Delivering MPLS VPLS VPN Services With Metro Service Edge Platform Objective This paper outlines the overall network architecture and elements for delivering MPLS VPLS VPN services by extending MPLS (Multiprotocol Label Switching) to the aggregation and regional metro networks. Furthermore, the paper describes how Communications Services Providers (CSPs) can leverage MPLS capabilities as an anchor technology to deliver end-toend VPLS L2 VPN services by using OptiPacket (OP-X), MRV s Metro Service Edge, OptiSwitch (OS) 9000 high-density Carrier Ethernet pre-aggregation platform, and OS900 Carrier Ethernet service demarcation platforms. Introduction CSPs have been using and deploying MPLS technology for many years to efficiently manage and control traffic in their core networks by converging separated L2 and L3 residential, business and mobile service networks that had been built using diverse legacy technologies. The applicability, benefits, and proven success of MPLS technology are evident from the massive world-wide CSP s deployments that are continuously growing in number and size. Additionally, MPLS has been widely embraced by CSPs worldwide who exploit its substantial benefits as well its support for scalability, resiliency, sophisticated traffic engineering, VPNs (Virtual Private Networks), and multiservice transport over packet capabilities. MPLS provides a full suite of control protocols and data-handling that made the transformation of both L2 VPN and L3 VPN services possible. The convergence of diverse carrier network architectures has enabled CSPs to significantly reduce CapEx and OpEx. Consequently, CSPs have leveraged MPLS field-proven capabilities and extended MPLS to the metro, aggregation and access networks for handling data and control as well as provided better and consistent quality of experience to their residential and business customers. The extension of MPLS to the metro, aggregation, and access networks is fueled by the significant transformation that metro networks are undergoing as a result of the continuing hyper scale growth of residential, mobile, business and cloud services. The changing metro network architecture and traffic mix is representative of converged CSPs delivering residential (triple-play), mobile, business and cloud services. Extending MPLS to the metro and aggregation networks opens new business opportunities for CSPs and enables them to support the following deployment scenarios and applications: Connect customers from the same enterprise VPNs Connect customers and enterprises to applications/content/data centers/cloud Connect Data centers to Data centers Connect customers and enterprises to Internet MPLS in a Nutshell MPLS is a forwarding mechanism in which packets are forwarded by using label switching. A label (a number) is placed in a packet header and is used in place of an address (an IP address, usually) to direct the traffic to its destination. Label switching adds the strength of VLAN-based Carrier Ethernet switching to IP routing and consequently, the basic idea is to take the customer s Ethernet packets, and move these packets seamlessly to other locations without modifying them. MPLS enables the encapsulation of L2 and L3 protocols in labels. Furthermore, MPLS network can make packet-forwarding decisions without processing the content of the packet. 1
An MPLS domain is built of LERs (Label Edge Routers) that reside at the edge of the MPLS domain and interior LSRs (Label Switch Routers) that are located within the MPLS domain. The LERs need to process both MPLS frames and user traffic while Interior LSRs have to forward only MPLS frames (Figure 1). LERs are positioned on the Edge (Ingress/Egress) of the MPLS network. LSRs are located in the MPLS network, but not on the edges, and perform label swapping. Figure 1: MPLS Network components and traffic flow The following are the main functions performed on a flow in an MPLS network: 1. The Ingress LER examines the inbound packets, classifies the packet into a Forwarding Equivalence Class (FEC), generates an MPLS header, and assigns (binds) an initial label 2. Traffic-engineered Label Switch Paths (LSPs) called tunnels specify the path created by the labels. All the packets with the same attributes (FEC) will go through the same LSP. LSPs needs to be setup before data is forwarded 3. All other routers inside the external MPLS network look at labels only, not at the IP address 4. Interior LSRs forward the MPLS packets using label swapping (the processing is always on the top label) 5. The Egress LER removes the MPLS header and forwards the packet based on the destination address It we examine an Ethernet packet entering the ingress LER we can see the regular customer and Ethernet header field. We are then adding a new L2 header (new SA, new DA, Etype 0x8847) representing the remote peers of the VPN and two MPLS labels (Tunnel and Virtual Circuit labels), that multiplex LSPs on