End-To-End QoS Architecture for s: MPLS Deployment in a Backbone Network Haeryong Lee, Jeongyeon Hwang, Byungryong Kang, Kyoungpyo Jun Electronics and Telecommunications Research Institute E-Mail: hrlee@etri.r& Abstract s enable companies to connect geographically dispersed oflces and remote workers via secure links to the private company network, using the public Internet as a backbone. Specially, service in the broadband data communication network is very important and necessary to take in users who want to specify group communication. mechanisms are needed which work over existing deployed backbones, and which can also be migrated to new backbones like MPLS. MPLS is the latest step in the evolution of multilayer switching in the Internet In this paper, we are trying to clarify how MPLS can be applied to creating s. For that, we researched an architectural model for building s in a MPLS domain. The proposed model takes advantage of both network layer peering and packet switching, and link layer circuit and per-stream switching. It comes with a design scheme and an implementation procedure for service in MPLS system. And then we describe MPLS based service procedures. And, we describe MPLS schemes that must be accommodated with existing network backbones and also provide for a full range of QoS characteristics. 1. Introduction A Virtual Private Network simulates the operation of a private wide are network(wan) over the public Internet. Especially, enterprises need a more affordable, scalable way to meet the demands of a growing community of remote users and to manage branch office connectivity. They need to be able to accommodate the pace and unpredictability of business by linking customers and partners into extranets on an ad-hoc basis. And they need to be able to provide all of this access to networked resources, including legacy systems and enterprise protocols, without compromising security. represent a tremendous market opportunity for service providers. The essence of a is its use of the next-generation public network infrastructure as the WAN backbone to supplement or replace costly long-distance leased or dial-up links in a private network. s will be deployed over a wide variety of public networks, not only the Internet but also service provider IP, frame relay and ATM networks. For the subscriber, sending private traffic via these next-generation public networks is not much different than sending internal correspondence by mail, or faxing sensitive documents through the PSTN. Information sent simply arrives at the appropriate destination, securely and reliably. Businesses should not need to, not do they want to, take responsibility for the intervening infrastructure. MPLS is an IETF standards based approach built on the efforts of the various proprietary multilayer switching solutions. schemes must be accommodated with existing network backbones and also provide for a full range of QoS characteristics. MPLS will allow packet based networks to provide a range of QoS service capabilities to IP flows, matching, for example, the current capabilities of ATM networks. When these mechanisms are applied to tunnels, this will allow for guaranteed QoS s, for which there is significant demand. This is more of a usage of MPLS rather than an intrinsic part of MPLS, however, as the same goal can be achieved by deploying s over other backbone technologies, such as ATM, which already provide a range of QoS capabilities. There is a spectrum of solutions from very MPLSspecific mechanisms on the one hand, to developing generic mechanisms which can be applied across different network infrastructures, including MPLS, on the other. The former seems quite restrictive since practical mechanisms must apply to existing networks, none of which currently support MPLS. In this paper, we define the general IP based services and explain the current status of IP s. It describes and diagrams some of the most popular IP applications. It also explains the underlying tunneling technology, including system components and industry standards for tunneling and tunnel based 0-7695-0771-9/00 $10.00 0 2000 EEE 479
security. On the second part, we researched an architectural model for building s in a MPLS domain. The proposed model takes advantage of both network layer peering and packet switching, and link layer circuit and per-stream switching. It comes with a design scheme and an implementation procedure for service in MPLS system. And then we describe MPLS based service procedures. Finally, we describe MPLS schemes that must be accommodated with existing network backbones and the usage of MPLS traffic engineering mechanisms to deliver QoS guarantees to tunnels for backbone networks. 