cisco mpls portfolio napredne generacije u sbb mreži · cisco mpls portfolio napredne generacije u...
TRANSCRIPT
Cisco MPLS portfolio napredne generacije u SBB mreži
Dragoljub SpasojevidLeading Network Engineer
Department of IP operationsSerbia BroadBand
Cisco ISP & Cable konferencijaBeograd, 16.06.2011
Osnovne informacije o kompanijiOsnovne informacije o IP/MPLS mreži i INTERNET topologija ASR9K u lab okruženju Instalacija ASR-a u Bosni (Telemach BH) ASR9k u SBB mreži (Interxion Beč) – IGW & MPLS PE ASR9k u SBB mreži – MPLS PEME6524 i ME-3600X u SBB mreži – MPLS PE
AGENDA
Vodedi kablovski operater u regionu Jedan od najznačajnijih ISP i servis provajdera u Srbiji Nacionalna pokrivenost Ponuda širokog spektra servisa za rezidencijalne i poslovne korisnike Regionalno (IP) prisustvo: Slovenija (Telemach Si), BiH (Telemach BH), Hrvatska Brendovi: D3, Total TV, SPORT Klub, Video Zona, SBB HotSpot
KO SMO MI ?
>2500 km FO (HFC, wireless mreže)
28 gradova u Srbiji
Regionalno: Srbija, Slovenija, Bosna, Hrvatska, Crna Gora, Makedonija ...
KO SMO MI ?
KO SMO MI ?
Osnovan 2002 godine.Vlasnik akcija: Investicioni fond “Mid Europa partners” od juna 2007
Osnovna HFC mreža kapaciteta: 750.000 Home passedServisi:- Cable TV (preko 70 TV programa u osnovnom paketu) - Digital TV (“D3” brand sa preko 100 TV programa + 50 radio programa) servis- VOD (“Video Zona”) servis – video na zahtev- DTH (“Total TV” brand) servis prisutan u Srbiji, Crnoj Gori, Sloveniji, Bosni i Hercegovini i Hrvatskoj, a prodaje se preko partnera u Austriji i Makedoniji.
- Internet (Cable, ADSL, Ethernet leased line)- VPNs (MPLS/VPNs, IPSec VPN)
Preko 95% kablovskih korisnika je spremno za Internet servis (dvosmerna HFC mreža)Cable Internet: >130.000 korisnika
•Flat i tarifni paketi, •Prepaid i Postpaid tipa pladanja•Rezidencijalni i Biznis profil paketa
Preko 250 Biznis korisnika sa Ethernet pristupom preko optičkog ili UTP kabla ima iznajmljenu fiksnu Internet konekciju.HotSpot u Srbiji - “SBB CaffeNetwork” sa preko 100 HotSpot lokacija sa besplatnim pristupom.Ukupni protok broadband saobradaja u SBB pristupnoj mreži dostiže 12/3 Gb/s Beograd, 6/2 Gb/s Srbija i 7/2 Gb/s Vojvodina.Uspostavljen je Peering sa najrelvantnijim domadim ISP-ovima (Eunet, BeotelNET, Orion, YUBC, B92Net, Neobee, Akademska mreža, Telenor, Verat).
GRUPE SERVISA
U osnovi svih SBB servisa se nalazi HFC (Hibryd Fiber-Coax) mreža na fizičkom nivou. Za razliku od IP servisa koja za deo svoje mreže koristi i iznajmljene kapacitete Telekoma, za transportne servise se koristi isključivo sopstvena optička mreža kablova i transportna oprema bazirana na DWDM platformi. Na ovoj platformi se grade grupe servisa:
UMUX mreža i TDM servisi:leased line digitalni vodovi tipa tačka-tačkakapaciteta E1, NxE1, E3, STM1, STM4, STM16 i STM64SBB pristupne tačke u Beogradu,Novom Sadu, Nišu,Kragujevcu ...Nezavisni međunarodni iznajmljeni vodovi u Evropi
FC mreža i Disaster recovery servisi:FiberChannel (FC) leased line preko DWDM mreže kapaciteta 1Gb, 2Gb i 4Gb sa (ring topologija) ili bez zaštitne putanjeTelehouse/Co-Location servisi
MPLS mreža i IP servisi:InternetVPNsIPSec VPN over InternetManaged servisiMulticast video distribucija
Video distribucija preko satelita
IP MPLS MREŽA
MPLS mreža je multiservisna platforma koja podržava sve IP bazirane servise u SBB-u. Nova MPLS platforma je u funkciji sa prvim korisnikom od novembra 2006. Struktura:
•Sopstvena optička i DWDM platforma (17 gradova).
