MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer [email protected].
-
Upload
dinah-willis -
Category
Documents
-
view
222 -
download
2
Transcript of MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer [email protected].
MPLS-VPN/BGP Approach
Hari Rakotoranto
Technical Marketing [email protected]
MPLS-VPN/BGP Approach
Hari Rakotoranto
Technical Marketing [email protected]
Agenda
MPLS Business PerspectiveVPN ConceptMPLS VPN
Agenda
MPLS Business PerspectiveVPN ConceptMPLS VPN
Virtual Private Networking:A $24B Opportunity
Virtual Private Networking:A $24B Opportunity
35%
6% 5%
54%
ATM/FR Managed Svcs
IP VPNs Unrealized
1998 1998 VPN Service DistributionVPN Service Distribution
0
5
10
15
20
25
1998 2001 2004
ATM/FR Managed Svcs IP VPNs Total
WW VPN Service Revenues ($B)WW VPN Service Revenues ($B)
Source: CIMI Corp.
Barriers?Barriers? VPNsVPNs Opportunity Opportunity
Business PerspectiveBusiness Perspective
Businesses are building on IPBusinesses are building on IP Businesses need Businesses need privateprivateIP servicesIP services
CustomersSuppliersPartners
TelecommutersMobile Users
RemoteOffices
IP Intranet IP Extranet
Agenda
MPLS Business PerspectiveVPN ConceptMPLS VPN
Agenda
MPLS Business PerspectiveVPN ConceptMPLS VPN
Virtual Private Networks
Virtual Private Networks
ConceptsConcepts
6© 2000, Cisco Systems, Inc.NW’00 Paris
Virtual Private NetworksVirtual Private Networks
• A network infrastructure delivering private network services over a public infrastructure
Certainly not a new concept
Service Provider Network
Provider Edge (PE) device
Provider Edge (PE) device
VPN Site VPN Site
VPN - Overlay ModelVPN - Overlay Model
CPE (CE) Device
CPE (CE) Device
Virtual Circuit
Layer-3 Routing Adjacency
VPN - Overlay ModelVPN - Overlay Model
• Private trunks across a telco/SP shared infrastructure
leased/dialup lines
FR/ATM virtual circuits
IP(GRE) tunnelling
• Point-to-point solution between customer sites
how to size inter-site circuit capacities ?full mesh requirement for optimal routingCPE routing adjacencies between sites
Service Provider Network
Provider Edge (PE) Router
Provider Edge (PE) Router
VPN Site VPN Site
CPE (CE) Router
CPE (CE) Router
Layer-3 Routing Adjacency
VPN - Peer-to-Peer ModelVPN - Peer-to-Peer Model
VPN - Peer-to-Peer ModelVPN - Peer-to-Peer Model
• Provider edge (PE) device exchanges routing information with CPE
all customer routes carried within SP IGP
simple routing scheme for VPN customer
routing between sites is optimal
circuit sizing no longer an issue
• Private addressing is not an option
• Addition of new site is simpler
no overlay mesh to contend with
The Solution: MPLSThe Solution: MPLS
• A new paradigm that delivers the best of both worlds:
PPrivacyrivacy of ATM, Frame Relay of ATM, Frame Relayflexibilityflexibility and and scalabilityscalability of IP of IP
• Foundation for IP business servicesIP business servicesflexible grouping of users and value-added
services• Low cost managed IP servicesLow cost managed IP services
scales to large and small private networks• Based on RFC2547bis.
