performance analysis of mpls vpn vs. ip...
TRANSCRIPT
Performance Analysis Of Performance Analysis Of Performance Analysis Of Performance Analysis Of
MPLS VPN vs. IP VPNMPLS VPN vs. IP VPNMPLS VPN vs. IP VPNMPLS VPN vs. IP VPN
Graduation project submitted to Sana'a University - Faculty of Computer and
Information Technology as part of the requirements for Bachelor degree in
Computer and Information Technology - Department of Network and
information Security for the year 2014 - 2015
Republic of Yemen
Sana’a University
Faculty of Computer and IT
Department of Network
&Information Security
جامعـــة صنــعاء وتكنولوجياكلية الحاسوب
المعلوماتوأمنية المعلومات قسم الشبكات
Student Numbers(IDs) Student Names
حمد أحمد المجاهدـعبد العزيز م 12/204
جميل حفظ هللا الزيدار 12/177
حمد أحمد السياغيـتوفيق م 12/176
عدنان عبد هللا اليعري 12/208
هشام عبد هللا يحيى الفالحي 12/214
ناجي مسعد ناجي الجراف 12/158
/إعداد
علي الشرفي. د / إشراف
������ ���� � ���
MPLS VPN / IP VPN
2
MPLS VPN / IP VPN
3
@¶bÈm@ë@éãbzj�@�a@ÞbÓZM @@@I@ćåßûŽß@flìçflë@órã�c@ëc@‹×ˆ@åß@"b¨b–@ÝàÇ@åß
@bß@(å�y+dči@áçfl‹uc@áèäflífl�väÛë@@@òjî�@ñbîy@ŽéäîîzŽä+Ü+ÏæìÜàÈí@aìãb×@H @
@òíe@ÝzäÛa@ñŠìŽ�@IYW@H @
MPLS VPN / IP VPN
4
õa‡ç⁄a @... المرحلة هذه إلى يإيصال في السبب كان من إلى
...أبدا أنساه لن الذي الفضل صاحب إلى
... لي قدمه مام جزاءا أرد فـلن له قدمت ومهما
... الحبيب العزيز والدي إلى
...إليه أطمح ما أحقق أن استطعت حتى والعون الدعم لي قدم الذي
... لك نجاحا أوال فهو أحققه نجاح أي ألن المتواضع النجاح هذا كل أهدي
. إياه منحتني مما صغيرا جزءا لك رددت قد أكون أن وأتمنى
...جنانه فسيح يدخلهاو عمرها يطيل أن هللا من أتمنى التي اإلنسانة إلى
. حياتي عن لحظة تغيب ال التي الغالية أمي لىإ ...الدافق الحنان نبع إلى
و أخواتي إخواني إلى وأبدامن ال يفـارقوا وجداني والذين هم سندي دائما إلى
. األعزاء
MPLS VPN / IP VPN
5
Ûa‹Ø“@
كل من ساهم في مساعدتنا في انجاز هذا إلىنتقدم بجزيل اشكر واالمتنان العظيم
…العمل
األكارم الذين قدموا لنا الكثير ةكل األساتذ إلىالمكلل بالعرفـان تقدم بالشكرنو
من نبع معرفتهم الذي ال ينضب ومنحونا الثقة بالنفس من خالل العالقة الطيبة التي
. سنذكرها دوما
كل الذي الذي قدم لنا علي الشرفي الدكتور إلىكما نتقدم بجزيل الشكر
. باستطاعته النجاز العمل ولم يبخل علينا بمالحظاته القيمة
MPLS VPN / IP VPN
6
ABSTRACT
There are many disadvantages (cost, lack of security, difficult to manage large
networks, support to non-sensitive applications, delay, etc.) associated with traditional
networking, IP network, ATM and Frame relay networking. To solve this, an MPLS-
based VPN networking is introduced that can work with existing deployed backbones
and allow organizations to interconnect the dispersed sites and remote workers through
secure links by using public internet.
In this thesis, we are trying to build a better understanding to MPLS VPN and This
research presents a comparison study of (MPLS VPN) and (IP VPN) protocols in terms
of functionality ,performance ,capabilities ,structure ,advantages ,Disadvantages, Types
,services, applications to measure throughput, delay.
Keywords: IP, ATM, MPLS, VPN, MPLS VPN
MPLS VPN / IP VPN
7
TABLE OF CONTENTS
õa‡ç⁄a .................................................................................................................................................................. 4
‹Ø“Ûa .................................................................................................................................................................... 5
ABSTRACT ..................................................................................................................................................... 6
TABLE OF CONTENTS ......................................................................................................................................... 7
CHAPTER 1 ................................................................................................................................................... 11
INTRODUCTION .......................................................................................................................................... 11
1.1 INTRODUCTOIN ..................................................................................................................................... 12
1.2 STATEMENT OF THE PROBLEM ............................................................................................................. 13
1.3 RESEARCH OBJECTIVES .......................................................................................................................... 13
1.4 RESEARCH SCOPE .................................................................................................................................. 13
1.5 RESEARCH METHODOLOGY ................................................................................................................... 13
1.6 METRICS ................................................................................................................................................ 14
1.6.1 throughput ..................................................................................................................................... 14
1.6.2 End-to-end delay ............................................................................................................................ 14
1.6.3 Load................................................................................................................................................ 14
1.7 TOOLS ................................................................................................................................................... 15
1.8 Project Plan .......................................................................................................................................... 15
CHAPTER 2 ................................................................................................................................................... 16
LITERATURE REVIEW ................................................................................................................................ 16
2.1 INTRODUCTION ..................................................................................................................................... 17
2.2 IP ........................................................................................................................................................... 17
2.2.1 IPv4 PACKET FORMAT ..................................................................................................................... 17
2.2.1.1 IPv4 HEADER FIELDS ........................................................................................................... 19
2.2.2 IPv6 PACKET FORMAT ..................................................................................................................... 22
2.2.2.1 FIXED HEADER FIELDS ...................................................................................................... 23
2.2.2.2 EXTENTION HEADER .......................................................................................................... 25
2.2.3 ADVANTAGES OF IPV6 OVER IPV4 ................................................................................................... 26
2.3 Mul3protocol Label Switching (MPLS) ................................................................................................... 27
2.3.1 Overview ....................................................................................................................................... 27
2.3.2 MPLS Benefits ................................................................................................................................ 29
2.3.3 MPLS Architecture ......................................................................................................................... 29
MPLS VPN / IP VPN
8
2.3.3.1 MPLS Label Structure ............................................................................................................. 30
2.3.3.2 Label Switched Routers (LSR) ................................................................................................ 31
2.3.3.3 Label Edge Router (LER) ........................................................................................................ 31
2.3.3.4 Label Switched Paths (LSP) .................................................................................................... 32
2.3.3.5 Forward Equivalence Class (FEC) ........................................................................................... 32
2.3.3.6 MPLS Modes .......................................................................................................................... 33
2.3.3.7 MPLS Protocol Stack .............................................................................................................. 33
2.3.4 Basic Opera3on .............................................................................................................................. 34
2.3.5 Applica3ons ................................................................................................................................... 36
2.4 Virtual Private Network (VPN)............................................................................................................... 37
2.4.1 Overview ....................................................................................................................................... 37
2.4.2 VPN Safety Mechanisms ................................................................................................................. 38
2.4.2.1 Encryption .............................................................................................................................. 38
2.4.2.2 Authentication ......................................................................................................................... 39
2.4.2.3 Authorization .......................................................................................................................... 39
2.4.3 VPN Devices ................................................................................................................................... 39
2.4.3.1 Customer network devices ....................................................................................................... 39
2.4.3.2 Service Provider (SP) network devices .................................................................................... 39
2.4.4 VPN Protocols ................................................................................................................................ 40
2.4.4.1 Protocols for Site-to-Site VPNs ............................................................................................... 40
2.4.4.2 Protocols for Remote Access VPNs ......................................................................................... 40
2.4.4.3 Comparison of main VPN protocols ........................................................................................ 40
2.4.5 VPN Requirements ......................................................................................................................... 41
2.4.6 VPN Objec3ves .............................................................................................................................. 41
2.4.7 VPN Types ...................................................................................................................................... 41
2.4.8 VPN Models ................................................................................................................................... 41
2.4.8.1 Overlay model......................................................................................................................... 42
2.4.8.2 Peer-to-peer model .................................................................................................................. 42
2.4.9 VPN Building Blocks ....................................................................................................................... 42
2.4.10 Advantages and Disadvantages of VPNs ....................................................................................... 43
2.4.10.1 VPN Advantages ................................................................................................................... 43
2.4.10.2 Disadvantages ....................................................................................................................... 43
MPLS VPN / IP VPN
9
2.5 MPLS Virtual Private Network (MPLS VPN) ............................................................................................ 43
2.5.1 Overview ....................................................................................................................................... 43
2.5.2 Features of MPLS VPN .................................................................................................................... 45
2.5.3 MPLS VPN Network Components ................................................................................................... 46
2.5.4 MPLS VPN Security ......................................................................................................................... 46
2.5.6 Benefits of MPLS VPN .................................................................................................................... 47
2.6 OPNET MODELAR .................................................................................................................................. 48
2.6.1 OPNET KNOWLEDGE ....................................................................................................................... 49
2.6.2 Why OPNET?................................................................................................................................... 49
2.6.3 WORKFLOW OF OPNET ................................................................................................................... 50
CHAPTER 3 ................................................................................................................................................... 52
NETWORK MODEL AND DESIGN ............................................................................................................. 52
3.1 NETWORK TOPOLOGY .......................................................................................................................... 53
3.1.1 Network design .............................................................................................................................. 53
3.1.2 MPLS simula3on model .................................................................................................................. 53
3.1.3 Conven3onal IP simula3on model .................................................................................................. 54
3.2 NETWORK MODEL CONFIGURATION..................................................................................................... 55
3.2.1 NETWORK COMPONENTS ............................................................................................................. 55
3.2.2 NETWORK TRAFFIC GENERATION ................................................................................................... 60
3.2.2.1 VOICE TRAFFIC ................................................................................................................... 60
3.2.2.2 VIDEO CONFERENCING TRAFFIC .................................................................................... 62
3.3 SIMULATION SCENARIOS ...................................................................................................................... 62
3.3.1 SIMULATION RUN TIME ................................................................................................................. 63
CHAPTER 4 ................................................................................................................................................... 64
SIMULATION RESULTS AND DISCUSSION ............................................................................................. 64
4.1 END-TO-END (E2E) VPN DELAY PERFORMANCE (sec) ........................................................................ 65
4.2 VPN THROUGHPUT PERFORMANCE ................................................................................................. 66
4.2.1 VPN THROUGHPUT ( bits/sec) ....................................................................................................... 66
4.2.2 VPN THROUGHPUT ( pkts/sec) ...................................................................................................... 67
4.3 VPN LOAD PERFORMANCE ............................................................................................................... 68
4.3.1 VPN LOAD ( bits/sec) ..................................................................................................................... 68
4.3.2 VPN LOAD ( pkts/sec) .................................................................................................................... 69
MPLS VPN / IP VPN
10
CHAPTER 5 ................................................................................................................................................... 70
CONCLUSION AND FUTURE WORK ......................................................................................................... 70
5.1 Conclusion ............................................................................................................................................ 70
5.2 Future Work ......................................................................................................................................... 71
APPENDIX .................................................................................................................................................... 72
REFERENCES ............................................................................................................................................... 76
MPLS VPN / IP VPN
11
CHAPTER 1 INTRODUCTION
MPLS VPN / IP VPN
12
1.1 INTRODUCTOIN VPNs are computer networks which are "virtual" in that they are layered on top of a
physical network. The VPN's network data is separated from that of the Internet as a
whole, making for a private pipeline that travels through the Internet within the VPN.
