nh: s liu, hnh nh, m thanh.

3.3 Cc thnh phn trong MPLS VPN

3.3.1 Virtual Routing and Forwarding Table (VRF)

Khch hng c phn bit trn router PE bng cc bng nh tuyn o

(virtual routing tables) hoc cc instance, cn c gi l VRF (virtual

routing and forwarding tables/instances).

Chc nng ca VRF ging nh mt bn nh tuyn ton cc, ngoi tr

vic n cha mi tuyn lin quan n mt VPN c th.

VRF cha mt bng nh tuyn IP tng ng vi bng nh tuyn IP

ton cc, mt bng CEF, lit k cc cng giao tip tham gia vo VRF, v

mt tp hp cc nguyn tc xc nh giao thc nh tuyn trao i vi cc

router CE (routing protocol contexts). VRF cn cha cc nh danh VPN

(VPN identifier) nh thng tin thnh vin VPN (RD v RT).

Hnh 3.2 Bng VRF


3.3.2 Multiprotocol BGP (MP-BGP)

MP-BGP chy gia cc router bin nh cung cp trao i thng tin

cc tuyn VPNv4. MP-BGP l m rng ca giao thc BGP hin ti. a ch

VPNv4 khch hng l mt a ch 12 byte, kt hp ca a ch IPv4 v RD.

8 byte u l RD; 4 byte tip theo l a ch IPv4.

Mt phin lm vic MP-BGP gia cc PE trong mt BGP AS c gi

l MP-iBGP session v km theo cc nguyn tc thc thi ca iBGP lin

quan n thuc tnh ca BGP (BGP attributes). Nu VPN m rng ra khoi

phm vi mt AS, cc VPNv4 s trao i gia cc AS ti bin bng MP-

eBGP session.

3.3.3 Route Distinguisher (RD)

RD l mt nh danh 64-bit duy nht. Gii quyt trng a ch IP ca cc

khch hng bng cch ghp thm 64-bit vo IPv4 to thnh a ch VPNv4

(96 bit). Do ch duy nht mt RD c cu hnh cho mt VRF trn router

PE. Cc a ch VPNv4 c trao i gia cc router PE qua BGP.

RD c th c hai nh dng: dng a ch IP hoc ch s AS

Hnh 3.3 Gi tr RD


u tin router PE-1 ghp thm 64-bit RD vo gi tin IPv4 to thnh

a ch VPNv4 v thng qua giao thc MP-BGP chuyn gi tin n router

PE-2

Hnh 3.4 Qu trnh gn RD

Ti router PE-2 gi tin c bo RD khoi VPNv4 thnh IPv4

Hnh 3.5 Qu trnh tho RD


3.3.4 Route Targets (RT)

Route targets (RT) l nhng nh danh dng trong min MPLS VPN

khi trin khai MPLS VPN nhm xc nh thnh vin VPN ca cc tuyn

c hc t cc site c th. RT c thc thi bi cc BGP community m

rng s dng 16 bit cao ca BGP extended community (64 bit) m ha vi

mt gi tr tng ng vi thnh vin VPN ca site c th. Khi mt tuyn

VPN hc t mt CE chn vo VPNv4 BGP, mt danh sch cc thuc tnh

community m rng cho VPN router target c kt hp vi n.

RT c km theo nh tuyn c gi l export RT v c cu

hnh ring bit cho mi VRF ti router PE. Export RT dng xc

nh thnh vin VPN v c kt hp vi mi VRF. Export RT

c ni thm vo a ch khch hng khi chuyn thnh a ch

VPNv4 bi PE v qung b trong cc cp nht MP-BGP.

Import RT kt hp vi mi VRF v xc nh cc tuyn VPNv4

c thm vo VRF cho khch hng c th. nh dng ca RT

ging nh gi tr RD.

Khi thc thi cc cu trc mng VPN phc tp (nh: extranet VPN,

Internet access VPNs, network management VPN,) s dng cng ngh

MPLS VPN th RT gi vai tr nng ct. Mt a ch mng c th c kt

hp vi mt hoc nhiu export RT khi qung b qua mng MPLS VPN.

Nh vy, RT c th kt hp vi nhiu site thnh vin ca nhiu VPN.


