Académique Documents
Professionnel Documents
Culture Documents
INTRODUCTION
Multi Protocol Label Switching (MPLS) has evolved from being a buzzword in
the networking industry to a widely deployed technology in service provider (SP)
networks. MPLS is a contemporary solution to address a multitude of problems faced by
present-day networks: speed, scalability, quality of service (QoS) management, and
traffic engineering. Service providers are realizing larger revenues by the implementation
of service models based on the flexibility and value added services provided by MPLS
solutions. MPLS also provides an elegant solution to satisfy the bandwidth management
and service requirements for next-generation IP–based backbone networks.
The basic idea behind this project is to get out the advantages of MPLS. Also we
would be talking about the VPN and later on we would be moving onto
implementation of MPLS over VPN. The targets to be met in the project are:
• To learn how to configure a router and then configure a couple of routers and
create a virtual private network
1.2 History
1
proposal, and was renamed "Label Switching". It was handed over to the IETF for open
standardization. The IETF work involved proposals from other vendors, and development
of a consensus protocol that combined features from several vendors' work.
One original motivation was to allow the creation of simple high-speed switches,
since for a significant length of time it was impossible to forward IP packets entirely in
hardware. However, advances in VLSI have made such devices possible. Therefore the
advantages of MPLS primarily revolve around the ability to support multiple service
models and perform traffic management. MPLS also offers a robust recovery framework
that goes beyond the simple protection rings of synchronous optical networking
(SONET/SDH).
2
Chapter 2
INTERNET
2.1 Introduction
Figure 2.1: Visualization of the various routes through a portion of the Internet
The Internet is a global system of interconnected computer networks that use the
standard Internet Protocol Suite (TCP/IP) to serve billions of users worldwide. It is a
network of networks that consists of millions of private and public, academic, business,
and government networks of local to global scope that are linked by a broad array of
electronic and optical networking technologies. The Internet carries a vast array of
information resources and services, most notably the inter-linked hypertext documents of
the World Wide Web (WWW) and the infrastructure to support electronic mail.
3
Most traditional communications media, such as telephone and television
services, are reshaped or redefined using the technologies of the Internet, giving rise to
services such as Voice over Internet Protocol (VoIP) and IPTV. Newspaper publishing
has been reshaped into Web sites, blogging, and web feeds. The Internet has enabled or
accelerated the creation of new forms of human interactions through instant messaging,
Internet forums, and social networking sites.
The origins of the Internet reach back to the 1960s when the United States funded
research projects of its military agencies to build robust, fault-tolerant and distributed
computer networks. This research and a period of civilian funding of a new U.S.
backbone by the National Science Foundation spawned worldwide participation in the
development of new networking technologies and led to the commercialization of an
international network in the mid 1990s, and resulted in the following popularization of
countless applications in virtually every aspect of modern human life. As of 2009, an
estimated quarter of Earth's population uses the services of the Internet.
Technology is developing rapidly and methods for connecting to the Internet change
almost daily. In the Ithaca area, the following types of connections are most commonly
available:
4
1. Cable: a cable data connection transfers information from the Internet to your
computer and from your computer to the network, through your cable television
connection. Cable connections provide high speeds of data transfer downstream, from
the Internet to your computer, but are slower when sending data from your computer
to the network. Additionally, transfer rates are affected by the number of subscribers
online simultaneously. All connections originate on one line per street, so signals
degrade as more subscribers come online. Cable connections can be used by
individual subscribers to connect one computer to one line, or can be used to connect
multiple computers in a building to the Internet.
2. Dialup: data is transmitted through an analog phone connection. You connect to the
Internet by using your phone line to dial into an ISP’s line. An analog connection is
the slowest type of connection available, and will not permit you to use your
telephone for a voice connection at the same time that you are connected to the
Internet. Dialup connections allow only one computer at a time, per line, to be
connected. Cornell offers the EZ-Remote dialup service.
3. DSL (Digital Subscriber Line): DSL and its variations (such as ADSL -
Asymmetric Digital Subscriber Line), use normal phone lines to transmit and receive
data digitally. Unlike a cable connection, DSL allows you exclusive use of the line –
there is no signal degradation caused by other users. Like cable connections, DSL
offers high-speed connectivity, and allows you to use your phone and be online at the
same time. DSL can be used for individuals who want to connect one computer to one
line, or for an extra investment DSL can be used to connect a building to the Internet.
5
5. T1: is a digital transmission technology that uses copper wire. T1 could be used to
provide data service to an entire building, and data wiring would distribute the service
throughout the building. T1 is the technology used on the Cornell campus. A T1
connection requires a substantial investment and because of this, may not be the most
desirable means of connecting your house.
6. Wireless: is a high-speed technology that transmits data over radio waves. Wireless
transmission can be used to provide connectivity from an ISP to an entire building,
however, service will be dependent on the existence of a clear line of sight between
the ISP and the building. Within a building, a wireless local area network (LAN) can
connect multiple computers to each other and to the Internet. Wireless is a technology
that is continually developing.
6
Figure 2.3: A multicast forwarding pattern, typical of PIM
7
transmitted by one device is seen by every other device attached to the cable. Ethernet
nodes implement unicast by ignoring packets not directly addressed to them. A wireless
network is naturally multicast - all devices within a reception radius of a transmitter can
receive its packets. Wireless nodes ignore packets addressed to other devices, but require
forwarding to reach nodes outside their reception radius.
At nodes where multiple outgoing links are available, the choice of which, all, or
any to use for forwarding a given packet requires a decision making process that, while
simple in concept, is sometimes bewilderingly complex. Since a forwarding decision
must be made for every packet handled by a node, the total time required for this can
become a major limiting factor in overall network performance. Much of the design effort
of high-speed routers and switches has been focused on making rapid forwarding
decisions for large numbers of packets.
The forwarding decision is generally made using one of two processes: routing,
which uses information encoded in a device's address to infer its location on the network,
or bridging, which makes no assumptions about where addresses are located and depends
heavily on broadcasting to locate unknown addresses. The heavy overhead of
broadcasting has led to the dominance of routing in large networks, particularly the
Internet; bridging is largely relegated to small networks where the overhead of
broadcasting is tolerable. However, since large networks are usually composed of many
smaller networks linked together, it would be inaccurate to state that bridging has no use
on the Internet; rather, its use is localized.
Virtual: Virtual means not real or in a different state of being. In a VPN, private
communication between two or more devices is achieved through a public network the
Internet. Therefore, the communication is virtually but not physically there.
Private: Private means to keep something a secret from the general public. Although
those two devices are communicating with each other in a public environment, there is no
8
third party who can interrupt this communication or receive any data that is exchanged
between them.