A VPN uses the Internet or some other shared public telecom infrastructure to
provide remote offices and their users with a secure network. Though a shared
infrastructure is involved, VPNs use tunneling protocols to create secure connections.
For example, think of the Internet as if it were a giant tunnel. When using the Internet,
all traffic goes through this tunnel. Now imagine a company wanting to have its own
pipeline inside this tunnel. By creating a VPN, the company can still use the Internet;
however, its private data is routed through its own private pipe. Thus, a virtual private
network is created within the larger tunnel. From a technical perspective, this involves
tunneling the lower Internet Protocol (IP) layers through the transport network layer
MPLS( Multiprotocol label switching ) is not a computer network. Rather, it's a
standards-based technology that is used to move network packets traffic from one node
to another - over different protocols such as Internet Protocol, frame relay, or
Asynchronous Transport Mode (ATM). It is a protocol-independent mechanism that
directs and carries data from one network node to the next. MPLS labels data packets,
which eliminates the need to determine what's inside each packet and enables a more
efficient means of transmitting data. Rather than looking at packets individually and
then making forwarding decisions, MPLS labels are used to make the forwarding
decisions. Layer 3 analysis takes place just once with label inspection then kicking in to
drive forwarding. With MPLS labeling, users are no longer dependent on specific
technologies and protocols.
Also called the "Layer 2.5 protocol," MPLS works at the OSI Model layer. This
layer is found between Layer 2 and Layer 3 (the Data Link Layer and the Network
Layer respectively). MPLS is a versatile mechanism that carries data and numerous
types of traffic.
MPLS VPN is a popular and widespread implementation of MPLS technology. The
popularity of MPLS VPN is growing since it was invented .The terms MPLS and VPN
are often used interchangeably or together. Part of the confusion stems from the term
MPLS VPN which refers to a virtual private network that is built on top of a
multiprotocol label switching network. MPLS VPNs are typically provided to an
enterprise from a third party provider to create a secure connection between branch
offices.
MPLS VPN / IP VPN
13
Though one is a computer network and the other is a mechanism, VPNs and MPLS
can work together to create a private virtual network that is extremely efficient at
labeling and delivering network packets.
IP VPN ( Internet Protocol Virtual Private Networks) - Uses Internet Protocol for
transmission in a VPN.
1.2 STATEMENT OF THE PROBLEM The previous studies focused on the theoretical side in terms of scope and
mechanisms of addressing . The previous studies did not discuss the performance of the
IP VPN and MPLS VPN protocol in terms of measuring the load for voice application .
They confined on delay and throughput for several traffic like FTP and video.
1.3 RESEARCH OBJECTIVES The main objective of our research is to compare and evaluate the performance of
IP VPN and MPLS VPN in different network topologies .For doing this we used
OPNET Modeler . In order to reach this goal:
1. Providing a literature review about packet and fields description for each
protocol.
2. Simulating of IP VPN and MPLS VPN networks using OPNET.
3. Measuring throughput, end-to-end delay and load in different scenarios.
4. Interpreting the simulation results and find out which internet protocol has better
performance.
1.4 RESEARCH SCOPE This research presents a comparison study of Multi -Protocol Label Switching
Virtual Private Network (MPLS VPN) / Internet Protocol Virtual Private Network (IP
VPN) protocols in terms of functionality ,performance ,capabilities ,structure
,advantages ,Disadvantages, Types ,services, applications to measure throughput, delay.
For doing this study, two suggested wired networks are simulated using OPNET
simulation for both (MPLS)/ (IP VPN) protocols .
1.5 RESEARCH METHODOLOGY The methodology adopted in this modeling and simulation experiment is presented
in the following steps :
1. Create two different network topologies that will be used in this study for both (
MPLS VPN ) / ( IP VPN ).
MPLS VPN / IP VPN
14
2. Load traffic in ( MPLS VPN )/( IP VPN ) networks ( create traffic ) The traffic
that will be created are voice and data conferencing .
3. Choose statistics to be collected . The statistics will be collected in (MPLS VPN)
/ ( IP VPN ) networks are throughput , End to end (E2E) delay .
4. Run the simulation for specified time .
5. View the results of the simulation as statistical graphs .
6. Compare the obtained results to find out which internet protocol is better in
terms of performance .
1.6 METRICS The global statistics that will be collected during simulation for both ( MPLS
VPN ) / ( IP VPN ) networks include :
1.6.1 throughput The amount of data transferred from one place to another or processed in a specified
amount of time. Data transfer rates for disk drives and networks are measured in terms
of throughput.
Throughput is the rate of successful message delivery over a communication
channel. The data these messages belong to may be delivered over a physical or logical
link, or it can pass through a certain network node. Throughput is usually measured in
bits per second (bit/s or bps), and sometimes in data packets per second or data packets
per time slot.
1.6.2 End-to-end delay End-to-end delay refers to the time taken for a packet to be transmitted across a
network from source to destination.
1.6.3 Load Throughput refers to the amount of data packet entering the network or it’s the
amount of traffic leaving Network.
MPLS VPN / IP VPN
15
1.7 TOOLS • The hardware tools that will be used in this project are shown in (Table 1.1).
Tool Specifications
TOSHIBA Satellite L755
Laptop
Work with Operating System Windows 8 Pro 32 –bit
The processor Intel(R) Core(TM) i3-2330M CPU , 2.20
GHz and 8GB of RAM
Table 1.1 : Hardware tools
• The software tools that will be used in this project is shown in (Table 1.2).
Tool Version Use
OPNET modeler Version 14.5 Used as a simulation tool.
Microsoft Office Word Version 2007 To document the project.
Edraw Max Version 7.3 To draw network diagrams
Software tools
1.8 Project Plan
MPLS VPN / IP VPN
16
T
CHAPTER 2 LITERATURE REVIEW
his chapter provides a brief overview of IP , MPLS and
VPN packet headers, fields description of each packet
header and an introduction to the simulation tool (
OPNET) that will be used to simulate these networks.
MPLS VPN / IP VPN
17
2.1 INTRODUCTION
Understanding the structure of a protocol header and the type of information that can be
transported with it is the best foundation for working with a protocol. This
understanding helps you to identify how the protocol can best be configured and what
the options are. It also helps you to identify possible sources of problems and issues
when troubleshooting .
2.2 IP The Internet Protocol (IP)is a network-layer (Layer 3) protocol that contains
addressing information and some control information that used for relaying the network
packets from source to destination through the Internet. It was initially designed in 1974
by Vint Cerf and Bob Kahn to connect systems that are in different geographical
locations .The term "Internet" simply means Internetwork, that is, a connection between
multiple networks. During the early stages of development, this protocol was used only
by the military and research universities, but gradually, computers from companies and
additional universities were added. Today, much of the world's population is becoming
more connected to and reliant on the Internet. Internet Protocol is the backbone of the
Internet. It specifies how independent networks can work together to form a global
network. Each of the hosts connected to the Internet has an associated IP address.
Packets are exchanged between these hosts. A source and a destination IP address are
assigned with in a packet and forwarded into the network. When packets are sent to a
host, which is not located within the same network as the source host, networking
devices such as routers, are used to receive packets from the source host and forward it
one step closer to the location of the network where the destination host resides. There
are currently two versions of IP : IP version 4 (IPv4) and IP version 6 (IPv6).
2.2.1 IPv4 PACKET FORMAT Internet Protocol version 4 (IPv4)was the first version of Internet Protocol to be widely
used, and accounts for most of today’s Internet traffic. It was soon evident that
implementation of IPv4 was not possible with the rapid growth of the Internet. Quantity
of IP addresses in IPv4 was not sufficient to keep up with the proliferation of devices on
the Internet . A 32-bit address length of IPv4 gives us 4,294,967,296 - 232
- IP
addresses. When IPv4 was written, it appeared to be a sufficient amount of IP
addresses. However, as time progressed, the Internet grew with the advent of new
MPLS VPN / IP VPN
18
networking devices such as phones, televisions and gaming consoles, which were IP-
capable. This lead to the exhaustion of IP address spaces. Temporary solutions were
found to overcome the exhaustion of IPv4 address spaces. The first solution was
Classless Inter-Domain Routing (CIDR) which is the method for allocating IP addresses
and routing IP packets. The second solution was a technique termed Network Address
Translation (NAT) in which one IP address could be translated to multiple hosts within
the NAT network. The third solution is termed Dynamic Host Configuration Protocol
(DHCP) which is used on IP networks as the automatic configuration protocol. These
three technologies did not overcome the problem of IPv4address exhaustion, but only
delayed it. Finally, the solution for the IP address exhaustion resolved. The Internet
Engineering Task Force (IETF) came up with a resolution called IP next generation
(IPng).
Packets in the IPv4 layer are called datagrams. Figure 2.1 shows the IPv4 datagram
format.
Figure 2.1 : IPv4 packet format
Datagram is a variable-length packet consisting of two parts: header and Payload(data).
The header is 20 to 60 bytes in length and contains information essential to routing and
delivery .Figure 2.2 shows the header format and its fields.
32 bits
MPLS VPN / IP VPN
19
Version(VER)
4 bits
IHL
4 bits
TOS
8 bits
Total Length
16 bits
Identification
16 bits
Flags
3 bits
Fragments
13 bits
TTL
8 bits
Protocol
8 bits
Checksum
16 bits
Source IP Address
Destination IP Address
Options
Figure 2.2 : IPv4 header format
2.2.1.1 IPv4 HEADER FIELDS A brief description of each field is in order :
• Version (4 bits) The first header field in an IP packet is the four-bits version field. For IPv4, this has
a value of 4 (hence the name IPv4).This field tells the IPv4 software running in the
processing machine that the datagram has the format of version 4. All fields must be
interpreted as specified in the fourth version of the protocol. If the machine is using
some other version of IPv4, the datagram is discarded rather than interpreted
incorrectly .
• Internet Header length (4 bits)
20 B
ytes
MPLS VPN / IP VPN
20
Internet Header length (IHL)field defines the total length of the datagram header in
4-byte words . This field is needed because the length of the header is variable
(between 20 and 60 bytes). When there are no options, the header length is 20 bytes,
and the value of this field is 5 (5 x 4 = 20). When the option field is at its maximum
size, the value of this field is 15 (15 x 4 = 60).
