Sanog16 Mpls Transport Santanu

Introduction to MPLS Technologies
Santanu Dasgupta
2006 Cisco Systems, Inc. All rights reserved.
Why MPLS?
What Is MPLS?
! Multi Protocol Label Switching is a technology for delivery of IP services ! MPLS technology switches packets (IP packets, AAL5 frames) instead of routing packets to transport the data ! MPLS packets can run on other Layer 2 technologies such as ATM, FR, PPP, POS, Ethernet ! Other Layer 2 technologies can be run over an MPLS network
Evolution of MPLS
TDP Labels imp/dis/swap LDP Label Imposition LDP Label Swapping LDP Label Disposition
!! It has evolved a long way from the original goal

BGP MPLS VPNs (RFC 2547) VRF Static Labels
TE IS-IS Extensions TE OSPF Extensions TE RSVP Extensions TE Autoroute Calculation
TE RSVP Integrity TE RSVP Refresh Reduction TE RSVP Reliable Messages TE RSVP Message Authentication TE RSVP Hello State timeout TE MIB
!! From tag switching

MPLS VPNs Inter-AS VPN ID
PE-CE RIP, OSPF, STATIC, eBGP, ISIS MPLS VPNs Carrier Supporting Carrier
Int. Peering for CSC & I-AS Load balancing BGP VPN over IP (Biscuit) EIGRP Limit #sredistributed routes VRF Aware HSRP VRF Aware GLBP
LDP inbound label filters
VRF Aware Static Labels Static Label (LDP) Static Cross Connect
!! Proposed in IETFlater combined with other proposals from IBM (ARIS), Toshiba (CSR)
TE Node Exclusion List Support TE AutoBandwidth TE AutoBandwidth MPLS VPNs BGP Label Distribution (RFC 3107) MPLS VPNs BGP+LABEL for InterAS & CSC OSPF Sham Link
MPLS Group LDP Auto-enable VRF Lite Formally Chartered LDP Session Protection PE-CE EIGRP by IETF LDP-IGP Sync VRF Select Cisco Calls a LDP inbound label filters BOF at IETF to VRF Aware Static Labels Static Label (LDP) Standardize MD5 TagMPLS Switching
MPLS MD5 Global/Group Config LSP Ping/Traceroute V9 IP SLA Support for LSP Ping/ Traceroute v9 LDP FECs LDP Graceful Restart iBGP & eiBGP Multipath
Cisco Ships iBGP Multipath for CSC & Inter-AS MPLS (Tag Multihop -eBGP support for Inter-AS RT-rewrite at ASBR Switching)
VRF Fall Back Half-duplex VRFs EXP NULL Support with BGP 3 label loadbalance fix CSC/IAS Multipath Interface Peering OSPF Process Limit removal PE Overload Protection
Large Scale MPLS VPN VRF Aware NAT TE Forwarding Adjacency Support Deployment Deployed VRF Aware ODAP TE Overload Avoidance Support AToM Cisco Ships IPv6 Support with MPLS VPNs (6PE) TE Configurable Tunnel Path Calculation MPLS TE VRF Aware AAA TE over ATM PVC Mode
VRF Aware DHCP Relay TE InterArea TE Support VRF Aware IS-IS VRF Aware TFTP VRF Aware Syslog VRF Aware TACACS VRF Aware Firewalls VRF Aware IPSec VRF Aware Bootp Multicast VPNs-Intranet VRF aware Dialer Watch VRF specific static ARP TE over ATM LC-ATM mode
VRF Aware VRRP
VPN MIB MPLS LSR MIB MPLS TE SNMP Notification TE FRR MIB TE MIB VPN MIB
TE TE Verbatim Support Deployed TE AutoTunnel Mesh groups -ACLs

TE LSP Attributes TE AutoTunnel Mesh Group-OSPF TE Link Protection TE Node Protection Path Protection SRLG-ISIS SRLG-OSPF
Layer MPLS 2 LSR MIB Interprovider MPLS TE SNMP Notification Interworking Capabilities
TE FRR MIB
Bandwidth VCCV verifications MPLS OAM Protection

Ethernet OAM UCP O-UNI O-Te
VRF aware Ping/Traceroute
1996
1997
BGP Support for EIGRP PE-CE SOO for EIGRP 2547 over IP (L2TPv3)
1998
1999
Static Route for VRF VRF aware SNMP
2000 Time
2001
Inter-AS TE
Static, Policy and Autoroute mapping AToM/CBTS/QoS based routing on to TE
2002
2003
2004+
VRF aware IP SLA
Evolution of MPLS
TDP Labels imp/dis/swap LDP Label Imposition LDP Label Swapping LDP Label Disposition
!! Has been continuously evolving

BGP MPLS VPNs (RFC 2547) VRF Static Labels PE-CE RIP, OSPF, STATIC, eBGP, ISIS MPLS VPNs Carrier Supporting Carrier MPLS VPNs Inter-AS VPN ID Int. Peering for CSC & I-AS Load balancing BGP VPN over IP (Biscuit) EIGRP Limit #sredistributed routes VRF Aware HSRP VRF Aware GLBP VRF Aware VRRP VRF Aware DHCP Relay
TE IS-IS Extensions TE OSPF Extensions TE RSVP Extensions TE Autoroute Calculation TE Node Exclusion List Support TE AutoBandwidth TE AutoBandwidth TE InterArea TE Support
TE RSVP Integrity TE RSVP Refresh Reduction
!! Multiple working groups at IETF are still focusing on more advancements

