digital network lecturer3
TRANSCRIPT
DIT
Dar es Salaam institute of Technology (DIT)
ETU 08102
Digital Networks
Ally, J
DIT
Multi-Protocols Label Switching (MPLS)
DIT
Traditional IP ForwardingTraditional IP forwarding is based on the following:
Routing protocols are used to distribute Layer 3 routing information.
Forwarding is based on the destination address only.
Routing lookups are performed on every hop.
DIT
Traditional IP Forwarding
Destination-based routing lookup is needed on every hop.
Every router may need full Internet routing information (more than 100,000 routes).
Update: 10.0.0.0/8 Update: 10.0.0.0/810.1.1.110.1.1.1
10.1.1.110.1.1.1
Routing lookup
Routing lookup
Routing lookup
DIT
IP over ATM
Layer 2 topology may be different from Layer 3 topology, resulting in suboptimal paths and link utilization.
Layer 2 devices have no knowledge of Layer 3 routing information—virtual circuits must be manually established.
Even if the two topologies overlap, the hub and spoke topology is usually used because of easier management.
10.1.1.110.1.1.110.1.1.1
10.1.1.110.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
10.1
.1.1
MPLS Origin To bring advantages of connection oriented protocols to
packet switched networks. Faster switching - Replace IP header with short and fixed-
length labels as forwarding basis. To substitute ATM & Frame Relay & provide Integrated
services with QoS without the overhead of call segmentation.
Technology combining the advantages of ATM and IP
DIT
DIT
Best of Both WorldsPACKETROUTING
CIRCUITSWITCHING
MPLS + IP form a middle ground that combines the best of IP and the best of circuit switching technologies.
MPLS+IP
IP ATM
HYBRID
DIT
Needs for MPLSContinuous increase of internet traffic
Requirements for QoS guaranteed path for mission critical communications
Requirements for real time communications (VoIP, Video, broadcasting )
Carriers and ISPs look for the next services
SLA (Service Level agreement) Clear isolation between VPNs
DIT
MPLS(Multi Protocol Label Switching)Simple IP Network
MPLS Network
Additional Header realizes Label Switched Path.
Enable connection-oriented routing. Enable isolation between paths.
Incoming packet
Forwarding by IP address
Forwarding by IP address
Forwarding by IP address
Forwarding by label that is generated from IP address
Incoming packet
Forwarding by label
Remove label
Labeled path like connection
label
DIT
Basic MPLS Concepts MPLS is a new forwarding mechanism in which
packets are forwarded based on labels.
Labels may correspond to IP destination networks (equal to traditional IP forwarding).
Labels can also correspond to other parameters, such as quality of service (QoS) or source address.
MPLS was designed to support forwarding of other protocols as well.
MPLS MPLS is the binding of the control plane at the
bottom of the network layer with the data forwarding plane at the top of data link layer.
MPLS is a hybrid of a traditional network layer-3 routing protocols and layer-2 switching technologies
MPLS is not a new network layer protocol because it does not have its own routing capabilities and addressing schemes
MPLS is designed to work over many of the data layer technologies that provides requisite layer-2 addressing and functionality
MPLS is a “Layer 2.5 Technology”
DIT
Benefits of MPLS The use of one unified network infrastructure
Better IP over ATM integration
Border Gateway Protocol (BGP) - free core
The peer-to-peer model for MPLS VPN
Optimal traffic flow
Traffic engineering (TE)
DIT
MPLS Labels Are 4 byte identifiers used for forwarding
decisions Define the destination and services for a
packet Identify a forwarding equivalence class
(FEC) Have local significance
Each LSR independently maps a label to an FEC in a label binding.
Label bindings are exchanged between LSRs.
FEC and MPLS Forwarding An FEC is a group of packets forwarded:
In the same manner Over the same path With the same forwarding treatment
MPLS packet forwarding consists of: Assigning a packet to a specific FEC Determining the next hop of each FEC
MPLS forwarding is connection-oriented.