• Type of Service (8 bits)
This 8-bits field specifies the type of service desired. TOS specifies the IP priority.
Several networks have service precedence in which high precedence traffic is
considered more important. Sometimes during high load, routers accept traffic above
a defined precedence. Delay throughput, and reliability are other parameters
available to define the precedence.
• Total length (16 bits)
This 16-bits field defines the total length (header plus data) of the IPv4 datagram in
bytes . To find the length of the data coming from the upper layer, subtract the
header length from the total length. The header length can be found by multiplying
the value in the IHL field by 4.
Length of data = total length – header length
Since the field length is 16 bits, the total length of the IPv4 datagram is limited to
65,535 (216
- 1) bytes, of which 20 to 60 bytes are the header and the rest is data
from the upper layer.
• Identification (16 bits)
If IP packet is fragmented during the transmission, all the fragments contain same
identification number. to identify original IP packet they belong to.
• Flags (3 bits)
This is a 3-bit field. The first bit is reserved. The second bit is called the do not
fragment bit. If its value is 1, the machine must not fragment the datagram. If it
cannot pass the datagram through any available physical network, it discards the
datagram and sends an ICMP error message to the source host . If its value is 0, the
datagram can be fragmented if necessary. The third bit is called the more fragment
bit. If its value is 1, it means the datagram is not the last fragment; there are more
fragments after this one. If its value is 0, it means this is the last or only fragment .
MPLS VPN / IP VPN
21
• Fragmentation Offset (13 bits)
The fragment offset field, measured in units of eight-byte blocks, is 13 bits long and
indicates the position of the fragment’s data relative to the beginning of the data in
the original datagram, which allows the destination IP process to properly
reconstruct the original datagram.
• Time to live (8 bits)
Time to Live (TTL) field indicates the maximum time the datagram is allowed to
remain in the internet system .The time is measured in units of seconds. Every
router that processes a datagram must decrease the TTL by at least one, so the TTL
is similar to a hop count .When the value becomes zero the packet is discarded.
• Protocol (8 bits)
This 8-bit field defines the higher-level protocol that uses the services of the IPv4
layer. An IPv4 datagram can encapsulate data from several higher-level protocols
such as TCP, UDP, ICMP, and IGMP . This field specifies the final destination
protocol to which the IPv4 datagram is delivered. In other words, since the IPv4
protocol carries data from different other protocols, the value of this field helps the
receiving network layer know to which protocol the data belong.
• Header Checksum (16 bits)
The 16-bit checksum field is used for error-checking of the header . When a packet
arrives at a router, the router calculates the checksum of the header and compares it
to the checksum field. If the values do not match, the router discards the packet. The
checksum in the IPv4 packet covers only the header, not the data. There are two
good reasons for this. First, all higher-level protocols that encapsulate data in the
IPv4 datagram have a checksum field that covers the whole packet. Therefore, the
checksum for the IPv4 datagram does not have to check the encapsulated data.
Second, the header of the IPv4 packet changes with each visited router, but the data
do not. So the checksum includes only the part that has changed. If the data were
included, each router must recalculate the checksum for the whole packet, which
means an increase in processing time.
• Source IP Address (32 bits)
MPLS VPN / IP VPN
22
This 32-bit field defines the IPv4 address of the source. This field must remain
unchanged during the time the IPv4 datagram travels from the source host to the
destination host.
• Destination IP Address (32 bits)
This 32-bit field defines the IPv4 address of the destination. This field must remain
unchanged during the time the IPv4 datagram travels from the source host to the
destination host.
• Options
The Option filed is variable in length, optional field, which is used if the value of
IHL is greater than 5. There may be or more options. This field is not mandatory for
every IP packet. They can be used for network testing and debugging .
2.2.2 IPv6 PACKET FORMAT
Internet Protocol version 6 (IPv6) is a version of the Internet Protocol (IP) intended
to succeed IPv4, which is the protocol currently used to direct almost all Internet traffic.
IPv6 stands for Internet Protocol version 6 also known as IPng (IP next generation) is
the second version of the Internet Protocol to be used generally across the virtual world.
The first version was IPv4. IPng was designed to take an evolutionary step from IPv4. It
was not a design goal to take a radical step away from IPv4. Functions which work in
IPv4 were kept in IPng. Functions which didn’t work were removed.
IPv6 fixes a number of problems in IPv4, such as the limited number of available
IPv4 addresses. IPv6 uses 128-bit addresses, an address space large enough to last for
the foreseeable future. It also adds many improvements to IPv4 in areas such as routing
and network auto-configuration. IPv6 is expected to gradually replace IPv4, with the
two coexisting for a number of years during a transition period. IPv6 uses a 128-bit
address space, which has no practical limit on global addressability and provides 3.4 x
1038
unique addresses. This provides enough addresses so that every person could have
a single IPv6 network with many nodes, and still the address space would be almost
completely unused. The greater availability of IPv6 addresses eliminates the need for
private address spaces, which in turn eliminates one of the needs for network address
translators (NATs) to be used between the private Intranet and the public Internet.
MPLS VPN / IP VPN
23
The IPv6 packet is shown in Figure 2.3. Each packet is composed of a base header
followed by the payload. The base header occupies 40 bytes, whereas payload can be
upto 65,535 bytes of information .
Figure 2.3 : IPv6 packet format
The header structure of an IPv6 packet is specified in RFC 2460. The header has a fixed
length of 40 bytes. The two fields for Source and Destination addresses each use 16
bytes (128 bits), so there are only 8 bytes for general header information (see Figure
2.4). The IPv6 header is therefore much simpler and leaner than the IPv4 header,
allowing for more efficient processing and, as we will see, more flexibility in extending
the protocol to meet future needs.
Version
4 bits
Traffic Class
8 bits
Flow Label
20 bits
Payload length
16 bits
Next Header
8 bits
Hop Limit
8 bits
Source Address
128 bits
Destination Address
128 bits
Figure 2.4 : IPv6 header format
2.2.2.1 FIXED HEADER FIELDS A brief description of each field is in order :
• Version (4 bits)
40 Bytes
MPLS VPN / IP VPN
24
This is a 4-bit field containing the version of the protocol. In the case of IPv6, the
number is 6 .
• Traffic Class (8 bits)
This field replaces the “Type of Service” field in IPv4. It facilitates the handling of
real-time data and any other data that requires special handling, and sending nodes
and forwarding routers can use it to identify and distinguish between different
classes or priorities of IPv6 packets .
• Flow Label (20 bits)
The 20-bit Flow Label field in the IPv6 header may be used by a source to label
sequences of packets for which it requests special handling by the IPv6 routers, such
as non-default quality of service or "real-time" service. This aspect of IPv6 is, at the
time of writing, still experimental and subject to change as the requirements for flow
support in the Internet become clearer. Hosts or routers that do not support the
functions of the Flow Label field are required to set the field to zero when
originating a packet, pass the field on unchanged when forwarding a packet, and
ignore the field when receiving a packet .
• Payload Length(16 bits)
This field specifies the payload - i.e., the length of data carried after the IP header.
The calculation in IPv6 is different from the one in IPv4. The Length field in IPv4
includes the length of the IPv4 header, whereas the Payload Length field in IPv6
contains only the data following the IPv6 header. Extension headers are considered
part of the payload and are therefore included in the calculation .
• Next Header (8 bits)
This field indicates the type of header immediately following the basic IP header. It
can indicate an IP option header or an upper layer protocol . The protocol numbers
used are the same as the ones used in IPv4. The next header field is also used to
indicate the presence of extension headers, which provide the mechanism for
appending optional information to the IPv6 packet.
• Hop Limit (8 bits)
This field is analogous to the TTL field in IPv4. The TTL field contains a number of
seconds, indicating how long a packet can remain in the network before being
destroyed . In IPv4, most routers simply decrement this value by one at each hop.
MPLS VPN / IP VPN
25
This field has been renamed Hop Limit in IPv6. The value in this field now
expresses a number of hops instead of a number of seconds. Every forwarding node
decrements the number by one. If a router receives a packet with a Hop Limit of 1, it
decrements it to 0, discards the packet, and sends the ICMPv6 message “Hop Limit
exceeded in transit” back to the sender.
• Source Address (128 bits)
The 128-bit Source Address field contains the IPv6 address of the node that sends
the packet.
• Destination Address (128 bits)
The 128-bit Destination Address field contains the IPv6 address of the node
recipient of the packet.
2.2.2.2 EXTENTION HEADER Every IPv6 packet starts with the basic header. In most cases, this header is the only
header necessary to deliver the packet. Sometimes, however, it is necessary for
additional information to be conveyed along with the packet to the destination or to
intermediate systems on route (information that would previously been carried in the
Options field in a IPv4 datagram). Extension headers are used for this purpose.The base
header can be followed by up to six extension headers as a following :
• Hop-by-Hop header
The hop-by-hop option is used when the source needs to pass information to all
routers visited by the datagram.
• Destination Options header
The destination option is used when the source needs to pass information to the
destination only. Intermediate routers are not permitted access to this information.
• Routing header
This header allows a static path to be specified for the packet, if the dynamically-
determined path is undesirable.
• Fragmentation header
The concept of fragmentation is the same as that in IPv4. However, the place where
fragmentation occurs differs. In IPv4, the source or a router is required to fragment if
the size of the datagram is larger than the maximum transfer unit (MTU) of the
MPLS VPN / IP VPN
26
network over which the datagram travels. In IPv6, only the original source can
fragment. A source must use a path MTU discovery technique to find the smallest
MTU supported by any network on the path. The source then fragments using this
knowledge .
• Authentication header
The authentication extension header has a dual purpose: it validates the message
sender and ensures the integrity of data.
• Encrypted Security Payload
The encrypted security payload (ESP) is an extension that provides confidentiality
and guards against eavesdropping .
2.2.3 ADVANTAGES OF IPV6 OVER IPV4 The next-generation IP, or IPv6, has some advantages over IPv4 that can be
summarized as follows:
• Larger address space
The increase in the address length from 32-bit to 128 bit resulted in a large quantity
of available addresses.Even if a single utilizes thousands of IP capable devices, the
IP addresses would not get exhausted. With the increase in the quantity of IP
addresses the requirement for NAT was eliminated. Availability of IP addresses
resulted in a more efficient assignment of addresses to the networks and as well as a
more simplistic routing procedure.
• Better header format
IPv6 uses a new header format in which options are separated from the base header
and inserted, when needed, between the base header and the upper-layer data. This
simplifies and speeds up the routing process because most of the options do not need
to be checked by routers .
• New options
This protocol has new options to allow for additional functionalities.
• Address Auto Configuration
Although the 128-bit address field of IPv6 solves a number of problems inherent in
IPv4, the size of the address itself represents a potential problem to the TCP/IP
administrator. Therefore, IPv6 has the capability to automatically assign an address
MPLS VPN / IP VPN
27
to an interface at initialization time, with the intention that a network can become
operational with minimal to no action on the part of the TCP/IP administrator. IPv6
nodes generally use auto-configuration to obtain their IPv6 address. This auto-
configuration can be achieved by using DHCP, which is known as stateful auto-
configuration, or by stateless auto-configuration.
