MPLS Concepts. MPLS Concepts

Transcription

1 MPLS Concepts MPLS: Multi Protocol Label Switching MPLS is a layer 2+ switching MPLS forwarding is done in the same way as in VC (Virtual Circuit) switches Packet forwarding is done based on Labels MPLS Concepts Unlike IP, classification/label can be based on: Destination Unicast address Traffic Engineering VPN QoS FEC: Forwarding Equivalence Class A FEC can represent a: Destination address prefix, VPN, Traffic Engineering tunnel, Class of Service. 1

2 LSRs and Labels LSR: Label Switch Router Edge-LSR: LSRs that do label imposition and disposition LSRs and Labels IGP domain with a label distribution protocol An IP routing protocol is used within the routing domain (e.g.:ospf, i-isis) A label distribution protocol is used to distribute address/label mappings between adjacent neighbors The ingress LSR receives IP packets, performs packet classification, assign a label, and forward the labelled packet into the MPLS network Core LSRs switch packets/cells based on the label value The egress LSR removes the label before forwarding the IP packet outside the MPLS network 2

3 LSRs and Labels Label Exp S TTL Label = 20 bits Exp = Experimental, 3 bits S = Bottom of stack, 1bit TTL = Time to live, 8 bits Uses new Ethertypes/PPP PIDs/SNAP values/etc More than one Label is allowed -> Label Stack MPLS LSRs always forward packets based on the value of the label at the top of the stack PPP Header(Packet over SONET/SDH) PPP Header Shim Header Layer 3 Header Ethernet Ethernet Hdr Shim Header Layer 3 Header Label Assignment and Distribution Labels have link-local significance Each LSR binds his own label mappings Each LSR assign labels to his FECs Labels are assigned and exchanged between adjacent neighboring LSR Applications may require non-adjacent neighbors 3

4 Label Assignment and Distribution Upstream and Downstream LSRs /24 Rtr-A Rtr-B Rtr-C /24 Rtr-C is the downstream neighbor of Rtr-B for destination /24 Rtr-B is the downstream neighbor of Rtr-A for destination /24 LSRs know their downstream neighbors through the IP routing protocol Next-hop address is the downstream neighbor Label Assignment and Distribution Unsolicited Downstream Distribution /24 Rtr-A Use label 30 for destination /24 Rtr-B In I/F 0 In Lab - Address Prefix Out I/F 1 Out Lab 30 In I/F 0 In Lab 30 Address Prefix Out I/F 1 Next-Hop Next-Hop Use label 40 for destination /24 Out Lab 40 In I/F 0 Rtr-C In Lab /24 Address Prefix Next-Hop Out I/F 1 Out Lab - IGP derived routes LSRs distribute labels to the upstream neighbors 4

5 Label Assignment and Distribution On-Demand Downstream Distribution /24 Rtr-A Use label 40 for destination /24 Rtr-B Use label 30 for destination /24 Rtr-C /24 Request label for destination /24 Request label for destination /24 Upstream LSRs request labels to downstream neighbors Downstream LSRs distribute labels upon request Label Assignment and Distribution Several protocols for label exchange LDP Maps unicast IP destinations into labels RSVP Used in traffic engineering BGP External labels (VPN) 5

6 Label Switch Path (LSP) IGP domain with a label distribution protocol IGP domain with a label distribution protocol LSP follows IGP shortest path LSP diverges from IGP shortest path LSPs are derived from IGP routing information LSPs may diverge from IGP shortest path LSP tunnels (explicit routing) with TE LSPs are unidirectional Return traffic takes another LSP Label Switch Path (LSP) Penultimate Hop Popping The label at the top of the stack is removed (popped) by the upstream neighbor of the egress LSR The egress LSR requests the popping through the label distribution protocol Egress LSR advertises implicit-null label The egress LSR will not have to do a lookup and remove itself the label One lookup is saved in the egress LSR 6

