diseños de red basados en mpls

Diseños de red basados en MPLS2011

Carlos Nicasio

[email protected]

Diseños de Red Basados en MPLS

Contents

2

- ¿Por qué MPLS?

- MPLS L3 VPNs

- Metro Ethernet: Diseños más comunes

- Metro Ethernet: Cisco EVC Framework

- Hardware

¿Por qué MPLS?


Why MPLS?

• Needed a single infrastructure that supports multitude of applications in a secure manner

• Provide a highly scalable mechanism

• Load balance traffic to utilize network bandwidth efficiently

• Allow core routers/networking devices to switch packets based on some simplified header

• Leverage hardware so that simple forwarding paradigm can be used

Examine MPLS and Layer 3 Routing Limitations


L3 Routing LimitationsTraditional IP Forwarding


L3 Routing Limitations (Cont.)

Traffic Engineering Using Traditional IP Forwarding


MPLS Architecture

What Is MPLS?


Control Plane and Data Plane

MPLS Functionality


Frame-Mode

MPLS Modes of Operation


Label Headers

MPLS Label Format


Label Switched Router TypesLabel Switched Routers


The Process of MPLS Forwarding

MPLS Forwarding

Identify Applications that Use MPLS


Identify MPLS as an Application-driven TechnologyMPLS Applications


Identify MPLS as an Application-driven Technology (Cont.)Unicast IP Routing


Identify MPLS as an Application-driven Technology (Cont.)MPLS Traffic Engineering


Identify MPLS as an Application-driven Technology (Cont.)MPLS TE Example

• Some traffic from the upper (overutilized) path should be moved to the lower path.


Identify MPLS as an Application-driven Technology (Cont.)Quality of Service


Identify MPLS as an Application-driven Technology (Cont.)Virtual Private Networks


Identify MPLS as an Application-driven Technology (Cont.)VPN Example


Identify MPLS as an Application-driven Technology (Cont.)Layer 2 MPLS VPN


Identify MPLS as an Application-driven Technology (Cont.)Layer 2 MPLS VPN Example

VPN TechnologiesOverview


VPN TerminologyThe Components of a Generic VPN


Overlay VPN

Traditional VPN implementations were all based on the overlay paradigm:

The service provider sells physical-layer connectivity, or virtual circuits, or L2/L3 tunnels between customer sites as a replacement for dedicated point-to-point links.


Overlay VPN (Cont.)Example of Implementing an Overlay VPN


Peer-to-Peer VPN

The overlay VPN paradigm has a number of drawbacks (need to establish point-to-point links or VCs between customer sites).

To overcome this drawback and provide optimum data transport, the peer-to-peer concept was introduced.


Peer-to-Peer VPN (Cont.)

In a peer-to-peer VPN, the service provider participates in the customer routing, accepting customer routes, transporting them across the service provider backbone, and finally propagating them to other customer sites.


Peer-to-Peer VPN (Cont.)The Move from Overlay to Peer-to-Peer

• Customers and service provider peer directly using the same OSI-layer protocol - IP


The Major Categories of VPN

Benefits of the VPN Paradigms


The Major Categories of VPN (Cont.)

Drawbacks of the VPN Paradigms


MPLS Backbone

• VPNs can utilize virtually any VPN technology (Layer 3 MPLS VPNs, Frame Relay, ATM, TDM, leased line) on the edge of the backbone.

• All virtual VPN technologies use a single underlying MPLS backbone to forward VPN packets, frames or cells.

Benefits of deploy an MPLS Backbone


MPLS-based VPNs can provide VPN functionality using OSI Layers 2 and 3:

Layer 3 MPLS VPN is a peer-to-peer model where the MPLS VPN backbone and the VPN are exchanging Layer 3 routing information, and Layer 3 packets are transmitted across an MPLS-enabled IP backbone.

Layer 2 MPLS VPN is an Overlay model where Layer 2 frames or cells are transmitted across and MPLS-enabled IP backbone.