the same physical wire and therefore we need this label hierarchy in place for the multiplexing. With MPLS, it is possible to overcome the major drawbacks of conventional routing: 1. Connectionless IP does not support traffic engineering 2. It s not sufficient to implement QoS architectures with IP Additionally, MPLS has other advantages: 1. Scalability - Labels are local and multiple IP addresses can be associated with one or several labels 2. Simplicity The interior LSRs perform simple label switching. Only the edge device performs the more complicated task of classifying the packets into FEC and binding a label MPLS provides the underlying technology to build VPN (Virtual Private Network) offering enterprises with cost-effective VPN services including a rich suite of voice, video, and business-critical data applications with the desired level of performance and quality of service (QoS) over MPLS network. MPLS VPNs fall into two categories: MPLS L3 VPN and MPLS L2 (VPLS) VPN - refer to figure 2. MPLS L3 VPN provides multipoint IP transport to enable WAN interconnection across an MPLS-based network and is specified in RFC 4364 (BGP/MPLS VPN). MPLS L3VPN services require CSPs to manage internal routes on user networks. MPLS L2 VPN provides multipoint service that allows enterprise sites in geographically dispersed locations to easily interact as part of the same LAN. In essence, the MPLS VPLS VPNs provide transparent L2 VPN services that can seamlessly connect customers remote branches. The customer s network administrator has complete control over how the network is running without any protocol interaction with the provider s network. 2
The traditional MPLS L2 VPN services (Virtual Leased Line-VLL, also called Pseudowire/PW) ) provides point-to-point L2 VPN services on public networks. The PW virtual links enable sites to communicate as if they were directly connected by a link, but PW supports only point-to-point traffic exchange. VPLS is based on the traditional PW technology. It supports multipoint-to-multipoint communication and has proven to be a better solution for CSP.. Figure 2: L2 VPN and L3 VPN MPLS L2 (VPLS) VPN Services MPLS L2 VPNs are established by one or more point-to-point transparent tunnels (figure 3). Subscriber s L2 traffic, sent through the MPLS VPNs, is moved seamlessly across a core network running MPLS. The OptiPacket, OS9000 and OS900 MPLS VPNs solution components provide a high-bandwidth cost effective alternative to legacy Telco circuit leased lines. Figure 3: VPLS point-to-point transparent tunnel The following functions are performed in order to establish a point-to-point transparent tunnel through which subscriber s L2 traffic is sent and traversed across an MPLS-based core network. 1. MPLS signaling (i.e. CR-LDP, RSVP-TE) to establish L2 tunnels and to define their parameters 2. MPLS data encapsulation to forward service-specific data over the MPLS network 3. Binding subscribers/services to MPLS VPNs 4. Provision of QoS and SLA services for subscribers VPNs MPLS L2 (VPLS) VPN Technology Overview MPLS L2 VPN enables the transport of L2 customer traffic over provider MPLS network. The idea is to use MPLS in order to emulate virtual circuits (VCs) and enable to share the same physical link by multiple users. MPLS technology was adopted by IETF to provide VC provisioning over multi-protocol networks. In legacy ATM and Frame Relay networks, VCs defined connection-oriented services. With MPLS L2 VPN, the same functionality is provided by Ethernet in MPLS networks. MPLS L2 VC actually extends the customer LAN across an MPLS network over L2 VPN. In order to pass frames transparently from the VC ingress to the VC egress, the entire Ethernet frame is first encapsulated by creating a new L2 header including new SA and DA fields (refer to figures 4 and 1) with a VC label that identifies the VC on both ends. Another label (Tunnel label) is used for forwarding the frame along the established LSP. The interior LSRs forward the frame according to the Tunnel label that is used by the frames while traversing the MPLS network to the egress LER. Later, the Tunnel label is popped, according to the VC label (which is also popped), the OptiPacket, OS9000 and OS900 examine the outgoing interface/vlan identifier and delivers the Ethernet frames to their intended destinations. Figure 4: VC and tunnel label encapsulation 3