7 In I/F 0 In Lab Label Switch Path (LSP) Penultimate Hop Popping Address Prefix Out I/F 1 Out Lab / Next-Hop Summary route for /16 In I/F 0 In Lab Address Prefix /16 2 pop Next-Hop 0 1 Out I/F Out Lab Summary route for /16 Address Prefix and mask /24 Next-Hop Interface Serial / Serial /16 Null Use label 4 for FEC /16 Use label implicit-null for FEC / / /24 Summary route is propagate through the IGP and label is assigned by each LSR Egress LSR summarises more specific routes and advertises a label for the new FEC Egress LSR needs to do an IP lookup for finding more specific route Egress LSR need NOT receive a labelled packet Loops and TTL In IP networks TTL is used to prevent packets to travel indefinitely in the network MPLS may use same mechanism as IP, but not on all encapsulations 7

8 Loops and TTL IP packet TTL = 10 LSR-1 Label = 25 IP packet TTL = 6 LSR-2 LSR- 3 Label = 39 IP packet TTL = 6 LSR-6 --> 25 Hops=4 IGP domain with a label distribution protocol LSR-4 Label = 21 IP packet TTL = 6 LSR-5 IP packet TTL = 6 LSR-6 Egress TTL is decremented prior to enter the non-ttl capable LSP If TTL is 0 the packet is discarded at the ingress point TTL is examined at the LSP exit LDP Concepts Label Distribution Protocol Labels map to FECs for Unicast Destination Prefix LDP works between adjacent/non-adjacent peers LDP sessions are established between peers 8

9 LDP Messages Discovery messages Used to discover and maintain the presence of new peers Hello packets (UDP) sent to all-routers multicast address Once neighbor is discovered, the LDP session is established over TCP LDP Messages Session messages Establish, maintain and terminate LDP sessions Advertisement messages Create, modify, delete label mappings Notification messages Error signalling 9

10 In I/F 0 In Lab Address Prefix Out I/F / Next-Hop Day in the life of a Packet Out Lab In I/F 0 In Lab Address Prefix Out I/F Out Lab / Next-Hop In I/F 0 In Lab Address Prefix Out I/F Out Lab /16 2 pop Next-Hop Address Prefix and mask /24 Next-Hop Interface Serial / Serial /16 Null PE 0 1 Use label 4 for FEC /16 0 P 1 P 2 0 PE 0 Use label implicit-null Use label 7 for for FEC /16 FEC /16 Summary route for /16 Summary route for / / /24 Summary route is propagate through the IGP and label is assigned by each LSR Egress LSR summarises more specific routes and advertises a label for the new FEC Egress LSR needs to do an IP lookup for finding more specific route MPLS-VPN What is a VPN? An IP network infrastructure delivering private network services over a public infrastructure Use a layer 3 backbone Scalability, easy provisioning Global as well as non-unique private address space QoS Controlled access Easy configuration for customers 10

11 VPN Models - The Overlay model Private trunks over a TELCO/SP shared infrastructure Leased/Dialup lines FR/ATM circuits IP (GRE) tunnelling Transparency between provider and customer networks Optimal routing requires full mesh over over backbone VPN Models - The Peer model Both provider and customer network use same network protocol and PE routers have a routing adjacency at each site All provider routers hold the full routing information about all customer networks Private addresses are not allowed May use the virtual router capability Multiple routing and forwarding tables based on Customer Networks 11

12 VPN Models - MPLS-VPN: The True Peer model Same as Peer model BUT!!! Provider Edge routers receive and hold routing information only about VPNs directly connected Reduces the amount of routing information a PE router will store Routing information is proportional to the number of VPNs a router is attached to MPLS is used within the backbone to switch packets (no need of full routing) MPLS-VPN Terminology Provider Network (P-Network) The backbone under control of a Service Provider Customer Network (C-Network) Network under customer control router Customer Edge router. Part of the C-network and interfaces to a PE router 12

13 MPLS-VPN Terminology Site Set of (sub)networks part of the C-network and co-located A site is connected to the VPN backbone through one or more PE/ links PE router Provider Edge router. Part of the P-Network and interfaces to routers P router Provider (core) router, without knowledge of VPN MPLS-VPN Terminology Border router Provider Edge router interfacing to other provider networks Extended Community BGP attribute used to identify a Route-origin, Route-target Site of Origin Identifier (SOO) 64 bits identifying routers where the route has been originated 13

