Kingston University London

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Kingston University London"

Transcription

1 Kingston University London Thesis Title Implementation and performance evaluation of WAN services over MPLS Layer-3 VPN Dissertation submitted for the Degree of Master of Science in Networking and Data Communications Networking and Data Communications By KONSTANTINOS GEORGAKAKOS SUPERVISOR ANDREAS PAPADAKIS KINGSTON UNIVERSITY, SCHOOL OF COMPUTING AND INFORMATION SYSTEMS ΤEI OF PIRAEUS, DEPARTMENTS OF ELECTRONICS AND AUTOMATION JANUARY 2012

2 Contents Pages Abstract Introduction Objectives Research Methods MPLS VPN Overlay VPN Model Peer VPN Model Layer 3 VPNs VPN Routing and Forwarding Tables (VRFs) Routing Distribution with the use of BGP VPN-IPv4 Addresses and Route Distinguisher (RD) RTs Route Propagation in an MPLS VPN Package Forwarding in an MPLS VPN Conclusion Label Distribution Protocols with IGP Label Distribution Protocol (LDP) Finding LSRs that run LDP (LDP Discovery) LDP and IGP Synchronization Simulation Scenario Simulation program which is going to be used Technology for the scenario implementation Network Topology Scenario Implementation Scenario Results Customer A Customer B ISP ISP MPLS Backbone Change of IGP in the ISP MPLS Backbone ~ 1 ~

3 4.7. Conclusions for the simulation scenario Conclusions References ~ 2 ~

4 Abstract In the mid 90's has come the rapid spread of the Internet. Prior to the Internet the traditional way of routing, storing and forwarding was serving satisfactorily the classic applications of IP (ftp, telnet, mail). Followingly, the desire for the use of IP protocol for others applications which are more demanding (video, audio, videoconference) brought to surface the deficiencies of the traditional way of routing. Now there is a requirement for the provision of differential services and guarantees for the applications. A new technology called Multi Protocol Label Switching (MPLS) changes the data. [1] 1. Introduction The MPLS technology is developed by IETF, in order to improve the flexibility and performance of the traditional IP and also to provide new services on the Internet. To MPLS combines the transfer with the label and the traditional routing with IP. This technique uses generally, 'labels' which are created and placed during importation of packets in Network Switching / Core for their promotion to the final destination. The labels indicate both the routing of packets as well as the quality characteristics of the services provided by the network. The main components of MPLS technology are as follows [1] [2]: Label: Is the title / label used by the LSR (Label Switch Router) for the packet forwarding. The LSRs only read the tags of this type, not headings of IP packets. The labels are meaningful only at local level that is to say, only between two devices which communicate. Label Switch Router (LSR): It is the backbone of the network which transfers packets equipped with the appropriate label in accordance to the budgeted tables. Edge Label Switch Router (Edge LSR): This is the device that is placed on the edge of the main network, which performs the initial processing and classification of each packet and assigns to the packet the first label. Label Switched Path (LSP): It is the "path" defined by the labels created and assigned to each packet, between the endpoints of the network. An LSP can be specified either statically or dynamically. The last one is determined automatically using routing information. Static LSPs are used rarely. ~ 3 ~

5 Label Distribution Protocol (LDP): This is the protocol having as a role the attribution of labels to packages as well as the translation of information from the LSRs. It confers labels to packets from the network devices at the edges and the core of the network in order to define the necessary LSPs. The label attribution is performed in conjunction with some routing protocols such as Interior Gateway Protocol IGP: Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Enhanced Interior Gateway Routing Protocol (EIGRP) or Exterior Gateway Protocol (EGP): Border Gateway Protocol (BGP). The Network Layer Virtual Private Networks which are based on the MPLS technology (MPLS Layer 3 VPNs) allow the creation of VPNs by using MPLS backbone network of the Internet Service Provider (ISP). The VPNs are on IP-level and therefore the information transfer is achieved by using exclusively the IP protocol. Three different types of routers are found in MPLS VPNs [3] [4]: 1. Routers CE (customer edge): Routers which are managed by the client and they usually belong to him. 2. Routers PE (provider edge): Routers which form the entry and exit points of VPNs. They belong to the ISP administratively. They are the most important part of the MPLS VPNs "logic". 3. Routers P (provider): Routers that form the backbone of the ISP and they belong to the ISP administratively. They are not involved in VPN logic their main purpose is to transfer the MPLS label to the PE routers. The following figure 1 depicts a typical MPLS VPN deployment: Figure 1: A common example of MPLS VPN [3] ~ 4 ~

6 As shown in the figure above, the network provider (Service Provider backbone) consists of routers of P and PE type. Four sites are connected to the provider's backbone network, two of them belong to VPN1 and two other sites are owned by the VPN2 (where a site can be a local network Ethernet). PE routers are the ones that share the routing information of different VPNs and update the routing tables belonging to each VPN. PE routers carry such information to each other by using the protocol BGP (Border Gateway Protocol). Generally, BGP is a reliable and efficient protocol and the exclusive protocol for exchanging routing tables between providers. It provides great flexibility since it allows or prohibits with various mechanisms to exchange partial or full the routing table, or selects between different routes which will be the principal and what secondary one (backup). The P routers do not participate in the routing VPNs.They are only involved in the exchange of labels in order to create MPLS LSPs between the routers. These LSPs are used by PEs in order to carry traffic between "members" of VPNs. The MPLS packets contain 2 labels - one for the routing of the packet between the nodes of the provider and a second one for the identification of a VPN. The BGP is the protocol of choice for the information routing transfer in the implementation of MPLS VPNs. With the usage of BGP, PE routers «know» the routing tables of different VPNs which are linked to other PE routers. For example, if part 1 (let's call site 1) of a company network is connected to the ISP router PE1 while Annex 2 of the same company, connects to PE2 through BGP, as a result PE1 knows that PE2 is connected to site 2 and respectively PE2 knows that PE1 is connected to site 1. Thus the company (and apparently its annexes) is IP connected through provider s public network provider's MPLS [4]. It is also clear that more than one customer are connected to each PE router. Thus, each PE router maintains a sub-table which contains routing information exclusively for a specific customer. This provides maximum security, because the routing table is owned only by a particular customer. In other words, each PE is like a group of virtual routers. Each routing table refers to a different customer and constitutes an ~ 5 ~

7 independent virtual routing table called VRF (Virtual Routing & Forwarding Instance). It is important to emphasize in conclusion that the company subnet created through the MPLS network of the ISP is a network which, although it is based on a public network the MPLS, is in essence a private and isolated network data. The connection Mbps speed of different customers depends on the speed of the connection via CE & PE Objectives Our project s aim will be to focus on the following points; a) To design and implement a VPN based on Level 3 MPLS and demonstrate the collaboration of the individual involved technologies. There was a first discussion on the topology with the supervisor and concluded that the topology will be generally consisted of 3 PE routers which give access to clients in the IP CORE of ISP, 3 P routers that will be connected together in full mesh and CE routers which will be 2 for the customer A which consists of 2 sites Head Quarter and the Branch office, each site wants to advertise to the other two subnets and request from the Internet Service Provider (ISP) the communication between them to be implemented with the Point to Point Layer 3 VPN and 4 CEs Routers for customer B, which consists of 3 sites, the central Head Quarter (2 CEs) and 2 Branch Offices (1 CE Router each), in the Head Quarter and in the first remote site there is one subnet with web servers which should be advertised to the customer's network as well as to the internet. In the second remote site is advertised a subnet in which users found in it should have access to the web server of the company as well as to the internet through NAT for safety reasons but also in order to save address range. The client for the communication between those sites requires the ISP to use the Hub and Spoke topology, with the Hub, the Head Quarter and as Spoke the 2 remote sites. Finally for access to the internet we use another router assuming that is a remote ISP. The above topology has been designed using a PC-based simulation environment but is also adequately elaborated in order to fully demonstrate the provision of the VPN services and allow us to perform useful evaluation. Malfunctions may occur during the simulation implementation such as: Inefficiency of the simulation ~ 6 ~