MPLS Label Format
MPLS uses a 32-bit label field that contains the information that follows: 20-bit label (a number) 3-bit experimental field (typically used to carry
IP precedence value or QoS) 1-bit bottom-of-stack indicator (indicates
whether this is the last label before the IP header)
8-bit TTL (equal to the TTL in the IP header)
MPLS Labels Label Spaces :Each label space consists of the assignable
labels from 0-1048575 (0-15 Reserved) Two basic notions of using label spaces
Per-Platform Label Space Per-Interface Label Space
Per-Platform Label Space There is one set of labels for the entire LSR All interfaces share this common label pool
Per-Interface Label Space Each interface has its own label pool Used particularly with ATM-LSRs
Decision to choose the label platform to be implemented on a particular LSR is a function of how the interfaces are used
DIT
MPLS Labels MPLS technology is intended to be used
anywhere regardless of Layer 1 media and Layer 2 encapsulation.
Frame-mode MPLS is MPLS over a frame-based Layer 2 encapsulation The label is inserted between the Layer 2 and
Layer 3 headers. Cell-mode MPLS is MPLS over ATM.
The fields in the ATM header are used as the label.
MPLS Labels: Frame-Mode MPLS
MPLS Label Stack Usually only one label is assigned to a packet, but
multiple labels in a label stack are supported. These scenarios may produce more than one label:
MPLS VPNs (two labels): The top label points to the egress router, and the second label identifies the VPN.
MPLS TE (two or more labels): The top label points to the endpoint of the traffic engineering tunnel and the second label points to the destination.
MPLS VPNs combined with MPLS TE (three or more labels).
Example: MPLS Label Stack
The outer label is used for switching the packet in the MPLS network (points to the TE destination).
Inner labels are used to separate packets at egress points (points to egress router and identifies VPN).
Example: MPLS Label Stack Format
The PID in a Layer 2 header specifies that the payload starts with a label (labels) followed by an IP header.
The bottom-of-stack bit indicates whether the label is the last label in the stack.
The receiving router uses the top label only.
DIT
MPLS Terminology Label Distribution Protocol (LDP): protocol which
associates a set of destinations with each LSP. Label Switched Path (LSP): Refer to the path through which
an FEC is transmitted in the MPLS network. Two options to set up LSP are hop-by- hop routing and explicit routing.
Forwarding Equivalence Class (FEC): Group of packets that share the same requirement.
Label Switching Router (LSR): High speed router that operates in the core of MPLS network.
Label Edge Router (LER): Operates at the end of the access network and MPLS network.
MPLS Label Operations An LSR can perform these functions:
Insert (impose or push) a label or a stack of labels on ingress edge LSR
Swap a label with a next-hop label or a stack of labels in the core
Remove (pop) a label on egress edge LSR Multiple Push – adding multiple labels up to 3 Swap and Push – replace the existing top of the
label stack with a new label followed by pushing another new label on top
DIT
Route at Edge, Switch in Core
IP ForwardingLABEL SWITCHINGIP Forwarding
IP IP #L1 IP #L2 IP #L3 IP
DIT
MPLS Example
Only edge routers must perform a routing lookup. Core routers switch packets based on simple label lookups
and swap labels.
L=5L=3
10.1.1.110.1.1.1
Routing lookup and
label assignment10.0.0.0/8 L=5
Label swappingL=5 L=3
Label removal and
routing lookupL=3
DIT
MPLS Versus IP over ATM
Layer 2 devices are IP-aware and run a routing protocol.
There is no need to manually establish virtual circuits.
MPLS provides a virtual full mesh topology.
10.1.1.1L=5L=3
L=1710.1.1.1
Layer 2 devices run a Layer 3 routing protocol
and establish virtual circuits dynamically based
on Layer 3 information
MPLS Label Operations: Frame Mode
• On ingress, a label is assigned and imposed.• LSRs in the core swap labels based on the contents of the label
forwarding table.• On egress, the label is removed and a routing lookup is used to
forward the packet.