2. Current Status of IP s In this section, we define the general IP based services and explain the current status of IP s. It describes some of the most concerned issues of IP s. It also explains the underlying tunneling technology, including system components and industry standards for tunneling and tunnel based security. IP s over the Internet are good business for everyone. But, the problem with IP s is implemented over the Internet is that it is difficult to guarantee QoS. Three major problems can be found with the existing IP technologies. The first one is the explosion in the number of virtual circuits, the lack of effective control over QoS, and the lack of security due to Internet's own characteristics. 2.1 Scalability Issue A large could easily support hundreds of thousands of such relationships, and the Internet could support many millions. This quickly creates the need for so many virtual circuits that the process becomes untenable. A network with N points of service would create N(N- 1)/2 virtual circuits if each service-point-to-partner flow were mapped to a virtual circuit. In a network with 10 service points, this is manageable for 45 virtual circuits. In a network with 200 service points(a medium-sized ), about 20,000 virtual circuits would be required. 2.2 QoS Issue Another problem is QoS on the network. IP applications today have no direct mechanism to specify QoS. A number of activities, including work on the Resource Reservation Protocol(RSVP) have been directed at adding QoS selectivity, but many carriers and users are uncomfortable with individually selectable QoS, given that it would probably require special billing for high QoS level selected. Policy management rules to establish QoS based on users, server, or relationships ye possible, but users question the size of the administration task. A more manageable strategy would be simply assign a QoS level to an entire, and this is how frame relay or ATM networks would work. Doing this with IP services is difficult, however, because the routing protocols like OSPF used to build routing tables do not exchange QoS information or information about how much of a given node's or trunk's resources are already used up. Without knowledge of the commitments already made by the network, it is impossible to route IP flows along paths where resources, and therefore QoS, could be guaranteed. 2.3 Security Issue Security is one of the most common concerns with Internet s, especially s that rely on the public Internet for transport. Unlike private line, frame relay, and ATM-based services, IP networks do not assign "dedicated" physical or logical pipes to particular applications, protocols, users, or locations. The latest IETF solution to address Internet security is called IPSec(1nternet Protocol Security). This secure tunneling protocol was originally introduced as part of the IPv6 protocol, but has been adapted for use in today's IPv4 networks (like the Internet). IPSec defines a modular framework for providing strong, robust security for traffic on IP networks. This framework defines mechanisms for establishing, managing, and terminating secure communication channels, or "tunnels," using well-defined procedures for authenticating and encrypting IP packets. The encrypted message will look like useless random characters to the hacker. IPSec also provides replay protection. The network drops a packet if it identifies the packet as being identical to one previously received. IPSec supports DES (Data Encryption Standard) and 3DES (Triple DES) encryption schemes. These encryption schemes use secret encoding and decoding keys that are difficult to decode. IKE (Internet Key Exchange) is an important extension to the most recent draft of the IPSec recommendation. IKE simplifies the process of assigning keys to devices that need to communicate via encrypted connections. Users should require their vendor to implement the most recent set of drafts. IPSec and IKE are widely supported and are considered to be the standards for security. 480
3. MPLS based s In this section we describe an architecture to solve both the virtual circuit multiplication problem and the QoS problem. Before QoS capable architectures are described, we briefly introduces MPLS which is likely to play an important role in QoS based s. MPLS is a fast emerging Internet Task Force standard for scaling the Internet. MPLS brings the same kind of label swapping based forwarding used in frame relay and ATM to the handling of IP traffic, regardless of the layer 2 technology. I- I MPLS A....... I- I Figure 1. Integrated MPLS service network MPLS performs this task by attaching labels to IP packets. The labels enable routers and switches to forward traffic based on information in the labels instead of having to inspect the various fields deep within each and every packet. The less time devices spend inspecting traffic, the more time they have to forward it. One of the main concerns is the s ability to deliver QoS to the network. In order to establish a two tunnel paths must be created, first is that of the connection and second is that of encryption of the information that will be