multi-protocol label switching (mpls) - home | eecssugih/courses/eecs489/lectures/20-mpls... ·...
If you can't read please download the document
TRANSCRIPT
-
Computer Networks
Lecture20:
MPLS,andVPN Destination
Source1
Source2
Routercanforwardtrafficforthesame
destinationondifferentinterfaces/paths
Multi-ProtocolLabelSwitching(MPLS)Initialgoal:speedupintra-domainIPforwardingby
usingcircuitidentifiers(fixed-lengthlabels)instead
ofIPaddresses
borrowideasfromVCapproach(butIPdatagramstillkeepsIPaddress!)
LabelSwitching:CircuitAbstraction
Label-switchedpaths(LSPs):
pre-computeapathforeachflow aflowcanrangefromasingleconnectiontoapairofAPsoraggregatedAPs,etc.
pathsarenamedbythelabelatthepathsentrypointeachMPLSrouterusesadifferentlabeltoidentifyaflowdownstreamMPLSroutertellsupstreamneighboritslabelforeachflow
LabelSwapping
Ateachhop,MPLSroutersforwardpacketsto
outgoinginterfacebasedonlyonlabelvalue
(doesntevenlookatIPaddress)
uselabeltodetermineoutgoinginterface
replaceincominglabelwithneighborslabelfortheflow
MPLSforwardingtabledistinctfromIPforwardingtables
A1 2
3
A 2 D
TagOutNew
D
-
LabelDistribution
Signalingprotocolneededtosetupforwarding
responsiblefordisseminatingsignalinginformation LabelDistributionProtocol(LDP) RSVPforTrafficEngineering(RSVP-TE)
allowsforforwardingalongpathsnototherwiseobtainedfromIProuting(e.g.,source-specificrouting)
mustco-existwithIP-onlyrouters
Destination
Source1
Source2
MPLSEncapsulationPutanMPLSheaderinfrontofIPpacket
MPLSheaderincludesalabel
PPPorEthernetheader IPheader remainderoflink-layerframeMPLSheader
label ToS S TTL
20bits 3 1 5
IPpacket
MPLSheader
ToS&TTLcopiedfromIP
S:1ifbottomoflabelstack
Network(layer3):IPlayer2.5?:MPLS
DataLink(layer2):Ethernet,FrameRelay,
ATM,PPP,etc.
Physical(layer1)
BGP-FreeBackboneCore
A
B
R2
R1
R3
R4
C
D
12.11.1.0/24
eBGP
iBGP
labelbasedonthe
destinationprefix
RoutersR2andR3dontneedtospeakBGP
VPNsWithPrivateAddressesWhyVPN?
CustomerhasseveralgeographicallydistributedsiteswantsprivatecommunicationsoverthepublicnetworkwantsauniqueIPnetworkconnectingthesites
singleIPaddressingplan virtualleasedlineconnectingthesites guaranteedqualityofservice
Providershaveoverprovisionedbackboneswanttosellpseudo-wires(leasedlines)thatallowforincreasedbackboneutilization
wanttechnologythathas lowconfigurationandmaintenancecosts isscalabletothenumberofcustomers,i.e.,corestatesdependontopology,notnumberofcustomers
-
Recall:Customer-basedVPN
Encryptpacketsatnetworkentryanddecryptatexit
Eavesdroppercannotsnoopthedata
ordeterminetherealsourceanddestination
NetworkVPNs
Customerbased: customerbuysownequipment,configuresIPSectunnelsacrossthe
globalInternet,manages
addressingandrouting
ISPplaysnorole customerhasmorecontroloversecurityandISPchoices,but
requiresskills
Site Site
Site Site
CE CE
CE CE
Internet
Providerbased: providermanagesallthecomplexityoftheVPN,
usuallywithMPLS
customersimplyconnectstotheproviderequipment
Site Site
Site Site
ISP PE PE
PE PE
CE
CE CE
CE
TypesofMPLSRouters
Customeredge(CE)routers:
donotspeakMPLS,donotrecognizelabelsatall
speakeBGPwithMPLSroutersonprovidernetworktoadvertiseAPs
orstaticallyconfiguredwithallocatedAPs
advertises
12.11.1.0/24 usingeBGP
reachabilityof
12.11.1.0/24 advertisedusingeBGP
CE CEA B C D
MPLSRouters
Providerrouters:
provideredge(PE):routersAandE push(atingress)orpop(ategress)labelontostack
forwardIPpacketsto/fromcustomerrouters
core(P):routersB,C,andD swap(pop+push)labelontopofstack
doesntinteractwithcustomerrouters
advertises
12.11.1.0/24 usingeBGP
reachabilityof
12.11.1.0/24 advertisedusingeBGP
CE CEA B C D
inner
label
-
Provider-basedVPNLayer3BGP/MPLSVPNs(RFC2547)providesisola,on:mul,plelogicalnetworksoverasingle,sharedphysicalinfrastructure
usesBGPtoexchangeroutes
eBGPtoannounceAPs
toPErouters
MPLStoforwardtraffic
tunneling:Pcoreroutersdonthave
todorouting,just
labelswitching
PEedge
router
PEedge
router
Pcore
router
CEcustomer
router
CEcustomer
router
High-LevelOverviewofOperation
IPpacketsarriveatprovider
edge(PE)router
DestinationIPlookedupin
virtualforwardingtable therearemultiplesuchtables,onepercustomer
Datagramsenttocustomersnetworkusing
tunneling(i.e.,anMPLSlabel-switchedpath)
ToUseLevel3BGP/MPLSVPNTwostepsneeded:
1.setuptheVPN
2.forwardpacketsontheVPN
IdentifyingaBGP/MPLSVPN
ThreethingsareneededtoidentifyaBGP/MPLSVPN
1. innerlabel:awayfortheprovideredge(PE)routersateachendofaVPNtoassociateaVPNwithitsownerscustomer
edge(CE)router
2.VPN-APs:awayforthecustomersaddressprefixes(APs)tobeadvertisedbyBGP
theissueis:sincecustomerscanuseprivateaddressranges(10/8,172.16/12,and192.168/16),howtodifferentiatethesameprivateaddressrangethathasbeenchosenandusedbydifferentcustomers?
