1 Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved. MPLS Basics and...
-
date post
18-Dec-2015 -
Category
Documents
-
view
218 -
download
2
Transcript of 1 Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved. MPLS Basics and...
1Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Basics and In-Depth
BNL UpdateJune 29, 2004
Overview of MPLS Fundamentals, Basic Operation, and In-Depth overview of Service Capabilities
Craig HillEmail: [email protected] SE – IP CoreFederal Area
22MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 2
MPLS Brief – Overview and In-depth Session
MPLS Overview
• This session will provide the fundamentals for understanding MPLS technology basics. The discussion will include MPLS evolution, terminology, functions of labels, label format, label distribution, as well as encapsulations and basic operation of an MPLS-enabled network. Cisco products supporting MPLS will also be briefly covered.
MPLS In-Depth
• Difficulty understanding what advantages MPLS can offer and "why" network architects would consider implementing MPLS into the core of their network?
• This section will provide in-depth answers to these questions and explain the advantages and "Services" MPLS can offer Federal customers who are either looking to build an MPLS enabled core or utilize a service offering that is MPLS enabled. Services discussed will include VPN, Layer-2 transport, QoS, and IPv6 transport among others.
33MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 3
Agenda
• MPLS History
• Technology Basics
• Operation Examples
• Cisco Product Overview
Cisco Products Supporting MPLS
44MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 4
Evolution of MPLS
• Origins from Tag Switching
• Proposed in IETF—Later combined with ideas from other proposals from IBM (ARIS), Toshiba (CSR)
1996 1997 1998 1999 2000 2001TimeTime
Cisco Calls aBOF at IETF to
StandardizeTag Switching
Cisco Calls aBOF at IETF to
StandardizeTag Switching
Traffic Engineering Deployed
Traffic Engineering Deployed
MPLS VPNDeployed
MPLS VPNDeployed
Large Scale DeploymentsLarge Scale Deployments
Cisco Ships MPLS (Tag Switching)
Cisco Ships MPLS (Tag Switching)
Cisco ShipsMPLS TE
Cisco ShipsMPLS TE
MPLS Croup Formally Chartered
by IETF
MPLS Croup Formally Chartered
by IETF
2004
AToM, VPLS, DS-TE Deployed
AToM, VPLS, DS-TE Deployed
55MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 5
Why MPLS?
• Integrate best of Layer 2 and Layer 3
-Intelligence of IP Routing
- performance of high-speed switching
-Legacy service transport
-QoS
-VPN Semantics
-Link layers include:
-Ethernet, PoS, ATM, FR
Note: MPLS and IP could be optimal solution for overall IP Services Architecture.
66MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 6
MPLS as a Foundation for Value Added Services
VPNsVPNs
MPLSMPLS
Traffic Engineering
Traffic Engineering IP+ATMIP+ATM
Network InfrastructureNetwork Infrastructure
IP+OpticalGMPLS
IP+OpticalGMPLS
Any Transport Over MPLS
Any Transport Over MPLS
7Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Technology Basics
88MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 8
MPLS Technology Basics
• IP Routing
• Labels
• Control and Forwarding Plane Separation
• Label Distribution
• MPLS Environment
• Label-based Forwarding
99MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 9
IP Routing
171.69
Packets Forwarded Based on IP Address
Data
Address
Prefix128.89128.89
171.69
1
1
I/F
…
Address
Prefix128.89128.89
171.69
0
1
…
01
I/F
128.890
1
128.89.25.4128.89.25.4 Data
Address
Prefix128.89128.89 0
… …
I/F
Data Data128.89.25.4128.89.25.4128.89.25.4128.89.25.4128.89.25.4128.89.25.4
Route Update
1010MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 10
MPLS Technology Basics
• IP Routing
• Labels
• Control and Forwarding Plane Separation
• Label Distribution
• MPLS Environment
• Label-based Forwarding
1111MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 11
Encapsulations
Label HeaderLabel HeaderPPP HeaderPPP Header Layer 3 HeaderLayer 3 HeaderPPP Header
(Packet over SONET/SDH)
Label HeaderLabel Header Layer 3 HeaderLayer 3 Header* LAN MAC Label Header
Label HeaderLabel HeaderFrame RelayFrame Relay Layer 3 HeaderLayer 3 HeaderFrame Relay Label Header
MAC HeaderMAC Header
* LAN MAC Label Header also used for MPLS packets over an ATM Forum PVC SNAP Header. (Ethertype = 0x8847/8848)
1212MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 12
Label Header for Packet Media
• Can be used over Ethernet, 802.3, or PPP links
• Uses two new Ethertypes/PPP PIDs (in MAC hdr)
• Contains everything needed at forwarding time
• One word per label
Label = 20 bits COS/EXP = Class of Service, 3 bitsS = Bottom of Stack, 1 bit TTL = Time to Live, 8 bits
0 1 2 30 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 10 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tag COS S TTL
MTU beyond 1518 for Ethernet can be accounted for when adding labels by the “mpls mtu” command.
1313MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 13
Label Stacking
• Arrange labels in a stack
• Inner labels can be used to designate services/FECs, etc.E.g. VPNs, fast re-route, alternate forwarding
• Outer label used to route/switch the MPLS packets in the network
(e.g. for VPN, outer label used for forwarding to remote PEs and bottom label for differentiating VPN at remote PE).
• Allows building services such as: MPLS VPNs
Traffic engineering and fast re-route
VPNs over traffic engineered core
Any transport over MPLS
Inner Label
Outer Label
IP Header
TE LabelTE Label
IGP LabelIGP Label
VPN LabelVPN Label
1414MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 14
MPLS Technology Basics
• IP Routing
• Labels
• Control and Forwarding Plane Separation
• Label Distribution
• MPLS Environment
• Label-based Forwarding
1515MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 15
Control and Forward Plane Separation
LFIB
Routing Process
MPLS Process
RIB
LIB
FIB
Route
Updates/
Adjacency
Label Bind
Updates/
Adjacency
IP TrafficMPLS Traffic
Control Plane
Data Plane
1616MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 16
MPLS Technology Basics
• IP Routing
• Labels
• Control and Forwarding Plane Separation
• Label Distribution
• MPLS Environment
• Label-based Forwarding
1717MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 17
Label Distribution Protocol (LDP)
• Defined in RFC 3036 and 3037
• Used to distribute labels in a MPLS network
• Forwarding Equivalence Class (FEC)
How packets are mapped to LSPs (Label Switched Paths)
• Advertise labels per FEC Reach destination a.b.c.d with label x (per IPL3DA in RIB)
• Neighbor discovery
UDP and TCP Ports
UDP port for LDP Hello messages = 646
TCP port for establishing LDP session connections = 646
1818MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 18
TDP and LDP
• Tag Distribution Protocol
Pre-cursor to LDP
Used for Cisco tag switching
• TDP and LDP supported on the same box
Per neighbor/link basis
Per target basis
1919MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 19
RSVP and Label Distribution
• Used in MPLS Traffic Engineering
• Additions to base RSVP signaling protocol
• Leverage the admission control mechanism of RSVP
• Label requests are sent in PATH messages and binding is done with RESV messages
Note: CR-LDP is another option for label distribution, but is no longer used or implemented
2020MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 20
BGP-Based Label Distribution
• Used in the context of MPLS VPNs
• Need multi-protocol extensions to BGP
Referred to at M-BGP
Uses AFI/SAFI
• Extension to the BGP protocol in order to carry routing information about other protocols
Multicast
MPLS
IPv6
VPN-IPv4
Labeled IPv6 unicast (6PE)
VPN-IPv6 (6VPE)
• Exchange of Multi-Protocol NLRI must be negotiated at session set up Utilizes BGP Capabilities Advertisement negotiation procedures
• VPN edge routers need to be BGP peers
• Label mapping info carried as part of NLRI (Network Layer Reachability Information)
2121MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 21
MPLS Technology Basics
• IP Routing
• Labels
• Control and Forwarding Plane Separation
• Label Distribution
• MPLS Environment
• Label-based Forwarding
2222MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 22
General Context
• In Core:Forward using labels (as opposed to IP addr)
Label indicates service class and destination
Label Switch Router (LSR)
Label Distribution Protocol (LDP/TDP,RSVP,BGP)
Edge Label Switch Router
• At Edge (ingress):
Classify packets
Label them
• At Edge (egress):
Remove Label
(PE) – Provider Edge
(P) – Provider
(CE) – Customer Edge
(PE) – Provider Edge
2323MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 23
Operation
• Traditional routing
Each router holds entire routing table and forwards to next hop (destination based routing); routes on L3 Destination address
• MPLS combines L3 routing with label swapping and forwarding
• MPLS Forwarding
Label imposed at ingress (ingress to label-switched portion of network) router. Generally, all forwarding decisions then made on label only – no routing table lookups but TFIB table lookups.