8 environment, inability (of our pc-based environment) to perform the test. Due to the limitations in the scenarios (mainly the low traffic we can achieve with the available technical means) that will be performed, we expect that there will be difficult to demonstrate clear benefits of one solution or another. b) To investigate and select the appropriate tool/ framework for performing the simulations c) To define comparative scenarios in order to evaluate the performance of the MPLS VPN. d) The difference in how quickly an MPLS network can recover, after the shutdown of a Link in the MPLS Backbone of our scenario, by using different Interior Gateway Protocols (IGPs) in the MPLS Core. e) The advantages of L3 MPLS VPN compared to other IP VPN. The reason we chose this particular project is because MPLS VPN technology is now widely used in almost all ISPs, ensuring compatibility with the IP protocol and other effectively providing demanding applications (video, audio, videoconference), since the traditional way of routing brought on surface its deficiencies. I estimate that the MPLS will have significant impact on the provision of VPN services in the forthcoming years and that in this phase extensive simulation and evaluation of its potential benefits are needed. Another reason is that I work in a company (provider) which provides services using Layer 3 MPLS VPN, so it is quite interesting and important to me to deal with this issue and enrich my knowledge Research Methods Research will be based on literature study of journal articles, periodicals and web publications. Furthermore, presentations from big Vendors like Cisco, possible users, forum, companies that are involved, provide or use products, researchers etc. An important piece of work will involve the practical application, which will be implemented with the use of the simulation framework, indicatively the Graphical Network Simulator - GNS3 to which we can load real Cisco IOS and simulate the IP Core of an ISP which consists of P and PE Routers also there are going to be two clients asking for specific services for their site. ~ 7 ~

9 2. MPLS VPN The BGP / MPLS IP VPNs, known as MPLS L3 VPNs or L3VPN, are one of the most widespread applications of MPLS networks. Speaking of MPLS is not the TE or FRR (Fast Reroute) that come straight to mind, but the VPNs. The L3VPNs is the main and often the only reason for a service provider to implement an MPLS network. The VPNs were existing before the MPLS. The L3VPNs success lies in the simplicity and extensibility provided by the combination of BGP and MPLS in the various VPN scenarios. The L3VPNs have been extended to the L2VPNs and VPLS. The BGP / MPLS VPNs are based on VPN Peer Model, which will be presented below. The main cause of this association is because the VPNs that are based on PE routers (Provider Edge Router), such as VPN Peer Model, are easy to routing for its customers and also easy to adding new VPN sites. The first publication of BGP / MPLS VPN model has been informally in RFC 2547, to which a VPN solution from Cisco was presented. Then a working group in IETF was launched which is called ppvpn (Provider-Provisioned VPNs). The working group then was divided in L2VPN and L3VPN groups. [6] [7] 2.1. Overlay VPN Model In the Overlay VPN model the service provider offers point-to-point links between routers of different areas. The point-to-point connections could be Frame Relay or ATM (Asynchronous Transfer Mode) circuit, leased lines, IP-over-IP Tunnels such as the GRE (Generic Route Encapsulation / Figure 2). This leads to a virtual backbone for the network of customers, which is above the network structure of the provider. This way the neighborhood relations are designed between routers of different customer areas (CE Routers, Customer Edge Routers), in order to exchange routing information and allow communication between different areas. In this way neighborhood relations are not created between customer routers (CE Routers) and the service provider (PE Routers). So the paths of CE Routers do not appear to PE Routers. In Figure 1 is shown an Overlay Model with GRE Tunnels. [4] [6] [7] ~ 8 ~

10 The VPN service in the Overlay model is provided by CE Routers. A VPN whose control and decisions are provided by CE Routers is called CE-Based VPN. So in essence the customers design and run their own VPN, something for which may not have the will and capacity. Thus, each provider may assume the management of the customer s virtual backbone and so ends up managing a large amount of CE routers. This is certainly not desirable from administrative point of view. Regardless of who manages the CE routers, a model which puts the control in customers' appliances has limitations. Consider a scenario where there are several client areas and all routers are virtually connected together. In any such case the number of equal relationships between routers is high. This can cause problems in the IGP (Interior Gateway Protocol), because of large routing information which should be exchanged in case of a change. Another restriction relates to the large number of arrangements to be made in case of introduction of a new area in VPN. Figure 2 Overlay VPN Model (Overlay Model on GRE Tunnels) The overlay model achieves its main goals for the creation of a VPN. It provides communication between different client areas allows the existence of private addresses and ensures the safety of traffic between areas of the VPN. Certainly, the administrative cost is quite large where it is necessary to manage large number of routers and settings in case of a change. ~ 9 ~

11 2.2. Peer VPN Model The Peer Model attempts to overcome the drawbacks of the Overlay Model. There is no need to directly exchange routing information between routers of customers. The neighborhood relationships which are developed relate to the directly connected routers. Thus a CE Router installs a neighboring relationship with the directly connected PE Router. The full central connectivity (especially of virtual connections) which was in the Overlay Model is disproved. By the side of the service provider the routing is easy. The management of the routing information distribution moves to the provider s side and generally the functionality is assigned the PE Routers. [4] [6] The introduction of a new site in a VPN requires adjustments to the PE Router and CE Router of the new area and not to all CE Routers customer. Furthermore, if an increase in the bandwidth between some areas is required, this could be achieved with the connection of PE and CE Router and does not need upgrading of several circuits or leased lines. Figure 3 presents a Peer Model VPN scenario, in which the PE routers have now the control. Figure 3 Peer VPN Model The Peer Model technique therefore is a more appropriate solution, provided that guarantees the connectivity and security required in a VPN figure. The traffic must flow between regions of a single VPN and be prohibited between different VPNs, So we need to introduce some restrictions on the movement. This can be achieved either by introducing some restrictions on the movement at the time of promotion, ie, by ~ 10 ~

12 using access lists on links between CE and PE, or introducing restrictions on the distribution of routing information. One of the original Peer Model VPN solutions used to guarantee the security of information between different VPN sites is through the use of access lists. The access lists act on IP packets at the moment of promotion, by permitting or not the move based on criteria such as source address and destination. The solution based on the access lists based, however, soon became difficult to manage. The result was an attempt to free the access lists and the discovery of a technique that would guarantee that the traffic arriving to PE Routers would be destined for a particular VPN. This goal can be achieved by connecting each area s VPN to its exclusive physical or virtual PE router. Yet, someone must guarantee that there will be a routing state, which will allow traffic between PE routers of different VPNs. As a consequence of this thought, another Peer Model VPN solution has been developed which was based on criteria of routing information distribution and specifically based on BGP Communities. In this model, the PE routers receive and install routes belonging to specific VPNs that they serve. This model is the background for BGP / MPLS-based VPNs 2.3. Layer 3 VPNs In order to achieve the implementation of a Layer 3 MPLS VPN certain basic elements are required to PE routers. These are the following: VPN Routing and Forwarding Tables (VRFs) Distribution of routes by using the BGP Route Distinguisher (RD) Route Target (RT) Forward of labeled packets VPN Routing and Forwarding Tables (VRFs) The isolation of traffic between different VPNs implies that a customer of a VPN should not be able to send information to another VPN. In the scenario of Figure 4 there are two customer VPNs, the VPN RED and VPN BLUE. [9] ~ 11 ~

13 Figure 4 MPLS Network with two VPNs Each PE router is connected to areas of both VPNs. Assuming that there is a routing / promotion table on each PE Router, then there is a problem in the case of overlapping private addresses between two VPNs (as in the case of CE2 and CE4). Moreover, one problem still exists also, in case that there is not overlap. So if there is overlap between the two VPN addresses, then it cannot be installed the promotion information for both VPNs, because it would be difficult to separate the two destinations. In any other case that there is not overlap, it is possible for a station in the VPN RED to send certain information to the VPN BLUE, simply by sending IP traffic destined to BLUE VPN. Thereby when the PE Router views a packet with destination address the VPN BLUE, it just forwards the packet. Both the above problems can be solved if each client area is connected to its own physical or virtual PE Router. However the increase in the number of PE routers for each new customer in the network does not favor the scalability neither the management of the network. Therefore a more efficient way is to use routing / promotion tables per VPN (per- VPN routing and forwarding tables VRFs), in order to maintain individually the routing and promotion information for each VPN. Those tables coexist with the general routing table, which is used for packet traffic except VPNs, and include routes for local and remote clients. [1] [4] [9] When an IP packet arrives from a client area, a PE Router must be aware of which VRF to use. This can be achieved if we associate each interface to a VRF through configuration to PE routers. The interface in this situation is not necessarily physical ~ 12 ~

14 interface. It could be a reasonable interface such as an ATM VPI / VCI or a Frame Relay DLCI (Data Link Connection Identifier). When an IP packet reaches a PE router which is not associated with any VRF, then the search is performed in the general routing table. Figure 5 shows a PE router interconnection and settings that have been made in order to be associated to a VRF table named cust-one. Figure 5: Setting the table for a VRF interconnection Use of multiple promotion tables to PE routers is a prerequisite for the existence of similar private addresses between different VPNs. Nevertheless, the existence of several promotion tables does not directly guarantee that traffic can be forwarded from one VPN to another. If in the scenario of Figure 3, the promotion table of VPN RED somehow contains information for VPN BLUE destinations, then nothing can prevent the promotion of information from the VPN RED to the VPN BLUE. Eventually, it is necessary the control of information installed in each VPN. This is accomplished by distributing routing information based on criteria, so that potential destinations of customer sites being advertised only there, where they should be Routing Distribution with the use of BGP In order to accomplish restricted distribution of routing information, the VPN routes have to be transported through a routing protocol to the SP and limit the distribution of destination information in the PE Routers. This is also the method used in BGP / MPLS VPNs, where BGP is the protocol that transfers the VPN routes. Some of the properties which make BGP ideal for VPN scenarios are: [9] ~ 13 ~