TE RSVP Reliable Messages TE RSVP Message Authentication TE RSVP Hello State timeout TE MIB VPN MIB
LDP inbound label filters
!! Huge deployment across the world

MPLS VPNs BGP Label Distribution (RFC 3107) MPLS VPNs BGP+LABEL for InterAS & CSC OSPF Sham Link VRF Lite Arrival of BFD PE-CE EIGRP VRF Select iBGP & eiBGP Multipath
VRF Aware Static Labels Static Label (LDP) Static Cross Connect LDP Auto-enable
LDP Session Protection LDP-IGP Sync
TDM PW VRF Aware NAT Mobile Backhaul VRF Aware ODAP

IPv6 Support with MPLS VPNs (6PE) VRF Aware AAA VRF Aware IS-IS VRF Aware TFTP VRF Aware Syslog VRF Aware TACACS VRF Aware Firewalls VRF Aware IPSec VRF Aware Bootp Multicast VPNs-Intranet VRF aware Dialer Watch VRF specific static ARP Static Route for VRF VRF aware SNMP VRF aware IP SLA
MPLS LSR MIB More advanced TE Forwarding Adjacency Support MPLS TE SNMP Notification PW concepts TE FRR MIB TE Overload Avoidance Support
GMPLS TE Configurable Tunnel Path Calculation

TE over ATM PVC Mode TE over ATM LC-ATM mode
TE MIB VPN MIB
VPLS & HLDP inbound label filters VPLS Evolved VRF Aware Static Labels Label (LDP) (L2 Static MP MPLS MD5 Service)
MPLS MD5 Global/Group Config LSP Ping/Traceroute V9 IP SLA Support for LSP Ping/ Traceroute v9 LDP FECs
LDP Graceful Restart
Path iBGP Multipath for CSC & Inter-AS Computation Multihop -eBGP support for Inter-AS RT-rewrite at ASBR Element
VRF Fall Back Half-duplex VRFs EXP NULL Support with BGP 3 label loadbalance fix CSC/IAS Multipath Interface Peering OSPF Process Limit removal PE Overload Protection BGP Support for EIGRP PE-CE SOO for EIGRP 2547 over IP (L2TPv3)
MPLS P2MP Traffic Transport Advanced TE LSP Attributes MPLS TE SNMP Notification Engineering Profile MPLS TE Verbatim Support TE FRR MIB (MPLS-TP) & Label TE AutoTunnel Mesh groups -ACLs VRF aware Ping/Traceroute OAM Switched TE AutoTunnel Mesh Group-OSPF VCCV verifications Multicast
MPLS LSR MIB TE Link Protection Ethernet OAM UCP O-UNI O-Te TE Node Protection Path Protection SRLG-ISIS SRLG-OSPF Inter-AS TE Static, Policy and Autoroute mapping AToM/CBTS/QoS based routing on to TE
2005-2010 Time
MPLS as a Foundation for Value-Added Services
Provider Traffic Provisioned Engineering VPNs
IP+ATM
IP+Optical GMPLS
Any Transport over MPLS
MPLS
Network Infrastructure
Technology Basics
MPLS Components
Few Components Play Role in Creating MPLS Network:
! IGP: Core Routing Protocol ! MPLS Label ! Encapsulation of MPLS label ! Forwarding Equivalence Class ! Label Distribution Protocol ! MPLS Applications related protocols: MP-BGP, RSVPetc.
MPLS Network Overview

1. At Ingress Edge:
Label imposition Classify & Label packets PE P
MPLS Core and Edge, Remote Customer Sites

2. In the Core:
Label swapping or switching Forward using labels (not IP addr). Label indicates service class and destination PE P Edge Label Switch Router OR (ATM Switch/ Router) Provider Edge- PE PE Customer A Customer B
3. At Egress Edge:
Label disposition Remove labels and forward packets
PE
Label Switch Router (LSR) or P (Provider) router Router OR ATM switch + label switch controller
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label 20bits
COS S
TTL-8bits
COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

2006 Cisco Systems, Inc. All rights reserved. 9
MPLS Components Encapsulations

PPP Header (Packet over SONET/SDH)
PPP Header Label Layer 2/L3 Packet
One or More Labels Appended to the Packet
LAN MAC Label Header
MAC Header
Label
Layer 2/L3 Packet
ATM MPLS Cell Header
GFC VPI
VCI
PTI
CLP
HEC DATA
Label
10
MPLS Components Forwarding Equivalence Class

FEC Is Used by Label Switching Routers to Determine How Packets Are Mapped to Label Switching Paths (LSP):
! IP prefix/host address ! Layer 2 circuits (ATM, FR, PPP, HDLC, Ethernet) ! Groups of addresses/sitesVPN x ! A bridge/switch instanceVSI ! Tunnel interfacetraffic engineering
11
Label Distribution in MPLS Networks
12
MPLS Operation Overview