•Iznajmljeni Telekom kapaciteti (9 gradova) u Srbiji.
•Zakup internacionalnih kapaciteta
• MPLS mreža u Beču (SBB) i Sarajevu (Telemach BA)
• VPN prisustvo u Ljubljani/Mariboru (Telemach), Zagrebu (partner).
Performanse:MPLS mreža: 45 POP-ova u 28 gradova u Srbiji. Međunarodno prisustvo u 4 države.Core capacitet: 10Gig i NxGigabit Ethernet (na DWDM i/ili pure optical platformi)Access:
•Cable: Svi CMTS-ovi u MPLS gradovima su uključeni kao PE ili VRF lite ruteri
•Ethernet: više desetina L2 metro svičeva u distribuiranoj arhitekturi
•ADSL: ADSL ruter PPPoE terminacija u korisnikov VRF (VPN)
•Dedicated Wireless: WiFi 5,4MHz (AbsolutOK partner) bridge na VRF (VPN)Tier 1 Internet upstream na 4 x 10GE (4 fizički različite putanje), regionalni peering, Google Global Cache
INTERNET TRENUTNO STANJE
• Tri dobavljača (upstream – “Tier 1” ISP) u četiri pravca kapaciteta 4xSTM64: 2xTelia, Global Crossing i Tinet.
• U toku realizacija nxSTM64 upstream kapaciteta.
• Prisustvo u VIX-u. DE-CIX u planu.
• Veleprodaja (downstream ISP) dostigla 4Gb/s i 31 “Tier 3” IP tranzitnih korisnika.
• Peering razmena u Srbiji prelazi 700Mbps, ukupna razmena >1.5Gbps.
• Veliki rast prosečnog protoka po broadband korisniku.
IOS XR PLATFORME
CRS GSR ASR
IOS XR (neke) razlike u odnosu na IOS
- Ne postoji User EXEC i Privileged EXEC mod.- Nakon logovanja ulazi se u privilegovani EXEC mod. Dostupne komande zavise od
privilegija korisnika. - Umesto privilege level 1-15 kod IOSa, postoji fleksibilniji sistem privilegija.- Taskovi su grupisani u task grupe. - Korisnici pripadaju grupama korisnika. Određenim grupama korisnika je dodeljeno pravo
izvršavanja taskova iz pripadajucih task grupa.- Komandom "configure" (parametar "terminal" nije neophodan) se ulazi u global
configuration mod. Iz global configuration moda mogu da se izvrsavaju ”show” komande.- Svaka izmena konfiguracije mora da se potvrdi sa "commit“.- Mogude je poništiti neku raniju izmenu (rollback).- Servisi kao sto su CDP, Telnet su po defaultu isključeni.- Interfejsi sa default konfiguracijom se ne vide u ispisu "show running-config“.- eBGP ne razmenjuje podatke o rutama dok se ne primeni polisa (makar bilo samo "pass")- Umesto route-map koristi se RPL.- Konfiguracija ruting protokola vezana za interfejs nalazi se pod router xxx, ne pod interface xxx.
ASR9K LAB TEST
• ASR kao P/PE u MPLS mreži
• ASR kao IGW (IPv4 i IPv6)
• Multicast rutiranje
• Funkcionalnosti L2VPN, L3VPN, VPLS, OAM, BFD
• L2 f-je : QinQ, port mirroring, port bundling
• Ruting protokoli : OSPF, BGP, IS-IS
• Mcast: PIM, IGMPv2/3, SSM ( static and dynamic mapping ), IGMP snooping
• QOS: Classification, Marking, Congestion Management Tools i Policing and Shaping.