14 MPLS-VPN Terminology Route-Target 64 bits identifying routers that should receive the route Route Distinguisher Attributes of each route used to uniquely identify prefixes among VPNs (64 bits) VRF based (not VPN based) VPN-IPv4 addresses Address including the 64 bits Route Distinguisher and the 32 bits IP address MPLS-VPN Terminology VRF VPN Routing and Forwarding Instance Routing table and FIB table Populated by routing protocol contexts VPN-Aware network A provider backbone where MPLS-VPN is deployed 14

15 MPLS VPN Connection Model A VPN is a collection of sites sharing a common routing information (routing table) A site can be part of different VPNs A VPN has to be seen as a community of interest (or Closed User Group) Multiple Routing/Forwarding instances (VRF) on PE routers MPLS VPN Connection Model Site-4 Site-1 VPN-A VPN-C Site-2 VPN-B Site-3 A site belonging to different VPNs may or MAY NOT be used as a transit point between VPNs If two or more VPNs have a common site, address space must be unique among these VPNs 15

16 MPLS VPN Connection Model The VPN backbone is composed by MPLS LSRs PE routers (edge LSRs) P routers (core LSRs) PE routers are faced to routers and distribute VPN information through MP-BGP to other PE routers VPN-IPv4 addresses, Extended Community, Label P routers do not run BGP and do not have any VPN knowledge MPLS VPN Connection Model VPN_A VPN_B VPN_A VPN_B PE PE P P ibgp sessions P P PE PE VPN_A VPN_A VPN_B P routers (LSRs) are in the core of the MPLS cloud PE routers use MPLS with the core and plain IP with routers P and PE routers share a common IGP PE router are MP-iBGP fully meshed 16

17 MPLS VPN Connection Model Site-1 Site-2 EBGP,OSPF, RIPv2,Static PE PE and routers exchange routing information through: EBGP, OSPF, RIPv2, Static routing router run standard routing software MPLS VPN Connection Model Site-1 EBGP,OSPF, RIPv2,Static PE VPN Backbone IGP (OSPF, ISIS) Site-2 PE routers maintain separate routing tables The global routing table With all PE and P routes Populated by the VPN backbone IGP (ISIS or OSPF) VRF (VPN Routing and Forwarding) Routing and Forwarding table associated with one or more directly connected sites (s) VRF are associated to (sub/virtual/tunnel)interfaces Interfaces may share the same VRF if the connected sites may share the same routing information 17

18 MPLS VPN Connection Model Site-1 PE Site-2 Different site sharing the same routing information, may share the same VRF Interfaces connecting these sites will use the same VRF Sites belonging to the same VPN may share same VRF MPLS VPN Connection Model Site-1 Site-2 EBGP,OSPF, RIPv2,Static PE VPN Backbone IGP The routes the PE receives from routers are installed in the appropriate VRF The routes the PE receives through the backbone IGP are installed in the global routing table By using separate VRFs, addresses need NOT to be unique among VPNs 18

19 MPLS VPN Connection Model The Global Routing Table is populated by IGP protocols. In PE routers it may contain the BGP Internet routes (standard BGP-4 routes) BGP-4 (IPv4) routes go into global routing table MP-BGP (VPN-IPv4) routes go into VRFs MPLS VPN Connection Model PE P P PE VPN Backbone IGP P P ibgp session PE and P routers share a common IGP (ISIS or OSPF) PEs establish MP-iBGP sessions between them PEs use MP-BGP to exchange routing information related to the connected sites and VPNs VPN-IPv4 addresses, Extended Community, 19

20 MPLS VPN Connection Model MP-BGP Update VPN-IPV4 address Route Distinguisher 64 bits Makes the IPv4 route globally unique RD is configured in the PE for each VRF RD may or may not be related to a site or a VPN IPv4 address (32bits) Extended Community attribute (64 bits) Site of Origin (SOO): identifies the originating site Route-target (RT): identifies the set of sites the route has to be advertised to MPLS VPN Connection Model MP-BGP Update Any other standard BGP attribute Local Preference MED Next-hop AS_PATH Standard Community A Label identifying: The outgoing interface The VRF where a lookup has to be done (aggregate label) The BGP label will be the second label in the label stack of packets travelling in the core 20