• Allowance for extension
This protocol is designed to allow the extension of the protocol if required by new
technologies or applications.
• Support for resource allocation
In IPv6, the type-of-service field has been removed, but a mechanism (called Flow
label) has been added to enable the source to request special handling of the packet .
This mechanism can be used to support traffic such as real-time audio and video.
• Support for more security
The encryption and authentication options in IPv6 provide confidentiality and
integrity of the packet .
2.3 Multiprotocol Label Switching (MPLS)
2.3.1 Overview Multiprotocol Label Switching (MPLS) has been here in communication
industry for many years . As discussed in RFC-3031, MPLS combined the advantages
of ATM and Layer-3 approach of IP but it has an independent architecture for fast
packet switching and routing . MPLS is a way of tunneling IP data-grams, within and
among independent systems. It also treats the encapsulated IP datagram as raw data and
does not access it in the tunnel. .
Link Layer Header MPLS SHIM Network Layer
Header Payload
MPLS label encapsulation
MPLS VPN / IP VPN
28
In MPLS networking, simple and fixed length labels are used to build a label to
label mapping between network routers. These labels are attached to packets toforward
them through the network by label switching instead of IP switching .
The label switching technique is not new, as it is used in Frame Relay and
ATM.This high speed switching mechanism in MPLS is possible by inserting labels
before the packets that enable the hardware to switch packets between links . In
essence, the MPLS combines the advantages of IP routing and the simplicity of label
switching of Frame Relay or ATM. MPLS devices operate on both the IP layer as well
as the label-switching layer. Because of this nature, MPLS devices are called Label
Switch Routers (LSRs) .
The label-Switched Paths (LSPs) are virtual tunnels, used for data transmission in
MPLS network. These LSPs are formed by a series of labels from source to destination .
The “two-label” approach is proposed by Martini, becomes the most popular way for
encapsulating the Layer-2 protocols. This method uses the following labels :
1. Tunnel Label: decides which LSP will be use for the packet transmission from
the ingress to egress LSRs.
2. VC Label: provides Layer-2 forwarding information to egress LSR.
MPLS makes use of existing IP routing protocols like Border Gateway Protocol (BGP),
Resource Reservation Protocol (RSVP), Open Shortest Path First (OSPF), and etc.
MPLS has defined a new set of signaling and routing protocols such as Label
distribution Protocol (LDP), Constraint-based LDP (CR-LDP) and Resource
Reservation Protocol – Traffic Engineering (RSVP-TE). To fully extend the capability
of MPLS, engineers are developing new standards such as Virtual Private LAN
Services (VPLS), Hierarchical Virtual Private LAN Services (HVPLS) and
Generalized Multiprotocol Label Switching (GMPLS) .
MPLS has traffic management and QoS mechanisms to manage traffic flows.
Specifically, MPLS provides traffic management capabilities such as traffic policing,
congestion management, traffic shaping and priority queuing . In summary, MPLS
addresses many problems concerning today’s networks such as speed, scalability, QoS
management and traffic engineering. With its powerful new features, MPLS has
become a next generation network (NGN) solution for services such as data, voice and
video over the same network .
MPLS VPN / IP VPN
29
2.3.2 MPLS Benefits MPLS labels are used to forward the packets instead of the destination IP
address:
have led to the popularity of MPLS. These are the following benefits of running MPLS
in a network :
• Unified network infrastructure
• Better integration of IP over ATM
• Flexible classification of packets
• Optimization of network resources
• BGP-free core
• Label distribution via BGP, LDP, RSVP and Protocol Independent Multicast
(PIM)
• Coexistence of distribution protocols in LSR
• Redundancy of numbering and label allocation
• Provide modular value-added applications (TE, QoS, Multicast and VPN)
• Optimal traffic flow
• Facilitate the evolution of services via Any Transport over MPLS (AToM)
• Unification of optical and routing control planes in GMPLS
Provider-
Provisioned
VPNs
Traffic
Engineering IP+ATM
IP+ Optical
GMPLS
Any
Transport
over MPLS
MPLS
Network Infrastructure
MPLS as a foundation for value-added services
2.3.3 MPLS Architecture Mainly an MPLS network consists of LSR and MPLS nodes. An LSR runs the
MPLS protocol to provide label binding to Forward Equivalence Classes (FECs), IP
packet forwarding, and carry the IP forwarding decision. An MPLS node is an LSR,
MPLS VPN / IP VPN
30
except that it does not provide IP packet forwarding based on prefixes . The key
advantage of MPLS architecture is the division into two planes.
• Data plane: that contains the information required to transfer a packet.
• Control/Signaling plane: that allocates the transfer information.
This division allows many applications to be developed and deployed in a flexible,
scalable and reliable manner .
2.3.3.1 MPLS Label Structure A 32-bits MPLS label has a certain structure as shown in figure .
MPLS label
• Label: The first 20 bits of MPLS label are the Label Value and the first sixteen
values of label are exempted for normal use because of special meaning. System
learns the next hop and the operation to be performed, after receiving a labeled
packet and the label value at the top of the stack looked up .
• EXP: These bits from 20 to 22 are reserved for experimental use, and used only
for QoS .
• BS: Bit 23 is known as Bottom of Stack bit, set to 1 for the last entry in the label
stack. The stack is the collection of labels and can consist of one label or set of
labels .
• TTL: These 8 (24 to 31) Bits has the same function as in the IP header. This field
is used for encoding the TTL value. This time-to-live value is decreased by 1 at
each hop that avoids the packet from being caught in the routing loop .
MPLS VPN / IP VPN
31
2.3.3.2 Label Switched Routers (LSR) An LSR is a router that has the capability to understand MPLS labels and
responsible for receiving and transmitting a labeled packet on a data link in MPLS
network . Three operations are associated with LSRs, pop, push and swap. In MPLS
network, there are three types of LSRs :
• Ingress LSRs: receive an unlabeled packet, add a label to that packet and send it
via data link. • Egress LSRs: receive labeled packets, remove the label or set of
labels and send them via data link.
• Intermediate LSRs: perform an operation on incoming labeled packet and switch
the packet on the correct data link.
Label Switched Routers (LSRs)
2.3.3.3 Label Edge Router (LER) The LERs work as QoS decision points in MPLS network. By using port
numbers in layer-4 of the packets, QoS policies can be established and managed . The
LERs are responsible for adding or removing labels from the packets .
MPLS VPN / IP VPN
32
Label Edge Routers (LERs)
2.3.3.4 Label Switched Paths (LSP) An LSP consists of a sequence of LSRs that switch a labeled packet through an
MPLS network. In MPLS network, the first LSR of an LSP is the ingress LSR for that
LSP, and the last LSR of the LSP is the egress LSR. The intermediate LSRs are
working in between the ingress and egress LSRs .
Label Switched Paths (LSPs)
2.3.3.5 Forward Equivalence Class (FEC) A group of packets that has the same transmission path and forwarding
mechanism is known as FEC. The packets belonging to the same FEC have the same
MPLS VPN / IP VPN
33
label. But some packets do not belong to same FEC and forwarding mechanism due to a
different EXP value. Ingress LSRs decides which packet belongs to which FEC and this
is done only once in MPLS network .
2.3.3.6 MPLS Modes There are different modes, used for distributing labels between LSRs. These
distinct modes are as follows :
• Label distribution mode
There are two modes to distribute label bindings:
� Downstream-on-Demand (DoD) label distribution mode
� Unsolicited Downstream (UD) label distribution mode
• Label retention mode
Two label retention modes are possible:
� Liberal Label Retention (LLR) mode
� Conservative Label Retention (CLR) mode
• LSP control mode
Local binding for FEC can be created by LSRs in two ways:
� Independent LSP Control mode
� Ordered LSP Control mode
2.3.3.7 MPLS Protocol Stack The MPLS architecture protocol family includes :
• MPLS related routing and signaling protocols
� OSPF
� RSVP
� Intermediate System to Intermediate System Routing Protocol (IS-
IS)
� BGP
� ATM PNNI, etc.
• LDP
• CR-LDP
• RSVP-TE
MPLS VPN / IP VPN
34
MPLS
Multi-Protocol Label Switching
Martini Frame Encapsulation
MPLS Signaling Protocols and Extensions
TDP
Tag Distribution
Protocol
LDP
Label
Distribution
Protocol
CR-LDP
Constraint
Based LDP
RSVP-TE
RSVP Traffic
Engineering
GMPLS Protocols and Extensions
OSPF-TE
OSPF Traffic
Engineering
ISIS-TE
ISIS Traffic
Engineering
LMP
Link
Management
Protocol
CR-LDP-TE
CR-LDP Traffic
Engineering
MPLS protocol stack
2.3.4 Basic Operation This section provides the typical operation of MPLS devices. The IP routing
protocol runs on the control plane of all devices to build IP routing tables. These
routing tables are used to build IP forwarding tables, also known as forwarding
information base (FIB) .
MPLS VPN / IP VPN
35
IP routing operation
Several labels can be added to a single packet by label stacking concept. The
label can be tagged in AM of the cell headers. In Ethernet, Point-to-Point Protocols
(PPP) and many other technologies, a shim header is located between link header and
network header to transport the labels .
The transfer elements of LSR use fixed-length labels that are memorized in a table with
outgoing path for packets .
After the IP routing table process completion, MPLS labels are assigned to
individual entries in the IP routing table and sent to neighboring MPLS devices via a
LDP .
Each device uses its own label space that makes MPLS robust and scalable.
Every label assigned by an MPLS device is treated as an input label in label forwarding
information base (LFIB), which is used for label switching .
Most label assignments by MPLS devices are entered into label information base
(LIB) table. The output label is entered in the local LFIB to enable label forwarding.
This label is entered into the FIB for IP to label forwarding in IP forwarding
support devices. After this MPLS devices start forwarding IP packets .
Some ingress LSRs can receive IP datagram, perform a FIB lookup, insert a label
stack to IP datagram based on FIB information, and labeled packet is forwarded to the
next-hop LSR.
The privilege edge (PE) router in the MPLS VPN network architecture is an
example of such device.
An egress LSR can receive labeled packets, perform an LFIB lookup, and
remove the label from the ingress labeled datagram and forward the IP datagram to the
next-hop IP router. In MPLS network, all LSRs can work as ingress and egress LSRs.
The paths that a labeled datagram can take via an LSR are shown in figure .
MPLS VPN / IP VPN
36
Basic MPLS operation
2.3.5 Applications The label assignment and capability to carry labels attached to packet differentiates
MPLS from traditional WAN. This concept of a label stacking provides TE, VPNs, fast
rerouting, node failures, and etc . MPLS implementation can facilitate several
applications, few are as follows :
• MPLS Traffic Engineering (MPLS-TE): customized link-state routing protocols
(IS-IS or OSPF) are used to discover resources and distribute attributes in the
network. Control processes the FEC binding through RSVP, and FIB is modified
based on MPLS-TE labels. MPLS-TE provides control of traffic routing and
optimized network utilization.