MPLS Layer 2 and Layer 3 VPN


MPLS Layer 2 and Layer 3 VPN (Cont.)

Layer 3 MPLS VPNs provide support for IPv4 protocol to be used inside a VPN:The customer routers use a routing protocol (or static route) to exchange routing information with the provider edge routers.The MPLS VPN backbone uses MP-BGP to propagate VPN routing information across the backbone.

Layer 3 MPLS VPN


Layer 2 MPLS VPNs provide support for OSI Layer 2 Protocols to be used inside a VPN:Point-to-point Layer 2 connections can be established over MPLS LSPs to provide support for Layer 2 protocols such as Frame Relay, ATM, PPP.Multipoint Layer 2 connections can be established to create virtual LANs across an MPLS backbone.

Layer 2 MPLS VPN



A single IP backbone can do the job of:

Internet service provisioning

Layer 3 MPLS VPN provisioning

Frame Relay trunk or PVC provisioning

ATM trunk or PVC provisioning

Leased line provisioning

TDM provisioning

Interworking between different Layer 2 technologies (e.g. Frame Relay ATM, Ethernet Frame Relay)



MPLS and Enterprise Networks

Metro Ethernet Designs


Centralized MPLS VPN Design


QinQ VLAN Encapsulation


Distributed MPLS VPN Design

Metro EthernetArquitectura EVCs


Flexible QinQ Introduction

Typical Metro Ethernet challengesL2 and L3 services on the same portFlexible service mappingFlexible VLAN matching and manipulationLocal VLAN significanceVLAN scaleH-QoS per VLAN…EVC based Flexible QinQ will meet all the above requirements


ServiceFlex

EoMPLS PW

Global VLAN 100 + SVI VPLS/EoMPLS

L3/VRFL2 Bridging

L3/VRF Termination

No global VLAN resource needed for xconnect VLAN Scalability

L2 and L3 co-exist on the same portFlexible L2/L3 service mapping

VLAN local port significance and VLAN ScalabilityH-QoS support on main-interface/sub-interface

VLAN 6

VLAN 7

VLAN 8

VLAN 6

VLAN 7

VLAN 9

Bridge-domain 100 [dot1q-tunnel][bpdu transparent | drop]

L3/VRF termination

Split-horizon option provide “isolation” between sub-interfaces

VLAN local port significance

Bridge-domain is global VLAN which has L2/L3 service associated

Have option to add second vlan tag or replace the encap vlan tagHave option to drop or transparently forward CE BPDU


Flexible VLAN tag

matching

H-QoS per VLAN

L3

EoMPLSVPLS

Local connect (P2P)Local Bridging (MP)

SecurityFlexible

VLANTag

rewrite

One service instance (EFP) can match one or multiple or range of VLANs at a time

Flexible QinQ Overview

Flexible L2/L3 service mapping, one or groups of EFPs can map to same EVC

Per service features

Flexible VLAN tag manipulation, pop/push/translate

• VLAN local port significance• Two VLAN tag aware• Flexible VLAN tag matching (combination of up to two tag)

Service instance (Ethernet Flow Point)

EVC


Interface

Flexible QinQ - EVC Control Point CLI

sub-interfaceservice instance X service instance Y

Per Port Per EVC Features

Per Port Per EVC Features

Per Sub-interfaceFeatures (L3)

interface <type><slot/port> service instance <id> ethernet <evc-name> ID is per interface scope. evc-name

is global unique in the network. All service instances should have the same evc-name if they are mapped to same EVC

<match criteria commands> VLAN tags, MAC, CoS, Ethertype

<rewrite commands> VLAN tags pop/push/translation

<forwarding commands> L2 P2P or MP <feature commands> QoS, ACL, etc

shapeaverage

shape average

priority

bandwidthChild

Parent VLAN

Layer 2 Services Bridging (VPLS via SVI)

xconnect (EoMPLS) Local Connect

L3 VRF


Flexible QinQ Configuration –flexible frame matching

Single tagged frame encapsulation dot1q {any | “<vlan-id>[,<vlan-id>[-<vlain-id>]]”} Vlan tag can be single, multiple or range or any (1-4096).

