Mpls VPN Carrier Supporting Carrieripv4 Bgp Label Distribution 3875
eSight V300R001C10 BGP/MPLS VPN Technical White · PDF fileeSight V300R001C10 BGP/MPLS VPN...
Transcript of eSight V300R001C10 BGP/MPLS VPN Technical White · PDF fileeSight V300R001C10 BGP/MPLS VPN...
eSight V300R001C10
BGP/MPLS VPN Technical White Paper
Issue 01
Date 2013-12-10
HUAWEI TECHNOLOGIES CO., LTD.
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
i
Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and
the customer. All or part of the products, services and features described in this document may not be
within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,
information, and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://enterprise.huawei.com
eSight
BGP/MPLS VPN Technical White Paper About This Document
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
ii
About This Document
Purpose
This document describes the eSight BGP/MPLS VPN solution to help users learn about its
key capabilities, application scenarios, and usage.
Intended Audience
This document is intended for:
Technical support personnel
Maintenance personnel
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
Indicates an imminently hazardous situation which, if not
avoided, will result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in death or serious injury.
Indicates a potentially hazardous situation which, if not
avoided, may result in minor or moderate injury.
Indicates a potentially hazardous situation which, if not
avoided, could result in equipment damage, data loss,
performance deterioration, or unanticipated results.
NOTICE is used to address practices not related to personal
injury.
Calls attention to important information, best practices and
tips.
NOTE is used to address information not related to personal
injury, equipment damage, and environment deterioration.
eSight
BGP/MPLS VPN Technical White Paper About This Document
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iii
Change History
Changes between document issues are cumulative. The latest document issue contains all the
changes made in earlier issues.
Issue 01 (2013-12-10)
This issue is the first official release.
eSight
BGP/MPLS VPN Technical White Paper Contents
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
iv
Contents
About This Document .................................................................................................................... ii
1 Executive Summary ...................................................................................................................... 1
2 Introduction.................................................................................................................................... 2
3 Solution ........................................................................................................................................... 3
3.1 Overview .......................................................................................................................................................... 3
3.2 Implementation ................................................................................................................................................ 5
3.2.1 Automatic Discovery............................................................................................................................... 5
3.2.2 Quick Diagnosis ...................................................................................................................................... 6
3.2.3 Service Enabling and Disabling .............................................................................................................. 6
3.2.4 SLA ......................................................................................................................................................... 7
3.3 Function Constraints ........................................................................................................................................ 8
3.3.1 Applicable Device Types ......................................................................................................................... 8
3.4 Typical Applications ....................................................................................................................................... 10
3.4.1 Automatic Discovery............................................................................................................................. 10
3.4.2 Alarm Monitoring and Operating Status Monitoring ............................................................................ 10
3.4.3 Service Enabling and Disabling ............................................................................................................ 12
3.4.4 Quick Diagnosis .................................................................................................................................... 12
4 Conclusion .................................................................................................................................... 15
5 Acronyms and Abbreviations ................................................................................................... 16
eSight
BGP/MPLS VPN Technical White Paper 1 Executive Summary
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
1
1 Executive Summary
BGP/MPLS VPN is a Layer 3 virtual private network (L3VPN). It uses Border Gateway
Protocol (BGP) to advertise VPN routes and uses Multiprotocol Label Switching (MPLS) to
forward VPN packets on backbone networks of service providers (SPs).
MPLS seamlessly integrates the flexibility of IP routing and simplicity of Asynchronous
Transfer Mode (ATM) label switching. A connection-oriented control plane is added to an
MPLS IP network, which enriches the means of managing and operating the network. On IP
networks, MPLS traffic engineering (TE) has become an important tool in managing network
traffic, reducing network congestion, and ensuring Quality of Service (QoS).
Using MPLS-based IP networks as backbone networks becomes an important means for IP
network carriers to provide value-added services and is widely used by enterprises.
