Overlay Networks and Tunneling Reading: 4.5, 9.4

Similar documents
Enterprise Network Simulation Using MPLS- BGP

Introducing Basic MPLS Concepts

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

For internal circulation of BSNLonly

Professor Yashar Ganjali Department of Computer Science University of Toronto.

Multi Protocol Label Switching (MPLS) is a core networking technology that

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

How Routers Forward Packets

Addressing Inter Provider Connections With MPLS-ICI

WHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January Introduction...

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

DD2491 p BGP-MPLS VPNs. Olof Hagsand KTH/CSC

- Multiprotocol Label Switching -

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

Definition. A Historical Example

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

Junos MPLS and VPNs (JMV)

Introduction to MPLS-based VPNs

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

SBSCET, Firozpur (Punjab), India

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

MPLS - A Choice of Signaling Protocol

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

MPLS L2VPN (VLL) Technology White Paper

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

MPLS Implementation MPLS VPN

Master Course Computer Networks IN2097

RFC 2547bis: BGP/MPLS VPN Fundamentals

How To Make A Network Secure

Internetworking II: VPNs, MPLS, and Traffic Engineering

How To Understand The Benefits Of An Mpls Network

Solutions Guide. Ethernet-based Network Virtualization for the Enterprise

Implementing VPN over MPLS

Cisco Configuring Basic MPLS Using OSPF

MPLS in Private Networks Is It a Good Idea?

MPLS Concepts. Overview. Objectives

Comparative Analysis of Mpls and Non -Mpls Network

IPv6 Deployment Strategies

Transition to IPv6 in Service Providers

Demonstrating the high performance and feature richness of the compact MX Series

MPLS-based Layer 3 VPNs

Leveraging Advanced Load Sharing for Scaling Capacity to 100 Gbps and Beyond

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Implementation of Traffic Engineering and Addressing QoS in MPLS VPN Based IP Backbone

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Boosting Capacity Utilization in MPLS Networks using Load-Sharing MPLS JAPAN Sanjay Khanna Foundry Networks

Virtual Private Networks. Juha Heinänen Song Networks

Expert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire

APPLICATION NOTE 211 MPLS BASICS AND TESTING NEEDS. Label Switching vs. Traditional Routing

MPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

MPLS Environment. To allow more complex routing capabilities, MPLS permits attaching a

Requirements for VoIP Header Compression over Multiple-Hop Paths (draft-ash-e2e-voip-hdr-comp-rqmts-01.txt)

SEC , Cisco Systems, Inc. All rights reserved.

Kingston University London

IPv6 over IPv4/MPLS Networks: The 6PE approach

MPLS Traffic Engineering - A Choice Of Signaling Protocols

Design of MPLS networks VPN and TE with testing its resiliency and reliability

Jerry Ash AT&T Bur Goode AT&T George Swallow Cisco Systems, Inc.

100Gigabit and Beyond: Increasing Capacity in IP/MPLS Networks Today Rahul Vir Product Line Manager Foundry Networks

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

MPLS. Packet switching vs. circuit switching Virtual circuits

Quidway MPLS VPN Solution for Financial Networks

Protection Methods in Traffic Engineering MPLS Networks

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications

BUILDING MPLS-BASED MULTICAST VPN SOLUTION. DENOG3 Meeting, /Frankfurt Carsten Michel

Provisioning Cable Services

Sprint Global MPLS VPN IP Whitepaper

Internetworking. Problem: There is more than one network (heterogeneity & scale)

MPLS L3 VPN Supporting VoIP, Multicast, and Inter-Provider Solutions

Virtual Private LAN Service on Cisco Catalyst 6500/6800 Supervisor Engine 2T

CS419: Computer Networks. Lecture 9: Mar 30, 2005 VPNs

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

Internet Routing. Review of Networking Principles

MPLS-TP. Future Ready. Today. Introduction. Connection Oriented Transport

l.cittadini, m.cola, g.di battista

VPN Technologies A Comparison

Internetworking II: MPLS, Security, and Traffic Engineering

Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T

MPLS VPNs with DiffServ A QoS Performance study

Introduction Inter-AS L3VPN

Traffic Engineering & Network Planning Tool for MPLS Networks

(MPLS) MultiProtocol Labling Switching. Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004.