1a. Existing Routing Protocols (e.g. OSPF, IS-IS) Establish Reachability to Destination Networks 1b. Label Distribution Protocol (LDP) Establishes Label to Destination Network Mappings 4. Edge LSR at Egress Removes Label and Delivers Packet
2. Ingress Edge LSR Receives Packet, Performs Layer 3 Value-Added Services, and Labels Packets
To Enable mpls: ip cef mpls label protocol ldp ! Interface ether0/0 mpls ip
3. LSR Switches Packets Using Label Swapping

13
Label Advertisement Modes

! Downstream unsolicited
!! Downstream node just advertises labels for prefixes/FEC reachable via that device
! Downstream on-demand
!! Upstream node requests a label for a learnt prefix via the downstream node !! Next exampleATM MPLS
14
IP Packet Forwarding Example

Address Prefix 128.89 171.69 I/F 1 1 Address Prefix 128.89 171.69 Address Prefix I/F 0 1 128.89 171.69 I/F 0 1
128.89 0 1 1 128.89.25.4 Data 128.89.25.4 Data 171.69 0 128.89.25.4 Data 128.89.25.4 Data
Packets Forwarded Based on IP Address

15
MPLS with Downstream Unsolicited Mode Step I: Core Routing Convergence

In Address Label Prefix 128.89 171.69 Out Out Iface Label 1 1 In Address Label Prefix 128.89 171.69 Out Out Iface Label 0 1 In Address Label Prefix 128.89 Out Out Iface Label 0
0 1 0
128.89
You Can Reach 128.89 and 171.69 Thru Me
You Can Reach 128.89 Thru Me

1
Routing Updates (OSPF, EIGRP, )
You Can Reach 171.69 Thru Me
171.69
16
MPLS with Downstream Unsolicited Mode Step II: Assigning Local Labels
In Address Label Prefix 128.89 171.69 Out Out Iface Label 1 1 In Address Label Prefix 4 5 128.89 171.69 Out Out Iface Label 0 1 In Address Label Prefix 9 128.89 Out Out Iface Label 0 -
0 1 0
128.89
171.69
17
MPLS with Downstream Unsolicited Mode Step II: Assigning Remote Labels
In Address Label Prefix 128.89 171.69 Out Out Iface Label 1 1 4 5 In Address Label Prefix 4 5 128.89 171.69 Out Out Iface Label 0 1 9 7 In Address Label Prefix 9 128.89 Out Out Iface Label 0 -
0 1 0
128.89
Use Label 4 for 128.89 and Use Label 5 for 171.69
Use Label 9 for 128.89

1
Label Distribution Protocol (LDP)

(Downstream Allocation)
Use Label 7 for 171.69
171.69
18
MPLS with Downstream Unsolicited Mode Step III: Forwarding Packets

In Address Label Prefix 128.89 171.69 Out Out Iface Label 1 1 4 5 In Address Label Prefix 4 5 128.89 171.69 Out Out Iface Label 0 1 9 7 In Address Label Prefix 9 128.89 Out Out Iface Label 0 -
0 0
128.89 Data
128.89.25.4 1 128.89.25.4 Data 4 128.89.25.4 Data 1 9 128.89.25.4 Data
Label Switch Forwards Based on Label

171.69
19
MPLS Control and Forwarding Planes

! Control plane used to distribute labelsBGP, LDP, RSVP ! Forwarding plane consists of label imposition, swapping and dispositionno matter what the control plane ! Key: there is a separation of control plane and forwarding plane
!! Basic MPLS: destination-based unicast !! Labels divorce forwarding from IP address !! Many additional options for assigning labels !! Labels define destination and service Resource Destination-Based IP Class Reservation Unicast Routing of Service (e.g., RSVP) Multicast Routing (PIM v2) Explicit and Static Routes Virtual Private Networks
Label Information Base (LIB) Per-Label Forwarding, Queuing, and Multicast Mechanisms
Control and Forward Plane Separation