In the enterprise network market, enterprises can lease backbone networks from carriers to
bear services or construct VPNs to bear services. Enterprises that lease backbone networks
from carriers must ensure that the network quality provided by carriers can meet their service
requirements. Enterprises that construct VPNs must perform end-to-end (E2E) monitoring on
the entire network to ensure the proper running of services.
eSight BGP/MPLS VPN monitors VPN services from multiple aspects to help users locate
and rectify faults promptly. This ensures proper running of services, improves operation and
maintenance efficiency, and reduces operation and maintenance costs.
eSight BGP/MPLS VPN provides the following functions to monitor services: automatic
service discovery, service alarm generating, and monitoring of service performance, service
operating status, service enabling status, and service SLA data.
eSight
BGP/MPLS VPN Technical White Paper 2 Introduction
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2
2 Introduction
eSight BGP/MPLS VPN helps users locate faults promptly on L3VPN networks that have the
following features:
Complex network structure
Devices located in multiple regions
Various services running on an L3VPN network
Complex configuration of routing protocols
Differentiated skills of maintenance personnel
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3
3 Solution
3.1 Overview
Figure 3-1 shows the VPN service monitoring process.
Figure 3-1 VPN service monitoring process
The VPN service monitoring process is as follows:
1. A user deploys services on a network using the command-line interface (CLI) or smart
configuration tool.
2. eSight discovers deployed services from the network.
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4
3. eSight monitors service alarms, operating status, performance, SLA data, link status, and
VPN routing and forwarding (VRF) status.
4. A user uses the quick diagnosis function to locate faults when a service is faulty.
Using the Smart Configuration Tool to Deploy Services
On an enterprise network, the L3VPN service deployment involves delivery of a large amount
of data to provider edges (PEs) and customer edges (CEs), most of which have the same
configuration. Therefore, eSight provides the smart configuration tool to deploy services in
batches.
Figure 3-2 shows the process of using the smart configuration tool to deploy services.
Figure 3-2 Process of using the smart configuration tool to deploy services
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
5
The process of using the smart configuration tool to deploy services is as follows:
Step 1 Configure network resource information.
Set the following service information based on a service plan: device IP addresses, interface
IP addresses, VRF resource information (such as services that a VRF bears, VRF name, VRF
RD, VRF RT, and VRF routing policy), routing information (public routes and private routes),
and MPLS information.
Step 2 Create a network plan sheet.
Create a network plan sheet based on the supported device types and commands to deploy.
Step 3 Set the network device parameters in the plan sheet to planned values specified in Step 1.
Step 4 Import the plan sheet to eSight.
Step 5 (Optional) Send the plan sheet to devices and verify the CLI parameter values.
Step 6 Send the plan sheet with configured CLI parameters to devices to complete service
deployment.
----End
3.2 Implementation
3.2.1 Automatic Discovery
eSight provides the following automatic discovery modes:
Discover by VRF connectivity
eSight checks whether the import RT of the VRF on a PE is the same as the export RT of
the VRF on another PE. If the import RT and the export RT are the same, eSight checks
whether the two PEs have the peer relationship. If the two PEs have the peer relationship,
eSight discovers the service between them.
Discover by VRF name
eSight checks whether the VRF names on two PEs are the same. If the VRF names are
the same and the two PEs have the BGP peer relationship, eSight discovers the service
between the two PEs.
If private routes are established between PEs and CEs using Open Shortest Path First (OSPF),
Intermediate System-Intermediate System (ISIS), or external BGP (EBGP), eSight can
automatically discover services between the PEs and CEs, reducing the CE maintenance
workload.
When devices from mainstream manufacturers such as Cisco and H3C are used as PEs in
VPN services, eSight can automatically discover services deployed on the PEs based on the
VRF information and BGP peer relationship.
On the L3VPN service automatic discovery page, users can set the discovery scope and
discovery policy to discover services from devices.