Customized BGP Route Selection Using BGP/MPLS VPNs

Transcription:

Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30 2:50 in COS 105) Mike Freedman Teaching Assistants: WyaN Lloyd and Jeff Terrace hnp://www.cs.princeton.edu/courses/archive/spring09/cos461/ 1

Goals of Today s Lecture MoVvaVons for overlay networks Incremental deployment of new protocols Customized rouvng and forwarding soluvons Overlays for parval deployments 6Bone, Mbone, security, mobility, Resilient Overlay Network (RON) AdapVve rouvng through intermediate node MulV protocol label switching (MPLS) Tunneling at L2.5 2

Overlay Networks 3

Overlay Networks 4

Overlay Networks Focus at the application level 5

IP Tunneling to Build Overlay Links IP tunnel is a virtual point to point link Illusion of a direct link between two separated nodes Logical view: A B E F tunnel Physical view: A B E F EncapsulaVon of the packet inside an IP datagram Node B sends a packet to node E containing another packet as the payload 6

Tunnels Between End Hosts B Src: A Dest: B A Src: C Dest: B Src: A Dest: B Src: A Dest: C Src: A Dest: B C 7

Overlay Networks A logical network built on top of a physical network Overlay links are tunnels through the underlying network Many logical networks may coexist at once Over the same underlying network And providing its own parvcular service Nodes are o`en end hosts AcVng as intermediate nodes that forward traffic Providing a service, such as access to files Who controls the nodes providing service? The party providing the service Distributed collecvon of end users 8

Overlays for Incremental Deployment 9

Using Overlays to Evolve the Internet Internet needs to evolve IPv6 Security Mobility MulVcast But, global change is hard CoordinaVon with many ASes Flag day to deploy and enable the technology Instead, bener to incrementally deploy And find ways to bridge deployment gaps 10

6Bone: Deploying IPv6 over IP4 Logical view: A B E F tunnel IPv6 IPv6 IPv6 IPv6 Physical view: A B C D E F IPv6 IPv6 IPv4 IPv4 IPv6 IPv6 Flow: X Src: A Dest: F data Src:B Dest: E Flow: X Src: A Dest: F Src:B Dest: E Flow: X Src: A Dest: F Flow: X Src: A Dest: F data data data A-to-B: IPv6 B-to-C: IPv6 inside IPv4 B-to-C: IPv6 inside IPv4 E-to-F: IPv6 11

Secure CommunicaVon Over Insecure Links Encrypt packets at entry and decrypt at exit Eavesdropper cannot snoop the data or determine the real source and desvnavon 12

CommunicaVng With Mobile Users A mobile user changes locavons frequently So, the IP address of the machine changes o`en The user wants applicavons to convnue running So, the change in IP address needs to be hidden SoluVon: fixed gateway forwards packets Gateway has a fixed IP address and keeps track of the mobile s address changes www.cnn.com gateway 13

IP MulVcast MulVcast Delivering the same data to many receivers Avoiding sending the same data many Vmes unicast multicast IP mulvcast Special addressing, forwarding, and rouvng schemes 14

MBone: MulVcast Backbone A catch 22 for deploying mulvcast Router vendors wouldn t support IP mulvcast since they weren t sure anyone would use it And, since it didn t exist, nobody was using it Idea: so`ware implemenvng mulvcast protocols And unicast tunnels to traverse non parvcipants 15

MulVcast Today Mbone applicavons starvng in early 1990s Primarily video conferencing, but no longer operavonal SVll many challenges to deploying IP mulvcast Security vulnerabilives, business models, ApplicaVon layer mulvcast is more prevalent Tree of servers delivering the content CollecVon of end hosts cooperavng to delivery video Some mulvcast within individual ASes Financial sector: stock Vckers Within campuses or broadband networks: TV shows Backbone networks: IPTV 16

Case Study: Resilient Overlay Networks 17

RON: Resilient Overlay Networks Premise: by building applicavon overlay network, can increase performance and reliability of rouvng Princeton Yale app-layer router Two-hop (app-level) Berkeley-to-Princeton route http://nms.csail.mit.edu/ron/ Berkeley 18

RON Circumvents Policy RestricVons IP rouvng depends on AS rouvng policies But hosts may pick paths that circumvent policies USLEC ISP me PU Patriot My home computer 19

RON Adapts to Network CondiVons B A C Start experiencing bad performance Then, start forwarding through intermediate host 20

RON Customizes to ApplicaVons B A bulk transfer C VoIP traffic: low latency path Bulk transfer: high bandwidth path 21

How Does RON Work? Keeping it small to avoid scaling problems A few friends who want bener service Just for their communicavon with each other E.g., VoIP, gaming, collaboravve work, etc. Send probes between each pair of hosts B A C 22

How Does RON Work? Exchange the results of the probes Each host shares results with every other host EssenVally running a link state protocol! So, every host knows the performance properves Forward through intermediate host when needed BB A C 23

RON Works in PracVce Faster reacvon to failure RON reacts in a few seconds BGP somevmes takes a few minutes Single hop indirect rouvng No need to go through many intermediate hosts One extra hop circumvents the problems BeNer end to end paths CircumvenVng rouvng policy restricvons SomeVmes the RON paths are actually shorter 24

RON Limited to Small Deployments Extra latency through intermediate hops So`ware delays for packet forwarding PropagaVon delay across the access link Overhead on the intermediate node Imposing CPU and I/O load on the host Consuming bandwidth on the access link Overhead for probing the virtual links Bandwidth consumed by frequent probes Trade off between probe overhead and detecvon speed Possibility of causing instability Moving traffic in response to poor performance May lead to congesvon on the new paths 25