Tag stripped at egress
2424MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 24
MPLS Technology Basics
• IP Routing
• Labels
• Control and Forwarding Plane Separation
• Label Distribution
• MPLS Environment
• Label-based Forwarding
2525MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 25
MPLS Example: Routing Information
128.89
1
01
0
Routing Updates (OSPF, EIGRP, …)
You Can Reach 128.89 and 171.69 Thru Me
You Can Reach 171.69 Thru Me
You Can Reach 171.69 Thru Me
You Can Reach 128.89 Thru Me
You Can Reach 128.89 Thru Me
In Label
Address
Prefix128.89
171.69
1
1
OutI’face
OutLabel
In Label
Address
Prefix128.89
171.69
0
1
OutI’face
OutLabel
In Label
Address
Prefix128.89 0
OutI’face
OutLabel
… … … … … …
171.69
2626MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 26
MPLS Example: Assigning Labels
128.89
1
01
0
Label Distribution Protocol (LDP)
(downstream allocation)
Use Label 4 for 128.89 and Use Label 5 for 171.69
Use Label 4 for 128.89 and Use Label 5 for 171.69
Use Label 7 for 171.69Use Label 7 for 171.69
In Label
Address
Prefix128.89
171.69
1
1
OutI’face
OutLabel
In Label
Address
Prefix128.89
171.69
0
1
OutI’face
OutLabel
In Label
Address
Prefix128.89 0
OutI’face
OutLabel
-9
… … … … … …… …… … … …
9
7
4
5
4
5
-
-
171.69
Use Label 9 for 128.89Use Label 9 for 128.89
2727MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 27
In Label
Address
Prefix128.89128.89
171.69
1
1
OutI’face
OutLabel
… …… …
4
5
-
-
MPLS Example: Forwarding Packets
Label Switch Forwards Based on Label
In Label
Address
Prefix128.89
171.69
0
1
OutI’face
OutLabel
… …… …
9
7
44
5
In Label
Address
Prefix128.89 0
OutI’face
OutLabel
-9
… …… …
Data 128.89.25.4 Data
128.89.25.4 Data
128.89
1
01
0
128.89.25.4128.89.25.4 44
99
MPLS network egress point
128.89.25.4 Data
28Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
Cisco Products SupportingMPLS
2929MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 29
Cisco Platforms Supporting MPLS(in a Single Slide)
Important: Some features are dependent on product model, interface modules (i.e. LineCards & Port Adapters), and/or require a software feature license.
• 2691
• 3631
• 3640
• 3660
• 3725
• 3745
• 7200
• 7300
• 7400
• 7500
• 10000
• 10700
• 12000
• 12000-PRP
• AS5350
• IGX 8400-URM/RPM-RP/XF
• Catalyst 6K/7600 SUP2/MSFC2
• Cisco 7600 – SUP720-3BXL
• Platforms shown were derived for supporting MPLS-VPN and LDP.
• Some lower-end platforms support several basic MPLS CE features Multi-VRF CE (aka VRF-Lite). These include:
•3550 (Requires EMI)
•2600 Series Routers
• Cisco 7600 Supports L2/L3 MPLS Features w/ MSFC2/PFC2
• New SUP720-3bXL processor, primary choice for MPLS function in Catalyst 6500/Cisco 7600
Platform Support
Notes
30Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS In-DepthOverview of MPLS Services and Applications
currently being Deployed
3131MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 31
Agenda
• MPLS Drivers
- Reasons for deploying MPLS
• MPLS Applications- MPLS VPN – Layer-3
- Detailed Overview
- IOS Examples
- MPLS Layer-2 Transport
- PWE3/AToM
- Application Example
- MPLS Traffic Engineering
- Fast-ReRoute for Bandwidth Protection
- MPLS QoS
- Diffserv over MPLS
- Diffserv TE (DS-TE)
- Guaranteed Bandwidth Service Applications
-Useful Implementations Combining Multiple MPLS Services
-IP version 6 (IPv6) Transport Methods over MPLS
- 6PE/6VPE (IPv6 Edge and VPN Support)
• Useful URL’s (Reference Information)
3232MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 32
Why MPLS? - Major Drivers
• Provide IP VPN Services
Scalable IP VPN service – Build once and sell many
Managed Central Services – Building value add services and offering them across VPNs (i.e. Multicast, Address Mgmt)
• Managing traffic on the network using MPLS Traffic Engineering
Providing tighter SLA/QoS (Guaranteed B/W Services)
Protecting bandwidth - Bandwidth Protection Services are enabling Service Providers to look at alternate approaches to SONET APS
• Integrating Layer 2 & Layer 3 Infrastructure
Layer 2 services such as Frame Relay and ATM over MPLS
Mimic layer 2 services over a highly scalable layer 3 infrastructure
3333MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 33
Customer Deployment
• We are now up to 225+ (Total – SP+Enterprise) deployed customers in production networks
Some case studies Documented
Very large deployments include a single customer requiring:
30K CEs, ~1000 PEs
• MPLS VPNs continues to be majority deployments
• AToM is the majority in the recent deployments
• TE Catching on fastSimple mechanism – unequal cost load balancing
• QoS Service offering in the MPLS Services
34Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Applications
35Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Layer 3 VPNs
3636MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 36
Virtual Networks
Virtual Private Networks Virtual Dialup Networks Virtual LANs
Overlay VPN Peer-to-Peer VPN
Layer-2 VPN Layer-3 VPN Access lists (Shared router)
Split routing (Dedicated router)
MPLS/VPN
X.25 F/R ATM GRE IPSec
Virtual Network Models
3737MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 37
Overlay Network
• Provider sells a circuit service
• Customers purchases circuits to connect sites, runs IP
• N sites, (N*(N-1))/2 circuits for full mesh—expensive
• The big scalability issue here is routing peers—N sites, each site has N-1 peers
• Hub and spoke is popular, suffers from the same N-1 number of routing peers
• Hub and spoke with static routes is simpler, still buying N-1 circuits from hub to spokes
• Spokes distant from hubs could mean lots of long-haul circuits
Provider(FR, ATM, etc.)