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
6
Figure 3-3 L3VPN service automatic discovery page
3.2.2 Quick Diagnosis
The quick diagnosis function allows users to locate faults at different network layers. When a
service is faulty, a user can locate faults at the PE-CE access layer, PE-PE L3 link layer, and
PE-PE LSP bearing layer in sequence. For details, see Quick Diagnosis.
3.2.3 Service Enabling and Disabling
When a service is enabled, it is activated. When a service is disabled, it is deactivated. Service
enabling status is indicated by the management status of bound VRF interfaces. If the current
bound VRF interface is disabled, the corresponding PE-CE link is disabled. If all the bound
VRF interfaces of the current service are disabled, the service is disabled.
Users can enable or disable services to control service availability.
Users can also enable or disable a service interface to control the CE connection to a VPN
service.
In the Hub-Spoke network shown in Figure 3-4, users can enable or disable VRF interfaces
enclosed in red boxes to control the CE connection to the VPN network.
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7
Figure 3-4 Hub-Spoke network
3.2.4 SLA
After discovering a VPN service, eSight creates an ICMP ping-based SLA task for PE-PE and
PE-CE links by default. Users then can monitor the SLA compliance for the PE-PE and
PE-CE links. For details, see the eSight V200R003C01 SLA Technical White Paper.
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
8
Figure 3-5 L3VPN SLA
3.3 Function Constraints
3.3.1 Applicable Device Types
Device Device Type Device Version
Router NE20 V2R5C01, V2R5C02, V2R5C03, and V2R5C05
NE20E series V200R003C00, V200R003C01, V200R005C00,
V200R005C01, V200R005C02, V200R005C03,
V200R005C05, 600R003C00, V600R001C00,
V600R003C05, and V600R005C00
NE40 series V300R002C00, V300R002C01, V300R003C00,
V300R003C01, V300R003C02, V300R005C00,
V300R005C01, and V600R001C00
NE40E series V300R001C00, V300R002C00, V300R003C00,
V300R003C01, V300R003C02, V300R006C00,
V300R006C01, V600R001C00, V600R001C01,
V600R002C00, V600R002C05, V600R003C00,
V600R003C01, V600R003C02, V600R003C03,
V600R003C05, and V600R005C00
NE80 series V300R002C00, V300R002C01, V300R003C00,
V300R003C01, V300R003C02, V300R005C00, and
V300R005C01
NE80E series V1R2C00, V3R1C00, V3R2C00, V3R3C00, V3R3C01,
V3R3C02, V3R6C00, V3R6C01, V6R1C00, V6R1C01,
V600R002C00, V600R002C01, V600R002C02,
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
9
Device Device Type Device Version
V600R003C00 , and V600R003C01
Switch S33 and S37 series V1R3C00, V1R3C01, V1R5C00, V1R5C01, V1R6C00, and
V1R6C01
S53 and S57 series V1R3C00,V1R3C01, V1R5C00, V1R5C01, V1R6C00,
V1R6C01, and V2R1C00
S63 and S67 series V1R6C00, V1R6C01, V2R1C00, V200R001C01, and
V200R002C00
S77 and S93 series V1R3C00, V1R3C01, V1R6C00, V1R6C01, V2R1C00, and
V200R002C00
AR AR150, AR200, AR1200,
AR2200, and AR3200
series
V2R1C00, V2R1C01, V2R2C00, V2R2C01, V2R2C02,
V2R3C00, V2R3C01, and V2R2C01
Router(Cisco) 7600 and 1000 series
Router(H3C) SR6600,SR8800,AR28,AR
29-1,AR46,AR49,
S7502E,S7503E and
S7608-X
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
10
3.4 Typical Applications
3.4.1 Automatic Discovery
eSight discovers deployed services from a network in either of the following modes:
discovery by VRF connectivity and discovery by VRF name.
A user sets the discovery policy and device scope (including PEs and CEs), and
clicks . eSight then discovers services automatically. The service automatic
discovery process is as follows:
1. Synchronize device configuration.
eSight synchronizes VPN service–related information with devices.