21 MPLS VPN Connection Model MP-BGP Update - Extended community BGP extended community attribute Structured, to support multiple applications 64 bits for increased range General form <16bits type>:<asn>:<32 bit number> Registered AS number <16bits type>:<ip address>:<16 bit number> Registered IP address MPLS VPN Connection Model MP-BGP Update - Extended community The Extended Community is used to: Identify one or more routers where the route has been originated (site) Site of Origin (SOO) Selects sites which should receive the route Route-Target 21

22 MPLS VPN Connection Model BGP,RIPv2 update for Net1,Next- Hop=-1 PE-1 P P VPN Backbone IGP P P PE-2 VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to -2-2 Site-2 Site-1-1 VPN-IPv4 update: RD:Net1, Next-hop=PE-1 SOO=Site1, RT=Green, Label=(int1) PE routers receive IPv4 updates (EBGP, RIPv2, Static) PE routers translate into VPN-IPv4 Assign a SOO and RT based on configuration Re-write Next-Hop attribute Assign a label based on VRF and/or interface Send MP-iBGP update to all PE neighbors MPLS VPN Connection Model BGP,OSPF, RIPv2 update for Net1 Next-Hop=-1 PE-1 P P VPN Backbone IGP P P PE-2 VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to -2-2 Site-2 Site-1-1 VPN-IPv4 update: RD:Net1, Next-hop=PE-1 SOO=Site1, RT=Green, Label=(int1) Receiving PEs translate to IPv4 Insert the route into the VRF identified by the RT attribute (based on PE configuration) The label associated to the VPN-IPv4 address will be set on packet forwarded towards the destination 22

23 MPLS VPN Connection Model Route distribution to sites is driven by the Site of Origin (SOO) and Route-target attributes BGP Extended Community attribute A route is installed in the site VRF corresponding to the Route-target attribute Driven by PE configuration A PE which connects sites belonging to multiple VPNs will install the route into the site VRF if the Routetarget attribute contains one or more VPNs to which the site is associated MPLS Forwarding Packet forwarding PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops Label Stack is used for packet forwarding Top label indicates BGP Next-Hop (interior label) Second level label indicates outgoing interface or VRF (exterior label) 23

24 MPLS Forwarding Packet forwarding MPLS nodes forward packets based on the top label P routers do not have BGP (nor VPN) knowledge No VPN routing information No Internet routing information MPLS Forwarding Penultimate Hop Popping The upstream LDP peer of the BGP next-hop (PE router) will pop the first level label The penultimate hop will pop the label Requested through LDP The egress PE router will forward the packet based on the second level label which gives the outgoing interface (and VPN) 24

25 MPLS Forwarding MPLS Forwarding - Penultimate Hop Popping 1 IP packet P routers switch the packets based on the IGP label (label on top of the stack) PE1 Penultimate Hop Popping P2 is the penultimate hop for the BGP next-hop P2 remove the top label This has been requested through LDP by PE2 PE2 receives the packets with the label corresponding to the outgoing interface (VRF) One single lookup Label is popped and packet sent to IP neighbor 2 IGP Label(PE2) VPN Label IP packet IP packet PE1 receives IP packet Lookup is done on site VRF BGP route with Next-Hop and Label is found BGP next-hop (PE2) is reachable through IGP route with associated label P1 IGP Label(PE2) VPN Label IP packet P2 VPN Label IP packet PE2 3 MPLS VPN Forwarding VPN_A VPN_B VPN_A VPN_B PE2 PE1 P P P P T8T2 Data PE VPN_A Data VPN_A VPN_B Ingress PE receives normal IP Packets from router PE router does IP Longest Match from VPN_B FIB, find ibgp next hop PE2 and impose a stack of labels: exterior Label T2 + Interior Label T8 <RD_B,10.2> <RD_B,10.1>, ibgp, next NH= hop PE2 PE1, T2 <RD_B,10.2>, ibgp next hop PE2 <RD_B,10.3>, ibgp next hop PE3 <RD_A,11.6>, ibgp next hop PE1 <RD_A,10.1>, ibgp next hop PE4 <RD_A,10.4>, ibgp next hop PE4 <RD_A,10.2>, ibgp next hop PE2 T1 T8 T7 T2 T8 T3 T9 T4 T7 T5 TB T6 TB T7 T8 25