15 It supports filtration of routes by using the community feature. So it might make limited distribution of routing information. It has the ability to carry a large number of routes, and thus can transfer tracks from several customers. It can exchange information between routers, which are not directly connected. Consequently, the exchange of routing information can be made between PE Routers. It is competent to carry labels in accordance with the routes. It can operate between the marginal devices of a service provider VPN-IPv4 Addresses and Route Distinguisher (RD) As stated above, the BGP has several properties which make it tempting for the transfer of VPN routes in the network of service provider. However, all it does is to install and distribute a route for a network prefix which however can cause problems for private VPN addresses that may be overlapped between the VPNs. [4] [9] The solution is to make a private address unique. The uniqueness of a private address is achieved through the RD (route distinguisher). The main purpose is each network prefix from each customer to receive a unique identification (RD), to stand out themselves from other customer prefixes. The result is a new prefix, which is a combination of IPv4 prefix and RD, and is called VPN-IPv4 prefix. The BGP has to transfer the VPN-IPv4 prefixes among routers. The RD is a 64 bit field, which is utilized to make the VRF prefixes unique when BGP carries them. Certainly, the RD will not indicate the VRF table that owns the prefix. This function is not like VPN identifier, because in some more sophisticated VPN scenarios may not be enough only one RD per VPN. Each VRF table in a PE router must have an RD related to it. This field of 64 bit may have two forms: ASN: nn or IP-Address: nn, where nn is a number. The most common form is the ASN: nn, where ASN is the autonomous system number. Typically service providers use ASN: nn, where the autonomous system number has been assigned by the Internet Assigned Numbers Authority (IANA) and nn is the unique number allocated to the VRF. ~ 14 ~

16 The combination of RD and IPv4 prefix which is the VPN-IPv4 prefix has length 96 bit. For example, if the RD identifier for IPv4 prefix /24 is 1:1, then the VPN-IPv4 prefix is 1:1: / 24. When an area is connected to two PE routers then the routes from the VPN region may have two different RDs, depending on how PE Router obtains the routes. Each IPv4 route can take two different RDs, so there can be two completely different VPN-IPv4 routes. This enables BGP to consider them as two different routes and apply different policies to each one RTs The RD, therefore, are used to separate the VPNs. However it is possible to be required communication between different VPN areas. An A customer region would not be able to communicate with a of client B region because their RDs would not fit. The communication function of specific different VPN areas is called extranet VPN. On the contrary, intranet VPN is called the simple communication between regions of a single VPN. Communication between different VPN areas is monitored by another term, the RTs. [4] [9] [15] An RT (Route Target) is an extended community of BGP, which indicates which routes should be entered from the BGP to VRF table. Exporting a RT (RT Export) means that the outgoing VPN-IPv4 prefixes receive an additional BGP extended community when they are distributed with BGP (the RT, which is set in the PE Router). The introduction of an RT (RT Export) means that the incoming VPN-IPv4 prefixes from the BGP are checked if they match to an extended community (the RT, which is set in the PE Router). If there is match, the prefix is placed in the VRF table, if not the prefix is discarded. Figure 6 shows the RTs control of routes imported in VRF tables from the remote PE Routers and with which RTs VPN-IPv4 prefixes are exported. ~ 15 ~

17 Figure 6 Import and export of RT 1 Obviously, with regard to the scenario depicted in figure 8, the regions A and B of the VPN BLUE are able to communicate, as well as areas A and B of the VPN RED. The RT used by the VPN BLUE is 1:1, while the VPN RED uses the RT 1:2. In the event of region A being the only one from VPN BLUE which wants to contact the area A and is the only one from VPN RED, it can be adjusted to fit RTs VRF tables and PE1 PE2 respectively. As a result, the RT 100:1 can be imported and exported from areas A of the VRF RED and BLUE in order to accomplish the communication of specific areas of both VPNs. So this is called extranet. Figure 7 shows the settings for VRFs of routers PE1 and PE2. Figure 7: Settings for VRF tables in routers PE1 and PE2 ~ 16 ~

18 Figure 8: Import and export of RT Route Propagation in an MPLS VPN The VRF tables divide routes of customers to PE routers. The BGP seems to be the ideal routing protocol to transmit all these tracks (possibly hundreds or thousands). The addition of RD in the IPv4 routes, namely the creation of VPN-IPv4 prefixes, contributes to the safe transportation of routes through the MPLS VPN network. [7] [8] [9] With the use of an Interior Gateway Protocol (IGP) the PE Router receives IPv4 routes from a CE Router, these routes are placed in the VRF routing table. The VRF table being used for a particular VPN region depends on the settings made on the PE Router (i.e. under which VRF table is set the interface that connects to the specific VPN area). In a VRF table routes is added the RD that is configured for this board in order to form the VPN-IPv4, which are advertised with BGP to other PE routers of the MPLS VPN network. From the PE routers the RD is removed from the VPN- IPv4 prefixes and the IPv4 routes now are placed in the VRF table. Certainly the introduction to the VRF tables depends on the imported RTs. Then the IPv4 routes are advertised to CE Routers with an IGP protocol. The entire process is shown in Figure 9: 1. IGP advertises customer s IPv4 Routes from CE to PE Router. 2. IPv4 customer s Routes are inserted into the VRF Routing Table of PE Router. ~ 17 ~

19 3. IPv4 customer s Routes are redistributed into BGP, RD is added to the IPv4 Routes to make it VPN-IPv4 Routes, RTs are added too. 4. BGP advertises customer s VPN-IPv4 routes with MPLS Label and RTs. 5. RTs indicate to which VRF the routes are imported and RD is removed from VPN-IPv4 routes. 6. IPv4 customer routes are inserted into the VRF routing table. 7. IGP advertises customer s IPv4 Route from PE to CE Router. Figure 9: Proliferation of IPv4 routes in a MPLS network Package Forwarding in an MPLS VPN The packet forwarding in the MPLS VPN is based on the labels. The P Routers (Provider's Routers / intermediate LSRs) require only the appropriate information for the replacement of labels to forward packets. The usual way is to configure the LDP between intermediate LSRs and PE routers in order to be that traffic be based on the labels. It can certainly be used the RSVP with TE Extensions for an implementation of MPLS VPN with TE, but the most common label distribution protocol for MPLS VPN is the LDP. Packets are forwarded to the MPLS core network with a label that defines the LSP from the ingress and egress (Provider Edge) PE router. Each ~ 18 ~

20 intermediate LSR should never have to do some search for the network address. That is how is carried out the transfer of packets from the ingress PE Router to the egress PE. The above label carried by the packages, is called IGP label. [4] [6] [8] The manner in which the egress PE router understands to which VRF the package belongs is not in the IP packet header neither in the results from the IGP label but what needs to be done is to add another label to MPLS label stack, this label determines which VRF table owns the package. So every customer s package is forwarded with two different labels, the IGP label on top and the VPN label at the base of the stack. The VPN label must be imported from the ingress PE so the egress PE is able to match the package with a VRF table. The manner, in which the egress PE router informs the ingress PE for the VPN label to be used for a particular VRF prefix, has already been discussed. The reason is that the existing BGP advertises VPN-IPv4 prefixes, and also advertises a label (VPN label or the label BGP) associated with a particular VPN-IPv4 prefix. Summing up, in the traffic between VRF, two labels are added to each packet in the MPLS Network. At the top is the IGP label which is distributed from node to node with the LDP or RSVP TE among all the PE and P routers. The label at the base of the stack is the VPN or BGP label which is distributed with BGP from one PE to another. The top label (IGP label) is used by the P routers in order to forward the packet to the suitable PE router (egress Router). The egress PE routers use the bottom label (VPN label) to forward an IP packet to the appropriate CE router Conclusion The subject of chapter was the MPLS VPN which is one of the most important applications of MPLS. In order to achieve the implementation of a Layer 3 MPLS VPN, some basic information to PE routers are required. These are: VPN Routing and Forwarding Tables (VRFs), distribution of routes with the use of BGP, Route Distinguisher (RD), Route Targets (RT) and the promotion of labeled packets. All of the packets in the MPLS VPN network are forwarded with two different labels, the IGP label and the VPN label at the top and the base of the stack respectively. ~ 19 ~