2. Discover services.
eSight discovers services based on the discovery policy and synchronized device
configuration. Services are classified into the following categories based on the
discovery result: modified service (including PE-CE link change, PE-PE link change,
and VRF information change), new service, and deleted service (eSight deletes services
that no longer exist on devices.)
Figure 3-6 Service automatic discovery page
3.4.2 Alarm Monitoring and Operating Status Monitoring
Users can view the highest alarm severity of the current service in the service list or service
topology, and view devices that generate alarms and PE-CE link status in the service
topology.
Users can also access the Current Alarms page from the service list and view the alarm
details of the current service.
In service details, users can view the PE-CE link operating status and enabling status, link
faults, and service availability on current links.
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
11
Figure 3-7 Service list
Figure 3-8 Service topology
Figure 3-9 Alarm list
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
12
Figure 3-10 PE-CE link status and VRF status
3.4.3 Service Enabling and Disabling
Users can enable or disable services to control service availability. For example, users must
disable non-key services on an emergency network when only key services are allowed at
emergency moments and enable non-key services at non-emergency moments.
Users can also enable or disable a PE-CE link to control the CE connection to a VPN
network.
Figure 3-11 Service enabling and disabling
3.4.4 Quick Diagnosis
Quick diagnosis provides multiple diagnosis tools to help users locate service faults at
different network layers.
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
13
For example, enterprise A has many offices that communicate with each other through
L3VPN. In Figure 3-12, a VPN is established between PE1 and PE2. CE1 and CE2 are added
to the VPN. CE1 and CE2 cannot communicate with each other. The fault must be located on
the VPN.
Figure 3-12 Example of an MPLS VPN network
Figure 3-13 shows the fault diagnosis process, where Yes indicates that the test result is
connected and No indicates that the test result is disconnected.
Figure 3-13 Fault diagnosis process
eSight
BGP/MPLS VPN Technical White Paper 3 Solution
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
14
Step 2 Locate faults at each network layer of the L3VPN service and determine the network layer
where the faults have occurred.
1. At the L3VPN service layer, use ICMP ping or VRF ping to test the access controller
(AC) link between PE1 and CE1 and the AC link between PE2 and CE2.
− If the AC link test fails, view the port configuration at both ends of the AC link and
locate faults from port configuration.
− If the AC link test is successful, use ICMP ping or VRF ping to test the backbone link
between PE1 and PE2. If the backbone link test fails, test the LSP tunnel between
PE1 and PE2.
2. Use LSP ping to test the LSP tunnel between PE1 and PE2.
− If the LSP ping test is successful, the LSP tunnel functions properly at the bearer
network, and the fault has occurred at the L3VPN service layer.
− If the LSP ping test fails, test the public routes.
Step 3 Use a proper trace tool to locate the faulty device by network segment.
Use a trace route tool (ICMP Traceroute, VRF Traceroute, or LSP Traceroute, depending on
the service layer) to detect the link path between PE1 and PE2 at the faulty network layer.
If the actual link path is detected, compare it with the correct service transmission path to
locate the faulty device. Then view the device configuration to locate the fault.
If the actual link path cannot be detected due to route convergence, locate the faulty
device by link segment.
If the fault cannot be located, contact Huawei technical support.
eSight
BGP/MPLS VPN Technical White Paper 4 Conclusion
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
15
4 Conclusion
eSight BGP/MPLS VPN monitors VPN services from the aspects of alarm, performance, and
SLA, and provides the quick diagnosis function to help users locate and rectify faults
promptly.
eSight
BGP/MPLS VPN Technical White Paper 5 Acronyms and Abbreviations
Issue 01 (2013-12-10) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
16
5 Acronyms and Abbreviations
Acronym/Abbreviation Full Name
BGP Border Gateway Protocol
CE Customer edge
MP-BGP Multiprotocol extensions for BGP-4
MPLS Multiprotocol Label Switching
P Provider
PE Provider edge
SLA Service level agreement
VPN Virtual private network
VRF VPN routing and forwarding