• Multicast Routing via PIM: extensions of PIMv2 protocol are used for FEC label
binding.
• MPLS VPNs: FIBs are created for one or more VPN clients. The customer
routing information and MPLS labels are distributed by Multiprotocol BGP
(MBGP) across the network.
• Layer 2 VPN: VPN that can be created via a Layer 2 circuit over MPLS, known
as Any Transport over MPLS (AToM). By using Layer-2 transport Layer-2 VPN
provides auto configuration, management and QoS are the Layer-2 VPN services.
MPLS VPN / IP VPN
37
• Layer 3 VPN: BGP is used for Layer-3 VPN in service provider’s (SP) network,
and IP routing or static routing protocols are used between SPs and clients.
• MPLS QoS: provides a mechanism for differentiated service that enables the
creation of LSPs with guaranteed bandwidth. In ATM networks, four labels are
assigned to each IP prefix by customized LDP that enables different QoS classes
for each label.
2.4 Virtual Private Network (VPN)
2.4.1 Overview There are many terms used to define, describe and categorize the VPN
functionalities have led to confusion about VPNs . The Internet Engineering Task
Force (IETF) provides the standardized definition of a VPN.
“A network in which connectivity among multiple private Wide Area Networks
(WANs) is deployed using shared IP infrastructure with the same policies as a
private network.”
A VPN is also described as: an extension of a private intranet through a public
network infrastructure to provide a secure, cost effective and reliable communication
channel between two ends. The private tunnels provide help in this extension of the
private intranet to enable the point-to-point communication for data exchange .
Typical VPN setup
MPLS VPN / IP VPN
38
Because of the recent revolutions in VPN area, you might think that the concept of
VPNs is new. However, this concept is more than 15-years old and well known in SP
area . VPN is a one of the growing areas of the Internet. Organizations are able to
interconnect their private networks in more secure manners over economical and
resourceful medium of the Internet by using standardized protocols . The shared SP
backbone network is referred as the VPN backbone: used as a traffic channel for
multiple VPNs and non-VPN traffic .
VPN consist of private networks connected through a public network
2.4.2 VPN Safety Mechanisms For the sake of safe transmission of private data, different kind of security
measures and methods are used in VPN tunnel. The following methods and measures
are :
2.4.2.1 Encryption A method, used to convert sensitive data into a form that can be available only to
the intended reader. The receiver of the data must have decryption key to read the
sensitive data. In traditional encryption model, encryption and decryption key is the
same for both the sender and the receiver.
The public-key encryption model uses two keys known as public and private keys. In a
communication, public key is used by the sender to encrypt the message and recipient
uses its private key to decrypt the message. Pretty Good Privacy (PGP) is a main
example of this model.
MPLS VPN / IP VPN
39
2.4.2.2 Authentication A method, that ensures the source and integrity of message to the intended receiver.
Login information is a good example of authentication that requires a username and
password to gain access. Authentication process can use either secret-key encryption or
public-key encryption in its complex form .
2.4.2.3 Authorization Authorization is a method that allocates network resources to an authenticated user
according to the access policies.
2.4.3 VPN Devices VPN devices are categorized in two main areas .
5. Customer network devices
6. Service Provider (SP) network devices
2.4.3.1 Customer network devices Customer network devices fall into two categories:
Customer (C) devices: these devices reside within the customer network and don’t
interact with SP network, such as router, switches and servers.
Customer Edge (CE) devices: these devices reside on the edge of the customer
network, and have direct connection with the SP network’s Provider Edge devices.
CE devices are categorized as:
• Customer Edge routers (CE-r)
• Customer Edge switches (CE-s)
2.4.3.2 Service Provider (SP) network devices SP network also fall into two categories:
Service Provider (P) devices: these devices reside within the provider network and do
not have direct connection with the CE devices of customer network. These devices are
unaware of customer VPNs.
Service Provider Edge (PE) devices: these devices reside on the edge of the SP
network and have direct connection with the CE devices of customer network and are
aware of PE-based VPNs, but are unaware of the CE-based VPNs.
PE devices are categorized as:
• Provider Edge routers (PE-r)
• Provider Edge switches (PE-s)
• Provider Edge devices, capable of routing and switching (PE-rs)
MPLS VPN / IP VPN
40
2.4.4 VPN Protocols Three major tunneling protocols are prominently used to enable site-to-site and remote
access VPNs to ensure the safety aspects of VPN-based transactions. These protocols
are described as follow .
2.4.4.1 Protocols for Site-to-Site VPNs In site-to-site VPNs, data traffic is tunneled between CE devices or between PE devices.
Protocols used to enable site-to-site VPNs include the following:
• IP Security (IPSec)
• Point-to-Point Tunneling Protocol (PPTP)
• Generic Routing Encapsulation (GRE)
• Layer 2 Tunneling Protocol (L2TP)
• Layer 2 Tunneling Protocol version 3 (L2TPv3)
• IEEE 802.1Q tunneling (Q-in-Q)
• MPLS Label Switched Paths (LSP)
2.4.4.2 Protocols for Remote Access VPNs Protocols used to enable remote access VPNs include the following:
• Layer Two Forwarding (L2F)
• Point-to-Point Tunneling Protocol (PPTP)
• IP Security (IPSec)
• Layer 2 Tunneling Protocol versions 2 (L2TPv2)
• Layer 2 Tunneling Protocol versions 3 (L2TPv3)
• Secure Sockets Layer (SSL)
2.4.4.3 Comparison of main VPN protocols
Features GRE IP-IP IP Sec L2TPv3 MPLS
Encryption N N In transport
mode only N N
Authentication N N Y N N
Multiplexing Y N N Y Y
MPLS VPN / IP VPN
41
QoS N N N Y Y
Comparison of VPN protocols
2.4.5 VPN Requirements Most of the traditional private network requirements and VPN requirements are
the same. However, the VPN has its own set of following requirements :
• Security
• Availability
• QoS
• Reliability
• Compatibility
• Manageability
2.4.6 VPN Objectives The main VPN objective is to address three basic requirements that are as follows
:
• Anytime access to the network resources for remote and mobile users.
• Interconnectivity between remote offices.
• Controlled policy to access necessary network resources.
2.4.7 VPN Types The VPNs are categorized on the basis of VPN objectives into following types :
• Remote Access VPNs A type of VP can provide anytime access to the network
resources for remote and mobile users. There are following components of
Remote Access VPNs:
� Remote Access Servers (RAS)
� Dial-up connection
� Support person, responsible for configuration, maintaining and
managing RAS.
• Intranet VPNs Intranet VPNs are used to provide interconnectivity between
remote office of an organization.
• Extranet VPNs This type of VPN allows controlled access to necessary network
resources to external suppliers.
2.4.8 VPN Models A VPN can be categorized by implementation into two VPN models :
MPLS VPN / IP VPN
42
2.4.8.1 Overlay model The overlay model uses tunnels to build point-to-point connections over an IP core. The
overlay model architecture is simple. CPEs(Customer-Provider Edge) are connected to
each other using tunnels to transport IP packets over the SP(Service Provider) network
and routing information is not exchanged with SP. VPNs using Frame Relay, ATM
virtual circuits, GRE and IPSec tunnels are the examples of overlay VPNs .
2.4.8.2 Peer-to-peer model In peer-to-peer mode, devices are aware of customer network addressing, that is
used to route customer data according to the customer network addressing. In peer
VPNs, routes are exchanged between CE(Customer Edge) and PE(Provider Edge)
devices. A modern example of peer VPNs is BGP/MPLS VPNs .
2.4.9 VPN Building Blocks VPN based solution has a framework of six fundamental elements. These elements are
listed below .
1. VPN hardware
• VPN servers
• VPN clients
• VPN routers
• VPN Gateways
2. VPN software
• Server and client software
• VPN management tools
3. Security infrastructure
• RADIUS
• TACACS
• NAT
• AAA-based solutions
4. Service provider's supporting infrastructure
• Service provider's network access switching backbone
• Service provider's network Internet backbone
5. Public networks
• Internet
• PSTNs
MPLS VPN / IP VPN
43
• POTS
6. Tunnels
• PPTP
• L2TP
• L2F
2.4.10 Advantages and Disadvantages of VPNs
2.4.10.1 VPN Advantages VPN offers number of following advantages :
• Lower cost of implementation
• Reduced support cost
• Better connectivity
• Better Security
• Better bandwidth utilization
• Scalability
2.4.10.2 Disadvantages There are following disadvantages associated with VPNs :
• Internet dependent
• Lack of legacy protocols support
2.5 MPLS Virtual Private Network (MPLS VPN)
2.5.1 Overview MPLS can be used to provide VPN solutions at either Layer-2 or Layer-3 of the
OSI Reference Model. The Frame Relay and ATM technologies provide Layer-2
service. IP tunneling based on GRE or IPSec provides Layer-3 service over an IP
network . MPLS Virtual Private Networks (MPLS VPN) is a popular and widespread
implementation of MPLS technology. The popularity of MPLS VPN is growing since it
was invented . MPLS capable network can provide support for MPLS tunnels, used to
establish layer-2 VPNs in Frame Relay, ATM, and etc. These tunnels provide a virtual
wire that connects source and destination of the VPN. Alternatively, encapsulated
MPLS packets can provide some other tunneling mechanism for transmission of these
packets across the IP core network. This tunneling mechanism can be useful when
MPLS is used within the VPN, and reduce the number of tunnels across the network .
MPLS VPN / IP VPN
44
Single MPLS tunnel used to connect multiple VPNs
A hybrid VPN solution is scalable and flexible that utilizes both BGP and MPLS,
described in RFC-2547 by IETF. The reach-ability information for addresses is
advertised in each VPN at each edge node, and MPLS label is used to identify targeted
VPN. MPLS labels are attached with packets that allow the receiver to distinguish a
targeted VPN. These packets can be encapsulated in IP, GRE, IPSec or MPLS tunnels
as the packets traverse the core. They may be encapsulated in IP, GRE, IPSec, or MPLS
tunnels.
MPLS VPNs use a combination of connectionless VPNs and connection-oriented
VPNs that minimizes the provisioning complexity and cost, and reduces the overhead
on P devices. Customer routes are exchanged between CE and PE by using suitable IP
routing protocols in a MPLS VPN network. Each PE router contains several Virtual
Routing and Forwarding tables (VRFs). These tables contain customer routes
information that guarantees the isolation between customers. The ingress PE routers
perform the label imposition and egress PE routers perform the label removal. P routers
perform simple label switching in the MPLS VPN network .
MPLS can be used to provide VPN solutions at either Layer-2 or Layer-3 of the
OSI Reference Model. The Frame Relay and ATM technologies provide Layer-2
service. IP tunneling based on GRE or IPSec provides Layer-3 service over an IP
network. However, over time, these technologies suffer many issues in different areas,
especially in any-to-any connectivity (VoIP) .