21 3. Label Distribution Protocols with IGP Suppose one simple IP network which integrates MPLS (IP over MPLS). This specific network consists of LSRs that run an IGP (e.g. OSPF, IS-IS, EIGRP). While entering a packet in the network, the ingress LSR seeks for the destination address in the packet, adds a label and forwards the packet. The following LSR and each intermediary LSR receives the marked packet, replaces the incoming label using an outgoing and promotes the package. The egress LSR in turn removes the label of the packet and forwards it in accordance with IP address. To perform this process, the neighboring LSRs must agree on what label will be used for each IGP prefix, meaning with which outgoing label will be replaced every incoming one. Hence, a mechanism guiding the LSRs decision is needed about the required function, they have to execute on the marked packets. This mechanism is the distribution label protocol. As mentioned above there are two ways of a distribution label protocol implementation: [1] [4] [9] Integration of the distribution function to an existing routing protocol Usage of a separate protocol for the distribution of labels As it regards the first case, an IGP (Interior Gateway Protocol) has not been converted in order to support the distribution of labels. On the contrary, BGP is one routing protocol which can simultaneously carry prefixes and distribute labels. The BGP is mainly used for the distribution of labels in MPLS VPN. In the second case, which is more concerned, there are protocols such as LDP, CR-LDP and RSVP. These protocols run simultaneously and cooperate with some routing protocol. 3.1 Label Distribution Protocol (LDP) The LDP is used to distribute labels matched with the FEC according to specific s LSRs requirements (on demand) or are simply distributed when new routes become known. The aim of the distributing label is the matching with one FEC. Two LSRs which exchange such mappings are called LDP Peers and LDP Session is called this session for those two, which takes place in both directions. [4] [9] There are four types of messages in the LDP: ~ 20 ~

22 Discovery messages, messages which communicate and maintain the presence of an LSR in the network Session messages, messages for establishing, maintenance and termination of sessions between LDP peers Advertisement messages, messages for the creation, change and deletion of matches between labels and FECs. Notification messages, messages which provide error directions and information Finding LSRs that run LDP (LDP Discovery) The LSRs, which run the LDP, send LDP Hello messages from all interfaces where LDP is enabled. The Hello messages are UDP messages which are sent to all routers of the subnet (multicast/all routers on this subnet), namely with IP address The UDP door used for the LDP is 646. [4] [9] [15] When an LSR receives a Hello message in a specific interface, then it concludes that on the other side of the connection is located another LSR which runs the LDP. Thus two LSRs involved in the connection, install a LDP neighborhood relation between them (LDP adjacency). The Hello message contains one reverse time mechanism, which is called Holdtime. If a Hello message is not received before the Holdtime expire, the LSR maintaining the Holdtime deletes the other LSR from the list of LDP neighbors. The default value of the Holdtime variable for Hello messages is 15 seconds, while every 5 seconds the LSRs send Hello messages from their LDP interfaces. If two LDP peers have different values for the Holdtime variables, then the lowest of them is chosen for this specific session. Also LSRs, to which the LDP has been activated, have an ID LDP (LDP Identifier) or LDP ID. The LDP ID is advertised through the Hello messages. The ID consists of 6 byte, of which the 4 byte uniquely identify each LSR and the other 2 byte indicate the type of the label performance, that is to say if labels are assigned per unit (perplatform) or per interface (per-interface). So if the two latest bytes are 0 then the space between labels shall be per-platform, while if it is different than 0 shall be per ~ 21 ~

23 interface. In the last case multiple LDP IDs could be used from an LSR for different LDP sessions, of which the first 4 bytes are identical and the two latest indicate the different space of labels. As far as about the first 4 byte of the LDP ID, they are usually the IP address of an active interface. Certainly if there are configured loopback interfaces then this with the largest IP address is selected as LDP ID LDP and IGP Synchronization One problem which may occur in MPLS networks is the non-simultaneous synchronization of LDP and the IGP of the network. The synchronization here means that the promotion of a package from an interface will occur only if the LDP and the IGP comply that this is the interface that should be used. A common problem in MPLS networks running the LDP is that if an LDP session fails on a link, the IGP does not cease to see this connection as the best route to the routing table, of which continues forwarding packets for some prefixes. Thus the marked packages which would be promoted through this connection will now be promoted without a label. In the most frequent situation where the network is a simple IPv4 over MPLS there is not a significant problem, because the LSRs know how to forward packets on the basis of their IP address. Therefore the label is removed until they are traced again to a next LSR. However in cases such as MPLS VPN LSRs which do not have the knowledge to promote their packets, so as a result they are rejected (Figure 10). [4] [9] Figure 10: Rejection of the packet because of non LDP and IGP synchronization ~ 22 ~

24 In the case of MPLS VPN packets are based on IP, however they must be promoted in accordance with the VRF Table. However, the VRF table is personal for each client and only occurs in marginal LSRs. So if the label of the packets is removed within the MPLS network, they will be rejected. Generally, if the LDP session is down, while the IGP adjacency is up between two LSRs, considerable problems can arise and several packets could be lost. A similar problem is likely to occur in a LSRs reboot. The IGP installs faster relations with the neighbor devices than the LDP the sessions, implying that the IGP promotion occurs before the LFIB table gather the information required to forwarding, based on the label. The solution therefore to the above problem is to synchronize the LDP and IGP, that is to say the guarantee that there will be no promotion of the non-labeled information when the LDP session is down for a connection and will also be made the promotion of another link where the establishment of the LDP session has taken place. The problem of synchronization does not take place in the case of BGP, because the BGP itself arranges the distribution of assignments too. So BGP whether it is active or not, has no synchronization problem, since the prefix installation in the routing table is directly related to the assignment of a label for this prefix. When the LDP and IGP synchronization technique is enabled for an interface, the IGP advertises this link with a maximum metric until synchronization is achieved or until the LDP session is activated in this connection. One of the IGP protocols to which the LDP and IGP synchronization technique is carried out is the OSPF. The maximum metric for OSPF is (hex 0xFFFF). Therefore no route through this interface, where the LDP is inactive, is used unless it is the only route (no other routes with better metric). When the LDP session is finally installed and matches have been distributed, the IGP advertises the link with its actual metric. [4] [16] ~ 23 ~

25 4. Simulation Scenario The virtual scenario which will be simulated basically deals with 2 clients who require from an ISP certain services, in more details: Customer A: The client A consists of 2 sites the Head Quarter and the Branch office (remote site), each site wants to advertise to the other two subnets (Branch office: /24 & and Head Quarter: /20 & /24). The client since he has two sites, request from the Internet Service Provider (ISP) the communication between them to be implemented with Point to Point Layer 3 VPN. Costumer B: The customer B consists of 3 sites, the central Head Quarter and 2 Branch Offices (Remote Site), in the Head Quarter and in the first remote site there is one subnet with web servers ( /24 and /24 respectively) which should be advertised to the customer's network as well as to the internet. In the second remote site is advertised a subnet ( /24) in which users found in it should have access to the web server of the company as well as to the internet through NAT (Network Address Translation) for safety reasons but also in order to save address range. The client for the communication between those sites requires the ISP to use the Hub and Spoke topology, with the Hub, the Head Quarter and as Spoke the 2 remote sites. Now, regarding the access to the internet the customer has requested be implemented via the Head Quarter, this means that this site will have 2 circuits, one for the communication with the two Remote Sites (which whether it is internet or VPN traffic, will send and receive through the Head Quarter) and 1 for access to the internet. It should be noted that in the central site for better safety and redundancy, the customer has requested to be implemented the multihomed BGP technology, that means that are used 2 Customer Edge Routers with which is implemented load sharing, more specifically, the first CE Router is the primary one for Internet traffic and backup for VPN traffic and the second CE Router is the primary for VPN traffic and backup for Internet traffic. Finally, to illustrate the internet access we assume a second ISP which will advertise 2 internet routes ( /24 & /32). ~ 24 ~

26 Figure 11: Network Topology of customers A and B 4.1. Simulation program which is going to be used The simulation program which will be used to implement the scenario is the Graphical Network Simulator 3 (GNS3). [18] GNS3 is a graphical network simulator that allows simulation of complex networks, it can also be used to experiment features of Cisco IOS or to check configurations that need to be deployed later on real routers. The reason this simulation was chosen, as explained above, is because it can simulate the functions of a real Cisco Router since it is able to load an actual IOS. The selected router model is the 2691 and the IOS c2691-adventerprisek9-mz bin, with this IOS we can implement almost any technology available. Nevertheless we could choose a newer Router model with more features such as the 3745 or 7200, but this would result in more intensive usage of computer CPU and due to this the number of the Routers should be reduced Technology for the scenario implementation In this chapter we shall refer to the technologies that will be used in the Core provider's network but also for every customer. [4] [10] ~ 25 ~