DIT
MPLS: How Does It Works
UDP-Hello
UDP-Hello
TCP-open
TIME
TIME
Label requestIP
Label mapping#L2
Initialization(s)
MPLS Applications MPLS is already used in many different
applications: Unicast IP routing Multicast IP routing MPLS TE (Traffic Engineering) QoS MPLS VPNs (Virtual Private Networks) Any Transport over MPLS (AToM)
DIT
MPLS Architecture MPLS has two major components:
Control plane —exchanges Layer 3 routing information and labels
Data plane —forwards packets based on labels Control plane contains complex mechanisms to exchange
routing information, such as Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Intermediate System-to-Intermediate System (IS-IS), and BGP, and to exchange labels, such as Tag Distribution Protocol (TDP), Label Distribution Protocol (LDP), BGP, and Resource Reservation Protocol (RSVP).
Data plane has a simple forwarding engine.
Control plane maintains contents of the label-switching table (label forwarding information base, or LFIB).
DIT
MPLS Architecture
Router functionality is divided into two major parts: control plane and data plane
Data Plane
Control Plane
OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8Label 17
OSPF
LDP
LFIB
LDP: 10.0.0.0/8Label 4
OSPF: 10.0.0.0/8
417Labeled packet
Label 4Labeled packet
Label 17
DIT
MPLS Domain
MPLS Forwarding ( Frame Mode)
On ingress a label is assigned and imposed by the IP routing process.
LSRs in the core swap labels based on the contents of the label forwarding table.
On egress the label is removed and a routing lookup is used to forward the packet.
10.1.1.1
IP Lookup10.0.0.0/8 label 3
LFIBlabel 8 label 3
IP Lookup10.0.0.0/8 label 5
LFIBlabel 3 label 5
IP Lookup10.0.0.0/8 next hop
LFIBlabel 5 pop
10.1.1.13 10.1.1.15 10.1.1.1
DIT
MPLS Domain
MPLS Forwarding (Cell-Mode)
Labels (VPI/VCI) are imposed during the IP lookup process on ingress ATM edge LSRs. Packets are segmented into cells.
ATM LSRs in the core swap labels based on the contents of the ATM switching table. ATM LSRs cannot forward IP packets.
On egress ATM edge LSRs the labels are removed (cells are reassembled into packets) and a routing lookup is used to forward packets.
10.1.1.1
IP Lookup10.0.0.0/8 label 1/3
LFIBlabel 8 label 1/3
IP Lookup10.0.0.0/8 Next hop
LFIBlabel 1/5 pop
10.1.1.1
IP Lookup10.0.0.0/8 label 1/5
LFIBlabel 1/3 label 1/5
1/3 1/3 1/3 1/3 1/5 1/5 1/5 1/5
DIT
Protocol operation of MPLS Representative 2 implementations
LDP (Label Distribution Protocol) ordinary routing based IP
RSVP-TE (Traffic Engineering) Enable explicit routing Expand RSVP (ReSource reserVation Protocol)
Messages transferred according to IP routing
LSP: Label Switched Path
LSR-1 LSR-2 LSR-3 LSR-4ingress Egress
Label RequestLabel Request Label Request
Label=40Label Mapping
Label MappingLabel Mapping Label=30
Label=50
Data Transfer
IP 50 IP 30 IP 40
Path set up
Request
responce
LSR: Label Switch Router
DIT
Forwarding Equivalence Classes
• FEC = “A subset of packets that are all treated the same way by a router”• The concept of FECs provides for a great deal of flexibility and scalability• In conventional routing, a packet is assigned to a FEC at each hop (i.e., L3 look-up), in MPLS it is only done once at the network ingress
Packets are destined for different address prefixes, but can bemapped to common path
IP1
IP2
IP1
IP2
LSRLSRLER LER
LSP
IP1 #L1
IP2 #L1
IP1 #L2
IP2 #L2
IP1 #L3
IP2 #L3
DIT
MPLS Built on Standard IP
47.1
47.247.3
Dest Out47.1 147.2 247.3 3
1
23
Dest Out47.1 147.2 247.3 3
Dest Out47.1 147.2 247.3 3
1
23
1
2
3
• Destination based forwarding tables as built by OSPF, IS-IS, RIP, etc.