26 MPLS VPN Forwarding VPN_A Data VPN_B VPN_A VPN_B T2 Data PE2 PE1 TB T2 Data P P P TAT2 Data P in / out T7 Tu T8, TA Tw T9 Tx Ta Ty Tb Tz PE T8T2 Data All Subsequent P routers do switch the packet Solely on Interior Label Egress PE router, removes Interior Label Egress PE uses Exterior Label to select which VPN/ to forward the packet to. VPN_A VPN_A Exterior Label is removed and packet routed to router VPN_B MPLS VPN mechanisms VRF and Multiple Routing Instances VRF: VPN Routing and Forwarding Instance VRF Routing Protocol Context VRF Routing Tables VRF F Forwarding Tables 26

27 MPLS VPN mechanisms VRF and Multiple Routing Instances VPN aware Routing Protocols Select/Install routes in appropriate routing table Per-instance router variables Not necessarily per-instance routing processes ebgp, OSPF, RIPv2, Static MPLS VPN mechanisms VRF and Multiple Routing Instances VRF Routing table contains routes which should be available to a particular set of sites Analogous to standard IOS routing table, supports the same set of mechanisms Interfaces (sites) are assigned to VRFs One VRF per interface (sub-interface, tunnel or virtualtemplate) Possible many interfaces per VRF 27

28 MPLS VPN mechanisms VRF and Multiple Routing Instances Routing processes BGP RIP Static Routing processes run within specific routing contexts Routing contexts VRF Routing tables VRF Forwarding tables Populate specific VPN routing table and FIBs (VRF) MPLS VPN mechanisms VRF and Multiple Routing Instances Logical view Site-1 VPN-A Site-4 VPN-C Multihop MP-iBGP Site-2 VPN-B Site-3 P P PE PE Routing view VRF for site-1 Site-1 routes Site-2 routes VRF for site-2 Site-1 routes Site-2 routes Site-3 routes VRF for site-3 Site-2 routes Site-3 routes Site-4 routes VRF for site-4 Site-3 routes Site-4 routes Site-1 Site-2 Site-3 Site-4 28

29 MPLS VPN Topologies VPN_A VPN_B VPN_A VPN_B PE PE P P ibgp sessions P P PE PE VPN_A VPN_A VPN_B VPN-IPv4 address are propagated together with the associated label in BGP Multiprotocol extension Extended Community attribute (route-target) is associated to each VPN- IPv4 address, to populate the site VRF MPLS VPN Topologies VPN sites with optimal intra-vpn routing Each site has full routing knowledge of all other sites (of same VPN) Each announces his own address space MP-BGP VPN-IPv4 updates are propagated between PEs Routing is optimal in the backbone Each route has the BGP Next-Hop closest to the destination No site is used as central point for connectivity 29

30 MPLS VPN Topologies VPN sites with optimal intra-vpn routing VRF for site-1 N1,NH= 1 N2,NH=PE 2 N3,NH=PE 3 Routing Table on 1 N1, Local N2, PE1 N3, PE1 Site-1 N1 PE1 Site-3 N3 Routing Table on 3 N1, PE3 N2, PE3 N3, Local Int 1 Int3 PE3 VPN-IPv4 updates exchanged between PEs RD:N1, NH=PE1,Label=Int1, RT=Blue RD:N2, NH=PE2,Label=Int2, RT=Blue RD:N3, NH=PE3,Label=Int3, RT=Blue EBGP/RIP/Static N1 NH=1 EBGP/RIP/Static N3 NH=3 VRF for site-3 N1,NH=PE 1 N2,NH=PE 2 N3,NH= 3 PE2 EBGP/RIP/Static N2,NH=2 Int2 VRF for site-2 N1,NH=PE 1 N2,NH= 2 N3,NH=PE 3 Site-2 N2 Routing Table on 2 N1,NH=PE2 N2,Local N3,NH=PE2 MPLS VPN Topologies VPN sites with Hub & Spoke routing One central site has full routing knowledge of all other sites (of same VPN) Hub-Site Other sites will send traffic to Hub-Site for any destination Spoke-Sites Hub-Site is the central transit point between Spoke-Sites Use of central services at Hub-Site 30