3.4 Cch hot ng MPLS VPN

S dng d liu MPLS VPN lp 3 :

Hnh 3.6 Hot ng ca MPLS lp 3

Khi vn chuyn trong mng MPLS VPN, mt gi IP c gn hai nhn sau:

Nhn PE c s dng bi cc router li (P router) vn chuyn gi tin trong

mng MPLS; nhn VPN c s dng bi cc router bin ca mng MPLS (PE

router) a gi tin n ng router ca khch hng. Khi khch hng s dng

VPN lp 3 ca nh cung cp dch v MPLS, cc thit b nh tuyn ca nh

cung cp dch v v khch hng trao i vi nhau cc thng tin nh tuyn,

hoc c cu hnh nh tuyn tnh qua li. Cc thit b nh tuyn ti cc vn

phng ca mt cng ty phi s dng cc subnet khc nhau.


S dng d liu MPLS VPN lp 2 :

Hnh 3.7 Hot ng ca MPLS lp 2

Trong mng MPLS VPN lp 2, mt frame (d liu ca tng 2) c gn hai

nhn: nhn L1 c s dng bi cc router li ( router P) vn chuyn cc

frame trong mng MPLS v nhn VC1 c s dng bi cc PE router a

cc frame n ng router ca khch hng. Khi khch hng s dng dch v

VPN lp 2, cc thit b mng dng kt ni cc vn phng khc nhau ca mt

n v c cng mt subnet. Thit b nh tuyn ca nh cung cp dch v v

khch hng khng trao i thng tin nh tuyn (routing protocols) vi nhau.

3.5 Hot ng ca mt phng iu khin MPLS VPN

Mt phng iu khin trong MPLS VPN cha mi thng tin nh tuyn lp

3 v cc tin trnh trao i thng tin ca cc IP prefix c gn v phn phi

nhn bng LDP.

Hnh 3.8 Mt phng iu khin MPLS VPN


Cc bc hot ng ca mt phng iu khin MPLS VPN: Mi router PE

qung co a ch loopback ca n: PE1 qung co 1.1.1.1/32 v PE2 qung co

2.2.2.2/32. LDP dng phn phi thng tin gn nhn gia cc router chy

MPLS. Trn mi router PE, LFIB cha mt nhn gn vi a ch loopback ca

router PE khc. Khi PE1 chuyn tip gi t 2.2.2.2 trn PE2, n s gn thm

nhn 20 cho gi v khi PE2 chuyn tip mt gi t 1.1.1.1, n s t nhn 10

cho gi. nh tuyn v chuyn tip VPN c to trn PE1 v PE2, gi l

VPNA. PE1 dng giao tip S0/0 trong VPN ny v PE2 dng giao tip S0/1.

OSPF chy gia cc PE1v CE1; PE2 v CE2. Khi PE1 nhn tuyn ng ti

mng 10.1.1.0 t CE1, router t n trong bng nh tuyn ca VPNA. Lc ny,

n gn nhn (5) cho prefix. Khi PE2 nhn tuyn ng ti mng 10.1.2.0 t

CE2, n t vo bng nh tuyn ca VPNA. Lc ny nhn (6) c gn cho

prefix. PE1 sau gi cp nht MP-iBGP a giao thc ti PE2 qung co mng

10.1.1.0. Cp nht cng cha nhn (5) m PE1 gn cho prefix 10.1.1.0, v PE2

gn thm vo bt k gi no ti mng 10.1.1.0 trc khi n chuyn tip gi. Khi

PE1 qung co tuyn, n t a ch BGP chng k l 1.1.1.1/32, l a ch

loopback ca n. PE2 sau gi cp nht iBGP a giao thc cho PE1 qung

co mng 10.1.2.0. Cp nht cng cha nhn (6), m PE2 gn cho prefix

10.1.2.0 v PE1 phi gn thm vo cc gi ti mng 10.1.2.0 trc khi chuyn

tip n. Khi PE2 qung co tuyn ng, n t a ch BGP chng k l

2.2.2.2/32 l a ch loopback ca n. PE1 a prefix 10.1.2.0 vo bng nh

tuyn ca VPNA v PE2 a prefix 10.1.1.0 vo bng nh tuyn ca VPNA.


3.6 Hot ng ca mt phng d liu MPLS VPN

Mt phng d liu thc hin chc nng chuyn tip cc gi IP c gn

nhn n trm k v ch.

Vic chuyn tip trong mng MPLS VPN i hoi phi dng chng nhn

(label stack).

Nhn trn (top lable) c gn v hon i (swap) chuyn tip gi d

liu i trong li MPLS. Nhn th hai (nhn VPN) c kt hp vi VRF

router PE chuyn tip gi n cc CE. Hnh 3.9 m t cc bc trong chuyn

tip d liu khch hng ca mt phng d liu t mt site khch hng CE2-A

ti CE1-A trong h tng mng ca SP.

