MPLS Concepts. MPLS Concepts

Similar documents
Introducing Basic MPLS Concepts

MPLS Concepts. Overview. Objectives

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

How Routers Forward Packets

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

How To Make A Network Secure

MPLS-based Layer 3 VPNs

For internal circulation of BSNLonly

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

RFC 2547bis: BGP/MPLS VPN Fundamentals

Implementing MPLS VPN in Provider's IP Backbone Luyuan Fang AT&T

Kingston University London

Introduction to MPLS-based VPNs

Enterprise Network Simulation Using MPLS- BGP

Implementing Cisco MPLS

MPLS Implementation MPLS VPN

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

MPLS Basics. For details about MPLS architecture, refer to RFC 3031 Multiprotocol Label Switching Architecture.

- Multiprotocol Label Switching -

MPLS. A Tutorial. Paresh Khatri. paresh.khatri@alcatel-lucent.com.au

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

DD2490 p Routing and MPLS/IP. Olof Hagsand KTH CSC

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

IPv6 over IPv4/MPLS Networks: The 6PE approach

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

MPLS Based Recovery Mechanisms

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T

Expert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire

Design of MPLS networks VPN and TE with testing its resiliency and reliability

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

Protection Methods in Traffic Engineering MPLS Networks

DD2491 p MPLS/BGP VPNs. Olof Hagsand KTH CSC

HP Networking BGP and MPLS technology training

l.cittadini, m.cola, g.di battista

Cisco Configuring Basic MPLS Using OSPF

Introduction Inter-AS L3VPN

MPLS is the enabling technology for the New Broadband (IP) Public Network

Fundamentals Multiprotocol Label Switching MPLS III

APNIC elearning: Introduction to MPLS

Building VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&

MPLS VPN Implementation

Layer 3 Multiprotocol Label Switching Virtual Private Network

Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis)

Implementation of Traffic Engineering and Addressing QoS in MPLS VPN Based IP Backbone

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0

DD2491 p BGP-MPLS VPNs. Olof Hagsand KTH/CSC

Project Report on Traffic Engineering and QoS with MPLS and its applications

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

Migrating to MPLS Technology and Applications

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks

Content CHAPTER 1 MPLS OVERVIEW

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

MPLS - A Choice of Signaling Protocol

MPLS Virtual Private Networks

Multiprotocol Label Switching (MPLS)

NAVAL POSTGRADUATE SCHOOL THESIS

UNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS

MPLS Environment. To allow more complex routing capabilities, MPLS permits attaching a

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

Multi Protocol Label Switching (MPLS) is a core networking technology that

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

Table of Contents. Cisco Configuring a Basic MPLS VPN

MPLS Inter-AS VPNs. Configuration on Cisco Devices

Using OSPF in an MPLS VPN Environment

Introduction to MPLS and Traffic Engineering

Junos MPLS and VPNs (JMV)

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

APPLICATION NOTE 211 MPLS BASICS AND TESTING NEEDS. Label Switching vs. Traditional Routing

Quidway MPLS VPN Solution for Financial Networks

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

Implementing VPN over MPLS

MPLS VPN Route Target Rewrite

Master Course Computer Networks IN2097

MPLS Traffic Engineering - A Choice Of Signaling Protocols

Multi-Protocol Label Switching To Support Quality of Service Needs

Comparative Analysis of Mpls and Non -Mpls Network

MPLS L2VPN (VLL) Technology White Paper

How To Understand The Benefits Of An Mpls Network

Lesson 13: MPLS Networks

MPLS/VPN Overview Cisco Systems, Inc. All rights reserved. 1

Multiprotocol Label Switching (MPLS)

Design of Virtual Private Networks with MPLS

MPLS Application, Services & Best Practices for Deployment

SEC , Cisco Systems, Inc. All rights reserved.