Network: A network consists of two or more devices that can freely and electronically
communicate with each other via cables and wire. A VPN is a network. It can transmit
information over long distances effectively and efficiently.
The term VPN has been associated in the past with such remote connectivity
services as the (PSTN), Public Switched Telephone Network but VPN networks have
finally started to be linked with IP-based data networking. Before IP based networking
corporations had expended considerable amounts of time and resources, to set up
complex private networks, now commonly called Intranets. These networks were
installed using costly leased line services, Frame Relay, and ATM to incorporate remote
users. For the smaller sites and mobile workers on the remote end, companies
supplemented their networks with remote access servers or ISDN.
Small to medium-sized companies, who could not afford dedicated leased lines,
used low-speed switched services. As the Internet became more and more accessible and
bandwidth capacities grew, companies began to put their Intranets onto the web and
create what are now known as Extranets to link internal and external users. However, as
cost-effective and quick-to-deploy as the Internet is, there is one fundamental problem –
security. Today’s VPN solutions overcome the security factor using special tunneling
protocols and complex encryption procedures, data integrity and privacy is achieved, and
the new connection produces what seems to be a dedicated point-to point connection.
And, because these operations occur over a public network, VPNs can cost significantly
less to implement than privately owned or leased services. Although early VPNs required
extensive expertise to implement, technology has matured to a level where deployment
can be a simple and affordable solution for businesses of all sizes.
Virtual simply put, a VPN, Virtual Private Network, is defined as a network that uses
public network paths but maintains the security and protection of private networks. For
example, Delta Company has two locations, one in Los Angeles, CA (A) and Las Vegas,
Nevada (B). In order for both locations to communicate efficiently, Delta Company has
9
the choice to set up private lines between the two locations. Although private lines would
restrict public access and extend the use of their bandwidth, it will cost Delta Company a
great deal of money since they would have to purchase the communication lines per mile.
The more viable option is to implement a VPN. Delta Company can hook their
communication lines with a local ISP in both cities. The ISP would act as a middleman,
connecting the two locations. This would create an affordable small area network for
Delta Company.
1) Trusted VPN: A customer “trusted” the leased circuits of a service provider and used
it to communicate without interruption. Although it is “trusted” it is not secured.
2) Secure VPN: With security becoming more of an issue for users, encryption and
decryption was used on both ends to safeguard the information passed to and fro. This
ensured the security needed to satisfy corporations, customers, and providers.
3) Hybrid VPN: A mix of a secure and trusted VPN. A customer controls the secure
parts of the VPN while the provider, such as an ISP, guarantees the trusted aspect.
4) Provider-provisioned VPN: A VPN that is administered by a service provider.
10
If a VPN is set up between site A and site B, all traffic between those sites will be
encrypted. All traffic between either of these sites and other sites on the Internet, for
example, with which no VPN relationship exists will be sent "in the clear."
VPNs also can represent a terrific cost saving over private networks. The March
1996 issue of US Computer reported that using encrypted "tunnels" over the Internet to
connect LANs and WANs can reduce costs 23-50%.
Our engineers can build a VPN solution designed especially for the needs of your
company. CN Virtual Private Networks can be crafted with the right mix of access and
security to ensure that only your own people can gain access and all others cannot.
Figure 2.5: A typical VPN might have a main LAN at a company's corporate
headquarters, other LANs at remote offices or facilities, and individual users
connecting from the field.
11
2.4.3 The Future of VPNs
Where do we see Virtual Private Networks going in the future? As far as its
appeal to the public it varies substantially. Questions arise of whether businesses need to
switch or implement a VPN due to a decrease in the costs of long distance or leased lines.
At this point, why would the company want to switch its network when expenses have
gone down? Also, companies may worry whether or not their current networks are
application friendly if they were to switch to a VPN. If not, factors to consider would be
additional costs of the conversion, and if it would be worth the expenses. Furthermore, as
VPNs are growing, they are becoming more complex, thus, increasing costs for training.
All these lead to hidden costs for the VPN technology, which may hinder the success of a
VPN. However, we should expect VPNs to strengthen its standards and products and
correct its flaws to avoid these uncertainties.
Despite all the doubts, VPN will continue to grow and improve to make VPN
dominant in the market; thus, giving companies no choice but to switch. VPN providers
along with Internet providers continue to view different aspects possible to be able to
make any necessary improvements, and also help VPN clients be comfortable with the
new technology. As stated in InformationWeek.com, “…GTE Internetworking,
incumbent providers such as Bell Atlantic Corp. and MCI WorldCom…have stepped in
to help companies handle VPN activation, security, and management” (By: Terry
Sweeney). A case from Internetweek.com speaks of a VPN provider, Equant NV,
enhancing their IP VPN by adding a service designed for video traffic, which is directed
at large enterprises “that are cutting back on business travel but still want employees to
interact regularly with distant colleagues.”
12
Allow more control to local support organizations over VPN so they can create new
accounts and be able to reset passwords.
The future should also expect networks to converge to create an integrated VPN
to fit the many different industries that will soon enter the market. Since majority of VPN
users are currently large companies, smaller companies should begin to join the trend due
to the increasing variety of VPNs to choose from. Also, designing improved protocols
will also improve VPNs. The flexibility and performance of VPNs would then improve
also by reducing protocol or data traffic in the tunnels, and customizing the ISP to work
more closely with individual business needs since system reliability is dependent on these
ISPs.
Customer Customer
Premises Premises
Today Future
13
Chapter 3
ACCESS TECHNOLOGIES
DSL is a wire line transmission technology that transmits data faster over
traditional copper telephone lines already installed to homes and businesses. DSL-based
broadband provides transmission speeds ranging from several hundred Kbps to millions
of bits per second (Mbps). The availability and speed of your DSL service may depend
on the distance from your home or business to the closest telephone company facility.
14
Asymmetrical Digital Subscriber Line (ADSL) – used primarily by residential
customers, such as Internet surfers, who receive a lot of data but do not send much.
ADSL typically provides faster speed in the downstream direction than the upstream
direction. ADSL allows faster downstream data transmission over the same line used
to provide voice service, without disrupting regular telephone calls on that line.
Symmetrical Digital Subscriber Line (SDSL) – used typically by businesses for
services such as video conferencing, which need significant bandwidth both upstream
and downstream
Digital Subscriber Line (DSL) is a family of technologies that provides digital data
transmission over the wires of a local telephone network. DSL originally stood for digital
subscriber loop. In telecommunications marketing, the term Digital Subscriber Line is
widely understood to mean Asymmetric Digital Subscriber Line (ADSL), the most
commonly installed technical varieties of DSL. DSL service is delivered simultaneously
with regular telephone on the same telephone line as it uses a higher frequency band that
is separated by filtering.