DIT
IntfIn
LabelIn
Dest IntfOut
3 0.40 47.1 1
IntfIn
LabelIn
Dest IntfOut
LabelOut
3 0.50 47.1 1 0.40
MPLS Label Distribution
47.1
47.247.3
1
2
31
2
1
23
3IntfIn
Dest IntfOut
LabelOut
3 47.1 1 0.50 Mapping: 0.40
Request: 47.1
Mapping: 0.50
Request: 47.1
DIT
Label Switched Path (LSP)
IntfIn
LabelIn
Dest IntfOut
3 0.40 47.1 1
IntfIn
LabelIn
Dest IntfOut
LabelOut
3 0.50 47.1 1 0.40
47.1
47.247.3
1
2
31
2
1
23
3IntfIn
Dest IntfOut
LabelOut
3 47.1 1 0.50
IP 47.1.1.1
IP 47.1.1.1
DIT
IntfIn
LabelIn
Dest IntfOut
3 0.40 47.1 1
IntfIn
LabelIn
Dest IntfOut
LabelOut
3 0.50 47.1 1 0.40
47.1
47.247.3
1
2
31
2
1
23
3
IntfIn
Dest IntfOut
LabelOut
3 47.1.1 2 1.333 47.1 1 0.50
IP 47.1.1.1
IP 47.1.1.1
Explicitly Routed LSP (ER-LSP)
DIT
ER LSP - Advantages Operator has routing flexibility (policy- based, QoS-based)
Can use routes other than shortest path
Can compute routes based on constraints in exactly the same manner as ATM based on distributed topology database. (Traffic Engineering)
DIT
IP and ATM IntegrationIP over ATM VCs
• ATM cloud invisible to Layer 3 Routing
• Full mesh of VCs within ATM cloud
• Many adjacencies between edge routers
• Topology change generates many route updates
• Routing algorithm made more complex
• ATM network visible to Layer 3 Routing
• Singe adjacency possible with edge router
• Hierachical network design possible
• Reduces route update traffic and power needed to process them
IP over MPLS
DIT
Label Switch Router (LSR)
Label switch router (LSR) primarily forwards labeled packets (label swapping)
Edge LSR primarily labels IP packets and forwards them into MPLS domain, or removes labels and forwards IP packets out of the MPLS domain
MPLS Domain
Edge LSR LSR
10.1.1.1 L=3 L=5
L=43L=3120.1.1.1
10.1.1.1
20.1.1.1
DIT
Architecture of LSRsLSRs, regardless of the type, perform the following three functions:
Exchange routing information
Exchange labels
Forward packets (LSRs and edge LSRs) or cells (ATM LSRs and ATM edge LSRs)
The first two functions are part of the control plane.
The last function is part of the data plane.
DIT
Architecture of LSRs
LSRs primarily forward labeled packets or cells (ATM LSRs).
LSR
Control Plane
Data Plane
Routing Protocol
Label Distribution Protocol
Label Forwarding Table
IP Routing Table
Exchange ofrouting information
Exchange oflabels
Incoming labeled packets Outgoing
labeled packets
DIT
Architecture of Edge LSRs
Note: ATM edge LSRs can only forward cells.
Edge LSR
Control Plane
Data Plane
Routing Protocol
Label Distribution Protocol
Label Forwarding Table
IP Routing Table
Exchange ofrouting information
Exchange oflabels
Incoming labeled packets
Outgoing labeled packets
IP Forwarding Table
Incoming IP packets Outgoing
IP packets
MPLS VPN Technology
DIT
Traditional Router-Based Networks
Traditional router-based networks connect customer sites through routers connected via dedicated point-to-point links.