MPLS VPN / IP VPN
45
Most of the service providers have already replaced Frame Relay and ATM service with
MPLS VPN services. MPLS VPN can provide scalability and divide larger network
infrastructure into separate small networks according to an organizational needs. Now
service providers are looking at interconnecting their MPLS VPN to improve the
scalability and ease of network operations. This evolutionary step is known as Inter-
Autonomous MPLS VPN and Carrier’s Carrier (CsC) . MPLS VPN features enable :
• Better integration of access technologies
• Support of additional PE-CE routing protocols
• Support of new transport options across MPLS backbones (IPv6)
2.5.2 Features of MPLS VPN MPLS-based VPN technology includes the following features :
• Connectionless interface between the CE routers and the PE routers, and no
additional configuration is required on the CE devices.
• The PE routers use an extended IP forwarding model.
• The extended customer’s addresses with 64-bit route distinguishers are used to
make unique 32-bit IP addresses within SP provider’s backbone network. This
resulting 96-bit address is called VPNv4 address.
• For all VPN customers, a single routing protocol (MP-BGP) is run between the
PE routers. In PE routers, MPLS-based VC’s are used that provide transmission
of customer’s data-grams between the PE routers. MPLS labels are attached with
customer's IP data-grams to provide forwarding from ingress PE to CE router.
• In P-network, LSPs are established between all PE routers and are configured
manually. Based on the BGP next hops, the mapping between the customer's
destination addresses and LSPs toward the egress PE routers is performed
automatically.
MPLS VPN / IP VPN
46
MPLS VPN architecture
2.5.3 MPLS VPN Network Components MPLS VPN network has following types of devices :
• Customer network (C-network): a network administered by the end user attached
to the Layer 3 MPLS VPN service.
• Customer Edge (CE) router: a router that provides a gateway between the C-
network and the P-network.
• Provider network (P-network): the core MPLS network administered by the
service provider.
• Provider Edge (PE) router: edge router that provides VPN and service delivery.
• Provider (P) router: An MPLS router deployed within the P-network with no
edge service attachments.
• Autonomous System Boundary Router (ASBR): provides attachment to an
adjacent autonomous system.
2.5.4 MPLS VPN Security Security is an important component for any VPN solution such as Frame
Relay/ATM and MPLS VPN . Customers expect that the topology, addressing scheme
for their network and the data carried on the VPN remain private. Such VPN
implementations based on ATM or Frame Relay VCs have provided this security.
However, the connectionless public IP network can’t provide this type of protection .
MPLS VPN / IP VPN
47
As security is concerned, the goal is to make sure that the sensitive data packets
from one VPN wouldn’t be able to get into another VPN. This goal is achieved by
forwarding within a VPN is based on label switching instead of IP forwarding. The
VPN routes associated with LSPs originate and terminate at PE routers. These LSPs are
associated with specific forwarding tables, and these tables are associated with
interfaces on the PE router, and these interfaces are associated with particular VPNs.
Therefore, a packet sent by PE router to a CE router of a particular VPN, has to arrive at
the PE router either from another directly connected PE or CE router. As a result,
packet could be injected into a VPN only through an interface on a PE router that is
associated with that VPN. So the packets cannot be injected maliciously or accidentally
into some VPN by an unknown sender .
MPLS brings advantages to IP security similar to the Layer-2 VCs that provides
the cost effective and easily manageable connection to VPNs without using IPSec or
cryptographic software. MPLS VPN security is achieved as described in the following
list :
• At the ingress PE router, all data for a VPN is assigned a unique label stack. This
ensures the data integrity.
• Any incoming packet entering the SP network is either routed without the use of
MPLS or assigned label stack, so a malicious user cannot insert data into the
VPN.
• SP routers can use different Cryptographic Algorithm such as Message Digest 5
(MD5) to protect against insertion of fake labels or LSRs.
Controlling access to network resources is a primary concern. Some routing
protocols provide techniques for security strategy. By using these protocols, we can
insert a filter on the route advertisement and authenticate routers that run the same
protocol. Network stability can be increased by authentication mechanisms that are
used to prevent unauthorized routers. The message authentication strength varies in all
routing protocols. There are two types of authentication methods used in routing
protocols :
• Plaintext password
• MD5
2.5.6 Benefits of MPLS VPN MPLS VPNs bring advantages to the SPs. MPLS VPNs provide data security,
network isolation from other networks and controlled connectivity with other networks.
MPLS VPN / IP VPN
48
Traditionally, these features are implemented in VPNs by using Layer-2 networks that
doesn’t make it scalable to provide shared services . MPLS VPN architecture
combines the benefits of peer-to-peer VPN with overlay VPN while avoiding the
drawbacks of both :
• In peer-to-peer VPNs: MPLS VPN provides automatic optimum routing between
sites.
• In overlay VPNs: MPLS VPN allow overlapping customer address space
uniquely through the use of route distinguishers.
• One of the important building block of the MPLS VPN architecture is Route
Targets, allow us to build complex VPN topologies.
• MPLS-TE enables SP to utilize network resources, and tight service-level
agreements (SLA) with fast reroute and guaranteed bandwidth.
2.6 OPNET MODELAR In the real world environment setting up test case scenarios using the networking
devices is very difficult and could be time consuming. The time consumption is
impractical if we decide on implementing a network with the real physical networking
devices. To reduce expenses and involved time consumption in setting up a real
network, network simulation tools have been used. This tool does not require physical
networking devices to set up the network. Users need only drag and drop these icons to
setup the network. After the network is simulated results are obtained that can be used
to analyze the behavior of a network under various conditions. OPNET possesses the
best capability to tie in live systems to a simulation environment. There are wide
varieties of network simulation tools available in the market. After detailed
requirements gathering of this study Optimized Network Engineering Tool by OPNET
Technologies, Inc. has been chosen as the network simulator tool.
OPNET is a network simulation tool used by both academic researchers as
companies that wish to “try out” new topologies, technologies or protocols and get
answers about a large variety of performance parameters.OPNET Modeler is a
commercial solution that provides a wide range of simulated network devices from
workstations to switches and routers. It is a very powerful network simulator. Main
purposes are to optimize cost, performance, availability and time.
MPLS VPN / IP VPN
49
2.6.1 OPNET KNOWLEDGE OPNET stands for "Optimized Network Engineering Tool". It is a comprehensive
engineering system capable of simulating large communications networks with detailed
protocol modeling and performance analysis.
OPNET Modeler is the foremost commercial product that provides network modeling
and simulation software solution among the OPNET product family. It is used widely
by researchers, engineers, university students, and the US military. OPNET Modeler is
a dynamic discrete event simulator with a user-friendly graphic user interface (GUI),
supported by object-oriented and hierarchical modeling, debugging, and analysis.
OPNET Modeler is a discrete event simulator that has evolved to support hybrid
simulation, analytical simulation, and 32-bit and 64-bit fully parallel simulation, as well
as providing many other features. It has grid computing support for distributed
simulation. Its System in- the-Loop interface allows simulation with live systems which
feed real-world data and information into the simulation environment. It provides an
open interface for integrating external object files, libraries, and other simulators. It
incorporates a broad suite of protocols and technologies, and includes a development
environment to enable modeling of a very wide range of network types and
technologies.
OPNET Modeler provides a comprehensive development environment with a full set
of tools including model design, simulation, data collection, and data analysis and
supporting the modeling of communication networks and distributed systems.OPNET
Modeler can be used as a platform to develop models of a wide range of systems. These
applications include: standard-based local area network (LAN) and wide area network
(WAN) performance modeling, hierarchical internetwork planning, R&D (Research and
Development), of protocols and communication network architecture, mobile network,
sensor network and satellite network. Other applications include resource sizing, outage
and failure recovery, and so on.
2.6.2 Why OPNET? OPNET modeler models the system behavior by modeling each event in the system
effectively and the whole processes have been done through DES. There is large variety
of simulation packages available in the market; OPNET Modeler has been chosen for
simulation environment because of the following attractive features:
MPLS VPN / IP VPN
50
• Provides more feature than any other simulator in this market which attracts by
the network operators.
• Has the great ability to access with wide range of available standard and vendor
specific communication networks that help in greatly reducing the time involved
in developing simulation environments from scratch, allowing modelers to
directly include developed models in their simulations.
• Provides a rich variety of development environment that support the modeling of
communication networks and distributed systems.
• Provide huge number of documentation for the user to develop the network
models.
• Offer flexible and easy graphical interface for viewing the results.
• Results from OPNET are easily interpreted with comprehensive tools to display,
plot and analyze time series, histograms, probability functions, parametric curves,
and confidence intervals, which can be exported to a spreadsheet.
2.6.3 WORKFLOW OF OPNET After getting to know about the tool, workflow of the tool needs to be understood.
Workflow of an OPNET is divided mainly into four steps; creating new network
models, choosing individual statistics, running simulations and viewing/analyzing the
results .
MPLS VPN / IP VPN
51
Figure 2.5 : Workflow of OPNET
MPLS VPN / IP VPN
52
T
CHAPTER 3 NETWORK MODEL AND DESIGN
his chapter describes the network models that will be used
for simulation and how to implement them in OPNET
Modeler. Two different networks have been modeled for
both MPLS and IP ; one is a MPLS network. The second one is an
IP network. This chapter also explain the network components that
will be used to build network models, network traffic generation,
applications configuration parameters, simulation scenarios and the
time duration of simulation.
MPLS VPN / IP VPN
53
3.1 NETWORK TOPOLOGY
There are two suggested networks that will be simulated using OPNET modeler
14.5.The same network design will be used for both MPLS and IP simulation. This
section describes the design of each network in terms of its components and the
interconnection between them.
3.1.1 Network design The simulation of both IP and MPLS networks are employed in the OPNET Modeler
14.5. The simulations are setup using two scenarios.
• Scenario 1 consists of simulation of MPLS VPN network .
• Scenario 2 consists of simulation of IP VPN network .
Both the networks are simulated by considering common topology.
3.1.2 MPLS simulation model
MPLS Simulation model
MPLS VPN / IP VPN
54
Last Figure shows the MPLS network model which consists of the following network
elements
• 16 LSR Routers
• 2 stations (node_0 and node_1)
• 23 Physical Links (21 Serial and 2 Ethernet)
• 6 Virtual Links
• 4 Traffic Flows
DS3 links are used to connect all the routers and 100 Mbps links are used for
connecting workstations to the routers. TE is implemented in the above simulation
model by using CR-LDP signaling protocol, which is configured in OPNET by defining
FECs in MPLS definition attribute and setting LDP parameters in the routers. The CR-
LSP which is established can be visible in the Figure as link from LER1 to LER 2
through router LSR 1. When congestion occurs in the network, the traffic is directed
along CR-LSP path so that the traffic is evenly distributed in the MPLS network. This
controls the congestion in the network and increases the efficiency in utilizing the
network resources.