The data throughput of consumer DSL services typically ranges from 384 KB/s to 20
MB/s in the direction to the customer, depending on DSL technology, line conditions,
and service-level implementation. Typically, the data throughput in the reverse direction,
i.e. in the direction to the service provider is lower, hence the designation of asymmetric
service, but the two are equal for the Symmetric Digital Subscriber Line (SDSL) service.
15
Fig. 3.1 A DSL Modem
Cable modem service enables cable operators to provide broadband using the same
coaxial cables that deliver pictures and sound to your TV set.
Most cable modems are external devices that have two connections, one to the cable
wall outlet and the other to a computer. They provide transmission speeds of 1.5
Mbps or more.
Subscribers can access their cable modem service simply by turning on their
computers without dialing-up an ISP. You can still watch cable TV while using it.
Transmission speeds vary depending on the type of cable modem, cable network, and
traffic load. Speeds are comparable to DSL
Cable modem is a type of Network Bridge and modem that provides bi-directional
data communication via radio frequency channels on a cable television (CATV)
infrastructure. Cable modems are primarily used to deliver broadband Internet access in
the form of cable Internet, taking advantage of the high bandwidth of a cable television
network. They are commonly deployed in Australia, Europe, and North and South
America. In the USA alone there were 22.5 million cable modem users during the first
quarter of 2005, up from 17.4 million in the first quarter of 2004.
3.1.3 Fiber
Fiber, or fiber optic, is a newer technology available for providing broadband. Fiber
optic technology converts electrical signals carrying data to light and sends the light
through transparent glass fibers about the diameter of a human hair. Fiber transmits
data at speeds far exceeding current DSL or cable modem speeds, typically by tens or
even hundreds of Mbps.
The actual speed you experience will vary depending upon a variety of factors, such
as how close to your computer the service provider brings the fiber, and how the
service provider configures the service, including the amount of bandwidth used. The
16
same fiber providing your broadband can also simultaneously deliver voice (VoIP)
and video services, including video-on-demand.
Telecommunications providers (mostly telephone companies) are offering fiber
broadband in limited areas and have announced plans to expand their fiber networks
and offer bundled voice, Internet access, and video services.
Variations of the technology run the fiber all the way to the customer’s home or
business, to the curb outside, or to a location somewhere between the provider’s facilities
and the customer. DSL and cable Internet are fast. To put it simply, fiber optic Internet is
faster.
Ultra fast Internet traveling on a beam of light, that's fiber optic Internet. While most
fiber optic networks are not currently as far reaching as broadband or DSL high speed
Internet service, they are most certainly the future of communication. Of course, if your
neighborhood is wired, you can take advantage of fiber optic Internet by bringing the
future of communications and entertainment to your home today!
Coupled with our Best Price Guarantee, you can experience the speed of light by
ordering fiber optic Internet safe in the knowledge that you're getting one of the best
products at the best price. Enter your address in the "Find Services" box above to see
which providers can get you connected on a lightning quick fiber optic network.
• BPL is the delivery of broadband over the existing low and medium voltage electric
power distribution network. BPL speeds are comparable to DSL and cable modem
speeds. BPL can be provided to homes using existing electrical connections and
outlets.
• BPL is an emerging technology, currently available in very limited areas. It has
significant potential because power lines are installed virtually everywhere,
alleviating the need to build new broadband facilities to every customer.
17
3.2wireless Technologies
3.2.1 W LAN
Wireless LANs or "WLANs" are the equivalent of wired LANs (usually Ethernet)
without the wires. They are meant for office environments and even home use. Other
wireless technologies are outlined under "Wireless Communications." Mobile wireless
(cellular telephones) is discussed under "Wireless Mobile Communications." Wireless
access service (broadband Internet connections) is covered under "Wireless Broadband
Access Technologies."
A related wireless technology is the wireless PAN (personal area network), which
is a limited-range network for interconnecting mobile devices connecting with peripheral
devices. Note that WLANs and PANs are very similar, except that the range of PANs is
intentionally limited so that groups of people in the same area (conference room,
restaurants, airport terminal) can spontaneously connect. By limiting the range, a typical
office can have many different PANs operating at the same time. See "Bluetooth" and
"Wireless PANs (Personal Area Networks)."
3.2.2 WiFi
19
Figure 3.3: A typical consumer-quality Wi-Fi access point
A Wi-Fi enabled device such as a personal computer, video game console, mobile
phone, MP3 player or personal digital assistant can connect to the Internet when within
range of a wireless network connected to the Internet. The coverage of one or more
(interconnected) access points — called a hotspot — can comprise an area as small as a
few rooms or as large as many square miles. Coverage in the larger area may depend on a
group of access points with overlapping coverage. Wi-Fi technology has been used in
wireless mesh networks, for example, in London.
In addition to private use in homes and offices, Wi-Fi can provide public access at
Wi-Fi hotspots provided either free-of-charge or to subscribers to various commercial
services. Organizations and businesses - such as those running airports, hotels and
restaurants - often provide free-use hotspots to attract or assist clients. Enthusiasts or
authorities who wish to provide services or even to promote business in selected areas
20
sometimes provide free Wi-Fi access. As of 2008 more than 300 metropolitan-wide Wi-
Fi (Muni-Fi) projects had started. As of May 2008 the Czech Republic had 879 Wi-Fi
based Wireless Internet service providers.
Routers that incorporate a digital subscriber line modem or a cable modem and a
Wi-Fi access point, often set up in homes and other premises, can provide Internet-access
and internetworking to all devices connected (wirelessly or by cable) to them. One can
also connect Wi-Fi devices in ad-hoc mode for client-to-client connections without a
router. Wi-Fi also enables places that would traditionally not have network access to
connect, for example bathrooms, kitchens and garden sheds.
3.2.3 Bluetooth
Features:
21
‘always on’ connectivity
3.2.4 WMAN
3.2.5 WiMAX
Figure 3.5: WiMAX base station equipment with a sector antenna and wireless
modem on top
22
Figure 3.6: A pre-WiMAX CPE of a 26 km (16 mi) connection mounted 13 meters
(43 ft) above the ground (2004, Lithuania).