Broadband Networks. Prof. Karandikar. Department of Electrical Engineering. Indian Institute of Technology, Bombay. Lecture - 26

S ITGuru Exercise (3: Building the MPLS BGP VPN) Spring 2006

MPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005

Virtual Leased Lines - Martini

Fast Re-Route in IP/MPLS networks using Ericsson s IP Operating System

Ativando MPLS Traffic Engineering

Designing and Developing Scalable IP Networks

Frame Mode MPLS Implementation

Transcription:

MPLS Concepts MPLS: Multi Protocol Label Switching MPLS is a layer 2+ switching MPLS forwarding is done in the same way as in VC (Virtual Circuit) switches Packet forwarding is done based on Labels MPLS Concepts Unlike IP, classification/label can be based on: Destination Unicast address Traffic Engineering VPN QoS FEC: Forwarding Equivalence Class A FEC can represent a: Destination address prefix, VPN, Traffic Engineering tunnel, Class of Service. 1

LSRs and Labels LSR: Label Switch Router Edge-LSR: LSRs that do label imposition and disposition LSRs and Labels IGP domain with a label distribution protocol An IP routing protocol is used within the routing domain (e.g.:ospf, i-isis) A label distribution protocol is used to distribute address/label mappings between adjacent neighbors The ingress LSR receives IP packets, performs packet classification, assign a label, and forward the labelled packet into the MPLS network Core LSRs switch packets/cells based on the label value The egress LSR removes the label before forwarding the IP packet outside the MPLS network 2

LSRs and Labels 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Label Exp S TTL Label = 20 bits Exp = Experimental, 3 bits S = Bottom of stack, 1bit TTL = Time to live, 8 bits Uses new Ethertypes/PPP PIDs/SNAP values/etc More than one Label is allowed -> Label Stack MPLS LSRs always forward packets based on the value of the label at the top of the stack PPP Header(Packet over SONET/SDH) PPP Header Shim Header Layer 3 Header Ethernet Ethernet Hdr Shim Header Layer 3 Header Label Assignment and Distribution Labels have link-local significance Each LSR binds his own label mappings Each LSR assign labels to his FECs Labels are assigned and exchanged between adjacent neighboring LSR Applications may require non-adjacent neighbors 3

Label Assignment and Distribution Upstream and Downstream LSRs 171.68.40/24 Rtr-A Rtr-B Rtr-C 171.68.10/24 Rtr-C is the downstream neighbor of Rtr-B for destination 171.68.10/24 Rtr-B is the downstream neighbor of Rtr-A for destination 171.68.10/24 LSRs know their downstream neighbors through the IP routing protocol Next-hop address is the downstream neighbor Label Assignment and Distribution Unsolicited Downstream Distribution 171.68.40/24 Rtr-A Use label 30 for destination 171.68.10/24 Rtr-B In I/F 0 In Lab - Address Prefix 171.68.10 Out I/F 1 Out Lab 30 In I/F 0 In Lab 30 Address Prefix 171.68.10 Out I/F 1 Next-Hop Next-Hop Use label 40 for destination 171.68.10/24 Out Lab 40 In I/F 0 Rtr-C In Lab 40 171.68.10/24 Address Prefix 171.68.10 Next-Hop Out I/F 1 Out Lab - IGP derived routes LSRs distribute labels to the upstream neighbors 4

Label Assignment and Distribution On-Demand Downstream Distribution 171.68.40/24 Rtr-A Use label 40 for destination 171.68.10/24 Rtr-B Use label 30 for destination 171.68.10/24 Rtr-C 171.68.10/24 Request label for destination 171.68.10/24 Request label for destination 171.68.10/24 Upstream LSRs request labels to downstream neighbors Downstream LSRs distribute labels upon request Label Assignment and Distribution Several protocols for label exchange LDP Maps unicast IP destinations into labels RSVP Used in traffic engineering BGP External labels (VPN) 5

Label Switch Path (LSP) IGP domain with a label distribution protocol IGP domain with a label distribution protocol LSP follows IGP shortest path LSP diverges from IGP shortest path LSPs are derived from IGP routing information LSPs may diverge from IGP shortest path LSP tunnels (explicit routing) with TE LSPs are unidirectional Return traffic takes another LSP Label Switch Path (LSP) Penultimate Hop Popping The label at the top of the stack is removed (popped) by the upstream neighbor of the egress LSR The egress LSR requests the popping through the label distribution protocol Egress LSR advertises implicit-null label The egress LSR will not have to do a lookup and remove itself the label One lookup is saved in the egress LSR 6