3838MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 38
Peer Network
• Provider sells an MPLS-VPN service
• Customers purchases circuits to connect sites, runs IP
• N sites, N circuits into provider
• Access circuits can be any media at any point (FE, POS, ATM, T1, dial, etc.)
• Full mesh connectivity without full mesh of L2 circuits
• Hub and spoke is also easy to build
• Spokes distant from hubs connect to their local provider’s POP, lower access charge because of provider’s size
• The Internet is a large peer network
Provider(MPLS-VPN)
3939MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 39
MPLS L3 VPNs using BGP (RFC2547)
• End user perspective
Virtual Private IP service
Simple routing – just point default to provider
Full site-site connectivity without the usual drawbacks (routing complexity, scaling, configuration, cost)
• Major benefit for provider – scalability
VPN B VPN CVPN BVPN C
VPN AVPN A
VPN BVPN BVPN CVPN C
VPN AVPN A
VPN CVPN CVPN BVPN B
VPN A
VPN B
VPN C
4040MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 40
MPLS VPN Topology
VPN A/Site 1
VPN C/Site 2
VPN A/Site 2
VPN B/Site 2
VPN B/Site 1
VPN C/Site 1
CEA1
CEB3
CEA3
CEA2
CE1B1
CE2B1
PE1
PE2
PE3
P1
P2
P3
16.1/16
12.1/16
16.2/16
11.1/16 11.2/16RIP
Static
RIP
RIP
BGP
Static
RIPBGP
12.2/16
CEB2
4141MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 41
VPN Routing and Forwarding Instance (VRF)
• PE routers maintain separate routing tables
Global routing table
Contains all PE and P routes (perhaps BGP)
Populated by the VPN backbone IGP
VRF (VPN routing and forwarding)
Routing and forwarding table associated with one or more directly connected sites (CE routers)
VRF is associated with any type of interface, whether logical or physical (e.g. sub/virtual/tunnel)
Interfaces may share the same VRF if the connected sites share the same routing information
Not virtual routers, just virtual routing and forwarding
4242MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 42
PE Router – Global Routing Table Output
PE2#sh ip route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, Ethernet0/0
192.168.100.0/32 is subnetted, 3 subnets
O 192.168.100.1 [110/11] via 192.168.1.1, 00:04:27, Ethernet0/0
C 192.168.100.2 is directly connected, Loopback0
O 192.168.100.3 [110/11] via 192.168.1.3, 00:04:27, Ethernet0/0
CE2 PE2192.168.100.2 192.168.100.1
PE1OSPFOSPF
Routes from PE1’s Global Routing Table
4343MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 43
PE Router – VRF Routing Table Output
PE2#sh ip route vrf RED
Routing Table: RED
Gateway of last resort is 192.168.100.1 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks
C 172.16.25.0/30 is directly connected, Serial4/0
C 172.16.25.2/32 is directly connected, Serial4/0
B 172.16.20.0/24 [20/0] via 172.16.25.2, 00:07:04
10.0.0.0/24 is subnetted, 1 subnets
B 10.0.0.0 [200/307200] via 192.168.100.1, 00:06:28
B* 0.0.0.0/0 [200/0] via 192.168.100.1, 00:07:03
CE2 PE2172.16.25.2
172.16.25.1
PE1iBGP VPNv4iBGP VPNv4Routes from PE1 10.0.0.0/24
172.16.20.0/24
4444MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 44
Virtual Routing and Forwarding Instances
• Define a unique VRF for interface 0
• Define a unique VRF for interface 1
• Packets will never go between int. 0 and 1
• Uses VPNv4 to exchange VRF routing information between PE’s
• No MPLS yet…
VPN-A
VPN-A
CECEVPN-B
VRF for VPN-A
VRF for VPN-B
CECE
146.12.7.0/24146.12.7.0/24
195.12.2.0/24
0
1
Global Routing Table
VPN Routing Table
PEPE
4545MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 45
CE
iBGP Domain
Customer-1
VPN1Customer-2
CE
MPLS Domain
PE
Separate Physical Links
Separate router per Customer/VPN
VRF Route Population
• VRF is populated locally through PE and CE routing protocol exchange
RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing
“connected” is also supported (i.e. Default-gateway is PE)• Separate routing context for each VRF
routing protocol context (BGP-4 & RIP V2)
separate process (OSPF)
eBGP, EIGRP,OSPF, RIPv2,Static
4646MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 46
Carrying VPN Routes in BGP
• VRFs by themselves aren’t all that useful
• Need some way to get the VRF routing information off the PE and to other Pes
• This is done with BGP
4747MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 47
Additions to BGP to Carry MPLS-VPN Info
• RD: Route Distinguisher
• VPNv4 address family
• RT: Route Target
• Label
4848MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 48
Route Distinguisher
• To differentiate 10.0.0.0/8 in VPN-A from 10.0.0.0/8 in VPN-B
• 64-bit quantity
• Configured as ASN:YY or IPADDR:YY
Almost everybody uses ASN
• Purely to make a route unique
Unique route is now RD:Ipaddr (96 bits) plus a mask on the IPAddr portion
So customers don’t see each others routes
!ip vrf redrd 1:1route-target export 1:1route-target import 1:1
4949MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 49
Route Target
• To control policy about who sees what routes
• 64-bit quantity (2 bytes type, 6 bytes value)
• Carried as an extended community
• Typically written as ASN:YY
• Each VRF ‘imports’ and ‘exports’ one or more RTs
Exported RTs are carried in VPNv4 BGP
Imported RTs are local to the box
• A PE that imports an RT installs that route in its routing table
!ip vrf redrd 1:1route-target export 1:1route-target import 1:1
5050MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 50
VPNv4
• In BGP for IP, 32-bit address + mask makes a unique announcement
• In BGP for MPLS-VPN, (64-bit RD + 32-bit address) + 32-bit mask makes a unique announcement
• Since the route encoding is different, need a different address family in BGP
• VPNv4 = VPN routes for IPv4
As opposed to IPv4 or IPv6 or multicast-RPF, etc…
• VPNv4 announcement carries a label with the route
“If you want to reach this unique address, get me packets with this label on them”
51Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Layer-3 VPNOperation Example
5252MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 52
Service Provider Network
PE-1 PE-2
CE CE
• PE routers translate into VPN-V4 routeAssigns an RD, SOO (if configured) and RT based on configurationRe-writes Next-Hop attribute (to PE loopback)Assigns a label based on VRF and/or interfaceSends MP-BGP update to all PE neighbors
BGP, OSPF, RIPv2 update 149.27.2.0/24,NH=CE-1
VPN-v4 update:RD:1:27:149.27.2.0/24, Next-hop=PE-1RT=VPN-A
Label=(28)
VRF Population of MP-BGP
ParisLondon
5353MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 53
Service Provider Network
PE-1 PE-2
CE CE
BGP, OSPF, RIPv2 update 149.27.2.0/24,NH=CE-1
• Receiving PE routers translate to IPv4
Insert the route into the VRF identified by the RT attribute (based on PE configuration)
• The label associated to the VPN-V4 address will be set on packets forwarded towards the destination
VPN-v4 update:RD:1:27:149.27.2.0/24, Next-hop=PE-1RT=VPN-A
Label=(28)
VPN-v4 update is translated into IPv4 address and put into VRF VPN-A as RT=VPN-A and optionally advertised to any attached sites
VRF Population of MP-BGP
ParisLondon