3.1.3 Conventional IP simulation model
IP Simulation Model
MPLS VPN / IP VPN
55
Last Figure shows the simulation model of conventional IP network . In this scenario
MPLS routers are replaced with normal IP Routers which does not support MPLS
technology. MPLS definition attribute is also not included in this scenario which is
used for establishing LSPs in MPLS network; therefore the packets are routed using
OSPF protocol (which doesn’t take capacity constraints).
3.2 NETWORK MODEL CONFIGURATION
This section describes the model configuration in OPNET such as Network
Components that will be used to build supposed networks, network traffic and it’s
configuration parameters.
3.2.1 NETWORK COMPONENTS This section discusses the main network components used in the suggested network
models running on OPNET Modeler as shown in Table 3.1 :
Table 3.1 : Network Components
Name Icon
ethernet2_slip8_lsr
ppp_wkstn
ppp_DS3
MPLS_E-LSP_DYNAMIC
MPLS VPN / IP VPN
56
Traffic_flow
Application_Config
Profile_Config
100BaseT duplex link
• The ethernet2_slip8_ler node model represents an IP-based gateway running MPLS
and supporting up to two Ethernet interfaces and up to 8 serial line interfaces at a
selectable data rate. IP packets arriving on any interface are routed to the appropriate
output interface based on their destination IP address. The Routing Information
Protocol (RIP) or the Open Shortest Path First (OSPF) protocol may be used to
automatically and dynamically create the gateway's routing tables and select routes
in an adaptive manner.
This gateway requires a fixed amount of time to route each packet, as determined
by the "IP Forwarding Rate" attribute of the node. Packets are routed on a first-
come-first-serve basis and may encounter queuing at the lower protocol layers,
depending on the transmission rates of the corresponding output
interfaces.
• Protocols:
� RIP, UDP, IP, Ethernet, Fast Ethernet, Gigabit Ethernet, OSPF
• Interconnections: � 2 Ethernet connections at a selectable data rate
� 8 Serial Line IP connections at a selectable data rate
• Attributes: � "IP Forwarding Rate": specifies the rate (in packets/second) at which
the gateway can perform a routing decision for an arriving packet
and transfer it to the appropriate output interface.
MPLS VPN / IP VPN
57
� "IP Gateway Function": specifies whether the local IP node is acting
as a gateway.
� Nodes with only one network interface should not act as network
gateways.
� "RIP Start Time": specifies the simulation time (in sec) at which the
gateways start sending routing updates to build the IP routing tables.
� "RIP Process Mode": specifies whether the RIP process is silent or
active. Silent RIP processes do not send any routing updates but
simply receive updates. All RIP processes in a gateway should be
active RIP processes.
• Summary � General Function: gateway
� Supported Protocols: UDP, IP, Ethernet, RIP, OSPF
� Port Interface Description:
� 2 Ethernet connections at 10 Mbps, 100 Mbps, or 1000 Mbps
� 8 Serial Line IP connections at selectable data rates
• The ethernet2_slip8_lsr node model represents an IP-based gateway running
MPLS and supporting up to two Ethernet interfaces and up to 8 serial line
interfaces at a selectable data rate. IP packets arriving on any interface are routed
to the appropriate output interface based on their destination IP address. The
Routing Information Protocol (RIP) or the Open Shortest Path First (OSPF)
protocol may be used to automatically and dynamically create the gateway's
routing tables and select routes in an adaptive manner.
This gateway requires a fixed amount of time to route each packet, as
determined by the "IP Forwarding Rate" attribute of the node. Packets are routed
on a first-come-first-serve basis and may encounter queuing at the lower protocol
layers, depending on the transmission rates of the corresponding output
interfaces.
• Protocols:
� RIP, UDP, IP, Ethernet, Fast Ethernet, Gigabit Ethernet, OSPF
• Interconnections:
� 2 Ethernet connections at a selectable data rate
� 8 Serial Line IP connections at a selectable data rate
MPLS VPN / IP VPN
58
• Attributes: � "IP Forwarding Rate": specifies the rate (in packets/second) at which
the gateway can perform a routing decision for an arriving packet
and transfer it to the appropriate output interface.
� "IP Gateway Function": specifies whether the local IP node is acting
as a gateway.
� Nodes with only one network interface should not act as network
gateways.
� "RIP Start Time": specifies the simulation time (in sec) at which the
gateways start sending routing updates to build the IP routing tables.
� "RIP Process Mode": specifies whether the RIP process is silent or
active. Silent RIP processes do not send any routing updates but
simply receive updates. All RIP processes in a gateway should be
active RIP processes.
• Summary � General Function: gateway Supported Protocols: UDP, IP, Ethernet,
RIP, OSPF
� Port Interface Description:
� 2 Ethernet connections at 10 Mbps, 100 Mbps, or 1000 Mbps
� 8 Serial Line IP connections at selectable data rates
• The ppp_wkstn node model represents a workstation with client-server
applications running over TCP/IP and UDP/IP. The workstation supports one
underlying SLIP connection at a selectable data rate.
This workstation requires a fixed amount of time to route each packet, as
determined by the "IP Forwarding Rate" attribute of the node. Packets are routed
on a first-come-first-serve basis and may encounter queuing at the ports,
depending on the transmission rates of the output interface.
• Protocols:
� RIP, UDP, IP, TCP, OSPF
• Interconnections:
� One SLIP connection at a selectable data rate.
• Attributes: � Client Custom Application, Client Database Application, Client
Email, Client Ftp, Client Remote Login, Client X Windows, Client
MPLS VPN / IP VPN
59
Video Conferencing, Client Start Time: These attributes allow for
the specification of application traffic generation in the node.
• Transport Address: This attribute allows for the specification of the
address of the node.
• "IP Forwarding Rate": specifies the rate (in packets/second) at which the
node can perform a routing decision for an arriving packet and transfer it to
the appropriate output interface.
• "IP Gateway Function": specifies whether the local IP node is acting as a
gateway.
• Workstations should not act as gateways, as they only have one network
interface.
• "RIP Process Mode": specifies whether the
• RIP process is silent or active. Silent RIP processes do not send any
routing updates but simply receive updates. All RIP processes in a
workstation should be silent RIP processes.
• "TCP Connection Information": specifies whether diagnostic information
about TCP connections from this node will be displayed at the end of the
simulation.
• "TCP Maximum Segment Size": determines the size of segments sent by
TCP. This value should be set to largest segment size that the underlying
network can carry unfragmented.
• "TCP Receive Buffer Capacity": specifies the size of the buffer used to
hold received data before it is forwarded to the application.
• Summary � General Function: workstation
� Supported Protocols: UDP, IP, RIP, TCP, OSPF
� Port Interface Description : One SLIP connection at a selectable data
rate.
• The ppp_DS3, point-to-point link is used to connect two nodes with serial
interfaces (e.g., routers with PPP ports) at 44.736 Mbps.
• The Application_Config includes a name and a description table that specifies
various parameters for the different applications (i.e. video conferencing and
MPLS VPN / IP VPN
60
voice applications). The specified application name is used while creating user
profiles on "Profile_Config" object.
• The Profile_Config is used to create user profiles. These user profiles can then be
specified ondifferent nodes in the network to generate application layer traffic.
The applications defined in the Application_Config are used by this object to
configure profiles. Traffic patterns can be specified followed by the configured
profiles and the applications.
• The ethernet16_switch node model is used to represent a switch supporting up to
16 Ethernet interfaces(10 Mbps, 100Mbps, or 1000Mbps). The switch
implements the Spanning Tree algorithm in order to ensure a loop free network
topology .Switches communicate with each other by sending Bridge Protocol
Data Units(BPDU’s).Packets are received and processed by the switch based on
the current configuration of the spanning tree.
• The 100BaseT duplex link represents an Ethernet connection operating at 100
Mbps. It can connect any combination of the following nodes (except Hub-to-
Hub, which cannot be connected): Station, Hub Bridge ,Switch and LAN nodes.
3.2.2 NETWORK TRAFFIC GENERATION This section describes the traffic that well be generated during simulation and how to
configure them into OPNET modeler. The traffic that will be generated are voice or
video conferencing traffic. Voice and video conferencing profiles are defined in the
source workstations while corresponding destination workstations are enabled with their
respective supported services. In OPNET terminology, in order to generate voice and
video traffic, voice and video conferencing profiles are configured in such way where
video and voice applications can be controlled in terms of their start, end times and
repeatability (see APPENDIX). This is done by adding this profile to each
workstation’s lists of supported profiles .
3.2.2.1 VOICE TRAFFIC By default, Voice applications run over UDP. However, internally, OPNET simulations
transmit voice packets using the Real-Time Protocol (RTP), which requires no
MPLS VPN / IP VPN
61
additional configuration .Detailed information about the configurable parameters for
voice (PCM Quality Speech) application is given in the next Table .
Table 3.2 : Voice Application Parameters
Attribute Value
Silence length(s)
Incoming Silence
Length (s)
Exponential
(0.65)
Outgoing silence
Length (s)
Exponential
(0.65)
Encoder Scheme G.711
Voice Frames per Packet 1
Type of Service Interactive voice (6)
Compression Delay (s) 0.02
Decompression Delay (s) 0.02
Silence length specifies the time spent - in seconds - by the called party (incoming) and
the calling party (outgoing) in silence mode in a speech-silence cycle.
The Encoder Scheme to be used by the calling and called party is set to G.711 .
Voice Frames per packet attribute determines the number of encoded voice frames
grouped into a voice packet, before being sent by the application to the lower layers.
Type of Service (TOS) represents a session attribute which allows packets to be
processed faster in IP queues.
Compression Delay and Decompression Delay attributes specify the delay in
compressing / decompressing a voice packet. Detailed configuration of how to set up
the voice traffic is explained in Appendix.
MPLS VPN / IP VPN
62
3.2.2.2 VIDEO CONFERENCING TRAFFIC The Video Conferencing application models transmission of video traffic between two
nodes in the network. OPNET represents video traffic as a sequence of data frames with
the frame size being a configurable parameter. By default, the Video Conferencing
application runs over the UDP transport protocol to avoid connection management and
other delays associated with the TCP protocol. Typically, a Video Conferencing session
is established between the two client nodes without the use of a server .Next Table
shows video conferencing application parameters.
Table 3.3 : Video Conferencing Application Parameters
Attribute Value
Frame interarrival Time Information 15 frames/sec
Frame Size Information (bytes) 128*240 pixels
Type of Service Interactive Multimedia (5)
The attributes specify the characteristics of the traffic load generated by the Video
Conferencing application.
Frame Interarrival time has been set to 15 frames/sec for incoming and outgoing
streams.
Frame size has been kept at 128*240 pixels for the incoming and outgoing video
streams.
Type of service is set as interactive multimedia(5). More detailed configuration is
explained in Appendix.
3.3 SIMULATION SCENARIOS
MPLS VPN / IP VPN
63
OPNET Modeler 14.5 has been used for the simulation analysis. This section describes
tow network scenarios that have been prototyped as the following.:
1) Scenario 1: MPLS VPN backbone with IGP (OSPF) and EGP (BGP).
2) Scenario 2 : IP VPN backbone with IGP (OSPF) and EGP (BGP)..