Virtual Private Networks
• VPNs replace dedicated point-to-point links with emulated point-to-point links sharing common infrastructure.
• Customers use VPNs primarily to reduce their operational costs.
VPN Terminology
VPN Terminology (Cont.)
VPN Implementation Models A VPN is an IP network infrastructure that
delivers private network services over a public infrastructure.
VPN services can be offered based on two major models: Overlay VPNs, in which the service provider
provides virtual point-to-point links between customer sites
Peer-to-peer VPNs, in which the service provider participates in the customer routing
Overlay VPNs:Redundant Hub-and-Spoke
Topology
Overlay VPNs: Layer 3 Routing
The service provider infrastructure appears as point-to-point links to customer routes.
Routing protocols run directly between customer routers.
The service provider does not see customer routes and is responsible only for providing point-to-point transport of customer data.
Peer-to-Peer VPNs:Implementation Techniques
Benefits of VPN Implementations Overlay VPN:
Well-known and easy to implement Service provider does not participate in customer
routing Customer network and service provider network
are well-isolated Peer-to-peer VPN:
Guarantees optimum routing between customer sites
Easier to provision an additional VPN Only sites provisioned, not links between them
Drawbacks of VPN Implementations Overlay VPN:
Implementing optimum routing requires a full mesh of virtual circuits. Virtual circuits have to be provisioned manually. Bandwidth must be provisioned on a site-to-site basis. Overlay VPNs always incur encapsulation overhead.
Peer-to-peer VPN: The service provider participates in customer routing. The service provider becomes responsible for customer
convergence. PE routers carry all routes from all customers. The service provider needs detailed IP routing knowledge.
VPN Business Category VPNs can be categorized based on the
business needs that they fulfill: Intranet VPNs connect sites within an
organization.
Extranet VPNs connect different organizations in a secure way.
Access VPNs provides dialup access into a customer network.
VPN Connectivity Category VPNs can also be categorized according to the
connectivity required between sites: Simple VPN: Every site can communicate with
every other site. Overlapping VPNs: Some sites participate in
more than one simple VPN. Central services VPN: All sites can
communicate with central servers but not with each other.
Managed network: A dedicated VPN is established to manage CE routers.
Drawbacks of Traditional Peer-to-Peer VPNs
Shared PE router: All customers share the same
(provider-assigned or public) address space. High maintenance costs are associated with packet
filters. Performance is lower - each packet has to pass a
packet filter. Dedicated PE router:
All customers share the same address space. Each customer requires a dedicated router at each
Point of Presence (POP).
MPLS VPN Architecture An MPLS VPN combines the best features
of an overlay VPN and a peer-to-peer VPN: PE routers participate in customer routing,
guaranteeing optimum routing between sites and easy provisioning.
PE routers carry a separate set of routes for each customer (similar to the dedicated PE router approach).
Customers can use overlapping addresses.
MPLS VPN Architecture:Terminology
Note:• PE Router = Edge LSR• P Router = LSR
PE Router Architecture
• PE router in an MPLS VPN uses virtual routing tables to implement the functionality of customer dedicated PE routers.
Propagation of Routing Information
Across the P-Network
Question: How will PE routers exchange customer routing information?Option #1: Run a dedicated IGP for each customer across the P-network.This is the wrong answer for these reasons:• The solution does not scale.• P routers carry all customer routes.
Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will PE routers exchange customer routing information?Option #2: Run a single routing protocol that will carry all customer routes inside the provider backbone.
Better answer, but still not good enough:• P routers carry all customer routes.
Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will PE routers exchange customer routing information?Option #3: Run a single routing protocol that will carry all customer routes between PE routers. Use MPLS labels to exchange
packets between PE routers.The best answer:
• P routers do not carry customer routes; the solution is scalable.
Propagation of Routing Information
Across the P-Network (Cont.)