5454MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 54
MPLS/VPN Packet Forwarding
• Between PE and CE, regular IP packets (currently)
• Within the provider network—label stack
Outer label: “get this packet to the egress PE”
Inner label: “get this packet to the egress CE”
• MPLS nodes forward packets based on TOP label!!!any subsequent labels are ignored
• Penultimate Hop Popping procedures used one hop prior to egress PE router (shown in example)
5555MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 55
In Label FEC Out Label
- 197.26.15.1/32 41
Paris
149.27.2.27
PE-1
London149.27.2.0/24
• Ingress PE receives normal IP packets
• PE router performs IP Longest Match from VPN FIB, finds iBGP next-hop and imposes a stack of labels <IGP, VPN>
149.27.2.272841
VPN-A VRF149.27.2.0/24,
NH=197.26.15.1Label=(28)
MPLS/VPN Packet Forwarding
5656MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 56
In Label FEC Out Label
41 197.26.15.1/32 POP
Paris
149.27.2.27
PE-1
London149.27.2.0/24
149.27.2.272841
VPN-A VRF149.27.2.0/24,
NH=197.26.15.1Label=(28)
149.27.2.2728
In Label FEC Out Label
28(V) 149.27.2.0/24 -
VPN-A VRF149.27.2.0/24,
NH=Paris
149.27.2.27
• Penultimate PE router removes the IGP label
Penultimate Hop Popping procedures (implicit-null label)
• Egress PE router uses the VPN label to select which VPN/CE to forward the packet to
• VPN label is removed and the packet is routed toward the VPN site
MPLS/VPN Packet Forwarding
5757MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 57
Things to Note
• Core does not run VPNv4 BGP!
Same principle can be used to run a BGP-free core for an IP network
• CE does not know it’s in an MPLS-VPN
• Outer label is from LDP/RSVP
Getting packet to egress PE is mutually independent to MPLS-VPN
• Inner label is from BGP
Inner label is there so the egress PE can have the same network in multiple VRFs
5858MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 58
CE
iBGP Domain
Customer-1
VPN1Customer-2
CE
MPLS Domain
PE
Separate Physical Links
Separate router per Customer/VPN
VRF Route Population
• VRF is populated locally through PE and CE routing protocol exchange
RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing
“connected” is also supported (i.e. Default-gateway is PE)
• Separate routing context for each VRF
routing protocol context (BGP-4 & RIP V2)
separate process (OSPF)
eBGP, EIGRP,OSPF, RIPv2,Static
5959MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 59
• Each VRF separation on the PE is extended to the CE
• Separation is maintained via layer-2 transport that support “logical” separation (e.g. 802.1Q, FR/ATM VC’s
• CE router must be capable of supporting VRF’s
• CE is not required to support MPLS labels
• Routing protocol options from CE-PE remain the same (e.g. BGP, RIPv2, OSPF, EIGRP, static)
iBGP Domain
Routing Updates
Multi-VRF CE (VRF-lite)
VPN2
VPN1VPN1
CE
MPLS Domain
PE
•Single Physical Link
•Logical Link per VRF
•Layer-2 must support logical separation
•802.1q, FR/ATM VC’s
Single router supporting
Multiple VRF Instances
NO Labels Required
6060MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 60
Customers Connecting to a Layer-3 VPN Service
• What routing protocol is supported by the carrier (CE-PE)?
• What address space do they allow for CE-PE subnet?
• What layer-2 transport is required/supported from CE-PE?
• Do they provide a QoS SLA?
• Concerning QoS, do they require DSCP or ToS settings from the CE to their PE?
• Do they manipulate DSCP/ToS based on congestion in their network?
• What other services do they have on their roadmap of “Service Offerings” (Example: IPv6, IP Multicast, Tighter QoS SLA offering, other??)
• Understand the resiliency in the core
• Do they offer LEC diversification or “bypass”?
6161MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 61
Validating Cisco MPLS Based IP-VPN as a Secure Network
Security
Miercom independent testing confirmed Cisco MPLS VPN is secure: Customers network topology is not
revealed to the outside world
Customers can maintain own addressing plans and the freedom to use either public or private address space
Attackers cannot gain access into VPNs or Service Provider’s network
Impossible for attacker to insert “spoofed” label into a Cisco MPLS network and thus gain access to a VPN or the MPLS core
RED-Glascow2611
100.200.200.104
3.4.4.4
10.4.4.4
SER 5/0:0100.200.104.1
PO S 1/0100.200.106.2
T 1 FRdlc i 102
eBG P AS72 T 1 FRdlc i 104R IP v2
Ser 3/0100.200.102.1
SiSi
SiSi
SER 1/0:0100.200.104.2
AT M 2/0/0100.200.111.1
SER 1/0/1:0100.200.110.1
PO S 2/1/0100.200.112.2
3.5.5.5
RED-Dover1750
100.200.200.10910.3.3.3
T 1 FRdlc i 109R IP v2
T 1 FRdlc i 110
Static
10.3.3.3
DOVER7505
100.200.200.112
AT M 1/0100.200.111.2
Ser 0100.200.109.2
BLUE-Dover2611
100.200.200.110 YELLOW -Dover3640
100.200.200.111
Ser 1/0100.200.110.2
Ser 5/0:0100.200.101.1
BLUE-Oxford1750
100.200.200.101
Ser 0100.200.101.2
T 1 FRdlc i 101
O SPF
10.4.4.4
pvc 0 /11eBG P AS71
BLUE-Glascow3640
100.200.200.105
SER 1/0/0:0100.200.109.1
AT M 1/0100.200.105.2
10.5.5.5
AT M 1/0100.200.105.1
pvc 1 /1O S PF
O C 3 PO S
GLASCOW7206
100.200.200.106
OXFORD7206
100.200.200.103
LONDONGSR12008
100.200.200.107
PO S 1/0100.200.103.1
PO S 1/1100.200.106.1
PO S 1/0100.200.112.1
PO S 2/0100.200.110.1
O C 3 PO SO C 3 PO S
YELLOW -Oxford3640
100.200.200.102
Ser 0/0100.200.102.2
SiSi
PO S 2/0100.200.103.2
Test Network Topology
http://mier.com/reports/cisco/MPLS-VPNs.pdf
6262MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 62
Managed Shared Services Are The Future of Centralized Services
CentralizedServices
Co-LocationCo-LocationCentralizedCentralized
Hosting Hosting ServicesServices
CentralizedCentralizedHosting Hosting ServicesServices
CentralizedCentralizedApplicationApplication
ServicesServices
CentralizedCentralizedApplicationApplication
ServicesServices
L2/L3 Connectivity
L2/L3 Connectivity
Data Center Space
Data Center Space
L2/L3 Connectivity
For VPNs
L2/L3 Connectivity
For VPNs
Basic HostingBasic
HostingManaged Security
Managed Security
Managed Network Services
Managed Network Services
Platform ServicesPlatform Services
E-Comm App MgmtE-Comm
App MgmtBusiness
LogicBusiness
LogicCustomer Relation
Customer Relation
Value Added Services
VPN Aware NAT
IP Address Management
VPN Aware HSRP/VRRP
Cisco IOS® - Key enabler to Centralized Add-on Services in MPLS-VPN’s
Multicast VPN
VPN Select
6363MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 63
mVPN : Concept & Fundamentals
Receiver 4Receiver 4
B1
D
FF
CECE
A
CECE
CECE
High bandwidth multicast source
Receiver 3Receiver 3
Receiver 2Receiver 2
C
CECE
CECE
MPLS VPNMPLS VPNCore Core
CECE
Receiver 1Receiver 1
EE
PEPEBPEPE
PEPE
EE
PEPEA
PEPED
C
Join highbandwidth source
Join highbandwidth source
• The MPLS Core forms a Default MDT for a given Customer
• Customer CE devices joins the MPLS Core through provider’s PE devices
• Data-MDT is formed for this High-Bandwidth source
• A High-bandwidth source for that customer starts sending traffic
• Interested receivers 1 & 2 join that High Bandwidth source
CECE
DataDataMDTMDT
For High Bandwidth traffic only.