Hnh 3.9 Mt phng d liu MPLS VPN

Sau y l nhng bc trong vic chuyn tip ca mt phng d liu minh

ha cho hnh 3.9: CE1 by gi gi mt gi ti my 10.1.2.1. Gi c chuyn

tip ti PE1. PE1 t nhn trong cho gi l 6. Sau n xem xt ch ti trong

bng nh tuyn ca VPNA. N xc nh rng a ch IP chng k l 2.2.2.2. N

xem trong LFIB ca n xc nh nhn ra no. Lc ny, PE1 t nhn ngoi

cho gi l 20 v chuyn ra cng giao tip hng ti PE2. Nhn ngoi l 20 v

nhn trong l 6. Khi PE2 nhn gi nhn, n g bo nhn ngoi 20 v kim tra


nhn trong. Nhn trong (6) cho router bit giao tip no n s chuyn tip gi ra.

Gi sau c chuyn ti CE2.

3.7 So snh VPN truyn thng v MPLS VPN

3.7.1 VPN truyn thng

Hnh 3.10 M hnh VPN truyn thng

Hn ch u tin v cng l d nhn thy nht IPSec l lm gim

hiu nng ca mng. Khi xt ng i ca mt gi tin c gi t my tnh

A trong mng A n my tnh B trong mng B. Gi tin t my tnh A s

c gi n CPE A. CPE-A s kim tra gi tin xem liu n c cn thit

phi chuyn n CPEB hay khng. Trong mt mi trng mng khng c

VPN th gi tin s c truyn ngay n CPE-B. Tuy nhin, vi giao thc

IPSec, CPE-A phi thc hin mt s thao tc trc khi gi gi tin i. u

tin, gi tin c m ha, sau ng gi vo cc gi IP, hot ng ny

tiu tn thi gian v gy tr cho gi tin. Tip theo gi tin s c a vo

trong mng ca nh cung cp dch v. Lc ny, nu gi tin mi c to

thnh c kch thc ln hn kch thc ti a cho php truyn (MTU) trn

bt c mt lin kt no gia CPE-A v CPE-B th gi tin s cn phi c

phn mnh thnh hai hay nhiu gi tin nho hn. iu ny ch xy ra trong

trng hp bit DF (Don't Fragment) khng c thit lp, cn trong trng

hp bit DF c thit lp th gi tin s b mt v mt bn tin ICMP s c

gi li pha pht. Khi gi tin n c CPE-B, n s c m gi v gii


m, hai hot ng ny tip tc lm tr gi tin trong mng. Cui cng, CPE-

B s chuyn tip gi tin n my tnh B.

Thi gian tr trong mng s ph thuc vo phc tp v tc x l

ca cc CPE. Cc thit b CPE cht lng thp thng phi thc hin hu

ht cc chc nng IPSec bng phn mm khin tr trong mng ln. Cc thit

b CPE vi kh nng thc hin cc chc nng IPSec bng phn cng c th

tng tc x l gi tin ln rt nhiu nhng chi ph cho cc thit b ny l

rt t. iu ny dn n chi ph trin khai mt mng IPSec VPN l rt tn

km.

Cc cng ngh IP VPN khc hin c, nh IPSec, L2TP, L2F v GRE

tt c u hot ng tt vi cu hnh mng sao (hubandspoke). Tuy

nhin, mng ngy nay cn lin lc nhiu chiu (anytoany). h tr iu

ny s dng Frame relay hay giao thc ng hm th cn phi c cu hnh

dng kt ni y (full mesh) cc PVC hay ng hm gia cc vng l

thnh vin. Mng khng th cung cp v qun l mt cu hnh y (full

mesh topology) s dng cc cng ngh truyn thng vi hng ngn hay

chc ngn VPN.

Mt im chng ta cn phi cn nhc khi trin khai cc mng VPN

l cc thit b CPE. Mi nh cung cp cn phi chc chn rng tt c cc

CPE s hot ng tng thch vi nhau. Gii php n gin v hiu qu

nht l s dng cng mt loi CPE trong mi vng, tuy nhin, iu ny

khng phi bao gi cng thc hin c do nhiu yu t khc nhau. Tuy

ngy nay s tng thch khng phi l mt vn ln nhng n vn cn

phi c quan tm khi hoch nh mt gii php mng IPSec VPN.


3.7.2 MPLS VPN

Hnh 3.11 MPLS VPN

Cc mng MPLS VPN khng s dng hot ng ng gi v m ha

gi tin t c mc bo mt cao. MPLS VPN s dng bng chuyn

tip v cc nhn to nn tnh bo mt cho mng VPN. Kin trc mng

loi ny s dng cc tuyn mng xc nh phn phi cc dch v VPN,

v cc c ch x l thng minh ca MPLS VPN lc ny nm hon ton

trong phn li ca mng.