23
3.2.7 GSM (Global System for Mobile Communications)
Originally from (Group Special Mobile) is the most popular standard for mobile
telephone systems in the world. The GSM Association, its promoting industry trade
organization of mobile phone carriers and manufacturers, estimates that 80% of the
global mobile market uses the standard. GSM is used by over 3 billion people across
more than 212 countries and territories. Its ubiquity enables international roaming
arrangements between mobile phone operators, providing subscribers the use of their
phones in many parts of the world. GSM differs from its predecessor technologies in that
both signaling and speech channels are digital, and thus GSM is considered a second
generation (2G) mobile phone system. This also facilitates the wide-spread
implementation of data communication applications into the system.
24
Chapter 4
4.1 Introduction
For any two systems to communicate, they must be able to identify and locate
each other. While these addresses in below Figure are not actual network addresses, they
represent and show the concept of address grouping. This uses the A or B to identify the
network and the number sequence to identify the individual host. A computer may be
connected to more than one network. In this situation, the system must be given more
than one address. Each address will identify the connection of the computer to a different
network. A device is not said to have an address, but that each of the connection points,
or interfaces, on that device has an address to a network. This will allow other computers
to locate the device on that particular network. The combination of letter (network
address) and the number (host address) create a unique address for each device on the
network. Each computer in a TCP/IP network must be given a unique identifier, or IP
address. This address, operating at Layer 3, allows one computer to locate another
computer on a network. All computers also have a unique physical address, known as a
MAC address. These are assigned by the manufacturer of the network interface card.
MAC addresses operate at Layer 2 of the OSI model.
25
address 128.10.2.1. This way of writing the address is called the dotted decimal format.
In this notation, each IP address is written as four parts separated by periods, or dots.
Each part of the address is called an octet because it is made up of eight binary digits. For
example, the IP address 192.168.1.8 would be 11000000.10101000.00000001.00001000
in binary notation. The dotted decimal notation is an easier method to understand than the
binary ones and zeros method. This dotted decimal notation also prevents a large number
of transposition errors that would result if only the binary numbers were used. Using
dotted decimal allows number patterns to be more easily understood. Both the binary and
decimal numbers in the Figure represent the same values, but it is easier to see in dotted
decimal notation. This is one of the common problems found in working directly with
binary number. The long strings of repeated ones and zeros make transposition and
omission errors more likely. It is easy to see the relationship between the numbers
192.168.1.8 and 192.168.1.9, where 11000000.10101000.00000001.00001000 and
11000000.10101000.00000001.00001001 are not as easy to recognize. Looking at the
binary, it is almost impossible to see that they are consecutive numbers
26
be a unique number, because duplicate addresses would make routing impossible. The
first part identifies the system's network address. The second part, called the host part,
identifies which particular machine it is on the network.
IP addresses are divided into classes to define the large, medium, and small
networks. Class A addresses are assigned to larger networks. Class B addresses are used
for medium-sized networks and Class C for small networks. The first step in
determining which part of the address identifies the network and which part identifies the
host is identifying the class of an IP address.
16 million host addresses available. Class A IP addresses use only the first octet to
indicate the network address. The remaining three octets provide for host addresses.
The first bit of a Class A address is always 0. With that first bit a 0, the lowest
number that can be represented is 00000000, decimal 0. The highest number that can be
represented is 01111111, decimal 127. The numbers 0 and 127 are reserved and cannot
27
be used as network addresses. Any address that starts with a value between 1 and 126 in
the first octet is a Class A address.
The 127.0.0.0 network is reserved for loopback testing. Routers or local machines
can use this address to send packets back to themselves. Therefore, this number cannot be
assigned to a network.
The Class B address was designed to support the needs of moderate to large-sized
networks. A Class B IP address uses the first two of the four octets to indicate the
network address. The other two octets specify host addresses.
The first two bits of the first octet of a Class B address are always 10. The
remaining six bits may be populated with either 1s or 0s. Therefore, the lowest number
that can be represented with a Class B address is 10000000, decimal 128. The highest
number that can be represented is 10111111, decimal 191. Any address that starts with a
value in the range of 128 to 191 in the first octet is a Class B address.
The Class C address space is the most commonly used of the original address
classes. This address space was intended to support small networks with a maximum of
254 hosts.
A Class C address begins with binary 110. Therefore, the lowest number that can
be represented is 11000000, decimal 192. The highest number that can be represented is
11011111, decimal 223. If an address contains a number in the range of 192 to 223 in the
first octet, it is a Class C address.
The Class D address space, much like the other address spaces, is mathematically
constrained. The first four bits of a Class D address must be 1110. Therefore, the first
octet range for Class D addresses is 11100000 to 11101111, or 224 to 239. An IP address
that starts with a value in the range of 224 to 239 in the first octet is a Class D address.
28
A Class E address has been defined. However, the Internet Engineering Task
Force (IETF) reserves these addresses for its own research. Therefore, no Class E
addresses have been released for use in the Internet. The first four bits of a Class E
address are always set to 1s. Therefore, the first octet range for Class E addresses is
11110000 to 11111111, or 240 to 255.
In the below Figure, the section that is identified by the upper box represents the
198.150.11.0 network. Data that is sent to any host on that network (198.150.11.1-
198.150.11.254) will be seen outside of the local area network as 198.150.11.0. The only
time that the host numbers matter is when the data is on the local area network. The LAN
that is contained in the lower box is treated the same as the upper LAN, except that its
network number is 198.150.12.0.
Broadcast address – Used for broadcasting packets to all the devices on a network
In the Figure, the section that is identified by the upper box represents the
198.150.11.255 broadcast address. Data that is sent to the broadcast address will be read
29
by all hosts on that network (198.150.11.1- 198.150.11.254). The LAN that is contained
in the lower box is treated the same as the upper LAN, except that its broadcast address is
198.150.12.255.
An IP address that has binary 0s in all host bit positions is reserved for the
network address. In a Class A network example, 113.0.0.0 is the IP address of the
network, known
as the network ID, containing the host 113.1.2.3. A router uses the network IP address
when it forwards data on the Internet. In a Class B network example, the address
176.10.0.0 is a network address.
In a Class B network address, the first two octets are designated as the network
portion. The last two octets contain 0s because those 16 bits are for host numbers and are
used to identify devices that are attached to the network. The IP address, 176.10.0.0, is an
example of a network address. This address is never assigned as a host address. A host
address for a device on the 176.10.0.0 network might be 176.10.16.1. In this example,
“176.10” is the network portion and “16.1” is the host portion.
30
IP address that they can recognize and process. Broadcast IP addresses end with binary 1s
in the entire host part of the address.
In the network example, 176.10.0.0, the last 16 bits make up the host field or host
part of the address. The broadcast that would be sent out to all devices on that network
would include a destination address of 176.10.255.255. This is because 255 is the
decimal value of an octet containing 11111111.