DefaultDefaultMDTMDTFor low
Bandwidth & control
traffic only.
B2
San Francisco
San Francisco
Los Angeles
Los Angeles
DallasDallas
New YorkNew York
64Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Layer-2 Transport
6565MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 65
• Layer 2 Transport– L2TPv3
• draft-ietf-l2tpext-l2tp-base-07.txt
• draft-ietf-l2tpext-l2tpmib-base-01.txt
– MPLS (P2P, formerly draft-martini)
• draft-ietf-pwe3-control-protocol-01.txt
• draft-ietf-pwe3-[atm, frame-relay, ethernet, etc.]
• Layer 2 VPN (VPLS)– draft-lasserre-vkompella-ppvpn-vpls-02.txt
• Auto-Provisioning– draft-ietf-ppvpn-bgpvpn-auto-02.txt (BGP auto-discovery)
Pseudo Wire –Cisco IETF Technology Adoption
6666MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 66
Layer 2 Transport for MPLS Networks • HDLC/PPP
• Frame Relay
• Ethernet (802.1Q)
• ATM AAL5 & Cell Relay
AToMAny Transport Over MPLS
6767MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 67
Motivation for AToM
• Protect existing investment while building packet core
Frame Relay and ATM
Non-IP protocols – SNA, IPX
• Trunk customer traffic
Trunk customer’s IGP across the provider backbone
Especially when the customer is connecting over disparate media
• Provider devices forward customer packets based on Layer 2 information
Circuits (ATM/FR), MAC address
CPE-based Tunnels (e.g. IPSEC) analogous to circuits
Possibility of a new service (VPLS – emulated LAN)
• Good fit for customers that either
Simply want connectivity
Have non-IP protocols
6868MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 68
AToM –VC Information Exchange
• VC labels are exchanged across a directed LDP session between PE routers
Carried in Generic Label TLV within LDP Label Mapping Message (RFC3036 -LDP)
• New LDP FEC element defined to carry VC information
FEC element type ‘128 – Virtual Circuit FEC Element’;
Carried within LDP Label Mapping Message
• VC information exchanged using Downstream Unsolicited label distribution procedures
Described in draft-martini-l2circuit-trans-mpls
6969MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 69
PE2PE1
CECE1
Bi-directional Label/VCID mapping exchange
AToM –Label Mapping Exchange
PE2 repeats steps 1-5 so that bi-directional label/VCID mappings are established
1. L2 transport route entered on ingress PE
2. PE1 starts LDP session with PE2 if one does not already exist
3. PE1 allocates VC label for new interface & binds to configured VCID
4. PE1 sends label mapping message containing VC FEC TLV & VC label TLV 5. PE2 receives VC
FEC TLV & VC label TLV that matches local VCID
Tunnel Label VC Label PDU
7070MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 70
Layer 2 Integration – ATM/FR over MPLS
PE
MPLS Backbone
PE
ATM/FR
CPE Router
ATM/FR
CPE Router
Virtual Circuits
Any Transport over MPLS
(AToM) Tunnel
Cells/frames with labels
Virtual Leased Line
• Two different requirements for the transport of ATM across an MPLS backbone
- Transport of AAL5 encapsulated frames (RFC1483);
- Transport of ATM cells (cell relay)
• AToM FR will support DLCI to DLCI switching
Both local and distributed connectivity;
PE will act as DCE or NNI Interface;
Different encapsulation may be used on both ends of the PVC e.g Cisco encapsulation on one end and IETF (RFC 1490) encapsulation on the other end
QoS Options, Mapping: L2IPEXP
7171MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 71
Layer 2 Integration - Ethernet over MPLS
• Port-mode
Allows a frame coming into an interface to be packed into an MPLS packet• VLAN-mode
Forwards frames from a SRC 802.1Q VLAN to a DST 802.1Q VLAN
PE PE
MPLS Network
PE PE
Enterprise LAN
ISP 1
Enterprise LAN
PE PE
ISP 2
ISP A
ISP 3
ISP B
ISP C
Ethernet Segment
Ethernet Segment
7272MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 72
PPP/HDLC over MPLS
End to End PPP/HDLC Session
PPP/HDLC over MPLS
Customer Edge
Customer Edge
MPLS Network
Broadband Access
DSLCableBBFW
Content CacheDNS, AAA
End to End PPP SessionRemote Hosting& Backhaul
7373MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 73
PE1PE2
P
L0: 192.168.100.10/32 L0: 192.168.100.12/32
L0: 192.168.100.11/32
2.0/244.0/24
3.0/24
.1
.1
.1
.2
.2
.2
192.168.0.0/24 FE
FE
FE
ATM KG ATM KG
OC-3 OC-3
7505 7200
7507PVC0/200
PVC0/200
7505-AToM-PE#sh atm vc VCD / Peak Avg/Min BurstInterface Name VPI VCI Type Encaps Kbps Kbps Cells Sts2/0/0.100 4 0 100 PVC AAL0 149760 N/A UP
Pseudo-wire LSP
interface ATM2/0/0 no ip address no atm ilmi-keepalive no atm enable-ilmi-trap!!interface ATM2/0/0.200 point-to-point no atm enable-ilmi-trap pvc 0/200 l2transport encapsulation aal0 xconnect 192.168.100.12 200 encapsulation mpls
interface ATM2/0/0 no ip address no atm ilmi-keepalive no atm enable-ilmi-trap!!interface ATM2/0/0.200 point-to-point no atm enable-ilmi-trap pvc 0/200 l2transport encapsulation aal0 xconnect 192.168.100.10 200 encapsulation mpls
Example:Example:ATM KG connection over ATM Cell Relay (AToM)ATM KG connection over ATM Cell Relay (AToM)Example:Example:ATM KG connection over ATM Cell Relay (AToM)ATM KG connection over ATM Cell Relay (AToM)
7474MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 74
MPLS AToM “show” Output
7200-AToM-PE# show mpls l2 vc
Local intf Local circuit Dest address VC ID Status
------------- -------------------- --------------- ---------- ----------
AT4/0 ATM VPC CELL 0 192.168.100.10 200 UP
7200-AToM-PE# show mpls l2 vc detail
Local interface: AT2/0/0 up, line protocol up, ATM VPC CELL 0
Destination address: 192.168.100.10, VC ID: 200, VC status: up
Preferred path: not configured
Default path: active
Tunnel label: imp-null, next hop point2point
Output interface: Tu200, imposed label stack {16}
Create time: 23:16:48, last status change time: 16:53:49
Signaling protocol: LDP, peer 192.168.100.12:0 up
MPLS VC labels: local 16, remote 16
Group ID: local 0, remote 0
MTU: local n/a, remote n/a
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 9693985, send 777914411
byte totals: receive 581639100, send 3725191700
packet drops: receive 0, send 0
7575MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 75
Building on the theme – One Network Any Access
• Any to Any connectivity (Future)
Interworking between disparate transports
Use AToM control plane to do service interworking
Frame Relay to ATMFrame Relay to EthernetEthernet to ATMFrame Relay to HDLC/PPPEthernet to POS..