MPLS VPLS VPN Advantages 1. The CSP s network is transparent to customer network; therefore there is no need for complicated configuration (routing protocols) on the customer s side 2. Scalable solutions for CSPs to implement 3. Addition of MPLS VPLS VPN services requires relatively minimal configuration changes at the LERs with no changes to the interior network elements, and no modification of the destination MAC address is needed to achieve L2CP (Layer 2 Control Protocol) transparency 4. L2 VPN tunneling service supports any L2 or L3 traffic 5. Lower TCO (Total Cost of Ownership) solution for CSP & customer versus legacy alternatives MPLS and Quality of Service Functionality MPLS is a QoS-enabling technology that assigns application flows into connection-oriented paths and provides the required mechanisms for Traffic Engineering and bandwidth guarantees along these paths. MPLS supports the DiffServ model where QoS is provided by traffic differentiation, and the network elements in the MPLS network do not require to remember the state information about the flows as oppose to IntServ, where the network elements are required to remember the state information. MPLS enables the creation of traffic engineered LSP called tunnels. These tunnels can be created using either of the MPLS signaling protocols, CR-LDP (LDP tunnels) or RSVP-TE (RSVP tunnels). An important constraint that the administrator can define for a tunnel is the amount of required bandwidth. While the tunnel is established, the bandwidth is reserved on all the MPLS devices along the path. If, according to the internal admission control, there is not enough bandwidth available on one of the MPLS devices, that tunnel will either fail or be replaced by an existing tunnel with lower priority. Following the tunnel creation the MPLS devices apply policing and shaping to the traffic sent through the tunnel to ensure it doesn t exceed the reserved bandwidth capacity as specified in the tunnel definition. Furthermore, MPLS enables the assignment differentiated service levels to specific flows that use the same VC. Since VCs are used for L2 VPNs and the traffic is not necessarily comprised of IP packets, 802.1Q Tag VPT (VLAN Trunking Protocol) or DSCP (Differentiated Services Code Point) bits are used to classify packets into service levels. Then, the EXP bits in the MPLS header encapsulation are marked with an equivalent value (figure 5). When the frame is label switched from one LSR to the other, it is assigned with a priority based on the EXP bits value. Figure 5 Marking/mapping between layers Hierarchical VPLS (H-VPLS) Technology Overview VPLS requires that the PEs (Provider Edge) be fully meshed. Consequently, when the VPLS network is large, there is a large number of PWs. As a result, the PW signaling cost is very high and the network becomes more difficult to manage and expand. To address this challenge Hierarchical VPLS (H-VPLS) was introduced to simplify network management and improve network scalability. H-VPLS partitions the network into several edge domains that are interconnected using an MPLS core. Full mesh VPLS connectivity is limited to the core network only. H-VPLS was adopted by the industry as a defacto solution for MPLS extension for 1 st mile networks. Figure 6 Hierarchical hub-and-spoke mode 4
With H-VPLS the full mesh of tunnels is maintained between the hub sites (designed as PEs), while the MTU devices act as spoke PWs in a single or a dual-homed manner (figure 6). Such method creates hierarchy and reduces the configuration and service complexity. OptiPacket/OS9000/OS900 H-VPLS 1st & 2nd mile PE-r / MTU-s Spoke Advantages 1. Simplifies multipoint network architecture 2. Reduces signaling overhead for control plane 3. Minimizes the number of managed LSPs 4. Minimizes LDP peers in the core 5. Provides RSVP protection 6. Encapsulation of customers MAC addresses into external MAC between spoke & hub 7. Local switching as MTU-s (OS900) MPLS Protection Mechanisms MPLS supports the following major protection mechanisms that are outlined below. H-VPLS Dual-Homed VC An H-VPLS network is a VPLS constructed in two tiers of different hierarchy connected with one or more VCs. The first tier comprises a full mesh VPLS core/hub where all devices have routing and bridging capabilities, such devices called PE-rs. The second tier comprises of the VPLS edges/spokes, such devices called MTU-rs. The purpose of establishing an MPLS network in such form is to overcome the drawbacks of regular VPLS that arise in expanding and large-scale deployments: 1. The need to configure all PEs for each new device added 2. Bandwidth consumption due to signaling and packet replication 3. Long recovery/convergence time in case of failure of a VC The operational concept of an H-VPLS network is simplified: all traffic going from/to MTU to/from one of the PE-rs devices in the VPLS domain will go through a VC. The MTU needs only to be aware of the specific PE-rs (in the VPLS domain) to which it is connected and to establish a regular VC with it. In a Dual-Homing VC mode, the connection from the MTU will be made with two VCs to two different PE-rs devices in the same VPLS domain. One VC has a Primary role and remains active while the other VC (Secondary VC) remains in standby mode, ready to switch over in case the primary VC fails. Naturally, the goal is to rapidly switch over between the primary and secondary VC. When activating Dual-Homed VC on the OS9000/OS900 a sub-50ms fail-over time