RIB Routing Process
Route Updates/ Adjacency Label Bind Updates/ Adjacency
LIB
MPLS Process
MFI
FIB
MPLS Traffic
IP Traffic
21
Label Stacking
! There may be more than one label in an MPLS packet ! As we know labels correspond to forwarding equivalence classes
!! Examplethere can be one label for routing the packet to an egress point and another that separates a customer A packet from customer B !! Inner labels can be used to designate services/FECs, etc. ! e.g. VPNs, fast reroute Outer Label TE Label LDP Label VPN Label
! Outer label used to route/switch the MPLS packets in the network ! Last label in the stack is marked with EOS bit ! Allows building services such as
!! MPLS VPNs !! Traffic engineering and fast re-route !! VPNs over traffic engineered core !! Any transport over MPLS
Inner Label IP Header
22
Encapsulation Examples
Label
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
COS S
TTL
DataLink Header
Outer Label
Inner Label
Layer 3 Header
Ethernet II Destination: xx:xx:xx:xx:xx:xx Source: yy:yy:yy:yy:yy:yy eType: MPLS Unicast (0x8847) WAN HDLC, Frame Relay, ATM AAL5, etc
MultiProtocol Label Switching Header (Outer) MPLS Label: 16 MPLS Experimental Bits: 0 MPLS Bottom Of Label Stack: 0 MPLS TTL: 255 MultiProtocol Label Switching Header (Inner) MPLS Label: 100 MPLS Experimental Bits: 3 MPLS Bottom Of Label Stack: 1 MPLS TTL: 2
Internet Protocol Version: 4 Header length: 20 bytes [snip] Time to live: 255 Protocol: ICMP (0x01) Header checksum: 0xa3fd (correct) Source: 10.1.1.2 (10.1.1.2) Destination: 172.16.255.2 (172.16.255.2)
23
Label Stack
[PE1]#show ip cef vrf blue 11.2.1.3 11.2.1.3/32, version 13, epoch 0, cached adjacency to Serial1/0 0 packets, 0 bytes tag information set, all rewrites owned local tag: VPN route head fast tag rewrite with Se1/0, point2point, tags imposed {46 67} via 172.16.255.2, 0 dependencies, recursive next hop 172.16.1.1, Serial1/0 via 172.16.255.2/32 (Default) valid cached adjacency tag rewrite with Se1/0, point2point, tags imposed {46 67} [PE1]#
46: IGP/LDP Label 67: VPN Label
2-2
MPLS VPNs
Layer 3 and Layer 2
25
What Is a Virtual Private Network?

! VPN is a set of sites or groups which are allowed to communicate with each other ! VPN is defined by a set of administrative policies
!! Policies established by VPN customers !! Policies could be implemented completely by VPN service providers
! Flexible inter-site connectivity

!! Ranging from complete to partial mesh
! Sites may be either within the same or in different organizations

!! VPN can be either intranet or extranet
! Site may be in more than one VPN

!! VPNs may overlap
! Not all sites have to be connected to the same service provider

!! VPN can span multiple providers
L2 vs. L3 VPNs
Layer 2 VPNs
! ! ! Customer endpoints (CPE) connected via Layer 2 such as Frame Relay DLCI, ATM VC or point-to-point connection Provider network is not responsible for distributing site routers as routing relationship is between the customer endpoints Good for point to point L2 connectivity, provider will need to manually fully mesh end points if any-to-any connectivity is required
Layer 3 VPN
!! Customer end points peer with providers routers @ L3 !! Provider network responsible for distributing routing information to VPN sites !! Dont have to manually fully mesh customer endpoints to support any-to-any connectivity
27
Layer 3 VPNs
28
IP L3 vs. MPLS L3 VPNs

VPN B VPN A VPN C VPN C
Multicast
VPN B Intranet
VoIP
VPN A VPN A VPN B VPN C VPN A VPN B VPN C
Hosting
Extranet
Overlay VPN
! ! ! ! ! ! ! ! ACLs, ATM/FR, IP tunnels, IPSec, etc. requiring n*(n-1) peering points Transport dependent Groups endpoints, not groups Pushes content outside the network Costs scale exponentially NAT necessary for overlapping address space Limited scaling QoS complexity
MPLS-Based VPNs
! ! ! ! ! ! ! ! Point to Cloud single point of connectivity Transport independent Easy grouping of users and services Enables content hosting inside the network Flat cost curve Supports private overlapping IP addresses Scalable to over millions of VPNs Per VPN QoS
29
How Does It Work?
MPLS L3 VPN Control Plane Basics

iBGPVPNv4 Label Exchange
CE4
CE3
VRF P1 LDP P2 LDP PE3 iBGPVPNv4 PE2 VRF
VRF PE1
LDP iBGPVPNv4
VRF
CE1
1.! VPN service is enabled on PEs (VRFs are created and applied to VPN site interface) 2.! VPN sites CE1 connects to a VRF enabled interface on a PE1 3.! VPN site routing by CE1 is distributed to MP-iBGP on PE1 4.! PE1 allocates VPN label for each prefix, sets itself as a next hop and relays VPN site routes to PE3 9.! PE3 distributes CE1s routes to CE2 (Similar happens from CE2 side)
CE2
30
How Does It Work?

16.1/16
VPN-IPv4 Net=RD:16.1/16 NH=PE1 Route Target 100:1 Label=42
How Control Plane Information Is Separated

iBGPVPNv4 Label Exchange
CE1
IGP/eBGP Net=16.1/16
P1
No VPN routes in the Core(P)
P2
IGP/eBGP Net=16.1/16
CE2 PE2
IPv4 Route Exchange
PE1
ip vrf Yellow RD 1:100 route-target export 1:100 route-target import 1:100
MPLS VPN Control Plane Components:

! ! ! ! ! ! Route Distinguisher: 8 byte fieldunique value assigned by a provider to each VPN to make a route unique so customers dont see each others routes VPNv4 address: RD+VPN IP prefix; Route Target: RT-8bytes field, unique value assigned by a provider to define the import/export rules for the routes from/to each VPN MP-BGP: facilitates the advertisement of VPNv4* prefixes + labels between MP-BGP peers Virtual Routing Forwarding Instance (VRF): contains VPN site routes Global Table: Contains core routes, Internet or routes to other services
31
How Does It Work? How Data Plane Is Separated