In I/F 0 In Lab Label Switch Path (LSP) Penultimate Hop Popping Address Prefix Out I/F 1 Out Lab - 171.68/16 1 4 Next-Hop Summary route for 171.68/16 In I/F 0 In Lab Address Prefix 4 171.68/16 2 pop Next-Hop 0 1 Out I/F Out Lab Summary route for 171.68/16 Address Prefix and mask 171.68.10/24 Next-Hop 171.68.9.1 0 Interface Serial1 171.68.44/24 171.68.12.1 Serial2 171.68/16 Null Use label 4 for FEC 171.68/16 Use label implicit-null for FEC 171.68/16 171.68.10/24 171.68.44/24 Summary route is propagate through the IGP and label is assigned by each LSR Egress LSR summarises more specific routes and advertises a label for the new FEC Egress LSR needs to do an IP lookup for finding more specific route Egress LSR need NOT receive a labelled packet Loops and TTL In IP networks TTL is used to prevent packets to travel indefinitely in the network MPLS may use same mechanism as IP, but not on all encapsulations 7

Loops and TTL IP packet TTL = 10 LSR-1 Label = 25 IP packet TTL = 6 LSR-2 LSR- 3 Label = 39 IP packet TTL = 6 LSR-6 --> 25 Hops=4 IGP domain with a label distribution protocol LSR-4 Label = 21 IP packet TTL = 6 LSR-5 IP packet TTL = 6 LSR-6 Egress TTL is decremented prior to enter the non-ttl capable LSP If TTL is 0 the packet is discarded at the ingress point TTL is examined at the LSP exit LDP Concepts Label Distribution Protocol Labels map to FECs for Unicast Destination Prefix LDP works between adjacent/non-adjacent peers LDP sessions are established between peers 8

LDP Messages Discovery messages Used to discover and maintain the presence of new peers Hello packets (UDP) sent to all-routers multicast address Once neighbor is discovered, the LDP session is established over TCP LDP Messages Session messages Establish, maintain and terminate LDP sessions Advertisement messages Create, modify, delete label mappings Notification messages Error signalling 9

In I/F 0 In Lab Address Prefix Out I/F - 171.68/16 1 4 Next-Hop Day in the life of a Packet Out Lab In I/F 0 In Lab Address Prefix Out I/F Out Lab 4 171.68/16 1 7 Next-Hop In I/F 0 In Lab Address Prefix Out I/F Out Lab 7 171.68/16 2 pop Next-Hop Address Prefix and mask 171.68.10/24 Next-Hop 171.68.9.1 Interface Serial1 171.68.44/24 171.68.12.1 Serial2 171.68/16 Null PE 0 1 Use label 4 for FEC 171.68/16 0 P 1 P 2 0 PE 0 Use label implicit-null Use label 7 for for FEC 171.68/16 FEC 171.68/16 Summary route for 171.68/16 Summary route for 171.68/16 171.68.10/24 171.68.44/24 Summary route is propagate through the IGP and label is assigned by each LSR Egress LSR summarises more specific routes and advertises a label for the new FEC Egress LSR needs to do an IP lookup for finding more specific route MPLS-VPN What is a VPN? An IP network infrastructure delivering private network services over a public infrastructure Use a layer 3 backbone Scalability, easy provisioning Global as well as non-unique private address space QoS Controlled access Easy configuration for customers 10

VPN Models - The Overlay model Private trunks over a TELCO/SP shared infrastructure Leased/Dialup lines FR/ATM circuits IP (GRE) tunnelling Transparency between provider and customer networks Optimal routing requires full mesh over over backbone VPN Models - The Peer model Both provider and customer network use same network protocol and PE routers have a routing adjacency at each site All provider routers hold the full routing information about all customer networks Private addresses are not allowed May use the virtual router capability Multiple routing and forwarding tables based on Customer Networks 11

VPN Models - MPLS-VPN: The True Peer model Same as Peer model BUT!!! Provider Edge routers receive and hold routing information only about VPNs directly connected Reduces the amount of routing information a PE router will store Routing information is proportional to the number of VPNs a router is attached to MPLS is used within the backbone to switch packets (no need of full routing) MPLS-VPN Terminology Provider Network (P-Network) The backbone under control of a Service Provider Customer Network (C-Network) Network under customer control router Customer Edge router. Part of the C-network and interfaces to a PE router 12