Frame RelayATMEthernetPPPCisco HDLC
Frame RelayATMEthernetPPPCisco HDLC
MPLS
7676MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 76
Common VC ID between PEs creates a
Virtual Switching Instance
VPLS – Building Blocks Based on: draft-lasserre-vkompella-ppvpn-vpls-02.txt
PE PE
MPLS
MPLS enabled core forms Tunnel LSPs
CE
Attachment VCs are Port Mode or VLAN ID
CE
CE
Full Mesh of directed LDP sessions
exchange VC Labels
77Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Traffic Engineering
Bandwidth Protectionusing
MPLS Traffic Engineeringwith
Fast ReRoute (FRR)
7878MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 78
Traffic Engineering - Theory
• MPLS-TE was designed to move traffic along a path other than the IGP shortest path
Bring ATM/FR traffic engineering abilities to an IP network
Avoid full IGP mesh and n(n – 1)/2 flooding
Bandwidth-aware connection setup
• Fast ReRoute (FRR) is emerging as another application of MPLS-TE
Bandwidth Protection: Allows for tighter control on bandwidth – packet loss, delay & jitter
Minimal packet loss (msec) when a link goes down
Can be used in conjunction with MPLS-TE for primary paths, can also be used in standalone
• Provide Virtual Leased Lines – DS-TE + QoSIntelligent network infrastructure for better bandwidth guarantees (DS-TE, Online Bandwidth Protection, Voice VPNs etc)
7979MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 79
Router F
The Problem with Shortest-Path
• Changing to A->C->D->E won’t help
Router C Router D
Router G
80Mb Traffic
80Mb Traffic
35Mb Drops!
35Mb Drops!Router A
Router B
NodeNode Next-HopNext-Hop CostCostBB 1010BB
FF 3030BB
CC 1010CCDD 2020CCEE 2020BB
GG 3030BB
OC-3
OC-3
DS3
DS3
DS3OC-3
OC-3
• Some links are DS3, some are OC-3
• Router A has 40Mb of traffic for Route F, 40Mb of traffic for Router G
• Massive (44%) packet loss at Router B->Router E!
Router E
8080MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 80
NodeNode Next-HopNext-Hop CostCostBB 1010BB
F 30Tunnel 0
CC 1010CCDD 2020CCEE 2020BB
GG 3030Tunnel 1Tunnel 1
Router F
Path Calculation
• PCALC takes bandwidth, other constraints into account
• Link state protocol advertises “unreserved capacity”
• Constraints (required bandwidth and policy) are specified for a TE “trunk”
• End result: Bandwidth used more efficiently!
40Mb40Mb
OC-3
OC-3
DS3
DS3
DS3OC-3
Router C
Router E
Router D
Router G
Router A
Router B
40Mb40Mb
OC-3
8181MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 81
Forwarding Traffic Down a Tunnel
• There are three ways traffic can be forwarded down a TE tunnel
Auto-route
Static routes
Policy routing
• With the first two, MPLS-TE gets you unequal cost load balancing
8282MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 82
Fast ReRoute
• FRR: A mechanism to minimize packet loss during a failure
• Pre-provision protection tunnels that carry traffic when a protected resource (link/node) goes down
• Use MPLS-TE to signal the FRR protection tunnels, taking advantage of the fact that MPLS-TE traffic doesn’t have to follow the IGP shortest path
• Used as a mechanism (along with DS-TE) for tight SLA offerings for “Guaranteed Bandwidth Services”
8383MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 83
Link Protection*
• Primary Tunnel: A -> B -> D -> E
• BackUp Tunnel: B -> C -> D (Pre-provisioned)
• Recovery = ~50ms
Router D
Router C
Router A Router B Router E
Router YRouter X
*Introduced in 12.0(11)ST
8484MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 84
Node Protection
• Primary Tunnel: A -> B -> D -> E -> F
• BackUp Tunnel: B -> C -> E (Pre-provisioned)
• Recovery = ~100ms
Router E
Router C
Router A Router B Router F
Router YRouter X
Router D
Introduced in 12.0(22)S
8585MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 85
Standardization - IETF
• MPLS Working Group
Fast Reroute Extensions:
draft-ietf-mpls-rsvp-lsp-fastreroute-01.txt
Fast Reroute MIB:
draft-ietf-mpls-fastreroute-mib-01.txt
• IETF Drafts
Bandwidth Protection
draft-vasseur-mpls-backup-computation-01.txt
Path Computation (eg. Inter-AS)
draft-vasseur-mpls-computation-rsvp-02.txt
86Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS QoS
8787MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 87
DiffServ over MPLS
• MPLS doesn’t define a new QoS architecture
• Most of the work on MPLS QoS has focused on supporting current IP QoS architectures
• Same traffic conditioning and Per-Hop behaviors as defined by DiffServ
8888MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 88
Label 20 bitsEXP Experimental Field, 3 bits S Bottom of Stack, 1 BitTTL Time to Live, 8 Bits
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label EXP S TTL
Label Header for Packet Media
• Can be used over other layer-2 technologies
• Contains all information needed at forwarding time
• One 32-bit word per label
• EXP field size limitation by standards
8989MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 89
E-LSPLDP/RSVPLDP/RSVP LDP/RSVPLDP/RSVP
EFAF1
Diff-Serv Support Over MPLS
• Diff-Serv is supported today over MPLSRFC3270
Neither more nor less than “plain old” Diff-Serv
• Example above illustrates support of EF and AF1 on single E-LSPEF (Expedited Forwarding) and AF1 (Assured Forwarding) packets travel on single LSP (single label) but are enqueued in different queues (different EXP values)
9090MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 90
DiffServ MPLS QoS Implementation
Enterprise LAN PE
CE
Enterprise LAN
MPLS Core
CE
PE
CE OutFR TSLLQWREDFRF.12cRTP
PE OutLLQWREDP - P
LLQWRED
PE - PLLQWRED
P - PELLQWRED
PE InPoliceMark
Notes:-Traffic Classified by EXP- Core is MPLS Frame-mode- LLQ on MPLS packets- WRED based on EXP- No need for inbound policy in Core-LLQ for Min B/W guarantee-Unmanaged CE example shown
P P
FR LinkFR Link
9191MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 91
Relationship between MPLS TE and MPLS Diff-Serv
• Diff-Serv specified independently of Routing/Path Computation