31 Site-1 N1 Site-2 N2 1 2 MPLS VPN Topologies VPN sites with Hub & Spoke routing VPN-IPv4 update advertised by PE1 RD:N1, NH=PE1,Label=Int1, RT=Hub Int1 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=1 (exported) N2,NH=PE3 (imported) N3,NH=PE3 (imported Int2 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=PE3 (imported) N2,NH=2 (exported) N3,NH=PE3 (imported) PE1 PE2 VPN-IPv4 update advertised by PE2 RD:N2, NH=PE2,Label=Int2, RT=Hub Int3-Hub VRF (Import RT=Hub) N1,NH=PE1 BGP/RIPv2 3-Hub N2,NH=PE2 Int3-Spoke VRF PE3 (Export RT=Spoke) 3-Spoke N1,NH=3- Spoke BGP/RIPv2 N2,NH=3- Spoke VPN-IPv4 N3,NH=3- updates advertised by PE3 Spoke RD:N1, NH=PE3,Label=Int3-Spoke, RT=Spoke RD:N2, NH=PE3,Label=Int3-Spoke, RT=Spoke RD:N3, NH=PE3,Label=Int3-Spoke, RT=Spoke Routes are imported/exported into VRFs based on RT value of the VPN-IPv4 updates PE3 uses 2 (sub)interfaces with two different VRFs Site-3 N3 MPLS VPN Topologies VPN sites with Hub & Spoke routing Site-1 N1 1 Int1 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=1 (exported) N2,NH=PE3 (imported) N3,NH=PE3 (imported PE1 Int3-Hub VRF (Import RT=Hub) N1,NH=PE1 N2,NH=PE2 BGP/RIPv2 3-Hub Site-3 Site-2 N2 2 Int2 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=PE3 (imported) N2,NH=2 (exported) N3,NH=PE3 (imported) PE2 PE3 Int3-Spoke VRF (Export RT=Spoke) N1,NH=3- Spoke N2,NH=3- Spoke N3,NH=3- Spoke BGP/RIPv2 3-Spoke N3 Traffic from one spoke to another will travel across the hub site Hub site may host central services Security, NAT, centralised Internet access 31

32 MPLS VPN Topologies VPN sites with Hub & Spoke routing If PE and Hub-site use BGP the PE should not check the received AS_PATH The update the Hub-site advertise contains the VPN backbone AS number By configuration the AS_PATH check is disabled Routing loops are detected through the SOO attribute PE and routers may use RIPv2 and/or static routing MPLS VPN Internet Routing In a VPN, sites may need to have Internet connectivity Connectivity to the Internet means: Being able to reach Internet destinations Being able to be reachable from any Internet source Security mechanism MUST be used as in ANY other kind of Internet connectivity 32

33 MPLS VPN Internet Routing The Internet routing table is treated separately In the VPN backbone the Internet routes are in the Global routing table of PE routers Labels are not assigned to external (BGP) routes P routers need not (and will not) run BGP The Overlay Solution L3 L2 L2 L3 L3 L3 L3 L2 L2 L3 L3 L3 L3 L2 L2 Physical L3 L3 L3 Logical Routing at layer 2 (ATM or FR) is used for traffic engineering Layer 3 sees a complete mesh routing at layer 3 is trivial 33

34 Overlay solution: drawbacks Extra network devices (cost) More complex network management (cost) two-level network without integrated network management additional training, technical support, field engineering IGP routing scalability issue for meshes Additional bandwidth overhead ( cell tax ) Traffic engineering with overlay R2 R3 R1 PVC for R2 to R3 traffic PVC for R1 to R3 traffic 34