MPLS-VPN Terminology Site Set of (sub)networks part of the C-network and co-located A site is connected to the VPN backbone through one or more PE/ links PE router Provider Edge router. Part of the P-Network and interfaces to routers P router Provider (core) router, without knowledge of VPN MPLS-VPN Terminology Border router Provider Edge router interfacing to other provider networks Extended Community BGP attribute used to identify a Route-origin, Route-target Site of Origin Identifier (SOO) 64 bits identifying routers where the route has been originated 13

MPLS-VPN Terminology Route-Target 64 bits identifying routers that should receive the route Route Distinguisher Attributes of each route used to uniquely identify prefixes among VPNs (64 bits) VRF based (not VPN based) VPN-IPv4 addresses Address including the 64 bits Route Distinguisher and the 32 bits IP address MPLS-VPN Terminology VRF VPN Routing and Forwarding Instance Routing table and FIB table Populated by routing protocol contexts VPN-Aware network A provider backbone where MPLS-VPN is deployed 14

MPLS VPN Connection Model A VPN is a collection of sites sharing a common routing information (routing table) A site can be part of different VPNs A VPN has to be seen as a community of interest (or Closed User Group) Multiple Routing/Forwarding instances (VRF) on PE routers MPLS VPN Connection Model Site-4 Site-1 VPN-A VPN-C Site-2 VPN-B Site-3 A site belonging to different VPNs may or MAY NOT be used as a transit point between VPNs If two or more VPNs have a common site, address space must be unique among these VPNs 15

MPLS VPN Connection Model The VPN backbone is composed by MPLS LSRs PE routers (edge LSRs) P routers (core LSRs) PE routers are faced to routers and distribute VPN information through MP-BGP to other PE routers VPN-IPv4 addresses, Extended Community, Label P routers do not run BGP and do not have any VPN knowledge MPLS VPN Connection Model VPN_A 10.2.0.0 VPN_B 10.2.0.0 VPN_A 11.6.0.0 VPN_B 10.1.0.0 PE PE P P ibgp sessions P P PE PE VPN_A 11.5.0.0 VPN_A 10.1.0.0 VPN_B 10.3.0.0 P routers (LSRs) are in the core of the MPLS cloud PE routers use MPLS with the core and plain IP with routers P and PE routers share a common IGP PE router are MP-iBGP fully meshed 16

MPLS VPN Connection Model Site-1 Site-2 EBGP,OSPF, RIPv2,Static PE PE and routers exchange routing information through: EBGP, OSPF, RIPv2, Static routing router run standard routing software MPLS VPN Connection Model Site-1 EBGP,OSPF, RIPv2,Static PE VPN Backbone IGP (OSPF, ISIS) Site-2 PE routers maintain separate routing tables The global routing table With all PE and P routes Populated by the VPN backbone IGP (ISIS or OSPF) VRF (VPN Routing and Forwarding) Routing and Forwarding table associated with one or more directly connected sites (s) VRF are associated to (sub/virtual/tunnel)interfaces Interfaces may share the same VRF if the connected sites may share the same routing information 17

MPLS VPN Connection Model Site-1 PE Site-2 Different site sharing the same routing information, may share the same VRF Interfaces connecting these sites will use the same VRF Sites belonging to the same VPN may share same VRF MPLS VPN Connection Model Site-1 Site-2 EBGP,OSPF, RIPv2,Static PE VPN Backbone IGP The routes the PE receives from routers are installed in the appropriate VRF The routes the PE receives through the backbone IGP are installed in the global routing table By using separate VRFs, addresses need NOT to be unique among VPNs 18

MPLS VPN Connection Model The Global Routing Table is populated by IGP protocols. In PE routers it may contain the BGP Internet routes (standard BGP-4 routes) BGP-4 (IPv4) routes go into global routing table MP-BGP (VPN-IPv4) routes go into VRFs MPLS VPN Connection Model PE P P PE VPN Backbone IGP P P ibgp session PE and P routers share a common IGP (ISIS or OSPF) PEs establish MP-iBGP sessions between them PEs use MP-BGP to exchange routing information related to the connected sites and VPNs VPN-IPv4 addresses, Extended Community, 19