Question: Which protocol can be used to carry customer routes between PE routers?
Answer: The number of customer routes can be very large. BGP is the onlyrouting protocol that can scale to a very large number of routes.
Conclusion:BGP is used to exchange customer routes directly between PE routers.
Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will information about the overlapping subnetworks of two customers be propagated via a single routing protocol? Answer: Extend the customer addresses to make them
unique.
Route Distinguishers (RD) RD converts non-unique IP addresses into unique VPN-
IPv4 addresses. The resulting address is a VPNv4 address. VPNv4 addresses are exchanged between PE routers
via BGP. BGP that supports address families other than IPv4
addresses is called MP-BGP. A similar process is used in IPv6:
64-bit route distinguisher is prepended to a 16-byte IPv6 address.
The resulting 24-byte address is a unique VPNv6 address. RDs are assigned by Service Provider (SP)
Route Distinguishers (Cont.)
Route Distinguishers (Cont.)
RDs: Usage in an MPLS VPN The RD has no special meaning.
The RD is used only to make potentially overlapping IPv4 addresses globally unique.
The RD is used as a VPN identifier, but this design could not support all topologies required by the customers.
Requirements:• All sites of one customer need to communicate.• Central sites of both customers need to communicate with VoIP
gateways and other central sites.• Other sites from different customers do not communicate with each other.
Is the RD Enough?VoIP Service Sample
The Need for Route Targets (RTs Some sites have to participate in more
than one VPN. The RD cannot identify participation in
more than one VPN. RTs were introduced in the MPLS VPN
architecture to support complex VPN topologies. A different method is needed in which a set
of identifiers can be attached to a route.
What are RTs? RTs are additional attributes attached to VPNv4
BGP routes to indicate VPN membership.
Extended BGP communities are used to encode these attributes. Extended communities carry the meaning of the
attribute together with its value.
Any number of RTs can be attached to a single route.
RTs: How Do They Work? Export RTs:
Identifying VPN membership Appended to the customer route when it is
converted into a VPNv4 route
Import RTs: Associated with each virtual routing table Select routes to be inserted into the virtual
routing table
VPNs Redefined With the introduction of complex VPN
topologies, VPNs have had to be redefined: A VPN is a collection of sites sharing common
routing information. A site can be part of different VPNs. A VPN can be seen as a community of interest
(closed user group). Complex VPN topologies are supported by
multiple virtual routing tables on the PE routers.
Impact of Complex VPN Topologies on Virtual
Routing Tables A virtual routing table in a PE router can be used only for sites with identical connectivity requirements.
Complex VPN topologies require more than one virtual routing table per VPN.
As each virtual routing table requires a distinct RD value, the number of RDs in the MPLS VPN network increases.
Impact of Complex VPN Topologies on Virtual
Routing Tables (Cont.)
MPLS VPN Routing Requirements CE routers have to run standard IP
routing software.
PE routers have to support MPLS VPN services and IP routing.
P routers have no VPN routes.
MPLS VPN Routing:CE Router Perspective
The CE routers run standard IP routing software and exchange routing updates with the PE router. EBGP, OSPF, RIPv2, EIGRP, and static routes are
supported. The PE router appears as another router in the C-network.
MPLS VPN Routing:Overall Customer
Perspective
To the customer, the PE routers appear as core routers connected via a BGP backbone.
The usual BGP and IGP design rules apply. The P routers are hidden from the customer.
MPLS VPN Routing:P Router Perspective
• P routers do not participate in MPLS VPN routing and do not carry VPN routes.
• P routers run backbone IGP with the PE routers and exchange information about global subnetworks (core links and loopbacks).
MPLS VPN Routing:PE Router Perspective
PE routers:Exchange VPN routes with CE routers via per-VPN routing protocols.Exchange core routes with P routers and PE routers via core IGP.Exchange VPNv4 routes with other PE routers via MP-IBGP sessions.