27 ISP Core: In the Provider s Core there are three P (Provider) Routers and three PE (Provider Edge) Routers, the Interior Gateway Protocol (IGP) used in order to advertise their subnets the Routers of the Core network between them (such as directly connected networks and Loopback IP addresses) is the OSPF (Open Shortest Path First). The reason this Routing Protocol was chosen is because it is able to support large demanding networks, such as a provider s network which needs fast network convergence and network scalability. Next the MPLS protocol was activated in all the Core Routers of the network, where each Router using the LDP protocol trades the Labels corresponding to each subnet and this way they make up Label Information Base (LIB) and Label Forwarding Information Base (LFIB) tables. The VRFs were activated to PE Routers (Virtual Routing and Forwarding) for each client, two for the A (Point to Point topology with Route distinguisher 1:1 and Route Target import / export 1:1) and three for customer B (Hub and Spoke topology with Route distinguisher for both remote branch offices 2:1 and 2:2, respectively and Route target import 2:1/exprt 2:2, for the central site Head Quarter was defined Route distinguisher 2:3 and Route target import 2:2 / exprt 2:1,by the way the route targets are defined to the client B, the remote branch offices will send and receive traffic whether it is VPN or Internet traffic through the central Head Quarter). Finally the Exterior Gateway Protocol (EGP) was activated more specifically the Border Gateway Protocol (BGP) to PE Routers, so as to set up the i-bgp sessions between PEs to carry the VPN traffic of customers through the Multi Protocol-BGP Protocol (MP-BGP) as well as the Internet traffic via the global BGP routing table. Customer A: Client A consists of 2 sites (a central one and a remote site) that want to advertise the one to another 2 subnets. Because the individual customer in the future intends to enlarge his domestic network (therefore and the subnets will grow) has requested from the provider to use the dynamic routing protocol EIGRP (Enhanced Interior Gateway Routing Protocol) between CE and PE Router. The EIGRP is a Cisco proprietary routing protocol that is based on IGRP, some of the advantages of which is that it has fast network converges good fault tolerance and ~ 26 ~

28 scalability as well as a function that characterizes it as unequal cost load balancing, though its main disadvantage is that it is not supported by other providers since it is a Cisco protocol. Customer B: The client B as mentioned in the previous chapter consists of three sites, 2 branch offices and one central, with Hub and Spoke topology. In the first remote site because of the need to advertise 1 subnet to the main Head Quarter site, we will use static route between CE and PE Router, in particular a default gateway to the provider and in the PE Router a static route to the subnet of the client. In the second remote site the dynamic routing protocol RIPv2 will be used for the CE and the PE Router communication so that the customer can advertise his internal network to the Head Quarter. Finally in the central site where apart from the VPN traffic to and from the remote sites, is also requested to give access to the Internet, the customer has requested to have redundancy and load balancing for safety and efficiency reasons. To implement it two CE Routers will be used, where through the EBGP routing protocol will communicate with the PE Router. Those two Routers which will advertise a default route to the remote sites, so that there is a spoke to spoke communication as well as communication with the Internet, will have two links each, one for VPN Traffic and another for Internet Traffic (meaning four different EBGP sessions). Behind them there will also be the CPE Router which will be interconnected to both CEs with IBGP sessions for redundancy reasons. The client has asked from the provider to advertise a summary address from CPE to the Internet, which would involve local subnet as well as the subnet from the first remote site so that Internet users can have access to them. In order to implement the load sharing we will use the BGP attributes, more specifically AS-Prepend for the input traffic and Local Preference for the output traffic. The way in which, this will be achieved,will have as a final result the first CE Router to be the primary one for the Internet traffic, and the second CE to be the primary one for the VPN Traffic. ~ 27 ~

29 4.3. Network Topology The following figure (figure 12) shows the network topology as well as the design of IP Addressing, from the virtual scenario that will be implemented. Figure 12: Network Topology As shown in Figure 12 for the CE and PE Routers interconnection we have used Serial Links, while for the interconnection of Routers in the MPLS Backbone of the Service Provider as well as the interconnection of the three Routers to the Head Quarter of customer B, we have used Fast Ethernet Links. In the tables below (Table 1, 2 and 3) are reported the Routers of each customer and the Internet Service Provider s Routers too. Costumer A: Routers Remote Site 1: CE_RS_A (Costumer Edge _ Remote Site _ A) Head Quarter: CE_HQ_A (Costumer Edge _ Head Quarter _ A) Table 1 Customer B: Routers Remote Site 1: CE_RS_B1 (Customer Edge _ Remote Site _ B1) Remote Site 2: CE_RS_B2 (Customer Edge _ Remote Site _ B2) Head Quarter: CE1_HQ_B (Customer Edge _ Head Quarter _ B) CE2_HQ_B (Customer Edge _ Head Quarter _ B) CPE_HQ_B (Customer Premises Equipment_Head Quarter _B) _B) Table 2 ~ 28 ~

30 ISP: Routers MPLS Backbone: PE1 (Provider Edge 1) PE2 (Provider Edge 2) PE3 (Provider Edge 3) P1 (Provider) P2 (Provider) P3 (Provider) Table Scenario Implementation In this chapter shall be reported the steps followed for the implementation of the scenario. [4] [10] [14] I. The OSPF Routing Protocol was enabled on P and PE Routers (OSPF Routing Process 1 and Area 0) of the MPLS Backbone, in this way they advertise to each other the subnets of the Core Network and the Loopback IP Addresses of each Provider Router. (Figure 13) Figure 13: Activation of the OSPF Routing Process 1 on the directly connected networks and Loopback Interface II. We activated the MPLS Protocol to the Core Routers of the Provider and the LDP protocol for the exchange of Labels. In this way the P and PE Router will create the LIB and LFIB tables. (Figure 14) ~ 29 ~

31 Figure 14: Activation of the MPLS and LDP Protocol III. The BGP Routing Protocol was enabled on the PE Routers of the Provider (Autonomous System 1) in order to create MP-IBGP Sessions between the PE Routers, for the transportation of the customers VPN Routes from PE to PE and subsequently to the customer's CE Router. (Figure 15) Figure 15: We activated the BGP and MP-IBGP to the PE Routers of the Provider IV. We have created the VRF Routing Tables for each site of every client and stated the Route Target and Route Distinguishes. (Figure 16) ~ 30 ~

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service Nowdays, most network engineers/specialists consider MPLS (MultiProtocol Label Switching) one of the most promising transport technologies. Then, what is MPLS? Multi Protocol Label Switching (MPLS) is

More information

MPLS-based Layer 3 VPNs

MPLS-based Layer 3 VPNs MPLS-based Layer 3 VPNs Overall objective The purpose of this lab is to study Layer 3 Virtual Private Networks (L3VPNs) created using MPLS and BGP. A VPN is an extension of a private network that uses

More information

Implementing VPN over MPLS

Implementing VPN over MPLS IOSR Journal of Electronics and Communication Engineering (IOSR-JECE) e-issn: 2278-2834,p- ISSN: 2278-8735.Volume 10, Issue 3, Ver. I (May - Jun.2015), PP 48-53 www.iosrjournals.org Implementing VPN over

More information

Introducing Basic MPLS Concepts

Introducing Basic MPLS Concepts Module 1-1 Introducing Basic MPLS Concepts 2004 Cisco Systems, Inc. All rights reserved. 1-1 Drawbacks of Traditional IP Routing Routing protocols are used to distribute Layer 3 routing information. Forwarding

More information

RFC 2547bis: BGP/MPLS VPN Fundamentals

RFC 2547bis: BGP/MPLS VPN Fundamentals White Paper RFC 2547bis: BGP/MPLS VPN Fundamentals Chuck Semeria Marketing Engineer Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2001 or 888 JUNIPER www.juniper.net

More information

How Routers Forward Packets

How Routers Forward Packets Autumn 2010 philip.heimer@hh.se MULTIPROTOCOL LABEL SWITCHING (MPLS) AND MPLS VPNS How Routers Forward Packets Process switching Hardly ever used today Router lookinginside the packet, at the ipaddress,

More information

For internal circulation of BSNLonly

For internal circulation of BSNLonly E3-E4 E4 E&WS Overview of MPLS-VPN Overview Traditional Router-Based Networks Virtual Private Networks VPN Terminology MPLS VPN Architecture MPLS VPN Routing MPLS VPN Label Propagation Traditional Router-Based