MPLS VPN Connection Model MP-BGP Update VPN-IPV4 address Route Distinguisher 64 bits Makes the IPv4 route globally unique RD is configured in the PE for each VRF RD may or may not be related to a site or a VPN IPv4 address (32bits) Extended Community attribute (64 bits) Site of Origin (SOO): identifies the originating site Route-target (RT): identifies the set of sites the route has to be advertised to MPLS VPN Connection Model MP-BGP Update Any other standard BGP attribute Local Preference MED Next-hop AS_PATH Standard Community A Label identifying: The outgoing interface The VRF where a lookup has to be done (aggregate label) The BGP label will be the second label in the label stack of packets travelling in the core 20

MPLS VPN Connection Model MP-BGP Update - Extended community BGP extended community attribute Structured, to support multiple applications 64 bits for increased range General form <16bits type>:<asn>:<32 bit number> Registered AS number <16bits type>:<ip address>:<16 bit number> Registered IP address MPLS VPN Connection Model MP-BGP Update - Extended community The Extended Community is used to: Identify one or more routers where the route has been originated (site) Site of Origin (SOO) Selects sites which should receive the route Route-Target 21

MPLS VPN Connection Model BGP,RIPv2 update for Net1,Next- Hop=-1 PE-1 P P VPN Backbone IGP P P PE-2 VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to -2-2 Site-2 Site-1-1 VPN-IPv4 update: RD:Net1, Next-hop=PE-1 SOO=Site1, RT=Green, Label=(int1) PE routers receive IPv4 updates (EBGP, RIPv2, Static) PE routers translate into VPN-IPv4 Assign a SOO and RT based on configuration Re-write Next-Hop attribute Assign a label based on VRF and/or interface Send MP-iBGP update to all PE neighbors MPLS VPN Connection Model BGP,OSPF, RIPv2 update for Net1 Next-Hop=-1 PE-1 P P VPN Backbone IGP P P PE-2 VPN-IPv4 update is translated into IPv4 address (Net1) put into VRF green since RT=Green and advertised to -2-2 Site-2 Site-1-1 VPN-IPv4 update: RD:Net1, Next-hop=PE-1 SOO=Site1, RT=Green, Label=(int1) Receiving PEs translate to IPv4 Insert the route into the VRF identified by the RT attribute (based on PE configuration) The label associated to the VPN-IPv4 address will be set on packet forwarded towards the destination 22

MPLS VPN Connection Model Route distribution to sites is driven by the Site of Origin (SOO) and Route-target attributes BGP Extended Community attribute A route is installed in the site VRF corresponding to the Route-target attribute Driven by PE configuration A PE which connects sites belonging to multiple VPNs will install the route into the site VRF if the Routetarget attribute contains one or more VPNs to which the site is associated MPLS Forwarding Packet forwarding PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops Label Stack is used for packet forwarding Top label indicates BGP Next-Hop (interior label) Second level label indicates outgoing interface or VRF (exterior label) 23

MPLS Forwarding Packet forwarding MPLS nodes forward packets based on the top label P routers do not have BGP (nor VPN) knowledge No VPN routing information No Internet routing information MPLS Forwarding Penultimate Hop Popping The upstream LDP peer of the BGP next-hop (PE router) will pop the first level label The penultimate hop will pop the label Requested through LDP The egress PE router will forward the packet based on the second level label which gives the outgoing interface (and VPN) 24

MPLS Forwarding MPLS Forwarding - Penultimate Hop Popping 1 IP packet P routers switch the packets based on the IGP label (label on top of the stack) PE1 Penultimate Hop Popping P2 is the penultimate hop for the BGP next-hop P2 remove the top label This has been requested through LDP by PE2 PE2 receives the packets with the label corresponding to the outgoing interface (VRF) One single lookup Label is popped and packet sent to IP neighbor 2 IGP Label(PE2) VPN Label IP packet IP packet PE1 receives IP packet Lookup is done on site VRF BGP route with Next-Hop and Label is found BGP next-hop (PE2) is reachable through IGP route with associated label P1 IGP Label(PE2) VPN Label IP packet P2 VPN Label IP packet PE2 3 MPLS VPN Forwarding VPN_A 10.2.0.0 VPN_B 10.2.0.0 VPN_A 11.6.0.0 VPN_B 10.1.0.0 PE2 PE1 P P P P T8T2 Data PE VPN_A 11.5.0.0 Data VPN_A 10.1.0.0 VPN_B 10.3.0.0 Ingress PE receives normal IP Packets from router PE router does IP Longest Match from VPN_B FIB, find ibgp next hop PE2 and impose a stack of labels: exterior Label T2 + Interior Label T8 <RD_B,10.2> <RD_B,10.1>, ibgp, next NH= hop PE2 PE1, T2 <RD_B,10.2>, ibgp next hop PE2 <RD_B,10.3>, ibgp next hop PE3 <RD_A,11.6>, ibgp next hop PE1 <RD_A,10.1>, ibgp next hop PE4 <RD_A,10.4>, ibgp next hop PE4 <RD_A,10.2>, ibgp next hop PE2 T1 T8 T7 T2 T8 T3 T9 T4 T7 T5 TB T6 TB T7 T8 25