Mi VPN c kt hp vi mt bng nh tuyn - chuyn tip VPN

(VRF) ring bit. VRF cung cp cc thng tin v mi quan h trong VPN

ca mt site khch hng khi c ni vi PE router. i vi mi VRF,

thng tin s dng chuyn tip cc gi tin c lu trong cc bng nh

tuyn IP v bng CEF. Cc bng ny c duy tr ring l cho tng VRF

nn n ngn chn c hin tng thng tin b chuyn tip ra ngoi mng

VPN cng nh ngn chn cc gi tin bn ngoi mng VPN chuyn tip vo

cc router bn trong mng VPN. y chnh l c ch bo mt ca MPLS

VPN. Bn trong mi mt MPLS VPN, c th kt ni bt k hai im no

vi nhau v cc site c th gi thng tin trc tip cho nhau m khng cn

thng qua site trung tm.


Cc CE khng i hoi chc nng VPN v h tr IPSec. iu ny c

ngha l khch hng khng phi chi ph qu cao cho cc thit b CE.

Tr trong mng c gi mc thp nht v cc gi tin lu chuyn

trong mng khng phi thng qua cc hot ng nh ng gi v m ha.

S d khng cn chc nng m ha l v MPLS VPN to nn mt mng

ring.

Vic to mt mng y (full mesh) VPN l hon ton n gin v

cc MPLS VPN khng s dng c ch to ng hm. V vy, cu hnh

mc nh cho cc mng MPLS VPN l full mesh, trong cc site c ni

trc tip vi PE v vy cc site bt k c th trao i thng tin vi nhau

trong VPN.

Hot ng khai thc v bo dng cng n gin hn trong mng

MPLS-VPN.

3.8 Tng kt chng

Ngy nay, cng ngh thng tin ngy cng pht trin, d liu truyn qua mng

rt l ln v nhu cu bo mt d liu lun i km. la chn mt gii php thch

hp, sao cho p ng c nhu cu cng vic, m phi m bo c tnh bo mt,

linh ng v c gi thnh hp l th khng phi l mt vn n gin.

Cc vn nan gii trn s c gii quyt bng gii php VPN. V vy, Qua

chng ny c th nm r cc thnh phn v cch hot ng ca MPLS VPN.

MPLS VPN gip qu trnh truyn d liu nhanh, an ton. Trong mang MPLS VPN

router li ca nh cung cp dch v khng bit n nh tuyn VPN ca khch hng,

d dng cho vic m rng quy m mng.

Chng 4. Thc nghim - 52 -

CHNG 4. THC NGHIM

Ci t m hnh MPLS VPN n gin

Hnh 4.1 M hnh thc nghim MPLS VPN

M t yu cu:

Cu hnh MPLS domain gia PE01, P, PE02

Cu hnh BGP AS 1 gia PE01, PE02

Trn PE01 to vrf A1, B1 tng ng vi mi router A1, B1

Trn PE02 to vrf A2, B2 tng ng vi mi router A2, B2

Cu hnh:

Site A1 c th kt ni vi site A2, site B2

Site A2 ch c th kt ni c ti site A1

Site B1 ch c th kt ni c vi site B2

Site B2 c th kt ni c vi site B1, A1


4.1 Cu hnh

4.1.1 Cu hnh router A1:

hostname A1

!

ip cef

ip audit po max-events 100

!

interface Loopback0

ip address 10.10.10.10 255.255.255.0

!

interface Serial1/0

ip address 192.168.1.2 255.255.255.0

serial restart-delay 0

!

router rip

version 2

network 10.0.0.0

network 192.168.1.0

no auto-summary

!

End

4.1.2 Cu hnh router B1:

hostname B1

!

ip cef


!

interface Loopback0


ip address 20.20.20.20 255.255.255.0

!

interface Serial1/0

ip address 192.168.2.2 255.255.255.0


!

router rip

version 2

network 20.0.0.0

network 192.168.2.0

no auto-summary

!