More information

Introduction to MPLS-based VPNs

Introduction to MPLS-based VPNs Introduction to MPLS-based VPNs Ferit Yegenoglu, Ph.D. ISOCORE ferit@isocore.com Outline Introduction BGP/MPLS VPNs Network Architecture Overview Main Features of BGP/MPLS VPNs Required Protocol Extensions

More information

MPLS Implementation MPLS VPN

MPLS Implementation MPLS VPN MPLS Implementation MPLS VPN Describing MPLS VPN Technology Objectives Describe VPN implementation models. Compare and contrast VPN overlay VPN models. Describe the benefits and disadvantages of the overlay

More information

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb MP PLS VPN MPLS VPN Prepared by Eng. Hussein M. Harb Agenda MP PLS VPN Why VPN VPN Definition VPN Categories VPN Implementations VPN Models MPLS VPN Types L3 MPLS VPN L2 MPLS VPN Why VPN? VPNs were developed

More information

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

IMPLEMENTING CISCO MPLS V3.0 (MPLS) IMPLEMENTING CISCO MPLS V3.0 (MPLS) COURSE OVERVIEW: Multiprotocol Label Switching integrates the performance and traffic-management capabilities of data link Layer 2 with the scalability and flexibility

More information

Enterprise Network Simulation Using MPLS- BGP

Enterprise Network Simulation Using MPLS- BGP Enterprise Network Simulation Using MPLS- BGP Tina Satra 1 and Smita Jangale 2 1 Department of Computer Engineering, SAKEC, Chembur, Mumbai-88, India tinasatra@gmail.com 2 Department of Information Technolgy,

More information

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Multiprotocol Label Switching Layer 3 Virtual Private Networks with Open ShortestPath First protocol PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Abstract This paper aims at implementing

More information

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009 MikroTik RouterOS Introduction to MPLS Prague MUM Czech Republic 2009 Q : W h y h a v e n 't y o u h e a r d a b o u t M P LS b e fo re? A: Probably because of the availability and/or price range Q : W

More information

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

IP/MPLS-Based VPNs Layer-3 vs. Layer-2 Table of Contents 1. Objective... 3 2. Target Audience... 3 3. Pre-Requisites... 3 4. Introduction...3 5. MPLS Layer-3 VPNs... 4 6. MPLS Layer-2 VPNs... 7 6.1. Point-to-Point Connectivity... 8 6.2. Multi-Point

More information

MPLS Concepts. Overview. Objectives

MPLS Concepts. Overview. Objectives MPLS Concepts Overview This module explains the features of Multi-protocol Label Switching (MPLS) compared to traditional ATM and hop-by-hop IP routing. MPLS concepts and terminology as well as MPLS label

More information

DD2491 p2 2011. MPLS/BGP VPNs. Olof Hagsand KTH CSC

DD2491 p2 2011. MPLS/BGP VPNs. Olof Hagsand KTH CSC DD2491 p2 2011 MPLS/BGP VPNs Olof Hagsand KTH CSC 1 Literature Practical BGP: Chapter 10 MPLS repetition, see for example http://www.csc.kth.se/utbildning/kth/kurser/dd2490/ipro1-11/lectures/mpls.pdf Reference:

More information

Cisco Configuring Basic MPLS Using OSPF

Cisco Configuring Basic MPLS Using OSPF Table of Contents Configuring Basic MPLS Using OSPF...1 Introduction...1 Mechanism...1 Hardware and Software Versions...2 Network Diagram...2 Configurations...2 Quick Configuration Guide...2 Configuration

More information

MPLS L2VPN (VLL) Technology White Paper

MPLS L2VPN (VLL) Technology White Paper MPLS L2VPN (VLL) Technology White Paper Issue 1.0 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any

More information

Multi Protocol Label Switching (MPLS) is a core networking technology that

Multi Protocol Label Switching (MPLS) is a core networking technology that MPLS and MPLS VPNs: Basics for Beginners Christopher Brandon Johnson Abstract Multi Protocol Label Switching (MPLS) is a core networking technology that operates essentially in between Layers 2 and 3 of

More information

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang luyuanfang@att.com AT&T

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang luyuanfang@att.com AT&T Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang luyuanfang@att.com AT&T 1 Outline! BGP/MPLS VPN (RFC 2547bis)! Setting up LSP for VPN - Design Alternative Studies! Interworking of LDP / RSVP

More information

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre The feature overcomes the requirement that a carrier support multiprotocol label switching (MPLS) by allowing you to provide MPLS connectivity between networks that are connected by IP-only networks. This

More information

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

IMPLEMENTING CISCO MPLS V2.3 (MPLS) IMPLEMENTING CISCO MPLS V2.3 (MPLS) COURSE OVERVIEW: The course will enable learners to gather information from the technology basics to advanced VPN configuration. The focus of the course is on VPN technology

More information

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001 The leading edge in networking information White Paper Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM March 30, 2001 Abstract: The purpose of this white paper is to present discussion

More information

Expert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire

Expert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire Expert Reference Series of White Papers An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire 1-800-COURSES www.globalknowledge.com An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire Al Friebe,

More information

Implementing Cisco MPLS

Implementing Cisco MPLS Implementing Cisco MPLS Course MPLS v2.3; 5 Days, Instructor-led Course Description This design document is for the refresh of the Implementing Cisco MPLS (MPLS) v2.3 instructor-led training (ILT) course,

More information

Network Working Group Request for Comments: 2547. March 1999

Network Working Group Request for Comments: 2547. March 1999 Network Working Group Request for Comments: 2547 Category: Informational E. Rosen Y. Rekhter Cisco Systems, Inc. March 1999 BGP/MPLS VPNs Status of this Memo This memo provides information for the Internet

More information

- Multiprotocol Label Switching -

- Multiprotocol Label Switching - 1 - Multiprotocol Label Switching - Multiprotocol Label Switching Multiprotocol Label Switching (MPLS) is a Layer-2 switching technology. MPLS-enabled routers apply numerical labels to packets, and can

More information

-Green line is total enrollment -2008 numbers are projected to be near 20,000 (on-campus) not including distance education numbers.

-Green line is total enrollment -2008 numbers are projected to be near 20,000 (on-campus) not including distance education numbers. 1 2 3 4 -Lower yellow line is graduate student enrollment -Red line is undergradate enrollment -Green line is total enrollment -2008 numbers are projected to be near 20,000 (on-campus) not including distance

More information

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks MPLS/BGP Network Simulation Techniques for Business Enterprise Networks Nagaselvam M Computer Science and Engineering, Nehru Institute of Technology, Coimbatore, Abstract Business Enterprises used VSAT

More information

Table of Contents. Cisco Configuring a Basic MPLS VPN

Table of Contents. Cisco Configuring a Basic MPLS VPN Table of Contents Configuring a Basic MPLS VPN...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Related Products...2 Conventions...2 Configure...3 Network Diagram...3 Configuration

More information

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr. 2006 Cisco Systems, Inc. All rights reserved.

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr. 2006 Cisco Systems, Inc. All rights reserved. MPLS WAN Topologies 1 Multiprotocol Label Switching (MPLS) IETF standard, RFC3031 Basic idea was to combine IP routing protocols with a forwarding algoritm based on a header with fixed length label instead

More information

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track** Course: Duration: Price: $ 3,695.00 Learning Credits: 37 Certification: Implementing Cisco Service Provider Next-Generation Edge Network Services Implementing Cisco Service Provider Next-Generation Edge

More information

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS Computer Network Architectures and Multimedia Guy Leduc Chapter 2 MPLS networks Chapter based on Section 5.5 of Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley,

More information

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs A Silicon Valley Insider MPLS VPN Services PW, VPLS and BGP MPLS/IP VPNs Technology White Paper Serge-Paul Carrasco Abstract Organizations have been demanding virtual private networks (VPNs) instead of

More information

MPLS VPN Implementation

MPLS VPN Implementation MPLS VPN Implementation Overview Virtual Routing and Forwarding Table VPN-Aware Routing Protocols VRF Configuration Tasks Configuring BGP Address families Configuring BGP Neighbors Configuring MP-BGP Monitoring

More information

IPv6 over IPv4/MPLS Networks: The 6PE approach

IPv6 over IPv4/MPLS Networks: The 6PE approach IPv6 over IPv4/MPLS Networks: The 6PE approach Athanassios Liakopoulos Network Operation & Support Manager (aliako@grnet.gr) Greek Research & Technology Network (GRNET) III Global IPv6 Summit Moscow, 25

More information

Table of Contents. Cisco How Does Load Balancing Work?