Double tagged frame (only look up to 2 tags if receive more than 2 tagged frames)encapsulation dot1q <vlan-id> second-dot1q {any | “<vlan-id>[,<vlan-id>[-<vlain-id>]]”}First vlan tag must be unique, second vlan tag can be any, unique, range or multiple

Default tagencapsulation dot1q defaultMatch all frames tagged or untagged that are not matched by other more specific service instances

untaggedencapsulation untaggedMatch no tagged frames

One service instance can match one, multiple or range of VLANs simplify configuration and operation, improve performance, more scale


Flexible QinQ Configuration –flexible encapsulation rewriteRouter(config-if-srv)#[no] rewrite ingress tag … symmetric push {dot1q <vlan-id> | dot1q <vlan-id> second-dot1q <vlan-id>} add 1 or 2 tag pop {1 | 2} remove outer 1 or 2 tag translate translate vlan tag

1-to-1 dot1q <vlan-id>2-to-1 dot1q <vlan-id>1-to-2 dot1q <vlan-id> second-dot1q <vlan-id>2-to-2 dot1q <vlan-id> second-dot1q <vlan-id>

“symmetric” – any rewrite on ingress, do the reverse rewrite on egress. For example,

“rewrite ingress tag push dot1q 100 symmetric” =

“rewrite ingress tag push dot1q 100” +

“rewrite egress tag pop 1”

Note, we only support “rewrite ingress” with “symmetric” keyword. Not support “rewrite egress” configuration. “symmetric” is MUST configuration, not optional


EoMPLS

VPLS

Local Connect, including hair pinning

Local Bridging

Flexible QinQ Configuration –flexible service mapping/forwarding

EoMPLS

connect test gig1/0/0 10 gig1/0/1 20

xconnect …

xconnect vfi …

bridge-domain 100 [split-horizon] put multiple EFPs into one global VLAN for L2 bridging split-horizon option to enable/disable bridging between EFPsinterface vlan 100 xconnect … or ip address … L2/L3 service associated to bridge-domain (global VLAN)

Service instance (Ethernet Flow Point)

EVC

BD


EFP – Ethernet Flow Point

EVC – Ethernet Virtual Circuit

VPLS

EoMPLS PW

EoMPLS PW

EoMPLS PW

L3 subI/F

EFPs:VLAN (802.1q/802.1ad)

X

VLANxlate1:1, 2:21:2

Multipoint EVC

P2P EVC

P2P EVC

Multipoint EVC

Bridging

Bridging

Routing

EFPs: VLAN (802.1q/QinQ)

EVC Infrastructure Overview

Hardware


Cisco ASR9000 Aggregation Service Router 6 and 10 slot chassis 1+1 RSP, SSO, NSR 180 Gbps per slot, Tbps fabrics. IOS XR Operating System, microkernel

based/modular OS EVC Framework (up to 32K EFPs per slot) HQoS (up to 256K queues per slot) High 10GE density (up to 24x10GE per

slot)


Cisco Metro 3600X Access Switches

Advanced Access 24xGE+2x10GE Redundant Power Supplies (AC/DC) 65Mpps EVC Framework (4000 EFPs) MPLS, MPLS TE, EoMPLS, MPLS VPNs HQoS on all ports 4K Egress Queues


Cisco Metro 3800X Switch Router

Advanced Access 24xGE+2x10GE Redundant Power Supplies (AC/DC) 65Mpps EVC Framework (16000 EFPs) MPLS, MPLS TE, EoMPLS, VPLS, MPLS VPNs HQoS on all ports 32K Egress Queues

Thank you

Carlos [email protected]

diseños de red basados en mpls

Technology

mpls vpn diseos

mpls architecturewhat

mpls vpn example diseos

red basados en mpls2011carlos

mpls traffic engineeringdiseos

mpls te example

process of mpls forwardingmpls

contents por qu mpls