• Management : ACL access, SNMP, SYSLOG and AAA
• Video monitoring : VIDMON (posebna licenca, CBR)
ASR KAO IGW & MPLS P/PE TAČKA
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
ASR KAO IGW & MPLS P/PE TAČKA
ASR KAO IGW & MPLS P/PE TAČKA
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
- 1 x A9K-4T-L
ASR KAO IGW & MPLS P/PE TAČKA
BOSNA conf t
RP/0/RSP0/CPU0:sa-he-m-1#sh run int bundle-ether 2.2
interface Bundle-Ether2.2 l2transport
description bh-mgt
encapsulation dot1q 2
RP/0/RSP0/CPU0:sa-he-m-1#sh run int bundle-ether 3.2
interface Bundle-Ether3.2
description bh-mgt
vrf bh-mgt
ipv4 address 192.168.176.1 255.255.255.0
encapsulation dot1q 2
RP/0/RSP0/CPU0:sa-he-m-1#sh run int Gi0/0/0/5
interface GigabitEthernet0/0/0/5
description LINK sa-he-s-1
cdp
RP/0/RSP0/CPU0:sa-he-m-1#sh run int Gi0/0/0/5.2
interface GigabitEthernet0/0/0/5.2 l2transport
description bh-mgt
encapsulation dot1q 2
BOSNA conf t
RP/0/RSP0/CPU0:sa-he-m-1#show running-config l2vpn l2vpnbridge group telemach
bridge-domain 2
interface Bundle-Ether2.2
interface GigabitEthernet0/0/0/5.2
bridge-domain 70
igmp snooping profile snoop
interface Bundle-Ether2.70interface GigabitEthernet0/0/0/5.70
conf t
RP/0/RSP0/CPU0:sa-he-m-1(config)#igmp snooping profile snoop
access-group Configure group membership filter
group Configure group membership limits
minimum-version Configure minimum IGMP version (default 2)
querier Configure IGMPv2 Querier information
static Configure static group membership on a port
BOSNA conf t
control-plane
management-plane
inband
interface Bundle-Ether1
allow all peer
address ipv4 77.77.196.0/23
address ipv4 77.78.192.0/24
address ipv4 89.216.0.0/21
!
policy-map 50mbps
class class-default
shape average 50 mbps
end-policy-map
interface GigabitEthernet0/0/0/17.300
encapsulation dot1q 300
service-policy output 50mbps
service-policy input 50mbps
BOSNA conf t
route-policy UPSTREAM-OUT
if destination in pl-upstream-blackhole then
set community upstream-blackhole
elseif destination in pl-upstream-out and as-path is-local then
if destination in pl-upstream-prepend-out then
prepend as-path 42560 1
endif
pass
else
drop
endif
end-policy
BOSNA conf t
ipv4 access-list SSM
10 permit ipv4 224.0.0.0/4 any
!
ipv4 access-list wisi2
10 permit ipv4 host 239.255.2.2 any
!
multicast-routing
address-family ipv4
interface Bundle-Ether3.70
enable
interface Bundle-Ether3.71
enable
!
log-traps
ssm range SSM
!
router igmp
ssm map static 77.77.198.2 wisi2
version 3
router pim
address-family ipv4
old-register-checksum
interface GigabitEthernet0/0/0/37
enable
!
interface GigabitEthernet0/1/0/37
enable
!
interface GigabitEthernet0/0/0/38.850
enable
!
interface GigabitEthernet0/0/0/38.851
enable
!
!
!
end
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
- 1 x A9K-4T-L
INTERNET TOPOLOGIJA BASR.
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
Funkcionalnosti ASR 9K u “Interxion Wien”
• IGW – agregacija nx10Ge WAN linkova
• MPLS P/PE – nx10Ge linkova ka koru
• MCAST – rutiranje mcast saobradaja za BH,SLO,HR
• L2VPN – transport do krajnjih tačaka u Srbiji
• L3VPN – transport do krajnjih tačaka u Srbiji
• (M)BGP – BGP sesije sa UPSTREAM provajderima (IPv4 i IPv6), IGW u BG i (m)BGP RR u BG, peering BGP sesije
• OSPF – IPv4 i IPv6
INTERNET TOPOLOGIJA
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
router static
address-family ipv4 unicast
89.216.7.99/32 Null0
ipv4 prefix-list blackhole
10 permit 0.0.0.0/0 eq 32
community-set cm_delete
ios-regex '.*31042:1...._.*$'
end-set
community-set blackhole
31042:999
end-set
route-policy COMUTEL-IN
if community matches-any cm_delete then
delete community in cm_delete
elseif destination in bogons then
drop