The stability of the Internet depends directly on the uniqueness of publicly used
network addresses. In the Figure below, there is an issue with the network addressing
scheme. In looking at the networks, both have a network address of 198.150.11.0. The
router in this illustration will not be able to forward the data packets correctly. Duplicate
network IP addresses prevent the router from performing its job of best path selection.
Unique addresses are required for each device on a network.
A procedure was needed to make sure that addresses were in fact unique.
Originally, an organization known as the Internet Network Information Center (InterNIC)
handled this procedure. InterNIC no longer exists and has been succeeded by the Internet
Assigned Numbers Authority (IANA). IANA carefully manages the remaining supply of
31
IP addresses to ensure that duplication of publicly used addresses does not occur.
Duplication would cause instability in the Internet and compromise its ability to deliver
packets to networks.
Public IP addresses are unique. No two machines that connect to a public network
can have the same IP address because public IP addresses are global and standardized.
All machines connected to the Internet agree to conform to the system. Public IP
addresses must be obtained from an Internet service provider (ISP) or a registry at some
expense.
With the rapid growth of the Internet, public IP addresses were beginning to run
out. New addressing schemes, such as classless interdomain routing (CIDR) and IPv6
were developed to help solve the problem.
32
4.5 IPv4 versus IPv6
When TCP/IP was adopted in the 1980s, it relied on a two-level addressing
scheme. At the time this offered adequate scalability. Unfortunately, the designers of
TCP/IP could not have predicted that their protocol would eventually sustain a global
network of information, commerce, and entertainment. Over twenty years ago, IP
Version 4 (IPv4) offered an addressing strategy that, although scalable for a time,
resulted in an inefficient allocation of addresses.
Figure 4.4: with class A and B virtually exhausted, class C addresses (12.5 percent of
the total space) are left to assign to new networks.
The Class A and B addresses make up 75 percent of the IPv4 address space,
however fewer than 17,000 organizations can be assigned a Class A or B network
number. Class C network addresses are far more numerous than Class A and Class B
addresses, although they account for only 12.5 percent of the possible four billion IP
addresses.
Unfortunately, Class C addresses are limited to 254 usable hosts. This does not
meet the needs of larger organizations that cannot acquire a Class A or B address. Even if
there were more Class A, B, and C addresses, too many network addresses would cause
Internet routers to come to a stop under the burden of the enormous size of routing tables
required to store the routes to reach each of the networks.
As early as 1992, the Internet Engineering Task Force (IETF) identified the
following two specific concerns:
33
Exhaustion of the remaining, unassigned IPv4 network addresses. At the time, the
Class B space was on the verge of depletion.
The rapid and large increase in the size of Internet routing tables occurred as more
Class C networks came online. The resulting flood of new network information
threatened the ability of Internet routers to cope effectively.
Over the past two decades, numerous extensions to IPv4 have been developed.
These extensions are specifically designed to improve the efficiency with which the 32-
bit address space can be used. Two of the more important of these are subnet masks and
classless interdomain routing (CIDR).
When a computer is configured to use the same IP address each time it powers up,
this is known as a static IP address. In contrast, in situations when the computer's IP
address is assigned automatically, it is known as a dynamic IP address.
34
Even though IP addresses assigned using DHCP may stay the same for long periods of
time, they can generally change. In some cases, a network administrator may implement
dynamically assigned static IP addresses. In this case, a DHCP server is used, but it is
specifically configured to always assign the same IP address to a particular computer.
This allows static IP addresses to be configured centrally, without having to specifically
configure each computer on the network in a manual procedure.
Routing protocols are the software that allow routers to dynamically advertise
and learn routes, determine which routes are available and which are the most efficient
routes to a destination. Routing protocols used by the internet protocol suite include:
Routing is the process of moving data from one network to another network.
Within a network, all hosts are directly accessible and do not need to pass data through
a default gateway. All hosts on the same network are directly connected and can
communicate directly with each other.
Routed protocols
Routed protocols are nothing more than data being transported across the
networks. Routed protocols include:
35
• Internet protocol
• Novell IPX
• Open standards institute networking protocol
• DECNet
• AppleTalk
• Banyan vines
• Xerox Network System (XNS)
Outside a network, specialized devices called routers are used to perform the
routing process of forwarding packets between networks. Routers are connected to the
edges of two or more networks to provide connectivity between them. These devices are
usually dedicated machines with specialized hardware and software to speed up the
routing process. These devices send and receive routing information to each other about
networks that they can and cannot reach. Routers examine all routes to a destination,
determine which routes have the best metric, and insert one or more routes into the ip
routing table on the router. By maintaining a current list of known routes, routers can
quickly and efficiently send your information on it's way when received.
Cisco, Juniper, Bay, Nortel, 3COM, Cabletron, etc. Each company's product is
different in how it is configured, but most will interoperate so long as they share common
physical and data link layer protocols (Cisco HDLC, FR, PPP over serial, Ethernet etc.).
Before purchasing a router for your business, always check with your internet provider to
see what equipment they use, and choose a router which will interoperate with your
internet provider's equipment.
Static:
Static routing is not really a protocol, simply the process of manually entering
routes into the routing table via a configuration file that is loaded when the routing device
starts up. As an alternative, these routes can be entered by a network administrator who
36
configures the routes. Since these routes don't change after they are configured (unless a
human changes them) they are called 'static' routes.
Static ROUTING is the simplest form of ROUTING, but it is a manual process and does
not work well when the ROUTING information has to be changed frequently or needs to be
configured on a large number of ROUTING devices (ROUTERS). Static ROUTING also does not
handle outages or down connections well because any ROUTE that is configured manually
must be reconfigured manually to fix or repair any lost connectivity.
Dynamic:
A router will 'learn' routes to all directly connected networks first. It will then
learn routes from other routers that run the same routing protocol. The router will then
sort through its list of routes and select one or more 'best' routes for each network
destination it knows or has learned.
Dynamic protocols will then distribute this 'best route' information to other
routers running the same routing protocol, thereby extending the information on what
networks exist and can be reached. This gives dynamic routing protocols the ability to
adapt to logical network topology changes, equipment failures or network outages 'on
the fly'.
Routing is the process of moving data from one network to another. Routing is
unnecessary unless you have multiple networks on different address ranges (different
combinations of ip addresses and masks, for example). If you don't, you need to look at
bridging or switching. You don't need to run a routing protocol unless you have
multiple networks served by more than one router (and even then, manual static routes
are easier for small networks). Once you get beyond three routers, it's time to start
thinking about dynamic routing protocols. If you are connecting your networks to the
37
internet, you will also need to think about running more than one kind of routing
protocol.