3.3.1 SIMULATION RUN TIME All the simulations run for 1200 seconds (20 Minutes). The simulation is implemented
in OPNET Modeler 14.5 running on a TOSHIBA Satellite L755 Laptop with Windows
8, Core(TM) i3-2330M CPU , 2.20 GHz and 8GB of RAM.
MPLS VPN / IP VPN
64
I
CHAPTER 4 SIMULATION RESULTS AND DISCUSSION
n chapter 3, MPLS VPN and IP VPN were first implemented
and then simulated by using OPNET simulator. This chapter
discusses the results that are obtained after the end of
simulation process .The simulation results for each scenario in each
network are represented as a statistical graphs and followed with
simple descriptions and discussion.
MPLS VPN / IP VPN
65
4.1 END-TO-END (E2E) VPN DELAY PERFORMANCE (sec)
This statistic gives the End-to-End delay for traffic through an MPLS VPN and IP VPN.
This delay is measured as time elapsed between traffic entering the "Provider's
Network" through Ingress PE and traffic leaving the "Provider's Network" through
Egress PE. So, we should have it cleared in mind that VPN delay is not a physical link
delay.
VPN Delay (sec)
Last Figure illustrates the VPN delay for MPLS VPN and IP VPN. The sample
mean of VPN delay for MPLS VPN is (1.58638563335E-005) and the sample mean
of the VPN delay for IP VPN is (1.58371640282E-005).
IP VPN network has performed with less delay as compared to MPLS VPN
network.
MPLS VPN / IP VPN
66
4.2 VPN THROUGHPUT PERFORMANCE Throughput refers to the amount of data packet successfully received by the
destination network or it’s the amount of VPN-traffic leaving the "Provider's Network"
through Egress PE. The throughput is usually measured in bits per second (bits/sec) or
(pkts/sec). A throughput with a higher value is more often an absolute choice in every
network .The throughput results are displayed and followed by a brief discussion for
each network.
4.2.1 VPN THROUGHPUT ( bits/sec)
VPN Throughput ( bits/sec )
Last Figure illustrates throughput in bits/sec for MPLS VPN and IP VPN. In this
case MPLS VPN has greater throughput than IP VPN . It is observed that the sample
mean of VPN throughput for IP VPN is ( 37,765,514.7626077 bits/sec ) and for MPLS
VPN is (114,411,585.31126 bits/sec) because the maximum value in IP VPN is
(64,412,329.4187867 bits/sec ) and the minimum value is ( 160 bits/sec ).But the
maximum value in MPLS VPN is (185,141,306.943965 bits/sec ) and the minimum
value is ( 160 bits/sec )
MPLS VPN / IP VPN
67
4.2.2 VPN THROUGHPUT ( pkts/sec)
VPN Throughput ( pkts/sec )
Last Figure illustrates throughput in pkts/sec for MPLS VPN and IP VPN. As
shown MPLS VPN has greater throughput than IP VPN . It is observed that the sample
mean of VPN throughput for IP VPN is (75.5436837024 pkts/sec ) and for MPLS is
(228.835512351 pkts/sec).
MPLS VPN / IP VPN
68
4.3 VPN LOAD PERFORMANCE The network throughput and load are main parameters that reflect the network
capability. Load is the amount of VPN-traffic entering the "Provider's Network"
through Ingress PE. In contrast, throughput is the amount of VPN-traffic leaving the
"Provider's Network" through Egress PE. Both statistics are measured in bits per
second (bits/sec) or (pkts/sec) .
4.3.1 VPN LOAD ( bits/sec)
AVERAGE VPN Load ( bits/sec )
Last Figure illustrates average load in bits/sec for MPLS VPN and IP VPN. In this case
MPLS VPN has greater load than IP VPN . It is observed that the sample mean of VPN
throughput for IP VPN is (44,308,099.191511 bits/sec ) and for MPLS VPN is
(109,985,802.137829 bits/sec) because the maximum value in IP VPN is
(59,180,291.5228076 bits/sec ) and the minimum value is ( 160 bits/sec ).But the
maximum value in MPLS VPN is (120,868,670.627985 bits/sec ) and the minimum
value is ( 160 bits/sec )
MPLS VPN / IP VPN
69
4.3.2 VPN LOAD ( pkts/sec)
AVERAGE VPN Load ( pkts/sec )
Last Figure illustrates average load in pkts/sec for MPLS VPN and IP VPN. As shown
MPLS VPN has greater load than IP VPN . It is observed that the sample mean of VPN
throughput for IP VPN is (88.6758967784 pkts/sec ) and for MPLS is (220.037461989
pkts/sec).
MPLS VPN / IP VPN
70
CHAPTER 5 CONCLUSION AND FUTURE WORK
5.1 Conclusion
The main objective of the thesis “OPNET analysis of MPLS VPN vs. IP VPN ” is to
analyze the behavior of MPLS VPN and IP VPN. This behavioral analysis is followed
by presenting an approach in OPNET modeler 14.5 to estimate the capabilities of those
protocols and we use OSPF protocol as IGPs( Interior Gateway Protocol ) and BGB
protocol as ( Exterior Gateway protocol ). This analysis is made by focusing on the
VPN statistics: delay, load and throughput .
In this report we used a combination of theoretical research and empirical research
(scientific research) started by literature review made on the state of IP, MPLS, VPN,
and MPLS VPN. This approach helped us to answer the research questions. During
our analysis, we have identified:
• The challenges in MPLS VPN network and IP VPN network .
• Behavior of Interior and exterior routing protocols in different network
environments.
• MPLS VPN based on interior routing protocol (OSPF) and exterior routing
protocol (BGP) with IP VPN .
During our research, we have also examined the MPLS VPN architecture and found
out that this architecture is scalable and flexible enough to provide well-organized voice
MPLS VPN / IP VPN
71
packet transmission, load balancing, consistency, data security, network isolation from
other networks and end-to-end controlled connectivity with QoS guaranteed.
Finally, We have concluded on the basis of considered network topology,
configurations and simulated results that MPLS VPN with interior routing protocol
(OSPF) is a better scenario as compared to the IP VPN with interior routing protocol
(OSPF) .
5.2 Future Work
MPLS Virtual Private Networks (MPLS VPN) is a popular and widespread
implementation of MPLS technology and is growing since it was invented. MPLS
capable network can provide support for MPLS tunnels. These tunnels provide a virtual
wire that connects source and destination of the VPN. Alternatively, encapsulated
MPLS packets can provide some other tunneling mechanism for transmission of these
packets across the IP core network.
As this thesis covered the analysis of QoS enabled MPLS-BGP VPN with IGP (OSPF)
and to reach more accurate results it would be necessary to perform empirical studies
involving different simulators (QualNet, OMNet++, and NS3) to possibly validate or
disprove the affirmations evaluated and discussed. One could realize different
scenarios:
• MPLS VPN VS. IP VPN IGP (RIPv2) and EGP (BGP).
• MPLS VPN VS. IP VPN IGP (RIPv3) and EGP (BGP).
• MPLS VPN VS. IP VPN IGP (IGRP) and EGP (BGP).
• MPLS VPN VS. IP VPN IGP (EIGRP) and EGP (BGP).
• MPLS VPN VS. IP VPN IGP (IS-IS) and EGP (BGP).
MPLS VPN / IP VPN
72
APPENDIX
VPN configuration parameters on all PEs
MPLS VPN / IP VPN
73
BGP configuration on Site1_PE, Site2_PE and Site3_PE
MPLS VPN / IP VPN
74
Static Routing Table configuration on Site1_PE, Site2_PE and Site3_PE
MPLS VPN / IP VPN
75
Interface Information on Site1_PE, Site2_PE and Site3_PE
MPLS VPN / IP VPN
76
REFERENCES
• J. Davidson, J. Peters, M. Bhatia, S. Kalidindi, and S. Mukherjee, Voice over IP
Fundamentals, 2nd ed. USA: Cisco Press, 2006.
• S. Hagen, IPv6 essentials. O’Reilly Media, Inc., 2006.
• B. Alawieh, R. Ahmed, and H. T. Mouftah, “Performance measurement for voice
services in heterogeneous wired networks,” Innsbruck, Austria, pp. 1-5, 2008.
• M. Rahimi, H. Hashim, and R. Rahman, “Implementation of Quality of Service
(QoS) in Multi Protocol Label Switching (MPLS) networks,” presented at the
Signal Processing & Its Applications, 2009. CSPA 2009. 5th International
Colloquium on, pp. 98-103, 2009.
• B. Davie and A. Farrel, MPLS: Next Steps. USA: Morgan Kaufmann, 2008.
• D. Minoli, Voice Over MPLS: Planning and Designing Networks. USA:
McGraw-Hill Companies, 2002.
• J. Postel, “Internet Protocol,” Internet Request for Comments, vol. RFC 791
(Standard), Sep. 1981.
• Javvin Technologies, Inc., Network Protocols Handbook, 4th ed. USA: Javvin
Press, 2007.
• L. D. Ghein, MPLS Fundamentals. USA: Cisco Press, 2006.
• M. Morrow and A. Sayeed, MPLS and Next-Generation Networks: Foundations
for NGN and Enterprise Virtualization. USA: Cisco Press, 2006.
• J. C. Snader, VPNs Illustrated: Tunnels, VPNs, and IPsec. USA: Addison Wesley
Professional, 2005.
MPLS VPN / IP VPN
77
• I. Pepelnjak, J. Guichard, and J. Apcar, MPLS and VPN Architectures, 2 vols.
USA : Cisco Press, 2003.
• H. G. Perros, Connection-oriented networks: SONET/SDH, ATM, MPLS, and
optical networks. UK: John Wiley & Sons Ltd., 2005.
• I. Pepelnjak and J. Guichard, MPLS and VPN Architectures, CCIE. USA: Cisco
Press, 2002.
• K. Jannu and R. Deekonda, “OPNET simulation of voice over MPLS with
considering Traffic Engineering,” Blekinge Institue of Technology, 2010.
• R. Gallaher, MPLS Training Guide: Building Multi-Protocol Label Switching
Networks. Syngress Publishing, 2003.
• M. Lewis, Comparing, Designing, and Deploying VPNs. USA: Cisco Press,
2006.
• M. Gupta, Building a Virtual Private Network. Ohio: Premier Press, 2003.
• J. Guichard, F. L. Faucheur, and J. Vasseur, Definitive MPLS Network Designs.
USA: Cisco Press, 2005.
• Cisco Systems, Advanced MPLS VPN Solutions, Revision 1.0: Student Guide,
vol. 1, 2 vols. USA: Cisco Press, 2000.
• C. Lewis, S. Pickavance, M. Morrow, J. Monaghan, and C. Huegen, Selecting
MPLS VPN Services. Cisco Press, 2006.
• B.Forouzan, Data Communications and networking. McGraw-Hill,2013.
• OPNET, Modeler Release, 14th ed. [Online]. Available: http://www.opnet.com.
MPLS VPN / IP VPN
78