elseif destination in pl-comutel-in and as-path in comutel then
set community customers additive
set local-preference 300
pass
elseif community matches-any blackhole and as-path in comutel then
set community blackhole
set next-hop 89.216.7.99
pass
endif
end-policy
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
community-set blackhole-tinet
3257:2666
end-set
prefix-set pl-upstream-sbb-out
# SBB
82.117.192.0/19,
87.116.128.0/18,
89.216.0.0/16,
94.189.128.0/17,
178.148.0.0/15,
188.2.0.0/16
end-set
prefix-set pl-tinet-prepend-out
178.148.0.0/15,
188.2.0.0/16
end-set
route-policy TINET-OUT
if destination in pl-upstream-sbb-out then
if destination in pl-tinet-prepend-out then
prepend as-path 31042 2
set community (3257:2991) additive
endif
if community matches-any blackhole then
set community blackhole-tinet
endif
pass
elseif destination in pl-upstream-out and community matches-any customers then
pass
endif
end-policy
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
route-policy TELIA-OUT
if destination in pl-upstream-sbb-out then
set med 0
if destination in pl-telia-prepend-out then
set med 100
endif
if community matches-any blackhole then
set community blackhole-telia
endif
pass
elseif destination in pl-upstream-out and community matches-any customers then
delete community in cm_delete
pass
endif
end-policy
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
prefix-set OSPF-1-U-289.216.3.0/24 le 32,89.216.5.232/30,89.216.7.0/24 le 32,89.216.12.0/24 le 32,89.216.14.0/23 le 32
end-set!prefix-set OSPF-2-U-177.77.193.0/24 le 32,77.77.196.0/24 le 32,77.77.198.0/23 le 32,10.184.0.0/13 le 24
end-set
route-policy OSPF-1-U-2if destination in OSPF-1-U-2 then
passelse
dropendif
end-policy!route-policy OSPF-2-U-1if destination in OSPF-2-U-1 then
passelse
dropendif
end-policy
router ospf 1log adjacency changes detailrouter-id 89.216.7.244default-information originate always metric 10redistribute connectedredistribute staticredistribute ospf 2 route-policy OSPF-2-U-1area 0interface TenGigE0/0/0/1network broadcast
!interface TenGigE0/1/0/1network broadcast
!!!router ospf 2log adjacency changes detailrouter-id 89.216.7.244distribute-list OSPF-2-U-1 inredistribute connected route-policy OSPF-1-U-2redistribute ospf 1 route-policy OSPF-1-U-2area 0interface GigabitEthernet0/1/0/0.850network point-to-point
!!!
ASR KAO MPLS PE TAČKA U SBB MREŽI
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
ASR KAO MPLS PE TAČKA U SBB MREŽI
ASR KAO MPLS PE TAČKA U SBB MREŽI
interface Bundle-Ether11
description ggc 1
l2transport
interface GigabitEthernet0/0/0/2
description ggc1 #1
bundle id 11 mode active
interface GigabitEthernet0/0/0/3
description ggc1 #2
bundle id 11 mode active
interface BVI1
description ggc
ipv4 address 89.216.2.193 255.255.255.192
l2vpn
bridge group ggc
bridge-domain ggc
interface Bundle-Ether11
!
interface Bundle-EtherXX
!
routed interface BVI1
!
!
!
ASR (IOS XR) vs 760X (IOS) – L2VPN config
interface GigabitEthernet4/0/0.701
description test asr - l2vpn
encapsulation dot1Q 701
xconnect 89.216.7.90 992 encapsulation mpls
End
bg-du-m-1#show mpls l2transport vc 992
Local intf Local circuit Dest address VC ID Status
------------- -------------------------- --------------- ---------- ----------
Gi4/0/0.701 Eth VLAN 701 89.216.7.90 992 UP
interface Bundle-Ether2.3 l2transportencapsulation dot1q 3rewrite ingress tag pop 1 symmetric
l2vpnxconnect group ciscop2p testasrinterface Bundle-Ether2.3neighbor 89.216.7.22 pw-id 992
RP/0/RSP0/CPU0:ASR9000#show l2vpn xconnect interface bundle-ether 2.3Tue Oct 26 10:50:48.782 UTCLegend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
LU = Local Up, RU = Remote Up, CO = Connected, SB = Standby