MPLS VPN Forwarding VPN_A 10.2.0.0 Data VPN_B 10.2.0.0 VPN_A 11.6.0.0 VPN_B 10.1.0.0 T2 Data PE2 PE1 TB T2 Data P P P TAT2 Data P in / out T7 Tu T8, TA Tw T9 Tx Ta Ty Tb Tz PE T8T2 Data All Subsequent P routers do switch the packet Solely on Interior Label Egress PE router, removes Interior Label Egress PE uses Exterior Label to select which VPN/ to forward the packet to. VPN_A 11.5.0.0 VPN_A 10.1.0.0 Exterior Label is removed and packet routed to router VPN_B 10.3.0.0 MPLS VPN mechanisms VRF and Multiple Routing Instances VRF: VPN Routing and Forwarding Instance VRF Routing Protocol Context VRF Routing Tables VRF F Forwarding Tables 26

MPLS VPN mechanisms VRF and Multiple Routing Instances VPN aware Routing Protocols Select/Install routes in appropriate routing table Per-instance router variables Not necessarily per-instance routing processes ebgp, OSPF, RIPv2, Static MPLS VPN mechanisms VRF and Multiple Routing Instances VRF Routing table contains routes which should be available to a particular set of sites Analogous to standard IOS routing table, supports the same set of mechanisms Interfaces (sites) are assigned to VRFs One VRF per interface (sub-interface, tunnel or virtualtemplate) Possible many interfaces per VRF 27

MPLS VPN mechanisms VRF and Multiple Routing Instances Routing processes BGP RIP Static Routing processes run within specific routing contexts Routing contexts VRF Routing tables VRF Forwarding tables Populate specific VPN routing table and FIBs (VRF) MPLS VPN mechanisms VRF and Multiple Routing Instances Logical view Site-1 VPN-A Site-4 VPN-C Multihop MP-iBGP Site-2 VPN-B Site-3 P P PE PE Routing view VRF for site-1 Site-1 routes Site-2 routes VRF for site-2 Site-1 routes Site-2 routes Site-3 routes VRF for site-3 Site-2 routes Site-3 routes Site-4 routes VRF for site-4 Site-3 routes Site-4 routes Site-1 Site-2 Site-3 Site-4 28

MPLS VPN Topologies VPN_A 10.2.0.0 VPN_B 10.2.0.0 VPN_A 11.6.0.0 VPN_B 10.1.0.0 PE PE P P ibgp sessions P P PE PE VPN_A 11.5.0.0 VPN_A 10.1.0.0 VPN_B 10.3.0.0 VPN-IPv4 address are propagated together with the associated label in BGP Multiprotocol extension Extended Community attribute (route-target) is associated to each VPN- IPv4 address, to populate the site VRF MPLS VPN Topologies VPN sites with optimal intra-vpn routing Each site has full routing knowledge of all other sites (of same VPN) Each announces his own address space MP-BGP VPN-IPv4 updates are propagated between PEs Routing is optimal in the backbone Each route has the BGP Next-Hop closest to the destination No site is used as central point for connectivity 29