Support for Existing Internet Routing
PE routers can run standard IPv4 BGP in the global routing table: PE routers exchange Internet routes with other PE routers. CE routers do not participate in Internet routing. P routers do not need to participate in Internet routing.
Routing Tables on PE Routers
PE routers contain a number of routing tables: The global routing table contains core routes (filled with core IGP)
and Internet routes (filled with IPv4 BGP). The VRF tables contains routes for sites of identical routing
requirements from local (IPv4 VPN) and remote (VPNv4 via MP-BGP) CE routers.
End-to-End Routing Update Flow
PE routers receive IPv4 routing updates from CE routers and install them in the appropriate VRF table.
PE routers export VPN routes from VRF tables into MP-BGP and propagate them as VPNv4 routes to other PE routers.
End-to-End Routing Update Flow (Cont.)
End-to-End Routing Update Flow:
MP-BGP Update An MP-BGP update contains these elements: VPNv4 address Extended communities
(route targets, optionally SOO) Label used for VPN packet forwarding Any other BGP attribute (for example,
AS path, local preference, MED, standard community)
• The receiving PE router imports the incoming VPNv4 routes into the appropriate VRF based on route targets attached to the routes.
• The routes installed in the VRFs are propagated to the CE routers.
End-to-End Routing Update Flow (Cont.)
Route Distribution to CE Routers
A route is installed in the site VRF if it matches the import route target attribute.
Route distribution to CE sites is driven by the following: Route targets SOO attribute if defined
What Is Multi-VRF CE (VRF-Lite)? Multi-VRF CE (VRF-lite) is an application based on VRF implementation. VRF-lite supports multiple overlapping and
independent VRFs on the CE router. The CE router separates traffic between client
networks using VRFs. There is no MPLS functionality on the CE router.
No label exchange between the CE and PE router. No labeled packet flow between the CE and PE
router. Any routing protocol supported by normal VRF can
be used in a Multi-VRF CE implementation.
VPN Packet Forwarding Across an MPLS VPN
Backbone: Approach 1
Approach 1: The PE routers will label the VPN packets with an LDP label for the egress PE router, and forward the labeled packets across the MPLS backbone.
Results:• The P routers perform the label switching, and the packet reaches the
egress PE router.• Because the egress PE router does not know which VRF to use for
packet switching, the packet is dropped.
VPN Packet Forwarding Across an MPLS VPN
Backbone: Approach 2
Result:• The P routers perform label switching using the top label, and the packet
reaches the egress PE router. The top label is removed.• The egress PE router performs a lookup on the VPN label and forwards the
packet toward the CE router.
Approach 2: The PE routers will label the VPN packets with a label stack, using the LDP label for the egress PE router as the top label, and the VPN label assigned by the egress PE router as the second label in the stack.
VPN PHP
• Penultimate hop popping (PHP) on the LDP label can be performed on the last P router.
• The egress PE router performs label lookup only on theVPN label, resulting in faster and simpler label lookup.
• IP lookup is performed only once—in the ingress PE router.
VPN Label Propagation
Question: How will the ingress PE router get the second label in the label stack from the egress PE router?
Answer: Labels are propagated in MP-BGP VPNv4 routing updates.
Step 1: A VPN label is assigned to every VPN route by the egressPE router.
VPN Label Propagation (Cont.)
Step 2: The VPN label is advertised to all other PE routers in an MP-BGP update.
Step 3: A label stack is built in the VRF table.