Agenda
MPLS Business PerspectiveVPN ConceptMPLS VPN
Agenda
MPLS Business PerspectiveVPN ConceptMPLS VPN
P Router
MPLS/VPN Backbone
VPN A VPN A
VPN A
SITE-2SITE-2
VPN A
Site-1 routes Site-2 routes Site-3 routes Site-4 routes
MP-iBGP
Basic Intranet ModelBasic Intranet Model
Site-3 & Site-4 routes RT=VPN-A
Site-1 & Site-2 routes RT=VPN-A
Site-1 routes Site-2 routes Site-3 routes Site-4 routes
SITE-1SITE-1 SITE-3SITE-3
SITE-4SITE-4
MPLS VPN mechanismsVRF and Multiple Routing Instances
Site-1 Site-2 Site-3 Site-4
Logical view
Routing view
VRFfor site-1
Site-1 routesSite-2 routes
VRFfor site-4
Site-3 routesSite-4 routes
VRFfor site-2
Site-1 routesSite-2 routesSite-3 routes
VRFfor site-3
Site-2 routesSite-3 routesSite-4 routes
Site-1
Site-3
Site-4
Site-2
VPN-A
VPN-C
VPN-B
PE PE
PP
Multihop MP-iBGP
MPLS VPN Connection ModelMPLS VPN Connection Model
PE-1
VPN Backbone IGP
PE-2
P P
P P
PE routers receive IPv4 updates (EBGP, RIPv2, OSPF, Static)
PE routers translate into VPN-IPv4Assign a SOO and RT based on configurationRe-write Next-Hop attributeAssign a label based on VRF and/or interfaceSend MP-iBGP update to all PE neighbors
BGP,RIPv2 update for Net1,Next-Hop=CE-1
VPN-IPv4 update:RD:Net1, Next-hop=PE-1SOO=Site1, RT=Green, Label=(intCE1)
CE-1
Site-2
VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to CE-2
Site-1
CE-2
MPLS VPN Connection ModelMPLS VPN Connection Model
Receiving PEs translate to IPv4
Insert the route into the VRF identified by the RT attribute (based on PE configuration)
The label associated to the VPN-IPv4 address will be set on packet forwarded towards the destination
PE-1
VPN Backbone IGP
PE-2
P P
P PBGP,RIPv2 update for Net1,Next-Hop=CE-1
VPN-IPv4 update:RD:Net1, Next-hop=PE-1SOO=Site1, RT=Green, Label=(intCE1)
CE-1
Site-2
VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to CE-2
Site-1
CE-2
P routerP router
In Label FEC Out Label
- 197.26.15.1/32 -
In Label FEC Out Label
41 197.26.15.1/32 POP
In Label FEC Out Label
- 197.26.15.1/32 41
MPLS/VPN Packet ForwardingMPLS/VPN Packet Forwarding
Paris
Use label implicit-null for destination 197.26.15.1/32
Use label 41 for destination 197.26.15.0/24
VPN-v4 update:RD:1:27:149.27.2.0/24, NH=197.26.15.1SOO=Paris, RT=VPN-A, Label=(28)
PE-1
London
• PE and P routers have BGP next-hop reachability through the backbone IGP
• Labels are distributed through LDP corresponding to BGP Next-Hops
or RSVP with Traffic Engineering
149.27.2.0/24
In Label FEC Out Label
- 197.26.15.1/32 41
MPLS/VPN Packet ForwardingMPLS/VPN Packet Forwarding
Paris
149.27.2.27
PE-1
London149.27.2.0/24
• Ingress PE receives normal IP packets
• PE router performs IP Longest Match from VPN FIB, finds iBGP next-hop and imposes a stack of labels <IGP, VPN>
149.27.2.272841
VPN-A VRF149.27.2.0/24,
NH=197.26.15.1Label=(28)
In Label FEC Out Label
41 197.26.15.1/32 POP
MPLS/VPN Packet ForwardingMPLS/VPN Packet Forwarding
Paris
149.27.2.27
PE-1
London149.27.2.0/24
149.27.2.272841
VPN-A VRF149.27.2.0/24,
NH=197.26.15.1Label=(28)
149.27.2.2728
In Label FEC Out Label
28(V) 149.27.2.0/24 -
VPN-A VRF149.27.2.0/24,
NH=Paris
149.27.2.27
• Penultimate PE router removes the IGP label
Penultimate Hop Popping procedures (implicit-null label)
• Egress PE router uses the VPN label to select which VPN/CE to forward the packet to
• VPN label is removed and the packet is routed toward the VPN site