To get from place to place outside your network(s), i.e. on the internet, you must
use an exterior gateway protocol. Exterior gateway protocols handle routing outside an
Autonomous System and get you from your network, through your internet provider's
network and onto any other network. BGP is used by companies with more than one
internet provider
Examples of an EGP:
Border Gateway Protocol (BGP)
38
4.7.2.1 Distance Vector:
Distance:
Vector:
From the standpoint of routing protocols, the vector is the interface traffic
forwarded out in order to reach a given destination network along a route or path
selected by the routing protocol as the best path to the destination network.
• AppleTalk RTMP
• IPX Rip
• IP Rip
• IGRP
Well supported
Protocols such as Rip have been around a long time and most, if not all devices
that perform routing will understand Rip.
39
4.7.2.2 Link state Protocols:
Link state protocols track the status and connection type of each link and produce
a calculated metric based on these and other factors, including some set by the network
administrator. Link state protocols know whether a link is up or down and how fast it is
and calculate a cost to 'get there'. Since routers run routing protocols to figure out how to
get to a destination, you can think of the 'link states' as being the status of the interfaces
on the router. Link state protocols will take a path which has more hops, but that uses a
faster medium over a path using a slower medium with fewer hops.
Because of their awareness of media types and other factors, link state protocols
require more processing power (more circuit logic in the case of ASICs) and memory.
Distance vector algorithms being simpler require simpler hardware.
A comparison:
See fig. below. If all routers were running a distance vector protocol, the path or
'route' chosen would be from a » b directly over the isdn serial link, even though that link
is about 10 times slower than the indirect route from a » c » d » b.
A link state protocol would choose the a » c » d » b path because it's using a faster
medium (100 Mb Ethernet). In this example, it would be better to run a link state routing
protocol, but if all the links in the network are the same speed, then a distance vector
protocol is better.
40
Fig.
Rip is a dynamic, distance vector routing protocol based around the Berkeley
BSD application routed and was developed for smaller IP based networks. Rip uses
UDP port 520 for route updates. Rip calculates the best route based on hop count. Like
all distance vector routing protocols, Rip takes some time to converge. While Rip
requires less CPU power and RAM than some other routing protocols, Rip does have
some limitations:
Since Rip calculates the best route to a destination based solely on how many
hops it is to the destination network, Rip tends to be inefficient in network using more
than one LAN protocol, such as fast Ethernet and serial or token ring. This is because
Rip prefers paths with the shortest hop count. The path with the shortest hop count
might be over the slowest link in the network.
Rip cannot handle more than 15 hops. Anything more than 15 hops away is
considered unreachable by Rip. This fact is used by Rip to prevent routing loops.
41
Configuring a Cisco router for Rip requires a series of configuration steps. First
you must turn on the Rip routing protocol, then you must identify the network that will
be advertised and which interfaces will advertise it with the network statement.
Router> enable
Password:
Router# conf t
Router(config)#interface ethernet 0
Router(config-if)# exit
Router(config-router)# exit
Router(config-router)# ^z
Router#
The example above assumes that the interfaces that will be running Rip have IP
addresses on them that fall within the 204.191.42.0, and 204.191.43.0 class C ranges.
42
Open shortest path first (OSPF) is a routing protocol which was first defined as
version 2 in RFC 2328. It is used to allow routers to dynamically learn routes from
other routers and to advertise routes to other routers. Advertisements containing routes
are referred to as link state advertisements (LSAs) in OSPF. OSPF router keeps track of
the state of all the various network connections (links) between itself and a network it is
trying to send data to. This makes it a link-state routing protocol. OSPF supports the use
of classless IP address ranges and is very efficient. OSPF uses areas to organize a
network into a hierarchal structure; it summarizes route information to reduce the
number of advertised routes and thereby reduce network load and uses a designated
router (elected via a process that is part of OSPF) to reduce the quantity and frequency
of link state advertisements. OSPF does require the router have a more powerful
processor and more memory than other routing protocols.
OSPF selects the best routes by finding the lowest cost paths to a destination. All
router interfaces (links) are given a cost. The cost of a route is equal to the sum of all
the costs configured on all the outbound links between the router and the destination
network, plus the cost configured on the interface that OSPF received the link state
advertisement on.
OSPF routers serve in various roles depending upon where they are located and which
areas they participate in.
Internal routers
An internal router connects only to one OSPF area. All of its interfaces connect to
the area in which it is located and does not connect to any other area.
If a router connects to more than one area, it will be one of the following types of
routers.
Backbone Routers
43
Backbone routers have one or more interfaces in area 0 (the backbone area).
A router that connects more than one area is called an area border router or ABR.
Usually an ABR is used to connect non-backbone areas to the backbone. If OSPF
virtual links are used an ABR will also be used to connect the area using the
virtual link to another non-backbone area.
OSPF elects two or more routers to manage the link state advertisements:
Every OSPF area will have a designated router and a backup designated router.
The designated router (DR) is the router to which all other routers within an area send
their link state advertisements. The designated router will keep track of all link state
updates and make sure the LSAs are flooded to the rest of the network using reliable
multicast transport.
The election process which determines the designated router will also elect a
backup designated router (BDR). The BDR takes over from the DR when the DR fails.
OSPF areas
OSPF areas are used to impose a hierarchical structure to the flow of data over the
network. A network using OSPF will always have at least one area and if there is more
44
than one area, one of the two areas must be the backbone area. Areas are used to group
routers into manageable groups that exchange routing information locally, but
summarize that routing information when advertising the routes externally. A standard
OSPF network looks something like a big bubble (the backbone area) with a lot of
smaller bubbles (stub areas) attached directly to it. Area border routers (ABR) are used
to connect the areas. Each area will elect a Designated Router (DR) and a Backup
Designated Router (BDR) to assist in flooding link state advertisements (LSAs)
throughout the area.
Backbone (Area 0)
The backbone is the first area you should always build in any network using OSPF
and the backbone is always Area 0 (zero). All areas are connected directly to the OSPF
backbone area. When designing an OSPF backbone area, you should make sure there is
little or no possibility of the backbone area being split into two or more parts by a router
or link failure. If the OSPF backbone is split due to hardware failures or access lists,
sizeable areas of the network will become unreachable.
A totally stubby area is only connected to the backbone area. A totally stubby /
totally stub area does not advertise the routes it knows. It does not send any link state
advertisements. The only route a totally stub area receives is the default route from an
external area, which must be the backbone area. This default route allows the totally stub
area to communicate with the rest of the network.