MPLS VPN Topologies VPN sites with optimal intra-vpn routing VRF for site-1 N1,NH= 1 N2,NH=PE 2 N3,NH=PE 3 Routing Table on 1 N1, Local N2, PE1 N3, PE1 Site-1 N1 PE1 Site-3 N3 Routing Table on 3 N1, PE3 N2, PE3 N3, Local Int 1 Int3 PE3 VPN-IPv4 updates exchanged between PEs RD:N1, NH=PE1,Label=Int1, RT=Blue RD:N2, NH=PE2,Label=Int2, RT=Blue RD:N3, NH=PE3,Label=Int3, RT=Blue EBGP/RIP/Static N1 NH=1 EBGP/RIP/Static N3 NH=3 VRF for site-3 N1,NH=PE 1 N2,NH=PE 2 N3,NH= 3 PE2 EBGP/RIP/Static N2,NH=2 Int2 VRF for site-2 N1,NH=PE 1 N2,NH= 2 N3,NH=PE 3 Site-2 N2 Routing Table on 2 N1,NH=PE2 N2,Local N3,NH=PE2 MPLS VPN Topologies VPN sites with Hub & Spoke routing One central site has full routing knowledge of all other sites (of same VPN) Hub-Site Other sites will send traffic to Hub-Site for any destination Spoke-Sites Hub-Site is the central transit point between Spoke-Sites Use of central services at Hub-Site 30

Site-1 N1 Site-2 N2 1 2 MPLS VPN Topologies VPN sites with Hub & Spoke routing VPN-IPv4 update advertised by PE1 RD:N1, NH=PE1,Label=Int1, RT=Hub Int1 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=1 (exported) N2,NH=PE3 (imported) N3,NH=PE3 (imported Int2 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=PE3 (imported) N2,NH=2 (exported) N3,NH=PE3 (imported) PE1 PE2 VPN-IPv4 update advertised by PE2 RD:N2, NH=PE2,Label=Int2, RT=Hub Int3-Hub VRF (Import RT=Hub) N1,NH=PE1 BGP/RIPv2 3-Hub N2,NH=PE2 Int3-Spoke VRF PE3 (Export RT=Spoke) 3-Spoke N1,NH=3- Spoke BGP/RIPv2 N2,NH=3- Spoke VPN-IPv4 N3,NH=3- updates advertised by PE3 Spoke RD:N1, NH=PE3,Label=Int3-Spoke, RT=Spoke RD:N2, NH=PE3,Label=Int3-Spoke, RT=Spoke RD:N3, NH=PE3,Label=Int3-Spoke, RT=Spoke Routes are imported/exported into VRFs based on RT value of the VPN-IPv4 updates PE3 uses 2 (sub)interfaces with two different VRFs Site-3 N3 MPLS VPN Topologies VPN sites with Hub & Spoke routing Site-1 N1 1 Int1 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=1 (exported) N2,NH=PE3 (imported) N3,NH=PE3 (imported PE1 Int3-Hub VRF (Import RT=Hub) N1,NH=PE1 N2,NH=PE2 BGP/RIPv2 3-Hub Site-3 Site-2 N2 2 Int2 VRF (Import RT=Spoke) (Export RT=Hub) N1,NH=PE3 (imported) N2,NH=2 (exported) N3,NH=PE3 (imported) PE2 PE3 Int3-Spoke VRF (Export RT=Spoke) N1,NH=3- Spoke N2,NH=3- Spoke N3,NH=3- Spoke BGP/RIPv2 3-Spoke N3 Traffic from one spoke to another will travel across the hub site Hub site may host central services Security, NAT, centralised Internet access 31

MPLS VPN Topologies VPN sites with Hub & Spoke routing If PE and Hub-site use BGP the PE should not check the received AS_PATH The update the Hub-site advertise contains the VPN backbone AS number By configuration the AS_PATH check is disabled Routing loops are detected through the SOO attribute PE and routers may use RIPv2 and/or static routing MPLS VPN Internet Routing In a VPN, sites may need to have Internet connectivity Connectivity to the Internet means: Being able to reach Internet destinations Being able to be reachable from any Internet source Security mechanism MUST be used as in ANY other kind of Internet connectivity 32

MPLS VPN Internet Routing The Internet routing table is treated separately In the VPN backbone the Internet routes are in the Global routing table of PE routers Labels are not assigned to external (BGP) routes P routers need not (and will not) run BGP The Overlay Solution L3 L2 L2 L3 L3 L3 L3 L2 L2 L3 L3 L3 L3 L2 L2 Physical L3 L3 L3 Logical Routing at layer 2 (ATM or FR) is used for traffic engineering Layer 3 sees a complete mesh routing at layer 3 is trivial 33

Overlay solution: drawbacks Extra network devices (cost) More complex network management (cost) two-level network without integrated network management additional training, technical support, field engineering IGP routing scalability issue for meshes Additional bandwidth overhead ( cell tax ) Traffic engineering with overlay R2 R3 R1 PVC for R2 to R3 traffic PVC for R1 to R3 traffic 34