3.outerlabel:theMPLSlabelsusedbyproviderscore(P)routerstoidentifyaVC
-
Setup:InnerLabelProvider-edge(PE)routers:
setupaVirtualRoutingandForwarding(VRF)tableforeachcustomerAP
theVRFIDservesastheinnerlabelfortheVPN
VRFID:C1
VRFID:C2
10.0.1.0/24 VPNID(RD):Tan
10.0.1.0/24 VPNID(RD):Salmon
10.0.1.0/24
10.0.1.0/24
Customer1
Customer2
Setup:VPN-APsProvider-edge(PE)routers:
useMulti-ProtocolBGPsRouteDistinguisher(RD)astheVPNIDtodifferentiatethesameAPsofdifferentcustomers
useMP-BGPtoannounceVPN-APsreachability,alongwiththeirinnerlabels
runsiBGPtootheredgerouterstodistributeVPN-APreachabilities
VRFID:C1
VRFID:C2
10.0.1.0/24 VPNID(RD):Tan
10.0.1.0/24 VPNID(RD):Salmon
10.0.1.0/24
10.0.1.0/24
Customer1
Customer2
Setup:OuterLabelBothprovider-edge(PE)andcore(P)routers:
runMPLSuseLDP(LabelDistributionProtocol)tosetupouterlabelsforforwarding
thePErouteradvertisingacustomerAP(i.e.,thedestinationoregressrouter)initiatesLDPtodistributelabels
22
inner
label
TouseLevel3BGP/MPLSVPNTwostepsareneededtousealevel3BGP/MPLSVPN:
1.SetuptheVPN
2.ForwardpacketsontheVPN
-
ForwardinginBGP/MPLSVPNs
Step1:packetarrivesfromCErouteratPEroutersincominginterface lookupcustomersVRFtodetermineegressPEandinnerlabel(LabelI)
Step2:egressPElookup,addcorrespondingouterlabel(LabelO,alsoatcustomersVRF)
IPDatagramLabel
I
IPDatagramLabel
ILabel
O
Forwarding
IngressPErouterencapsulatesIPpacketinMPLSwithouterandinnerlabels
Two-labelstackisusedforpacketforwardingtoplabelindicatesnext-hopProuter(outerlabel)secondlabelindicatesoutgoingCEinterface/VRF(innerlabel)
IPDatagramLabel
ILabel
OLayer2Header
Correspondstolabelof
next-hop(P)
CorrespondstoVRF/
interfaceatexit
ForwardingonBGP/MPLSVPNsSourceCEroutersendsIPpackettoingressPErouter
thatadvertisesdestinationAP
IngressPErouterlooksupegressPEroutersvirtual
interfaceaddressandtheinnerlabelfordestinationAP,
thenencapsulatesIPpacketinMPLSwithouterand
innerlabels
CoreProutersalongthepathswapouterlabels
PenultimatecoreProuterpopouterlabelonly
EgressPErouterusesinnerlabeltolookupVRFand
forwardpackettocustomerCErouter
PacketForwarding
-
AdvantagesofMPLSVPNCustomersaddingorchangingAPsdoesnotrequire
manualconfigurationatprovider
CoreProutersdonotneedtoknowcustomersCE
routersorAPsforwardingtablesonlyneedtoscaletonumberofedgePErouters,notnumberof
customers,APs,orVPNs
Theonlymanualconfigurationsrequiredareatthe
edgePErouters:VRFIDandcustomersCEroutersIPaddressMP-BGPRouteDistinguisherasVPNID
StatusofMPLSDeployedinpractice
BGP-freebackbone/core
VirtualPrivateNetworks
Trafficengineering
Challenges
protocolcomplexity
configurationcomplexity
difficultyofcollectingmeasurementdata