• MPLS Diff-Serv (RFC3270) specified independently of Routing/Path Computation
• MPLS TE designed as tool to improve backbone efficiency independently of QoS:
MPLS TE compute routes for aggregates across all Classes
MPLS TE performs admission control over “global” bandwidth pool for all Classes (i.e., unaware of bandwidth allocated to each queue)
• MPLS TE and MPLS Diff-Serv: can run simultaneously
can provide their own benefit (ie TE distributes aggregate load, Diff-Serv provides differentiation)
are unaware of each other (TE cannot provide its benefit on a per class basis such as CAC and constraint based routing)
9292MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 92
MPLS TE with Best Effort NetworkFind Route and Set-Up Tunnel for 20 Mb/s (Aggregate) From POP1 to POP4
Find Route and Set-Up Tunnel for
10 Mb/s (Aggregate) From POP2 to POP4
CORE
POP 4
POP
POPPOP
POP 2
POP 1
9393MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 93
CORE
POP 4
POP
POPPOP
POP 2
POP 1
MPLS TE with DiffServ NetworkFind Route and Set-Up Tunnel for20 Mb/s (Aggregate) From POP1 to POP4
Find Route and Set-Up Tunnel for 10 Mb/s (Aggregate) From POP2 to POP4
9494MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 94
DiffServ aware Traffic Engineering (DS-TE)
• DS-TE is more than MPLS TE + MPLS DiffServ
• DS-TE makes MPLS TE aware of DiffServ:
DS-TE establishes separate tunnels for different classes
DS-TE takes into account the “bandwidth” available to each class (e.g. to queue)
DS-TE takes into account separate engineering constraints for each class
e.g. I want to limit Voice traffic to 70% of link max, but I don’t mind having up to 100% of BE traffic.
e.g I want overbook ratio of 1 for voice but 3 for BE
• DS-TE ensures specific QoS level of each DiffServ class is achieved
9595MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 95
DS-TE Configuration ExampleTunnel Midpoint
!class-map match-all PREMIUM match mpls experimental 5!class-map match-all BUSINESS match mpls experimental 3 4 !policy-map OUT-POLICY class GOLD priority 16384 class SILVER bandwidth 65536 random-detect class class-default random-detect! interface POS1/0 ip address 10.150.1.1 255.255.255.0 ip rsvp bandwidth 155000 155000 sub-pool 16384 service-policy output OUT-POLICY mpls traffic-eng tunnels mpls ip!
Data PlaneBandwidth Allocation
Control PlaneBandwidth Allocation
BandwidthAllocation
9696MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 96
CORE
POP 4
POP
POPPOP
POP 1
MPLS DS-TE with DiffServ NetworkFind Route and Set-Up Tunnel for 5 Mb/s of EF From POP1 to POP4
Find Route and Set-Up Tunnel for3 Mb/s of EF From POP2 to POP4
Find Route and Set-Up Tunnel for 15 Mb/s of BEFrom POP1 to POP4
Find Route and Set-Up Tunnel for 7 Mb/s of BE From POP2 to POP4
POP 2
97Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS QoS Applicationsfor Multi-Service
9898MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 98
MPLS QoS Applications for Multi-Service
• MPLS QoS General
MPLS Diffserv
MPLS TE
MPLS FRR (applies to strict QoS)
Diffserv-TE (DS-TE)
Combination = Guaranteed Bandwidth ServicesApplications
Voice Trunking over TE
Virtual Leased Line Services
9999MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 99
Solution 1: Toll Bypass with Voice Network
PE
PBX with
Packet Interfac
e
PBX with Packet
Interface
PSTN – Traditional
TDM Network
Traditional Phone
Traditional Phone
Toll Bypass
QoS on PE Router
Solution Requirements
Mapping Traffic to Tunnels
TE or
DS-TE
QoS on Core Routers
PETE Tunnel
+ + +
FRR Protection of Tunnel
100100MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 100
Solution 2: Toll Bypass with Voice/Data Converged Network
PE
CE
PSTN – Traditional
TDM Network
Enterprise LAN
Enterprise LAN
Toll Bypass
QoS on PE Router
Solution Requirements
Mapping Traffic to Tunnels
TE or
DS-TE
QoS on Core Routers
CE
QoS on CE Router
PETE Tunnel
PBX with Circuit Emulation Interface
+ + + +
FRR Protection of Tunnel
101101MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 101
Solution 3: Virtual Leased Lines – ATM Networks Using AToM
PE
MPLS Backbone
PE
ATM
CPE Router
ATM
CPE Router
ATM Virtual Circuits
Any Transport over MPLS
(AToM) Tunnel
DS-TE TunnelVirtual Leased Line (DS-TE + QoS)
TE Tunnel Selection for AToM Attachment VCs
• Two different requirements for the transport of ATM across an MPLS backbone
Transport of AAL5 encapsulated frames (RFC1483);
Transport of ATM cells (cell relay)
Future QoS Mapping: L2IPEXPFRR Protection of Tunnel
102102MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 102
DS- TE - Standardization - IETF
• Standardization effort initiated by Cisco mid 2000
• Now major work item of TEWG with broad support from SPs & vendors
• DS-TE Requirements: on its way to RFC (IETF Last Call)
draft-ietf-tewg-diff-te-reqts-06.txt
• DS-TE Protocol Extensions: Working Group document
Draft-ietf-tewg-diff-te-proto-02.txt
Consensus on protocol extensions
Selection of Bandwidth Constraints model still under discussion
• Uses the Russian Dolls Bandwidth Constraint Model
103Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
IPv6 over MPLS
(6PE/6VPE)
104104MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 104
MPLS as a Foundation for Services
VPNsVPNs
MPLSMPLS
Traffic Engineering
Traffic Engineering
QoS/TightSLA’s
QoS/TightSLA’s
Network InfrastructureNetwork Infrastructure
GMPLSGMPLSAny
Transport Over MPLS
Any Transport Over MPLS
IPv6over
MPLS
IPv6over
MPLS
6PE6PE
6VPE6VPE
105105MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 105
IPv6 Edge Router (6PE) over MPLS
144.254.0.0
2001:0421::
2001:0420::
P P
PP 6PE
6PE IPv4
IPv6
IPv6
192.76.170.0
134.95.0.0
2001:0621::
IPv46PE
6PEIPv4
IPv6
2001:0620::
IPv6
MP-iBGP sessions
v6
v6
v6
v6
v4
v4
v4
• Many Carriers, large ISP and Mobile SP have invested on MPLS infrastructure
• Core devices may be ATM switches, GSR or other vendor’s routers• Leverages MPLS features, eg. MPLS/VPN, TE, CoS,...