Stub area
Stub areas are connected only to the backbone area. Stub areas do not receive routes
from outside the Autonomous System, but do receive the routes from within the
Autonomous System, even if the route comes from another area.
45
4.7.5 Border gateway protocol (BGP)
BGP has gone through three revisions. The current version in use is bgp4 and is
supported by most router manufacturers including Cisco, Lucent/Bay, Juniper and many
others, as well as by Unix and Linux programs such as Zebra.
BGP uses a TCP connection to send routing updates using TCP port 179. BGP is
therefore by definition a 'reliable' protocol. While BGP version 3 provides for the
dynamic learning of routes, BGP 4 adds additional route dampening functionality,
communities, and MD5 and Multicasting capability.
Peering is when you exchange routes with another BGP speaking device. There
are two types of peering sessions:
An internal peer is a BGP speaking neighbor who has the same as number as you
do. An internal peer will only pass on the best routes it knows from its own
connections.
46
External peers have different AS numbers. An external peer will pass on all the
best routes it knows or has learned from any other peer to all other directly connected
external peers. Routers speaking eBGP gab everything they know to their neighbors
unless you install a gag (a route filter).
The American registry for internet numbers (ARIN) defines Autonomous System
numbers as:
"Autonomous System numbers (ASNs) are globally unique numbers that are
used to identify Autonomous Systems (ASes) and which enable an AS to exchange
exterior routing information between neighboring ASes. An AS is a connected group of
IP Networks that adhere to a single and clearly defined routing policy."
47
'AS numbers'. The American registry for internet numbers (ARIN) is the authority
responsible for tracking and assigning these numbers as well as managing IP address
allocations and assignments. ARIN charges a fee to organizations wishing to obtain an
AS number to cover the administrative costs associated with managing as number
registrations and assignments.
To receive an AS number from ARIN, you must be able to prove you are 'Dual
Homed' to the internet, which means that you have more than one internet provider with
which you plan to run BGP. You must also have a 'Unique Routing Policy' that differs
from your BGP peers.
As # Provider
9829 BSNL
If it is not necessary to connect to the internet, or you are part of a special type of
BGP configuration you can use any of the as numbers 64512 through 65535. However,
these numbers should not be seen on the global internet. One example of when you
might use private AS numbers is in BGP confederations. The confederation AS number
should not be seen on the global internet.
BGP learns and exchanges path information regarding the route to a given
destination network by keeping lists of AS numbers and associating them with
destination networks. This is why AS numbers should be unique. BGP makes certain
that an AS number does not appear in a path more than once, thereby preventing routing
loops.
48
BGP session timers
There are two primary timers in BGP. The first is the hold down timer; the other
is the keep alive interval.
The hold down timer indicates how long a router will wait between hearing
messages from its neighbor. The hold down timer defaults to 180 seconds on a Cisco
router, but can be reconfigured. The timer starts at zero and counts its way up to the
hold down timer value. If either a keepalive or update message is not received in that
time, then the router declares the peering session dead, places all routes learned from
that peer into a 'dampened' state and attempts to reset the session.
To be certain that a BGP session stays up and functional, keep alive messages are
exchanged. The keep alive interval counts down to zero and then sends out another keep
alive. There is no timer for route updates, as updates happen dynamically on an
incremental basis.
BGP messages exchange information and help maintain state between the two routers in
the peering session.
BGP Packets
Keep alive
49
This is the packet used to keep the session running when there are no updates.
Keep alives are sent between BGP speakers to let each other know they are still there.
When a BGP router fails to hear a keep alive message, it removes all routes heard from
that peer from its Forwarding Information Base (FIB).
Notification
Notifications are used to send error messages when an update is received but is corrupt,
or when the router needs to turn down the session unexpectedly.
Open
Open messages are used to start a BGP session by requesting that a BGP session be
opened over an existing TCP/IP session.
Update
This message type contains the actual route updates. The route updates are composed of
the following:
Updates received are placed in the routing information base (RIB). If a route in an
update message is better than all other routes in the RIB, then that route is placed in the
Forwarding Information Base (FIB).
50
Chapter 5
NETWORK ELEMENTS
5.1 Hubs
In the most basic type of network found today, nodes are simply connected
together using hubs. As a network grows, there are some potential problems with this
configuration:
51
network with a large number of nodes on the same segment will often have a lot of
collisions and therefore a large collision domain.
5.2 Switches
Switches are a fundamental part of most networks. They make it possible for
several users to send information over a network at the same time without slowing each
other down. Just like routers allow different networks to communicate with each other,
switches allow different nodes (a network connection point, typically a computer) of a
network to communicate directly with one another in a smooth and efficient manner.
Switches that provide a separate connection for each node in a company's internal
network are called LAN switches. Essentially, a LAN switch creates a series of instant
networks that contain only the two devices communicating with each other at that
particular moment
While hubs provide an easy way to scale up and shorten the distance that the
packets must travel to get from one node to another, they do not break up the actual
network into discrete segments. That is where switches come in.
52
any one of those roads to the road of your choosing? That is exactly what a switch does
for network traffic. A switch is like a cloverleaf intersection -- each car can take an exit
ramp to get to its destination without having to stop and wait for other traffic to go by.
A vital difference between a hub and a switch is that all the nodes connected to a
hub share the bandwidth among themselves, while a device connected to a switch port
has the full bandwidth all to itself. For example, if 10 nodes are communicating using a
hub on a 10-Mbps network, then each node may only get a portion of the 10 Mbps if
other nodes on the hub want to communicate as well. But with a switch, each node could
possibly communicate at the full 10 Mbps. Think about our road analogy. If all of the
traffic is coming to a common intersection, then each car it has to share that intersection
with every other car. But a cloverleaf allows all of the traffic to continue at full speed
from one road to the next.
In a fully switched network, switches replace all the hubs of an Ethernet network
with a dedicated segment for every node. These segments connect to a switch, which
supports multiple dedicated segments (sometimes in the hundreds). Since the only
devices on each segment are the switch and the node, the switch picks up every
transmission before it reaches another node. The switch then forwards the frame over the
appropriate segment. Since any segment contains only a single node, the frame only
reaches the intended recipient. This allows many conversations to occur simultaneously
on a switched network.
53
Switching allows a network to maintain full-duplex Ethernet. Before switching,
Ethernet was half-duplex, which means that data could be transmitted in only one
direction at a time. In a fully switched network, each node communicates only with the
switch, not directly with other nodes. Information can travel from node to switch and
from switch to node simultaneously.