is guaranteed. LSP Path Protection This protection mechanism (figure 7) should be used in a non H-VPLS environment. In the previous protection mechanism, a sustainable network is established by creating two different VCs, which protected each other. As opposed to the first option, LSP path protection mechanism protects the same VC by creating two different LSPs through which the VC traffic may pass. This protection mechanism is available only when choosing RSVP as the tunnel label distribution protocol. It Figure 7 - LSP Path Protection requires that the user will configure two different RSVP paths and bind them to the same VC. In order to enable a path protection, one path should act as the primary path and the other as the secondary. MPLS Fast Reroute (FRR) MPLS FRR (RFC 4090) is a protection scheme that uses RSVP-TE signaling to provide sub 50ms recovery. FRR provides resiliency by creating either detour LSPs (Detour mode) for each protected LSP at each potential point of local failure or bypass tunnel to protect a potential failure point by taking advantage of MPLS label stacking, this bypass tunnel can protect a set of LSPs that have similar backup constraints (Facility mode). Why CSPs Prefer MPLS VPLS VPN? MPLS VPLS VPN services offer multiple benefits including: Control over routing is maintained by the enterprise without having to involve the CSP, which is typically favored by enterprises that prefer not to share their routing tables. With an MPLS VPLS VPN service, the enterprise autonomously implements and controls its own end-to-end networking and consequently maintain security and privacy and manage it with internal staff Scale in bandwidth (including flexible, granular bandwidth allocation per port and virtual connection) and number of VPNs, and user location 5
Rapid addition of new sites to the VPN - this is implemented without having to change the networking and routing configurations for all existing locations. When a new location is connected, it can automatically communicate with every existing location, and vice versa Protocol transparency - MPLS VPLS/VPNs have the inherent ability to transport higher-order protocols, including SNA, DECnet, IPX, making it an ideal method of supporting legacy application protocols that are still in use by some enterprises End-to-end Service OAM including MEF SOAM and MPLS OAM Strong Traffic Engineering Ethernet-friendly enables multipoint transparent VPN E-LAN services that are included in the standardized MEF Carrier Ethernet 2.0 services suite Resilience with multiple protection schemes (i.e. H-VPLS/Dual-Homed Virtual Circuit VC, LSP protection, and FRR) Security Lower cost compared with other WAN technologies Simplified maintenance combined with ease of implementation due to familiarity with Ethernet technology Rapid, flexible & simple service provisioning Delivering End-to-end MPLS VPLS VPN Services with OptiPacket and OptiSwitch OptiPacket Metro service edge, OS9000 high-density pre-aggregation platform, and OS900 services demarcation platforms enable the delivery of end-to-end MPLS VPLS VPN services with strict SLAs offering along with the following attributes (figure 8): Data plane: L2 in the access, VPLS/H-VPLS, MPLS PWs Protection: ERPS G.8032 and ELPS G.8031 in the access, FRR in the VPLS Metro network, dual home VC in the VPLS metro network OAM: End-to-End via MEF SOAM, L2 OAM over MPLS VCs MRV s Pro-Vision Service Delivery and Provisioning system complements the overall MPLS VPLS VPN solution by providing powerful, comprehensive, and intelligent software for automated service creation configuration, provisioning and management along with Web-based customer portal with SLA reporting. The typical network deployment scenario for MPLS VPLS VPN service delivery is based on H-VPLS or L2 VLAN in the access and MPLS-based service edge/core and depicted in figure 8: However, as discussed previously in this paper, in many cases MPLS technology is extended closer to the aggregation network due to the following reasons: 1. Service scalability MPLS label technology is scalable far beyond VLAN 4K tags 2. MAC explosion MPLS header is encapsulated with an external Ethernet MAC, and the MPLS hops only see the outer MAC, thus offering a significant saving of MAC learning tables 3. Traffic engineering & protection MPLS offers highly flexible mechanisms to create connection-oriented paths and predefined rules for protection 4. QoS signaling signaling protocols that are part of an MPLS create an effective mode for admission-control and resource reservation for class-based traffic 5. Simple addition of MPLS VPLS VPN service, that requires configuration changes only at the LERs 6. Service OAM based on unified MPLS control plane from aggregation to core Figure 8: End-to-end MPLS VPLS VPN service delivery with OptiPacket, OptiSwitch 900/9000 6