35 Traffic engineering with Layer 3 R2 R3 R1 IP routing: destination-based least-cost routing Path for R2 to R3 traffic Path for R1 to R3 traffic under-utilized alternate path Traffic engineering with Layer 3 R2 R3 R1 IP routing: destination-based least-cost routing Path for R2 to R3 traffic Path for R1 to R3 traffic under-utilized alternate path 35

36 Traffic engineering with Layer 3 what is missing? Path computation based just on IGP metric is not enough Support for explicit routing (aka source routing ) is not available Key mechanisms Explicit routing (aka source routing ) Constrained-based Path Selection Algorithm Extensions to OSPF/ISIS for flooding of resources / policy information MPLS as the forwarding mechanism RSVP as the mechanism for establishing Label Switched Paths (LSPs) use of the explicitly routed LSP s in the forwarding table 36

37 Design Constraints Requires OSPF or IS-IS Unicast traffic Focus on supporting routing based on a combination of administrative + bandwidth constraints Link Attributes Resource attributes are configured on every link in a network Bandwidth Resource Class Affinity string (Policy) Resource attributes are flooded throughout the network bandwidth per priority Resource Class Affinity string (Policy) TE-specific link metric 37

38 Forwarding Packets on a TE Tunnel In Lbl - Address Prefix Out I face 1 Out Lbl 4 In Lbl 4 Address Prefix Out I face 0 Out Lbl 9 Entry Populated by TE Tunnel Setup - Tunnel Pred Data Data Data LSR Forwards Based on TE Label RSVP Extensions to RFC2205 for LSP Tunnels downstream-on-demand label distribution instantiation of explicit label switched paths allocation of network resources (e.g., bandwidth) to explicit LSPs rerouting of established LSP-tunnels in a smooth fashion using the concept of make-before-break tracking of the actual route traversed by an LSP-tunnel diagnostics on LSP-tunnels preemption options that are administratively controllable 38

39 Path Setup - Example R8 R2 R3 R4 Pop R9 R1 Label 49 Label 17 R6 R7 Label 32 R5 Label 22 Setup: Path (ERO = R1->R2->R6->R7->R4->R9) Reply: Resv communicates labels and reserves bandwidth on each link Link protection for R2-R4 link R8 R9 R2 R4 R1 Pop R5 17 R6 R7 22 Setup: Path (R2->R6->R7->R4) Labels Established on Resv message 39

40 Routing prior R2-R4 link failure R8 R9 R4 R1 37 R2 R6 14 R7 Pop R5 Setup: Path (R1->R2->R4->R9) Labels Established on Resv message Link Protection Active R8 R9 R2 R4 R1 R5 R6 R7 On failure of link from R2 -> R4, R2 simply changes outgoing Label Stack from 14 to <17, 14> 40

41 Link Protection Active R8 Swap 37->14 Push 17 Pop 14 R4 R9 Push 37 R1 R2 R5 R6 Swap 17->22 R7 Pop 22 Label Stack: R1 R2 R6 R7 R4 R None MPLS TE FRR Node Protection Node protection allows to configure a back-up tunnel to the next-nexthop! This allows to protect against link AND node failure Protection against R6 failure R3 R4 R5 R1 R2 R6 R7 R8 R0 R9 41

42 MPLS TE FRR Node Protection Backup labels R3 21 R4 R5 20 R1 10 R2 11 R6 12 R7 R8 x Label for the protected LSP R9 MPLS TE FRR Node Protection Backup labels 20 R R4 11? R5 R1 10 R2 11 R6 12 R7 R8 x Label for the protected LSP The PLR learns the label to use from the RRO object carried in the Resv message when the reroutable LSP is first established With global label space allocation on the MP R9 42

43 MPLS TE FRR Node Protection Backup labels R R4 R R1 10 R2 11 R6 12 R7 R8 x Label for the protected LSP The PLR swaps 10 <-> 12, pushes 20 and forward the traffic onto the backup tunnel R9 43