CE1
IPv4 CE1 Forwards IPv4 Packet IPv4 IPv4 IPv4
P1 PE1
! Interface S1/0 ip vrf forwarding Yellow !
P2 PE2
CE2
IPv4 CE2 Receives IPv4 Packet
1.!PE1 imposes pre allocated label for the prefix 2.!Core facing interface allocates IGP label 3.!Core swap IGP labels 4.!PE2 strips off VPN label and forwards the packet to CE2 as an IP packet
32
MPLS Security (1) Comparison with ATM/FR

! MPLS VPN security is comparable to that provided by FR/ATM-based VPNs without providing data encryption ! Customer may still use IPSecbased mechanisms e.g., CECE IPSec-based encryption
ATM/FR Address Space Routing Separation Resistance to Attacks Resistance to Label Spoofing MPLS
Yes Yes Yes Yes
Yes Yes Yes Yes
CISCO MPLS-BASED VPNS: EQUIVALENT TO THE SECURITY OF FRAME RELAY AND ATM
MIERCOM STUDY
33
MPLS VPN Services (2): Multicast VPNs

Multicast Source VPN A
VPN B Multicast in the core
VPN A
Multicast Receiver VPNa
VPN A
VPN A
MPLS VPN Network

VPN B VPN B Receiver Multicast VRF VPN A VPN B
Multicast Source VPN B
!! Criticality of more than selling connectivity !! Run multicast within an MPLS VPN !! native multicast deployment in the core !! Simplified CE provisioning !! Highly Efficient Multicast trees built dynamically in the core as needed
CustomerA
Deployment Example I: Service Provider Providing MPLS Services to Subscribers

VPN A
VM
PE1 FR/ATM
MPLS Service Provider P1
HQ VPN A
VM
P2
PE2
Branch Office
Local or Direct Dial ISP Remote Users/ Telecommuters
VM
Provider Networks
MPLS to IPsec/PE
Customer A VPN B
Internet PE3
VM
VPN B Customer B Business Partner VPN C
Services Covering MAN and WAN areas:

Intranet and Extranet L3 VPNs, Multicast VPNs, Internet VPN, Encryption & Firewall Services, Remote Access to MPLS Services.etc.
35 35
Deployment Example II: MPLS VPN Subscriber with VPNs in Campus That Spans Across SPs MPLS VPN Network C1-Hub Site
L2
Egress PE
MPLS Service Provider
Ingress PE
CE
Layer 3
Each SubInterface Associated with different VPN
Notice, Multi-VRF not necessary at remote sites

Multi-VRF VPNRed VPNGreen 802.1Q
L2
36
Deployment Example III: Full MPLS VPN in Enterprise Campus/LAN

CE (multi-VRF)
! L2 Access ! Multi-VRF-CE at Distribution ! BGP/MPLS VPNs in core only ! Multi-VRF between core and distribution
PE w/VRF
MP-iBGP VPN1 VPN2 802.1Q BGP/MPLS VPN
L2 P Layer 3 L2
37
Deployment Example IV: Full MPLS VPN in Enterprise WAN + Subscribed MPLS VPNs
Enterprise-A Data Center 1
Enterprise Owned MPLS International WAN

Regional Service Provider1 MPLS Backbone Regional Service Provider2 MPLS Backbone
Remote Sites Enterprise-A

Remote Sites Enterprise-A

38
Layer 2 VPNs
39
Layer 2 VPNs
Similar to L3 VPN
! Designate a label for the circuit ! Exchange that label information with the egress PE ! Encapsulate the incoming traffic (Layer 2 frames) ! Apply label (learned through the exchange) ! Forward the MPLS packet (l2 encapsulated to destination on an LSP) ! At the egress
!! Look up the L2 label !! Forward the packet onto the L2 attachment circuit
40
Any Transport over MPLS Architecture

Attachment Circuit Ethernet VLAN, FR DLCI, ATM VC, PPP Session
VPN A
1. L2 transport route entered on ingress PE!
CE1
2. PE1 starts LDP session with PE2 if one does not already exist!
VPN A
CE2 PE2
5. PE2 receives VC FEC TLV & VC label TLV that matches local VCID!
PE1
3. PE1 allocates VC label for new interface & binds to congured VC ID!
4. PE1 sends label mapping message containing VC FEC TLV & VC label TLV!
Note: PE2 repeats steps 1-5 so that bi-directional label/VCID mappings are established!
Draft Martini compliant (point-to-point): draft-martini-l2circuit-trans-mpls describes label distribution mechanisms for VC labels draft-martini-l2circuit-encap-mpls describes emulated VC encapsulation mechanisms
AToM: Frame Relay over MPLS Example

Directed LDP Label Exchange for VC1Label 10 Label Exchange for VC2Label 21 PE1 DLCI 101 DLCI 102 101 102 10 50 21 50 101 102 10 90 21 90 DLCI 202 PE2 DLCI 201
Frame Relay
CPE Router, FRAD
PE1 Config:
Neighbor LDP Neighbor LDP Label 90 Label 50
MPLS Backbone
MPLS LSP
Frame Relay
CPE Router, FRAD
PE2 Config: connect FR1 serial5/0 201 l2transport mpls l2transport route 1.1.1.1 1
AtoM Tunnel
connect FR1 serial5/0 101 l2transport mpls l2transport route 2.2.2.2 1
VC1Connects DLCI 101 to DLCI 201 VC2Connects DLCI 102 to DLCI 202
42
AToM Deployment Example