MPLS VPNs and Packet Forwarding:
Summarization in the Core
MPLS-VPN Terminology and Definitions Provider Network (P-Network):The backbone under control
of a service provider Customer Network (C-Network):Network under customer
control CE-router: Part of the customer network and interfaces to a
PE router Site: Set of (sub)networks part of the customer network and
co-located. PE-router: Part of the provider network and interfaces to CE
routers P-router: Provider (core) router, without knowledge of VPN Border router: Provider edge router interfacing to other
provider networks
DIT
MPLS-VPN Terminology and Definitions VRF: VPN routing and forwarding instance Extended Community: BGP attribute used to identify a
route-origin, route-target Site of Origin Identifier (SOO): 64 bits identifying the site
where the route originated route target: 64 bits identifying the VRFs that should
receive the route Route Distinguisher: Attributes of each route used to
uniquely identify prefixes among VPNs (64 bits). VPN-IPv4 addresses: Normal IP address including the 64-
bit route distinguisher and the 32-bit IP address VPN-Aware network: A provider backbone where MPLS
PN is deployed
DIT
MPLS Traffic Engineering (TE) Overview
DIT
What Is Traffic Engineering? TE is a process of measures, models, and
controls of traffic to achieve various goals. TE for data networks provides an integrated
approach to managing traffic at Layer 3. Traffic engineering is manipulating your
traffic to fit your network. Network engineering is building your
network to carry your predicted traffic. TE is commonly used in voice telephony
networks.
Traffic Engineering Motivations Reduce the overall cost of operations by more
efficient use of bandwidth resources
Prevent a situation where some parts of a network are overutilized (congested), while other parts remain underutilized
Implement traffic protection against failures
Enhance SLA in combination with QoS
Business Drivers for Traffic Engineering Routers forward traffic along the least-cost route discovered
by routing protocols. Network bandwidth may not be efficiently utilized:
The least-cost route may not be the only possible route. The least-cost route may not have enough resources to carry all
the traffic. Alternate paths may be underutilized.
Lack of resources results in congestion in two ways: When network resources themselves are insufficient to
accommodate offered load When traffic streams are inefficiently mapped onto available
resources Some resources are overutilized while others remain
underutilized.
Congestion Avoidance and Traffic Engineering
Network congestion can be addressed by either: Expansion of capacity or classical congestion
control techniques (queuing, rate limiting, and so on)
Traffic engineering, if the problems result from inefficient resource allocation
The focus of TE is not on congestion created as a result of a short-term burst, but on congestion problems that are prolonged.
Traffic Engineering with a Layer 2 Overlay Model
The use of the explicit Layer 2 transit layer allows very exact control of how traffic uses the available bandwidth.
PVCs or SVCs carry traffic across Layer 2. Layer 3 at the edge sees a complete mesh.
Traffic Engineering with a Layer 2 Overlay Model:
Example
Traffic Engineering with a Layer 2 Overlay Model
(Cont.) Drawbacks of the Layer 2 overlay solution Extra network devices More complex network management:
Two-level network without integrated network management
Additional training, technical support, field engineering
IGP routing scalability issue for meshes Additional bandwidth overhead (“cell tax”) No differential service (class of service)
Layer 3 Model with No Traffic Engineering
Traffic Engineering with the MPLS TE Model
Tunnel is assigned labels that represent the path (LSP) through the system.
Forwarding within the MPLS network is based on labels (no Layer 3 lookup).
Traffic Engineering with the MPLS TE Model (Cont.) The MPLS TE LSPs are created by
RSVP.
The actual path can be specified: Explicitly defined by the system
administrator Dynamically defined using the
underlying IGP protocol
DIT
MPLS TE MPLS traffic engineering requires OSPF or
IS IS with extensions for MPLS TE as the IGP.
OSPF and IS-IS with extensions hold the entire topology in their databases.
OSPF and IS-IS should also have some additional information about network resources and constraints.
RSVP is used to establish traffic engineering tunnels (TE tunnels) and propagate labels.
Summary Traffic engineering measures, models, and controls
traffic to achieve various goals. TE is driven by inefficient bandwidth utilization. TE focuses on prolonged congestion problems. With the TE Layer 2 overlay model, routers are not
aware of the physical structure and bandwidth available on links.
With the TE Layer 3 model, the destination-based forwarding paradigm cannot handle the problem of overutilization of one path while an alternate path is underutilized.
TE with the MPLS TE model means that the routers use the MPLS label-switching paradigm.