Traffic engineering with Layer 3 R2 R3 R1 IP routing: destination-based least-cost routing Path for R2 to R3 traffic Path for R1 to R3 traffic under-utilized alternate path Traffic engineering with Layer 3 R2 R3 R1 IP routing: destination-based least-cost routing Path for R2 to R3 traffic Path for R1 to R3 traffic under-utilized alternate path 35

Traffic engineering with Layer 3 what is missing? Path computation based just on IGP metric is not enough Support for explicit routing (aka source routing ) is not available Key mechanisms Explicit routing (aka source routing ) Constrained-based Path Selection Algorithm Extensions to OSPF/ISIS for flooding of resources / policy information MPLS as the forwarding mechanism RSVP as the mechanism for establishing Label Switched Paths (LSPs) use of the explicitly routed LSP s in the forwarding table 36

Design Constraints Requires OSPF or IS-IS Unicast traffic Focus on supporting routing based on a combination of administrative + bandwidth constraints Link Attributes Resource attributes are configured on every link in a network Bandwidth Resource Class Affinity string (Policy) Resource attributes are flooded throughout the network bandwidth per priority Resource Class Affinity string (Policy) TE-specific link metric 37

Forwarding Packets on a TE Tunnel In Lbl - Address Prefix 128.89 Out I face 1 Out Lbl 4 In Lbl 4 Address Prefix 128.89 Out I face 0 Out Lbl 9 Entry Populated by TE Tunnel Setup - Tunnel Pred. 1 5 5 1 7 0 128.89 1 0 128.89.25.4 Data 5 128.89.25.4 Data 1 7 128.89.25.4 Data LSR Forwards Based on TE Label RSVP Extensions to RFC2205 for LSP Tunnels downstream-on-demand label distribution instantiation of explicit label switched paths allocation of network resources (e.g., bandwidth) to explicit LSPs rerouting of established LSP-tunnels in a smooth fashion using the concept of make-before-break tracking of the actual route traversed by an LSP-tunnel diagnostics on LSP-tunnels preemption options that are administratively controllable 38

Path Setup - Example R8 R2 R3 R4 Pop R9 R1 Label 49 Label 17 R6 R7 Label 32 R5 Label 22 Setup: Path (ERO = R1->R2->R6->R7->R4->R9) Reply: Resv communicates labels and reserves bandwidth on each link Link protection for R2-R4 link R8 R9 R2 R4 R1 Pop R5 17 R6 R7 22 Setup: Path (R2->R6->R7->R4) Labels Established on Resv message 39

Routing prior R2-R4 link failure R8 R9 R4 R1 37 R2 R6 14 R7 Pop R5 Setup: Path (R1->R2->R4->R9) Labels Established on Resv message Link Protection Active R8 R9 R2 R4 R1 R5 R6 R7 On failure of link from R2 -> R4, R2 simply changes outgoing Label Stack from 14 to <17, 14> 40

Link Protection Active R8 Swap 37->14 Push 17 Pop 14 R4 R9 Push 37 R1 R2 R5 R6 Swap 17->22 R7 Pop 22 Label Stack: R1 R2 R6 R7 R4 R9 37 17 22 14 None 14 14 MPLS TE FRR Node Protection Node protection allows to configure a back-up tunnel to the next-nexthop! This allows to protect against link AND node failure Protection against R6 failure R3 R4 R5 R1 R2 R6 R7 R8 R0 R9 41

MPLS TE FRR Node Protection Backup labels R3 21 R4 R5 20 R1 10 R2 11 R6 12 R7 R8 x Label for the protected LSP R9 MPLS TE FRR Node Protection Backup labels 20 R3 11 21 11 R4 11? R5 R1 10 R2 11 R6 12 R7 R8 x Label for the protected LSP The PLR learns the label to use from the RRO object carried in the Resv message when the reroutable LSP is first established With global label space allocation on the MP R9 42

MPLS TE FRR Node Protection Backup labels R3 21 12 R4 R5 20 12 12 R1 10 R2 11 R6 12 R7 R8 x Label for the protected LSP The PLR swaps 10 <-> 12, pushes 20 and forward the traffic onto the backup tunnel R9 43

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information