•Multiple implementation’s options to integrate IPv6• IPv6 on CE, IPv6 over AToM, IPv6 Edge router (6PE),IPv6 on CE, IPv6 over AToM, IPv6 Edge router (6PE), native IPv6 MPLS• 6PE allows the SP to offer IPv6 at lower cost and risk
OC48/192
106106MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 106
P
P
P
PV6 and v4
v4
V6 and V4
v4
V6 and v4MP-iBGP sessions
CE
CE
6VPE
6VPE 6VPE
6VPE 192.254.10.02001:0421::
2001:0420::
192.76.10.0
145.95.0.0
2001:0621::
2001:0620::
CE
IPv6 VPN Provider Edge Router: 6VPE
IPv4MPLS
V6 and v4
145.96.0.0
Dual Stack IPv4-IPv6 routersDual Stack IPv4-IPv6 routersDual Stack IPv4-IPv6 routersDual Stack IPv4-IPv6 routers
• For VPN customers (RFC 2547bis), IPv6 VPN service is exactly the same as IPv4 VPN service
• IPv6 packets transported from 6VPE to 6VPE inside IPv4 LSP’s (IPv4 Core)
• For ISP offering MPLS/VPN for IPv4 that wish to add IPv6 services as well
- No modification on the MPLS core
- Support both IPv4 and IPv6 VPN’s concurrently on the same interfaces
- Configuration and operations of IPv6 VPN’s exactly like IPv4 VPN’s
107107MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 107
Generalized MPLS (GMPLS)
• Reduces the multiple layers into a single, integrated, control layer
• Extends MPLS control plane to address optical layer constraints and attributes
• Leverages IP layer management simplicity and distributed intelligence
• Provides sophisticated traffic engineering capabilities for resource management and control
108108MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 108
UCP GMPLS Phase 4Integrated IP+Optical Intelligence
IP+Optical
• GMPLS-Based Standard NNI
• Single MPLS and GMPLS IP+Optical Control Plane
• Concurrent Peer and UNI Overlay Operation
• Topology Visibility for Coordinated Routing and Restoration
• Advanced Smart BW Services
ClientMetro
Multi-ServiceOTN
MetroMulti-Service
OTN
Router Router
UNI
NNI NNI
NNINNI
Management Plane
GMPLS Enabled Control Plane
109109MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 109
Summary
• MPLS is much more than label switching
• MPLS allows an IP infrastructure to be “Service Enabled”
• Allows the SP/Enterprise to offer multiple Services across a single infrastructure
• AToM allows layer-2 transport across an MPLS infrastructure
• Combining TE, TE-FRR, and DS-TE, allows very tight SLA’s offerings with high-availability for low-latency applications (e.g. Voice and Virtual Leased Line)
• MPLS Services will continue to evolve and allow the integration of more Services across a single infrastructure
110Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
MPLS Further Reading
111111MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 111
Further Reading - Books
• BooksMPLS: Technology and Applications by Bruce S. Davie, Yakov Rekhter ISBN: 1558606564
Traffic Engineering with MPLS by Eric Osborne, Ajay Simha ISBN: 1587050315
MPLS and VPN Architectures, Volume I by Ivan Pepelnjak, Jim Guichard ISBN: 1587050811
MPLS and VPN Architectures, Volume II by Ivan Pepelnjak, Jim Guichard, Jeff Apcar ISBN: 1587051125
Advanced MPLS Design and Implementation by Vivek Alwayn ISBN: 158705020X
112112MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 112
MPLS Links
Link to MPLS Home Page (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/
MPLS Technical Documents (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml
Link to Tunnel Builder Home Page:
http://www.cisco.com/warp/public/732/Tech/mpls/tb/
Link to MPLS Working Group Page (IETF):
http://www.ietf.org/html.charters/mpls-charter.html
113113MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 113
Select MPLS RFCs
Requirements for Traffic Engineering over MPLS (RFC 2702)
Multiprotocol Label Switching Architecture (RFC 3031)
MPLS Label Stack Encoding (RFC 3032)
MPLS using LDP and ATM VC Switching (RFC 3035)
LDP Specification (RFC 3036)
Carrying Label Information in BGP-4 (RFC 3107)
RSVP-TE: Extensions to RSVP for LSP Tunnels (RFC 3209)
MPLS Support of Differentiated Services (RFC 3270)
MPLS/BGP VPNs (RFC 2547 – Informational, de facto standard)
All but the first have one or more Cisco co-authors
114114MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 114
MPLS Links
Link to MPLS Home Page (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/
MPLS Technical Documents (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml
Link to Tunnel Builder Home Page:
http://www.cisco.com/warp/public/732/Tech/mpls/tb/
Link to MPLS Working Group Page (IETF):
http://www.ietf.org/html.charters/mpls-charter.html
115115MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 115115115115© 2001, Cisco Systems, Inc. All rights reserved.Presentation_ID
116Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved.
Backup Slides
117117MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 117
Terminology, 1/2
• RR—Route ReflectorA router (usually not involved in packet forwarding) that distributes BGP routes within a provider’s network
• PE—Provider Edge routerThe interface between the customer and the MPLS-VPN network; only PEs (and maybe RRs) know anything about MPLS-VPN routes
• P—Provider routerA router in the core of the MPLS-VPN network, speaks LDP/RSVP but not VPNv4
• CE—Customer Edge routerThe customer router which connects to the PE; does not know anything about labels, only IP (most of the time)
• LDP—Label Distribution ProtocolDistributes labels with a provider’s network that mirror the IGP, one way to get from one PE to another
• LSP—Label Switched PathThe chain of labels that are swapped at each hop to get from one PE to another
118118MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 118
Terminology, 2/2
• VPN—Virtual Private Network
A network deployed on top of another network, where the two networks are separate and never communicate
• VRF—Virtual Routing and Forwarding instance
Mechanism in IOS used to build per-interface RIB and FIB
• VPNv4
Address family used in BGP to carry MPLS-VPN routes
• RD
Route Distinguisher, used to uniquely identify the same network/mask from different VRFs (i.e., 10.0.0.0/8 from VPN A and 10.0.0.0/8 from VPN B)
• RT
Route Target, used to control import and export policies, to build arbitrary VPN topologies for customers