XConnect Segment 1 Segment 2 Group Name ST Description ST Description ST------------------------ ------------------------- -------------------------cisco testasr UP BE2.3 UP 89.216.7.22 992 UP
ASR (IOS XR) vs 760X (IOS) – L3VPN config
interface GigabitEthernet4/0/0.700
description test asr - sbb-mgt
encapsulation dot1Q 700
ip vrf forwarding sbb-mgt
ip address 192.168.136.241 255.255.255.240
router bgp 31042
bgp log-neighbor-changes
neighbor 89.216.7.1 remote-as 31042
neighbor 89.216.7.1 update-source Loopback0
address-family vpnv4
neighbor 89.216.7.1 activate
neighbor 89.216.7.1 send-community extended
address-family ipv4 vrf sbb-mgt
no synchronization
redistribute static
redistribute connected
interface Bundle-Ether2.2vrf sbb-mgtipv4 address 192.168.136.225 255.255.255.240encapsulation dot1q 2
router bgp 31042address-family vpnv4 unicastneighbor 89.216.7.1remote-as 31042password encrypted 06120A32584F1A0Bupdate-source Loopback0address-family vpnv4 unicast
vrf sbb-mgtrd 31042:2address-family ipv4 unicastredistribute connected
ASR (IOS XR) vs 760X (IOS) – BFD config
bg-du-m-1# sh run in te8/2
interface TenGigabitEthernet8/2
description ASR9000 test
mtu 1550
ip address 89.216.8.202 255.255.255.252
ip pim sparse-mode
ip ospf network point-to-point
ip ospf bfd
mpls ip
bfd interval 50 min_rx 50 multiplier 3
bg-du-m-1#show bfd neighbors
NeighAddr LD/RD RH/RS State Int
89.216.8.201 1/589826 Up Up Te8/2
bg-du-m-1#
router ospf 1interface TenGigE0/0/0/0
bfd minimum-interval 50bfd fast-detectbfd multiplier 3network point-to-point
RP/0/RSP0/CPU0:ASR9000#show bfd session Interface Dest Addr Local det time(int*mult) State
Echo Async-------------------- --------------- ---------------- ---------------- ---------Te0/0/0/0 89.216.8.202 150ms(50ms*3) 6s(2s*3) UP
Razlike u odnosu na standardne ruting mehanizme (hello paketi, tajmeri...):
- L2 protokol za detekciju dvosmerne komunikacije između susednih rutera;- BFD paketi su veličine 24 bajta, plus UDP i IP header;- Ne optereduje control-plane (na distribuiranim arhitekturama rutera);- Omogudava brže vreme konvergencije.
IOS XR 4.0.1 vs IOS v15.1.1S1 – CPU USAGE
ME 6524 u SBB mreži
U SBB IP/MPLS infrastrukturi se
koristi kao PE za “manje” HUB-ove.
Koristi se za terminaciju L2VPN i
L3VPN korisnika kao i INTERNET korisnika.
Tehnologije
L2 : IEEE 802.1Q, IEEE 802.3ad (PAgP),
IEEE 802.1Q Tunneling, VTP
IPv4 routing : Static Routing, OSPF (graceful restart),
mBGPv4, BFD
Multicast : IGMP (v2, v3), IGMP Snooping,
PIM, PIM-SM, PIM-SSM,PIM Snooping
IPv6 routing : Native IPv6, OSPFv3, ICMPv6
ME 3600X u SBB mreži
Tehnologije
L2 : IEEE 802.1Q, IEEE 802.3ad (PAgP),
IEEE 802.1Q Tunneling, VTP
IPv4 routing : OSPF (graceful restart),
mBGPv4, BFD
Multicast : IGMP (v2, v3), IGMP Snooping,
PIM, PIM-SM, PIM-SSM,PIM Snooping
NO IPv6 support (septembar 2011)
Novo u odnosu na ME6524:
Ethernet Virtual Connections (EVCs)
Hierarchical VPLS (H-VPLS)
Napredniji QOS i OAM
ME 3600X u SBB mreži
Metro IP Access Advanced Metro IP Access
Layer 2 (EVC, 802.1Q) All features in METROIPACCESS plus:
IP Routing (RIP, OSPF, EIGRP, IS-IS, BGP) and BFD
MPLS
PIM (SM, DM, SSM), SSM mapping MPLS traffic engineering (TE) and Fast Reroute (FRR)
Ethernet OAM (802.1ag, 802.3ah, E-LMI) MPLS OAM
MST, REP, Flexlink MPLS VPN
Synchronous Ethernet Ethernet Over MPLS (EoMPLS)
Multi-VRF CE (VRF-lite) with service awareness (ARP, ping, SNMP, syslog, traceroute, FTP, TFTP)
Pseudowire redundancy
ME 3600X u SBB mreži
bg-vi-m-1#show license
Index 1 Feature: AdvancedMetroIP
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
Index 2 Feature: MetroIPAccess
Period left: 0 minute 0 second
Index 3 Feature: 10GEUpgrade
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
ZAKLJUČAK
?
HVALA NA PAŽNJI