Table of Contents. Cisco How Does Load Balancing Work? Table of Contents How Does Load Balancing Work?...1 Document ID: 5212...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...1 Conventions...1 Load Balancing...1 Per Destination and

More information

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network. Where MPLS part I explains the basics of labeling packets, it s not giving any advantage over normal routing, apart from faster table lookups. But extensions to MPLS allow for more. In this article I ll

More information

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0 Course Outline AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0 Module 1: MPLS Features Lesson 1: Describing Basic MPLS Concepts Provide an overview of MPLS forwarding, features,

More information

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0 AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0 Introduction...2 Overview...2 1. Technology Background...2 2. MPLS PNT Offer Models...3

More information

S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006

S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006 S-38.3192 ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006 Original version: Johanna Nieminen and Timo Viipuri (2005) Modified: Timo-Pekka Heikkinen, Juha Järvinen and Yavor Ivanov (2006) Task

More information

Quidway MPLS VPN Solution for Financial Networks

Quidway MPLS VPN Solution for Financial Networks Quidway MPLS VPN Solution for Financial Networks Using a uniform computer network to provide various value-added services is a new trend of the application systems of large banks. Transplanting traditional

More information

HP Networking BGP and MPLS technology training

HP Networking BGP and MPLS technology training Course overview HP Networking BGP and MPLS technology training (HL046_00429577) The HP Networking BGP and MPLS technology training provides networking professionals the knowledge necessary for designing,

More information

Layer 3 Multiprotocol Label Switching Virtual Private Network

Layer 3 Multiprotocol Label Switching Virtual Private Network i Zelalem Temesgen Weldeselasie Layer 3 Multiprotocol Label Switching Virtual Private Network Technology and Communication 2014 1 VAASAN AMMATTIKORKEAKOULU UNIVERSITY OF APPLIED SCIENCES Information Technology

More information

Configuring a Basic MPLS VPN

Configuring a Basic MPLS VPN Configuring a Basic MPLS VPN Help us help you. Please rate this document. Contents Introduction Conventions Hardware and Software Versions Network Diagram Configuration Procedures Enabling Configuring

More information

Frame Mode MPLS Implementation

Frame Mode MPLS Implementation CHAPTER 4 Frame Mode MPLS Implementation Lab 4-1: Configuring Frame Mode MPLS (4.5.1) In this lab, you learn how to do the following: Configure EIGRP on a router. Configure LDP on a router. Change the

More information

l.cittadini, m.cola, g.di battista

l.cittadini, m.cola, g.di battista MPLS VPN l.cittadini, m.cola, g.di battista motivations customer s problem a customer (e.g., private company, public administration, etc.) has several geographically distributed sites and would like to

More information

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division Tackling the Challenges of MPLS VPN ing Todd Law Product Manager Advanced Networks Division Agenda Background Why test MPLS VPNs anyway? ing Issues Technical Complexity and Service Provider challenges

More information

Department of Communications and Networking. S-38.2131/3133 Networking Technology, Laboratory course A/B

Department of Communications and Networking. S-38.2131/3133 Networking Technology, Laboratory course A/B Department of Communications and Networking S-38.2131/3133 Networking Technology, Laboratory course A/B Work Number 38: MPLS-VPN Basics Student Edition Preliminary Exercises and Laboratory Assignments

More information

Using OSPF in an MPLS VPN Environment

Using OSPF in an MPLS VPN Environment Using OSPF in an MPLS VPN Environment Overview This module introduces the interaction between multi-protocol Border Gateway Protocol (MP-BGP) running between Provider Edge routers (s) and Open Shortest

More information

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling Release: 1 ICTTEN6172A Design and configure an IP-MPLS network with virtual private network tunnelling Modification

More information

Junos MPLS and VPNs (JMV)

Junos MPLS and VPNs (JMV) Junos MPLS and VPNs (JMV) Course No: EDU-JUN-JMV Length: Five days Onsite Price: $32500 for up to 12 students Public Enrollment Price: $3500/student Course Level JMV is an advanced-level course. Prerequisites

More information

DD2491 p2 2009. BGP-MPLS VPNs. Olof Hagsand KTH/CSC

DD2491 p2 2009. BGP-MPLS VPNs. Olof Hagsand KTH/CSC DD2491 p2 2009 BGP-MPLS VPNs Olof Hagsand KTH/CSC Literature Practical BGP: Chapter 10 JunOS Cookbook: Chapter 14 and 15 MPLS Advantages Originally, the motivation was speed and cost. But routers does

More information

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans Contents Overview 1 1. L2 VPN Padding Verification Test 1 1.1 Objective 1 1.2 Setup 1 1.3 Input Parameters 2 1.4 Methodology 2 1.5

More information

MPLS VPNs with DiffServ A QoS Performance study

MPLS VPNs with DiffServ A QoS Performance study Technical report, IDE1104, February 2011 MPLS VPNs with DiffServ A QoS Performance study Master s Thesis in Computer Network Engineering Azhar Shabbir Khan Bilal Afzal School of Information Science, Computer

More information

s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ] s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ] Cisco 400-201 : Practice Test Question No : 1 Which two frame types are correct when configuring T3 interfaces?

More information

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP Telfor Journal, Vol. 2, No. 1, 2010. 13 Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP Aleksandar Cvjetić and Aleksandra Smiljanić Abstract The paper analyzes implementations

More information

IMPLEMENTATION OF MPLS VPN

IMPLEMENTATION OF MPLS VPN Bachelor's thesis (TUAS) Information Technology Information Technology 2015 Sanjib Gurung IMPLEMENTATION OF MPLS VPN BACHELOR S THESIS ABSTRACT TURKU UNIVERSITY OF APPLIED SCIENCES Information Technology

More information

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2 1 ISTANBUL 1.1 MPLS overview 1 1.1.1 Principle Use of a ATM core network 2 Overlay Network One Virtual Circuit per communication No routing protocol Scalability problem 2 1.1.1 Principle Weakness of overlay

More information

Protection Methods in Traffic Engineering MPLS Networks

Protection Methods in Traffic Engineering MPLS Networks Peter Njogu Kimani Protection Methods in Traffic Engineering MPLS Networks Helsinki Metropolia University of Applied Sciences Bachelor of Engineering Information technology Thesis 16 th May 2013 Abstract

More information

Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis)

Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis) MEE09:44 BLEKINGE INSTITUTE OF TECHNOLOGY School of Engineering Department of Telecommunication Systems Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions

More information

MPLS Basics. For details about MPLS architecture, refer to RFC 3031 Multiprotocol Label Switching Architecture.

MPLS Basics. For details about MPLS architecture, refer to RFC 3031 Multiprotocol Label Switching Architecture. Multiprotocol Label Switching (), originating in IPv4, was initially proposed to improve forwarding speed. Its core technology can be extended to multiple network protocols, such as IPv6, Internet Packet

More information

Fundamentals Multiprotocol Label Switching MPLS III

Fundamentals Multiprotocol Label Switching MPLS III Fundamentals Multiprotocol Label Switching MPLS III Design of Telecommunication Infrastructures 2008-2009 Rafael Sebastian Departament de tecnologies de la Informació i les Comunicaciones Universitat Pompeu

More information

Introduction Inter-AS L3VPN

Introduction Inter-AS L3VPN Introduction Inter-AS L3VPN 1 Extending VPN services over Inter-AS networks VPN Sites attached to different MPLS VPN Service Providers How do you distribute and share VPN routes between ASs Back- to- Back

More information

Designing and Developing Scalable IP Networks

Designing and Developing Scalable IP Networks Designing and Developing Scalable IP Networks Guy Davies Telindus, UK John Wiley & Sons, Ltd Contents List of Figures List of Tables About the Author Acknowledgements Abbreviations Introduction xi xiii

More information

Using the Border Gateway Protocol for Interdomain Routing

Using the Border Gateway Protocol for Interdomain Routing CHAPTER 12 Using the Border Gateway Protocol for Interdomain Routing The Border Gateway Protocol (BGP), defined in RFC 1771, provides loop-free interdomain routing between autonomous systems. (An autonomous

More information

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S& Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto

More information

MPLS Virtual Private Networks

MPLS Virtual Private Networks MPLS Virtual Private Networks Luca Cittadini Giuseppe Di Battista Maurizio Patrignani Summary This chapter is devoted to Virtual Private Networks (VPNs) designed with Multi Protocol Label Switching (MPLS)

More information

SEC-370. 2001, Cisco Systems, Inc. All rights reserved.