We saw tunneling on top of IP. What about tunneling below IP? Introducing MulV Protocol Label Switching (MPLS) 26

Why Tunnel? Reliability Fast Reroute, Resilient Overlay Networks (Akamai SureRoute) Flexibility Topology, protocol Stability ( path pinning ) E.g., for performance guarantees Security E.g., Virtual Private Networks (VPNs) Bypassing local network engineers Censoring regimes: China, Pakistan, 27

MPLS Overview Main idea: Virtual circuit Packets forwarded based only on circuit idenvfier Source 1 Destination Source 2 Router can forward traffic to the same destination on different interfaces/paths. 28

MPLS Overview Main idea: Virtual circuit Packets forwarded based only on circuit idenvfier Source 1 Destination Source 2 Router can forward traffic to the same destination on different interfaces/paths. 29

Circuit AbstracVon: Label Swapping A 1 2 D Tag Out New A 2 D 3 Label switched paths (LSPs): Paths are named by the label at the path s entry point At each hop, MPLS routers: Use label to determine outgoing interface, new label Thus, push/pop/swap MPLS headers that encapsulate IP Label distribu9on protocol: responsible for disseminavng signalling informavon 30

Reconsider security problem 31

Layer 3 Virtual Private Networks Private communicavons over a public network A set of sites that are allowed to communicate with each other Defined by a set of administravve policies Determine both connecvvity and QoS among sites Established by VPN customers One way to implement: BGP/MPLS VPN (RFC 2547)

Layer 2 vs. Layer 3 VPNs Layer 2 VPNs can carry traffic for many different protocols, whereas Layer 3 is IP only More complicated to provision a Layer 2 VPN Layer 3 VPNs: potenvally more flexibility, fewer configuravon headaches 33

Layer 3 BGP/MPLS VPNs VPN A/Site 2 VPN B/Site 1 10.1/16 CE 1 B1 P 1 10.2/16 CE A2 PE 2 CE B2 10.2/16 VPN B/Site 2 CE 2 B1 P 2 BGP to exchange routes PE 1 PE 3 MPLS to forward traffic CE A1 P 3 CE A3 10.3/16 10.1/16 CE B3 VPN A/Site 3 VPN A/Site 1 10.4/16 VPN B/Site 3 Isola9on: MulVple logical networks over a single, shared physical infrastructure Tunneling: Keeping routes out of the core 34

High Level Overview of OperaVon IP packets arrive at PE PE 2 DesVnaVon IP address is looked up in forwarding table PE 1 PE 3 Datagram sent to customer s network using tunneling (i.e., an MPLS label switched path) 35

BGP/MPLS VPN key components Forwarding in the core: MPLS DistribuVng routes between PEs: BGP IsolaVon: Keeping different VPNs from rouvng traffic over one another Constrained distribuvon of rouvng informavon MulVple virtual forwarding tables Unique Addresses: VPN IPv4 extensions RFC 2547: Route DisVnguishers 36

Virtual RouVng and Forwarding Separate tables per customer at each router Customer 1 Customer 1 10.0.1.0/24 RD: Purple 10.0.1.0/24 Customer 2 10.0.1.0/24 RD: Blue Customer 2 10.0.1.0/24 37

Forwarding PE and P routers have BGP next hop reachability through the backbone IGP Labels are distributed through LDP (hop by hop) corresponding to BGP Next Hops Two Label Stack is used for packet forwarding Top label indicates Next Hop (interior label) Second label indicates outgoing interface / VRF (exterior label) Corresponds to LSP of BGP next-hop (PE) Corresponds to VRF/ interface at exit Layer 2 Header Label 1 Label 2 IP Datagram 38

Forwarding in BGP/MPLS VPNs Step 1: Packet arrives at incoming interface Site VRF determines BGP next hop and Label #2 Label 2 IP Datagram Step 2: BGP next hop lookup, add corresponding LSP (also at site VRF) Label 1 Label 2 IP Datagram 39

Layer 3 BGP/MPLS VPNs VPN A/Site 2 VPN B/Site 1 10.1/16 CE 1 B1 P 1 10.2/16 CE A2 PE 2 CE B2 10.2/16 VPN B/Site 2 CE 2 B1 P 2 PE 1 PE 3 CE A1 P 3 CE A3 10.3/16 10.1/16 CE B3 VPN A/Site 3 VPN A/Site 1 10.4/16 VPN B/Site 3 BGP to exchange routes MPLS to forward traffic 40

Conclusions Overlay networks Tunnels between host computers Build networks on top of the Internet Deploy new protocols and services Provide bener control, flexibility, QoS, isolavon, Underlay tunnels Across routers within AS Build networks below IP route Provide bener control, flexibility, QoS, isolavon, Next Vme Peer to peer applicavons 41

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information