Customer A Datacenter1 Ethernet o MPLS Tunnel CE1 CE2
PE1 PE Cells/frames with labelsc
Customer A Datacenter2 Ethernet o MPLS Tunnel CE1
MPLS Backbone
PE2 PE
CE2
ATM o MPLS Tunnel

Virtual Leased Line
ATM o MPLS Tunnel
ATM
ATM Virtual Circuits
CPE Routers
CPE Routers
43
Virtual Private LAN Services (VPLS)

Attachment VCs are Port Mode or VLAN ID
102 PE1
Root Bridge
MAC 1
MAC 2
Data PE2
Root Bridge
CE1
MAC 1
Common VC ID between PEs creates a Virtual Switching Instance
MPLS Core Forms Tunnel LSPs
CE2 MAC 2
PE3
Root Bridge
Full mesh of directed LDP sessions exchange VC labels
MAC Address Adj MAC 2 MAC 1 MAC x ! 201 E0/0 xxx CE3 Data MAC 1 MAC 2 201
MAC Address Adj MAC 2 E0/1 MAC 1 MAC x 102 xxx
VPLS defines an architecture that delivers Ethernet Multipoint Services (EMS) over an MPLS network ! VPLS operation emulates an IEEE Ethernet bridge. Two VPLS drafts in existence !! Draft-ietf-l2vpn-vpls-ldp-01 " Ciscos implementation !! Draft-ietf-l2vpn-vpls-bgp-01
VPLS and H-VPLS

VPLS
192.168.11.1/24
192.168.11.11/24
192.168.11.25/24
VPLS Direct Attachment

! ! Single flat hierarchy MPLS to the edge
192.168.11.2/24
192.168.11.12/24
H-VPLS
! ! ! Two tier hierarchy MPLS or Ethernet edge MPLS core
H-VPLS
u-PE PE-CLE MTU-s
GE
n-PE PE-POP PE-rs
PW
n-PE PE-POP PE-rs
u-PE PE-CLE MTU-s
Ethernet Edge Point-to-Point or Ring

MPLS Core
MPLS Edge
45
VPLS Components/Deployment Example

Attachment Circuit CE CE CE Red VSI Blue VSI Green VSI PW n-PE PW Tunnel LSP PW n-PE CE CE CE Red VSI Blue VSI Green VSI
CE
Directed LDP Session Between Participating PEs

CE
Full Mesh of PWs Between VSIs n-PE Blue VSI Red VSI (Common VC ID between PEs creates a VSI)
Legend
CE n-PE VSI PW Tunnel LSP - Customer Edge Device - network facing-Provider Edge - Virtual Switch Instance - Pseudo-Wire - Tunnel Label Switch Path that provides PW transport
46
MPLS Traffic Engineering
47
Why Traffic Engineering?

! Congestion in the network due to changing traffic patterns
!! Election news, online trading, major sports events
! Better utilization of available bandwidth

!! Route on the non-shortest path
! Route around failed links/nodes

!! Fast rerouting around failures, transparently to users !! Like SONET APS (Automatic Protection Switching)
! Build new servicesvirtual leased line services

!! VoIP toll-bypass applications, point-to-point bandwidth guarantees
! Capacity planning
!! TE improves aggregate availability of the network
What Is MPLS Traffic Engineering?

! Process of routing data traffic in order to balance the traffic load on the various links, routers, and switches in the network ! Key in most networks where multiple parallel or alternate paths are available
49
Benefits of TE over Policy Routing

! Policy routing
!! Hop-by-hop decision making !! No accounting of bandwidth
! Traffic engineering
!! Headend-based !! Accounts for available link bandwidth !! Admission control
50
IP Routing and the Fish

R8 R3 R4 R2 R5
R1 R6
R7
IP (Mostly) Uses Destination-Based Least-Cost Routing Flows from R8 and R1 Merge at R2 and Become Indistinguishable From R2, Traffic to R3, R4, R5 Use Upper Route Alternate Path Under-Utilized
The Problem with Shortest-Path

Node B C D E F G Next-Hop B C C B B B Cost 10 10 20 20 30 30 Router B Router F
!! Some links are DS3, some are OC-3 !! Router A has 40mb of traffic for Router F, 40mb of traffic for Router G !! Massive (44%) packet loss at Router B!Router E!
!! Changing to A->C->D->E wont help
Router A
OC-3 DS3
OC-3
Router E Router G
OC-3
Router C
DS3 DS3
Router D
OC-3
52
How MPLS TE Solves the Problem

Node B C D E F G Next-Hop B C C B Tunnel 0 Tunnel 1 Cost 10 10 20 20 30 30 Router B
! Router A sees all links ! Router A computes paths on properties other than just shortest cost ! No link oversubscribed!
Router F
Router A
OC-3 DS3
OC-3
Router E Router G
OC-3
Router C
40Mb
DS3
Router D
DS3
OC-3
53
TE Fundamentals: Building Blocks

1." Information Distribution 2." Path selection/calculation 3." Path setup 4." Trunk admission control 5." Forwarding traffic on to tunnel 6." Path maintenance
Path CalculationUses IGP Advertisements to Compute Constrained Paths
MIDPOINTs HEADEND TAILEND

RSVP/TE Used to Distribute Labels, Provide CAC, Failure Notification, Etc.
IGP (OSPF or ISIS) Used to Flood Bandwidth Information Between Routers
Upstream
Unidirectional Tunnel
Downstream
54
Information Distribution
! You need a link-state protocol as your IGP
!! IS-IS or OSPF
! Link-state requirement is only for MPLS-TE!