SEC-370. 2001, Cisco Systems, Inc. All rights reserved. SEC-370 2001, Cisco Systems, Inc. All rights reserved. 1 Understanding MPLS/VPN Security Issues SEC-370 Michael Behringer SEC-370 2003, Cisco Systems, Inc. All rights reserved. 3

More information

A Simulation Analysis of Latency and Packet Loss on Virtual Private Network through Multi Virtual Routing and Forwarding

A Simulation Analysis of Latency and Packet Loss on Virtual Private Network through Multi Virtual Routing and Forwarding A Simulation Analysis of Latency and Packet Loss on Virtual Private Network through Multi Virtual Routing and Forwarding Rissal Efendi STMIK PROVISI Semarang, Indonesia ABSTRACT MPLS is a network management

More information

Implementation of Traffic Engineering and Addressing QoS in MPLS VPN Based IP Backbone

Implementation of Traffic Engineering and Addressing QoS in MPLS VPN Based IP Backbone International Journal of Computer Science and Telecommunications [Volume 5, Issue 6, June 2014] 9 ISSN 2047-3338 Implementation of Traffic Engineering and Addressing QoS in MPLS VPN Based IP Backbone Mushtaq

More information

MPLS - A Choice of Signaling Protocol

MPLS - A Choice of Signaling Protocol www.ijcsi.org 289 MPLS - A Choice of Signaling Protocol Muhammad Asif 1, Zahid Farid 2, Muhammad Lal 3, Junaid Qayyum 4 1 Department of Information Technology and Media (ITM), Mid Sweden University Sundsvall

More information

Demonstrating the high performance and feature richness of the compact MX Series

Demonstrating the high performance and feature richness of the compact MX Series WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table

More information

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud MPLS WAN Explorer Enterprise Network Management Visibility through the MPLS VPN Cloud Executive Summary Increasing numbers of enterprises are outsourcing their backbone WAN routing to MPLS VPN service

More information

Multi-Protocol Label Switching To Support Quality of Service Needs

Multi-Protocol Label Switching To Support Quality of Service Needs Technical Report, IDE1008, February 2010 Multi-Protocol Label Switching To Support Quality of Service Needs Master s Thesis in Computer Network Engineering - 15hp AMJAD IFTIKHAR AOON MUHAMMAD SHAH & FOWAD

More information

Why Is MPLS VPN Security Important?

Why Is MPLS VPN Security Important? MPLS VPN Security An Overview Monique Morrow Michael Behringer May 2 2007 Future-Net Conference New York Futurenet - MPLS Security 1 Why Is MPLS VPN Security Important? Customer buys Internet Service :

More information

MPLS VPN Route Target Rewrite

MPLS VPN Route Target Rewrite The feature allows the replacement of route targets on incoming and outgoing Border Gateway Protocol (BGP) updates Typically, Autonomous System Border Routers (ASBRs) perform the replacement of route targets

More information

Router and Routing Basics

Router and Routing Basics Router and Routing Basics Malin Bornhager Halmstad University Session Number 2002, Svenska-CNAP Halmstad University 1 Routing Protocols and Concepts CCNA2 Routing and packet forwarding Static routing Dynamic

More information

MPLS in Private Networks Is It a Good Idea?

MPLS in Private Networks Is It a Good Idea? MPLS in Private Networks Is It a Good Idea? Jim Metzler Vice President Ashton, Metzler & Associates March 2005 Introduction The wide area network (WAN) brings indisputable value to organizations of all

More information

Configuring MPLS Hub-and-Spoke Layer 3 VPNs

Configuring MPLS Hub-and-Spoke Layer 3 VPNs CHAPTER 23 This chapter describes how to configure a hub-and-spoke topology for Multiprotocol Layer Switching (MPLS) Layer 3 virtual private networks (VPNs) on Cisco NX-OS devices. This chapter includes

More information

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software The MPLS VPNs over IP Tunnels feature lets you deploy Layer 3 Virtual Private Netwk (L3VPN) services, over an IP ce netwk, using L2TPv3 multipoint

More information

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: 112085. Requirements

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: 112085. Requirements IPv6 over MPLS VPN Document ID: 112085 Contents Introduction Prerequisites Requirements Components Used Conventions Configure Network Diagram VRF Configuration Multiprotocol BGP (MP BGP) Configuration

More information

Date Submitted: 2-1-2014. Course Number: 9110

Date Submitted: 2-1-2014. Course Number: 9110 Date Submitted: 2-1-2014 Course Title: Advanced IPv6 Migration Course Number: 9110 Pricing & Length Classroom: 4 days, (onsite and public offering) Course Description: This advanced, hands-on course covers

More information

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: 642-691 Total Questions: 401

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: 642-691 Total Questions: 401 Question: 1 Every time a flap occurs on a route, the route receives A. 750 per-flap penalty points which are user configurable B. 1500 per-flap penalty points which are user configurable C. 200 per-flap

More information

Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T

Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T White Paper Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T Introduction Network virtualization is a cost-efficient way to provide traffic separation. A virtualized network

More information

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE) IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE) COURSE OVERVIEW: Implementing Cisco IP Routing (ROUTE) v2.0 is an instructor-led five day training course developed to help students prepare for Cisco CCNP _

More information

IP Routing Configuring RIP, OSPF, BGP, and PBR

IP Routing Configuring RIP, OSPF, BGP, and PBR 13 IP Routing Configuring RIP, OSPF, BGP, and PBR Contents Overview..................................................... 13-6 Routing Protocols.......................................... 13-6 Dynamic Routing

More information

Addressing Inter Provider Connections With MPLS-ICI

Addressing Inter Provider Connections With MPLS-ICI Addressing Inter Provider Connections With MPLS-ICI Introduction Why migrate to packet switched MPLS? The migration away from traditional multiple packet overlay networks towards a converged packet-switched

More information

Multiprotocol Label Switching (MPLS)

Multiprotocol Label Switching (MPLS) Multiprotocol Label Switching (MPLS) รศ.ดร. อน นต ผลเพ ม Asso. Prof. Anan Phonphoem, Ph.D. anan.p@ku.ac.th http://www.cpe.ku.ac.th/~anan Computer Engineering Department Kasetsart University, Bangkok, Thailand

More information

WHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January 2008. Introduction...

WHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January 2008. Introduction... Introduction WHITE PAPER Addressing Inter Provider Connections with MPLS-ICI The migration away from traditional multiple packet overlay networks towards a converged packet-switched MPLS system is now

More information

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com RA-MPLS VPN Services Kapil Kumar Network Planning & Engineering Data E-mail: Kapil.Kumar@relianceinfo.com Agenda Introduction Why RA MPLS VPNs? Overview of RA MPLS VPNs Architecture for RA MPLS VPNs Typical

More information

Design of MPLS networks VPN and TE with testing its resiliency and reliability

Design of MPLS networks VPN and TE with testing its resiliency and reliability MASARYK UNIVERSITY FACULTY OF INFORMATICS Design of MPLS networks VPN and TE with testing its resiliency and reliability Diploma thesis Michal Aron Brno, spring 2014 ZADANIE DP Declaration I declare

More information

SBSCET, Firozpur (Punjab), India

SBSCET, Firozpur (Punjab), India Volume 3, Issue 9, September 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Layer Based

More information

Implementing MPLS VPNs over IP Tunnels

Implementing MPLS VPNs over IP Tunnels Implementing MPLS VPNs over IP Tunnels The MPLS VPNs over IP Tunnels feature lets you deploy Layer 3 Virtual Private Netwk (L3VPN) services, over an IP ce netwk, using L2TPv3 multipoint tunneling instead

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

Building Trusted VPNs with Multi-VRF

Building Trusted VPNs with Multi-VRF Building Trusted VPNs with Introduction Virtual Private Networks (VPNs) have been a key application in networking for a long time. A slew of possible solutions have been proposed over the last several

More information

In this chapter, you learn about the following: How MPLS provides security (VPN separation, robustness against attacks, core hiding, and spoofing

In this chapter, you learn about the following: How MPLS provides security (VPN separation, robustness against attacks, core hiding, and spoofing In this chapter, you learn about the following: How MPLS provides security (VPN separation, robustness against attacks, core hiding, and spoofing protection) How the different Inter-AS and Carrier s Carrier

More information

Analysis of traffic engineering parameters while using multi-protocol label switching (MPLS) and traditional IP networks

Analysis of traffic engineering parameters while using multi-protocol label switching (MPLS) and traditional IP networks Analysis of traffic engineering parameters while using multi-protocol label switching (MPLS) and traditional IP networks Faiz Ahmed Electronic Engineering Institute of Communication Technologies, PTCL

More information

MPLS in the Enterprise

MPLS in the Enterprise NETWORKS NetIron XMR 16000 NETWORKS NetIron XMR 16000 NETWORKS NetIron XMR 16000 Introduction MPLS in the Enterprise Multi-Protocol Label Switching (MPLS) as a technology has been around for over a decade

More information