Additional MPLS VPLS VPN network deployment scenarios are depicted in figures 9 1. Each scenario provides its requirements and MRVs solution benefits. Figure 9: Layer 2 MEF Services over VPLS Figure 10: Protected Layer 2 Services with ERPS and FRR Figure 11: Layer 3 Routed Network over VPLS Figure 12: End-to-End MPLS Services 7
About OptiPacket The OptiPacket metro service edge platform builds on MRVís broader strategy to empower the optical edge by accelerating packet optical convergence with innovative hardware and intelligent software. The OptiPacket series positioned for the convergence, intelligence, and high capacity aggregation needed for next-generation Metro networks. Capitalizing on the latest innovations in packet and optical technologies, OptiPacket platform offers outstanding capacity to form factor ratio, efficiency and intelligence to support ultra-high-density 10Gbps and 100 Gbps interfaces. CSPs are able to deploy the OptiPacket platform as a packet-only solution in high-capacity mega POPs for broadband aggregation applications, or utilize it as an optical-only OTN platform for the transport and management of multiprotocol telecom networks. The flexibility of the OptiPacket platform is fully maximized when used as a converged packet-optical solution, as features from multiple layers can be combined according to a service providerís network demands. The unique capabilities of OptiPacket makes it easier for service providers to manage unpredictable bandwidth demand and create a strong foundation for software-defined networking (SDN), network functions virtualization (NFV) and consequently enable metro network transformation. About OptiSwitch MRV s OptiSwitch family is an award-winning line of compact Carrier Ethernet 2.0 service demarcation and preaggregation platforms that are trusted by the world s most prominent Tier 1 networks. The OptiSwitch platform enables service providers to transform their metro networks for a wide range of next-generation services from LTE mobile backhaul to wholesale Ethernet to cloud access services. MRV s Carrier Ethernet solution is empowered by an innovative and industry leading operating system MRV s Master-OS which allows ease of operation across products and applications throughout the network. Coupled with Pro-Vision, MRV s powerful and intelligent provision and management solution, MRV enables unprecedented time-to-market and network visibility for service provider networks of any size. About pro-vision Pro-Vision is MRV s service provisioning and management platform that improves operational efficiency by unifying the management of packet switching and optical transport equipment. Pro-Vision is the orchestration software overlay that enables convergence of the packet and optical layers into a robust access network capable of efficiently supporting new and existing services. Pro-Vision gives service providers the tools to easily design, provision, manage, diagnose, and optimize their packet and optical access networks. It is a centralized carrier-class, web based platform that uses intuitive GUI displays for service visibility, intelligence and control. Pro-Vision s suite of applications for automated service provisioning, assurance, monitoring, reporting, inventory and maintenance provide the foundation for software defined networking (SDN) and network function virtualization (NFV) functions on forward-looking service provider access networks. About MRV Communications MRV Communications is a global leader in converged packet and optical solutions that empower the optical edge. For more than two decades, the most demanding service providers, Fortune 1000 companies and governments worldwide have trusted MRV to provide best-in-class solutions and services for their mission critical networks. We help our customers overcome the challenge of orchestrating the ever-increasing need for capacity while improving service delivery and lowering network costs for critical applications such as cloud connectivity, high-capacity business services, mobile backhaul and data center connectivity. MRV operates worldwide sales and service offices across four continents. For more information contact info@mrv.com or visit www.mrv.com All statements, technical information and recommendations related to the products herein are based upon information believed to be reliable or accurate. However, the accuracy or completeness thereof is not guaranteed, and no responsibility is assumed for any inaccuracies. Please contact MRV Communications for more information. MRV Communications and the MRV Communications logo are trademarks of MRV Communications, Inc. Other trademarks are the property of their respective holders. The OptiPacket, OptiSwitch, Master-OS and Pro-Vision Trademarks and MRV Company Logo are the sole and exclusive property of MRV Communications. All other trademarks and logos mentioned in this white paper are the property of their respective owners. MRV-AN-PE Services 083114 Copyright 2014 MRV Communications, Inc. All Rights Reserved.