End

4.1.3 Cu hnh router PE01:

hostname PE01

!

ip vrf A1

rd 1:100

route-target export 1:100

route-target import 1:100

!

ip vrf B1

rd 1:200



!

ip cef



!

interface Loopback0

ip address 1.1.1.1 255.255.255.0

!

interface Serial1/0

ip vrf forwarding A1

ip address 192.168.1.1 255.255.255.0


!

interface Serial1/1

ip vrf forwarding B1

ip address 192.168.2.1 255.255.255.0


!

interface Serial1/2

ip address 192.168.3.1 255.255.255.0

mpls label protocol ldp

tag-switching ip


!

router eigrp 100

network 1.0.0.0

network 192.168.3.0

no auto-summary

!

router rip

version 2

!

address-family ipv4 vrf B1


redistribute bgp 1 metric transparent

network 192.168.2.0

no auto-summary

exit-address-family

!

address-family ipv4 vrf A1


network 192.168.1.0

no auto-summary

exit-address-family

!

router bgp 1

no synchronization

bgp log-neighbor-changes

neighbor 2.2.2.2 remote-as 1

neighbor 2.2.2.2 update-source Loopback0

no auto-summary

!

address-family vpnv4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 next-hop-self

neighbor 2.2.2.2 send-community both

exit-address-family

!


redistribute rip

no auto-summary

no synchronization

exit-address-family


!


redistribute rip

no auto-summary

no synchronization

exit-address-family

!

End

4.1.4 Cu hnh router P:

hostname P

!

ip cef


!

interface Loopback0

ip address 3.3.3.3 255.255.255.0

!

interface Serial1/0

ip address 192.168.3.2 255.255.255.0


tag-switching ip


!

interface Serial1/1

ip address 192.168.4.1 255.255.255.0


tag-switching ip



!

router eigrp 100

network 3.0.0.0

network 192.168.3.0

network 192.168.4.0

no auto-summary

!

End

4.1.5 Cu hnh router PE02:

hostname PE02

!

ip vrf A2

rd 1:100



!

ip vrf B2

rd 1:200



!

ip cef


!

interface Loopback0

ip address 2.2.2.2 255.255.255.0

!

interface Serial1/0


ip address 192.168.4.2 255.255.255.0


tag-switching ip


!

interface Serial1/1

ip vrf forwarding A2

ip address 192.168.5.1 255.255.255.0


!

interface Serial1/2

ip vrf forwarding B2

ip address 192.168.6.1 255.255.255.0


!

router eigrp 100

network 2.0.0.0

network 192.168.4.0

no auto-summary

!

router rip

version 2

!



network 192.168.6.0

no auto-summary

exit-address-family

!




network 192.168.5.0

no auto-summary

exit-address-family

!

router bgp 1

no synchronization

bgp log-neighbor-changes

neighbor 1.1.1.1 remote-as 1

neighbor 1.1.1.1 update-source Loopback0

no auto-summary

!

address-family vpnv4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 next-hop-self

neighbor 1.1.1.1 send-community both

exit-address-family

!


redistribute rip

no auto-summary

no synchronization

exit-address-family

!


redistribute rip

no auto-summary

no synchronization


exit-address-family

!

End

4.1.6 Cu hnh router A2:

hostname A2

!

ip cef


!

interface Loopback0

ip address 30.30.30.30 255.255.255.0

!

interface Serial1/0

ip address 192.168.5.2 255.255.255.0


!

router rip

version 2

network 30.0.0.0

network 192.168.5.0

no auto-summary

!

End


4.1.7 Cu hnh router B2:

hostname B2

!

ip cef


!

interface Loopback0

ip address 40.40.40.40 255.255.255.0

!

interface Serial1/0

ip address 192.168.6.2 255.255.255.0


!

router rip

version 2

network 40.0.0.0

network 192.168.6.0

no auto-summary

!

End


4.2 Thng tin nh tuyn

4.2.1 Thng tin nh tuyn ca A1

Hnh 4.2 Thng tin nh tuyn ca A1

4.2.2 Thng tin nh tuyn ca A2

Hnh 4.3 Thng tin nh tuyn ca A2


4.2.3 Thng tin nh tuyn ca B1

Hnh 4.4 Thng tin nh tuyn ca B1

4.2.4 Thng tin nh tuyn ca B2

Hnh 4.5 Thng tin nh tuyn ca B2


4.2.5 Thng tin nh tuyn ca PE01

Hnh 4.6 Thng tin nh tuyn ca PE01

4.2.6 Thng tin nh tuyn ca PE02

Hnh 4.7 Thng tin nh tuyn ca PE02


4.2.7 Thng tin nh tuyn ca P

Hnh 4.8 Thng tin nh tuyn ca P

4.3 Kim tra

Kim tra LDP nhn mt nhn ca nhng mng con v cc interface

loopback ca cc router core cha

Hnh 4.9 show mpls ldp bindings PE01


Hnh 4.10 show mpls ldp bindings P

Hnh 4.11 show mpls ldp bindings PE02

Bng LFIB

Hnh 4.12 bng LFIB trn PE01

tim hieu ve mpls vpn va cai dat thuc nghiem

Documents