!! Not a requirement for VPNs, etc.!
! Why do I need a link-state protocol?

!! To make sure info gets flooded !! To build a picture of the entire network
! Information flooded includes link, bandwidth, attributes, etc.
55
Path Setup Example

RESV RESV RESV PATH
PATH
TE Headend
PATH
TE Tailend
! PATH messages are sent with requested bandwidth (&label) ! RESV messages are sent with label bindings for the TE tunnel ! Tunnels can be explicitly routed ! Admission control at each hop to see if the bandwidth requirement can be met
! Packets are mapped to the tunnel via

!! Static routed !! Autoroute
!! Policy route
! Packets follow the tunnelLSP
56
Applications of MPLS TE: MPLS Fast Reroute

R8 R3 R4 R2 R1 R7
Mimic SONET APS Reroute in 50ms or Less
R9
R5
R6
! Multiple hops can be by-passed; R2 swaps the label which R4 expects before pushing the label for R6 ! R2 locally patches traffic onto the link with R6
Link Protection
Router A Router B Router D Router E
Router X Router C
Router Y
! Primary tunnel: A ! B ! D ! E ! Backup tunnel: B ! C ! D (preprovisioned) ! Recovery = ~50ms

*Actual Time VariesWell Below 50ms in Lab Tests, Can Also Be Higher
Node Protection
Router A Router B Router D Router E Router F
Router X Router C
Router Y
! Primary tunnel: A ! B ! D ! E ! F ! Backup tunnel: B ! C ! E (pre-provisioned) ! Recovery = ~100ms
59
TE Deployment Scenarios
60
Tactical TE Deployment
Requirement: Need to Handle Scattered Congestion Points in the Network Solution: Deploy MPLS TE on Only Those Nodes That Face Congestion
MPLS Traffic Engineering Tunnel Relieves Congestion Points Bulk of Traffic Flow e.g. Internet Download
Service Provider Backbone

Oversubscribed Shortest Links
Internet
61
Full Mesh TE Deployment

Requirement: Need to Increase Bandwidth Inventory Across the Network Solution: Deploy MPLS TE with a Full Logical Mesh over a Partial Physical Mesh and Use Offline Capacity Planning Tool
VPN Site A Partial Mesh of Physical Connections

VPN Site B Full Mesh of MPLS Traffic Engineering Tunnels

62
1-Hop TE Deployment
Requirement: Need Protection OnlyMinimize Packet Loss Lots of Bandwidth in the Core Solution: Deploy MPLS Fast Reroute for Less than 50ms Failover Time with 1-Hop Primary TE Tunnels and Backup Tunnel for Each
VPN Site A Primary 1-Hop TE Tunnel Backup Tunnel Physical Links

VPN Site B
63
Virtual Leased Line Deployment

Requirement: Need to Create Dedicated Point-to-Point Circuits with Bandwidth GuaranteesVirtual Leased Line (VLL) Solution: Deploy MPLS TE (or DS-TE) with QoS; Forward Traffic from L3 VPN or L2 VPN into a TE Tunnel; Unlike ATM PVCs, Use 1 TE Tunnel for Multiple VPNs Creating a Scalable Architecture
Traffic Engineered Tunnels with Fast Reroute Protection
VPN Site A
Service Provider Backbone VPN Site B Primary Tunnel Backup Tunnel
Central Site
Tight QoS Policing, Queuing Etc.
64
MPLS TE Summary
! Useful for rerouting traffic in congested environments ! Build innovative services like virtual leased line ! Build protection solutions using MPLS FRR
65
MPLS Management
66
MPLS Operations Framework

One-time Strategic Operations Internal-Focused Operations
Initial MPLS setup and Configuration Initial MPLS service config + test & turn-up
External-Focused Operations
MPLS Network Configuration and Planning
MPLS Service Configuration and Planning
MPLS Network Monitoring
MPLS Service Monitoring
Ongoing MPLS network connectivity validation
Ongoing Tactical Operations
Ongoing MPLS VPN service connectivity validation
67
MPLS Embedded Management

! MPLS management capabilities integrated into routers ! IETF standards based + vendor-specific value adds ! MPLS embedded management feature areas
! MPLS SNMP MIBs (Draft, RFC-based + vendor extensions) ! MPLS OAM (Draft, RFC-based + Vendor-specific automation) ! MPLS-aware Net Flow
! MPLS SNMP MIBs