transported. Unfortunately during the development of the second encryption tunnel, all information including the IP and MAC addresses are encrypted thus erasing any hope one may have to control QoS. Another MPLS benefit is the technology's ability to simplify the topologies of larger router networks. MPLS helps to flatten hierarchical and hop intensive routed infrastructures. It makes them easier to monitor, manage and operate. Users can also control QoS and general traffic flow more precisely to avoid congested, constrained or disabled links. Although MPLS does come across as being a great technological break through the truth is not everyone needs it. Only private or very large WANs with complex mesh topology must engineer traffic. Smaller networks such as point-to-point and star network configurations already have distinct routes. 3.1 Guaranteed Performance Performance is a broad term, which has a number of meanings relating to networking and networking equipment. With s, there are two principal concerns. First, due to the best-effort nature of IP networks, users want assurances that they can depend on their WANs to deliver reliable and predictable service. Second, because performing security functions such as encryption and key exchange are processor intensive, users want to know that security gear will not slow network connections and create bottlenecks. MPLS makes use of the guaranteed QoS features of ATM, which underlies many ISP networks. MPLS adds a special label to layer two traffic that describes how it should be switched through the underlying network. Many vendors are already shipping both diffserv and MPLS implementations, and a number of service providers are testing or even piloting these offerings. By combining diffserv and MPLS, IP providers will be able to offer users granular Service Level Agreements with assured performance. 4. MPLS Service procedure MPLS allows ISPs to offer services by providing a simple, flexible, and powerful tunneling mechanism. An ISP can deploy a by provisioning a set of LSPs to provide connectivity among the different sites in the. Each sites then advertises to the ISP a set of prefixes that are reachable within the local site. Site V Site V Site V2 Site V1 - Site V1 Tunnel... Site VZ Tunnel Figure 2. sites connection interface Site V1 Site V2 48 1
The ISP s routing system distributes this information by piggybacking labels in the routing protocol updates or by using a label distribution protocol. Identifiers allow a single routing system to support multiple s whose internal address spaces overlap with each other. Finally, each ingress LSR places traffic LSPs based on a combination of a packet s destination address and membership information. Supporting s with MPLS requires three basic functions. 4.1 Discovery of Membership The members in MPLS domain should be connected to a provider network and those members need to find out what other members there are in the. Members can join and leave the service network and those changes need to be known by all remaining members. Mechanisms to support discovery include manual configuration, client-server approaches, and notification provided by the provider network. The discovery of membership in one must not allow members of other s to be discovered. That is, discovery within a is kept separate from discovery in another in the same provider network. 4.2 Exchanging Reachability Information Members in the same must be exchange reachability information about their network layer addresses. These addresses may be in a different space from the provider network and may in fact overlap with other address spaces. Control traffic could include topology information specific to that. As with the discovery mechanism, the exchange of reachability and control traffic must be kept separate between s sharing the same provider network. 4.3 Carrying Data Traffics This mechanism enables data traffic to be carried between users within a. Data traffic from different s is kept separate. The discovery mechanism involves local configuration (id) and then propagation in LDP, OSPF, or BGP. The reachability exchange is also accomplished by LDP, OSPF, or BGP. Topology information is not propagated between member subnets over the MPLS network providing the service. Data traffic is carried on LSPs which are created to connect all members of the same. Reachability and control traffic are exchanged over LSPs which are setup between members in the same. Data traffic is carried on LSPs which are created to connect all members of the same. pc Workstation Site V1 Router ec+ Interface pc Pc...-+- Internet Interface Workstation Site V2 Figure 3. MPLS facilitates the deployment of s 5. MPLS Deployment in a Backbone Network Emerging technologies, such as MPLS (Multiprotocol Label Switching), promise to deliver improved IP network traffic engineering tools that will enable providers to more easily measure, monitor, and meet different service level requirements across their backbones. MPLS takes advantage of the intelligence in routers and the speed of switches, providing a way to map IP packets into connection-oriented transports like ATM and frame relay in a reasonably efficient and scalable way. It also provides for definition of a QoS within the MPLS header. MPLS uses layer three routing information to establish forwarding (routing) tables and to allocate resources. It uses layer two (frame relay, ATM, and other layer two protocols) to then switch or forward the information over the appropriate path. A special MPLS label, attached to an IP packet, is then associated with a particular entry in the forwarding table and specifies the next hop. Flows that have common routing and service level requirements typically take the same path through the network. The benefit is a consistent level of service for flows that are of higher priority. MPLS does require the deployment of LSRs (Label Switching Routers) in the network, which will impact the rate at which MPLSbased solutions are deployed, but implementations are becoming available now. MPLS is currently targeted for deployment in the backbone first. The emerging generation of MPLS-enabled devices that live within the network core and the service provider POP will operate in conjunction with devices 482
that live at the customer premises. In this scenario, the customer premises device could use technologies such as CBQ to classify traffic and DiffServRoS to mark it in a way that the service provider network understands the service level requirement. The network edge will then map the CPE-specified DiffServ/ToS service level specification into the QoS field of the MPLS header, providing a way to protect the service level definition on an end-to-end basis. LSR Even though the standards are still in draft form, MPLS has become a technology that is key to the future of larger-scale IP networks. MPLS has applications in the deployment of IP networks across ATM-based wide area networks, in providing traffic engineering capabilities to packet-based networks, in providing IP QoS capabilities, and in aiding the deployment of IPbased s. At the time of this writing, IETF is making progress with defining a standard for building core services in a service provider s MPLS backbone suitable for transporting labeled packets over the backbone. In the meantime, we have discussed the architectural and design considerations for a QoS capable MPLS service architecture. References ;NM-MPLS~/ MPLS!Network ij Network LSR 0 Labeled Packet (path I) i; Labeled Packet (path 2) ;/ unlabeled Packet (path 2);;..._......,,,......,,... :i... : Figure 4. MPLS deployment in a backbone The progress these QoS-related standards have made will allow service providers to extend SLAs from customer site to customer site and eventually across cooperative service provider boundaries. This crossnetwork SLA capability allows the building of s using multiple carriers as necessary, an option not available with most frame relay offerings. Clearly, there is a great deal of effort being devoted to ensuring IP performance across ISP backbones. Aside from the protocols described here, additional initiatives include IntServ (Integrated Services) and Constraint Based Routing. The benefits of assured performance and QoS mechanisms are obvious: they allow people to dictate the amount of bandwidth dedicated to each application and provide applications with predictable performance characteristics. Together, these technologies enable services with performance characteristics rivaling those of frame relay solutions but with the added benefit of being standards-based. Using these tools, one can implement s with confidence and begin migrating applications to converged IP networks. Service providers can use these tools to create unique services with guaranteed performance parameters. [I] http:nwww.ietf.orglinternet-drafts/draft-ouldbrahim-vpnvr-00.txt [2] E. Rosen and Y.Rekhter, BGP/MPLS s, RFC 2547, Mar. 1999.(Cisco) [3] Paul Ferguson and Geoff Huston, What is, The Internet Protocol Journal(Cisco and Telstra) [4] Cisco 10s Release 12.0(7)T, MPLS Virtu1 Private Network Enhancements (Cisc0) [5] Stefan0 Previdi, Introduction to MPLS-BGP-, Proceeding of MPLS Forum 2000, Apr. 2OOO(Cisco) [6] http:nsearch.ietf.org/intemet-drafts/draft-muthukrishnanmpls-corevpn-arch-00. txt [7] Rene Rigault, MPLS- Solution Developed by France Telecom, Proceeding of MPLS Forum 2000, Apr. 2000(FT) [8] Robert Pulley, Implementing s Using MPLS, Proceeding of MPLS Forum 2000, Apr. 2000(Harris & Jeffries) [9] Juan Manuel Ramos, Building Scaleable s in Metropolitan Areas, Proceeding of MPLS Forum 2000, Apr. 2000(Bell Nexxia) [lo]alan Talor, Pratical Deployment of Provider Based IP- s With MPLS, Proceeding of MPLS Forum 2000, Apr. 2000(Juniper) [ 111Karthik Muthukrishnan and Andrew malis, Core MPLS IP Architecture, IETF Draft, Jul. 2000.(Lucent) 5. Conclusion 483