! MPLS LSR, LDP, TE, FRR, and L3VPN MIB ! VRF-aware MIB support
! MPLS OAM
! LSP Ping, Trace, and Multipath (ECMP) Tree Trace ! IP SLA LSP Health Monitor
LSP Ping
! Feature Functionality
! Enables detailed MPLS data path validation between PE routers
! Benefits
! Finds MPLS-specific forwarding errors not detected by regular IP ping operations ! Enables detailed MPLS forwarding trouble shooting not available by other existing IP connectivity validations tools
! Key CLI Commands

! ping mpls { ipv4 destination-address destination-mask | pseudowire ipv4-address vcid vc-id | traffic-eng tunnel-interface tunnel-number }
69
LSP Trace
! Enables hop-by-hop trouble shooting (fault isolation) along PE-PE LSP path in MPLS network
! Benefits
! Finds MPLS-specific forwarding failures along PE-PE LSP path, which can not be detected by regular IP traceroute operations
! Key CLI Commands

! trace mpls {ipv4 destination-address destination-mask | trafficeng tunnel-interface tunnel-number}
70
LSP Multi-Path (ECMP) Trace

! Enables discovery and hop-by-hop trouble shooting of all available MPLS (LSP) paths between two PE routers
! Benefits
! Detailed discovery of all MPLS (LSP) paths between PE routers which can not be detected by regular IP traceroute operations
! Key CLI Commands

!
trace mpls multipath ipv4 destination-address/destination-mask-length
71
IP SLA LSP Health Monitor

! Enables automation of LSP ping operation and generation/logging of SNMP Traps after consecutive MPLS LSP connectivity failures have been detected
! Benefits
! Detailed control over LSP ping probe frequency (primary and secondary frequency) and event control (e.g., Traps, logging) after MPLS LSP connectivity failure has been detected ! Automated discovery of remote PE target routers via BGP VPN next-hop discovery
! Key CLI Commands

! mpls discovery vpn next-hop ! auto ip sla mpls-lsp-monitor [operation-number] ! type echo | pathEcho ! show ip sla mpls-lsp-monitor configuration [operation-number] ! auto ip sla mpls-lsp-monitor schedule
72
Automated MPLS OAM

IP SLA
CE
IP SLA
PE2 MPLS Network
CE
PE1
IP SLA
IP SLA agent Automated LSP pings sent by PE1 Automated LSP pings sent by PE2 Automated LSP pings sent by PE3
PE50 PE3
IP SLA
CE
73
Summary
74
75

Sanog16 Mpls Transport Santanu

Uploaded by

Copyright:

Available Formats

Sanog16 Mpls Transport Santanu

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Sanog16 Mpls Transport Santanu

Uploaded by

Copyright:

Available Formats

Introduction to MPLS Technologies

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

!! It has evolved a long way from the original goal

TE IS-IS Extensions TE OSPF Extensions TE RSVP Extensions TE Autoroute Calculation

!! From tag switching

LDP inbound label filters

VRF Aware VRRP

TE TE Verbatim Support Deployed TE AutoTunnel Mesh groups -ACLs

Bandwidth VCCV verifications MPLS OAM Protection

VRF aware Ping/Traceroute

Static Route for VRF VRF aware SNMP

Static, Policy and Autoroute mapping AToM/CBTS/QoS based routing on to TE

VRF aware IP SLA

2006 Cisco Systems, Inc. All rights reserved.

!! Has been continuously evolving

TE RSVP Integrity TE RSVP Refresh Reduction

!! Multiple working groups at IETF are still focusing on more advancements

LDP inbound label filters

!! Huge deployment across the world

LDP Session Protection LDP-IGP Sync

TDM PW VRF Aware NAT Mobile Backhaul VRF Aware ODAP

GMPLS TE Configurable Tunnel Path Calculation

TE MIB VPN MIB

LDP Graceful Restart

2006 Cisco Systems, Inc. All rights reserved.

MPLS as a Foundation for Value-Added Services

Provider Traffic Provisioned Engineering VPNs

Any Transport over MPLS

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

MPLS Network Overview

MPLS Core and Edge, Remote Customer Sites

COS/EXP = Class of Service: 3 Bits; S = Bottom of Stack; TTL = Time to Live

MPLS Components Encapsulations

One or More Labels Appended to the Packet

LAN MAC Label Header

Layer 2/L3 Packet

ATM MPLS Cell Header

2006 Cisco Systems, Inc. All rights reserved.

MPLS Components Forwarding Equivalence Class

2006 Cisco Systems, Inc. All rights reserved.

Label Distribution in MPLS Networks

2006 Cisco Systems, Inc. All rights reserved.

MPLS Operation Overview

3. LSR Switches Packets Using Label Swapping

Label Advertisement Modes

2006 Cisco Systems, Inc. All rights reserved.

IP Packet Forwarding Example

Packets Forwarded Based on IP Address

MPLS with Downstream Unsolicited Mode Step I: Core Routing Convergence

You Can Reach 128.89 and 171.69 Thru Me

You Can Reach 128.89 Thru Me

Routing Updates (OSPF, EIGRP, )

You Can Reach 171.69 Thru Me

2006 Cisco Systems, Inc. All rights reserved.

2006 Cisco Systems, Inc. All rights reserved.

Use Label 4 for 128.89 and Use Label 5 for 171.69