Most networks are not fully switched because of the costs incurred in replacing all
of the hubs with switches. Instead, a combination of switches and hubs are used to create
an efficient yet cost-effective network. For example, a company may have hubs
connecting the computers in each department and then a switch connecting all of the
department-level hubs.
54
5.3 Routers
Routers connect LANs at the Network layer of the OSI model Routers connect
LANs that use the same Network-layer protocol, such as IPX-to-IPX and IP-to-IP.
Because routers operate at the Network layer, they can be used to link dissimilar LANs,
such as ARCNET, Ethernet, and Token Ring.
Two networks connected via a router are physically and logically separate
networks. Network-layer protocols have their own addressing scheme separate from the
addressing scheme of MAC-layer protocols. This addressing scheme may or may not
include the MAC-layer addresses of the network cards. Each network attached to a router
must be assigned a logical identifier, or network address, to designate it as unique from
other physical networks.
For example, NetWare’s IPX routers (NetWare file servers or external NetWare
routers using ROUTER.EXE) use each LAN card’s MAC-layer address and a logical
address for each network assigned by the router installer.
A router can support single or multiple Network-layer protocols. Net Ware 2.2
File servers and Net Ware external routers, for example only support NetWare’s IPX
55
protocol. NetWare 3.11 file servers on the other hand, can route IPX, IP and Apple Talk,
if the proper routing software is loaded into the file server. Dedicated routers from
Proteon, Cisco, Wellfleet, and others can route a number of different protocols.
Routers only forward traffic addressed to the other side. This means that local
traffic on one LAN will not affect performance on another. Routers can be proprietary
devices, or can be software and hardware residing in a general purpose computer, such as
a PC.
Like transparent bridges, routers maintain routing tables. A router’s routing table,
however, keeps track of network addresses and possible routes between networks, not
individual node addresses. Using routers, redundant paths between networks can be
established, and traffic will be routed between networks based on some algorithm to
determine the best path. The simplest routers usually select the path with the fewest
number of router hops as the best path. More intelligent routers consider other factors,
such as the relative response times of various possible routes, when selecting the best
path.
The routing update timer controls the time between routing updates. Default is
usually 30 seconds plus a small random delay to prevent all rip routers from sending
updates simultaneously.
The route time out timer controls when a route is no longer available. The default
is usually 180 seconds. If a router has not seen a route in an update during this specified
interval it is dropped from the router’s announcements. The route is maintained long
enough for the router to advertise the route as down (hop count 16)
The route flush timer controls how long before a route is completely flushed from
the routing table. The default setting is usually 120 seconds.
5.4 Bridges
There are two types of bridges local bridges and remote bridges. Local bridges
have two or more LAN ports and act as a bridge between two or more LANs.
A remote bridge has a LAN and a WAN port and is actually not a bridge. It's a half-
bridge. Only together with its counterpart on the remote LAN it is a full bridge. This
56
means that the bridge on the local LAN plus the bridge on the remote LAN plus the wires
(leased lines) that connect the two are an entire bridge.
Having said this we can start with the description of bridges.
General
Bridges are only concerned with the MAC layer, so this device is placed at OSI layer 2.
But that is not entirely correct. As the OSI reference model divides layer 2 into the LLC
and the MAC sub-layers, a bridge is actually a MAC sub-layer device. A bridge doesn't
havetospeak802.2(LLC). This does mean that a bridge does not worry about higher layers
and doesn't bother about protocols. A bridge is protocol transparent. It does also mean
that the different MAC layer standards can be connected to each other with a bridge. So
token ring and Ethernet can be connected to each other by means of a bridge.
Usage
Bridges are used in situations where repeaters would not function or are not wanted. It
could be one of the following reasons or a combination.
There are various reasons for the use of a bridge and we will not go into detail about
it. The following description shows the way a bridge works and will hopefully explain
the various reasons by it.
A bridge reads the outermost section of data on the data packet, to tell where the
message is going. It reduces the traffic on other network segments, since it does not send
all packets. Bridges do not normally allow connection of networks with different
architectures. The hardware address is also called the MAC (media access control)
57
address. To determine the network segment a MAC address belongs to, bridges use one
of:
5.5 Gateways
Protocol conversion- When a message is prepared for transmission, each layer adds
control information, unique to the protocol used in that layer. The gateway must be
able to convert control information used by each layer so that the receiving system
receives the control information in the format it expects. Services affected may
include message segmentation and reassembly, data flow control, and error detection
and recovery.
58
Chapter 6
With the advent of MPLS, VPN and dedicated broadband services such as cable
modem and DSL, the end may loom for the Frame Relay protocol and encapsulation.
However many rural areas remain lacking DSL and cable modem services. In such cases
the least expensive type of "always-on" connection remains a 64-kbit/s frame-relay line.
Thus a retail chain, for instance, may use Frame Relay for connecting rural stores into
their corporate WAN.
59
6.1.1 Advantages:
6.1.2 Disadvantages:
60
well as real-time media transport. ATM uses a connection-oriented model and establishes
a virtual circuit between two endpoints before the actual data exchange begins.
ATM is a core protocol used over the SONET/SDH backbone of the Integrated Services
Digital Network
ATM supports voice, video and data allowing multimedia and mixed services over a
Single network.
High evolution potential, works with existing, legacy technologies
Provides the best multiple service support
Supports delay close to that of dedicated services
Supports the broadest range of burstiness, delay tolerance and loss performance
through the implementation of multiple QoS classes
Provides the capability to support both connection-oriented and connectionless traffic
using AALs
Able to use all common physical transmission paths like SONET.
Cable can be twisted-pair, coaxial or fiber-optic
Ability to connect LAN to WAN
Legacy LAN emulation
Efficient bandwidth use by statistical multiplexing
Scalability
Higher aggregate bandwidth
High speed Mbps and possibly Gbps
61
New customer premises hardware and software are required
Competition from other technologies -100 Mbps FDDI, 100 Mbps Ethernet and fast
Ethernet
Presently the applications that can benefit from ATM such as multimedia are rare
the wait, with all the promise of ATM’s capabilities many details are still in the
standards process.
6.3 Ethernet
62
6.3.1 Advantages:
1) Conceptually Simple:
Ethernet is simply daisy-chained together with coax cable and "T" adapters. There are
usually no hubs, transceivers, or other devices used.
2. Relatively Inexpensive:
Due to the simplicity inherent in the design of Ethernet, it can be an inexpensive
technology to implement.
3. Noise Immunity:
The coaxial cable used in a Ethernet network is very well shielded, and has a
very high immunity from electrical noise caused by outside sources.
6.3.2 Disadvantages:
1. Difficult To Change:
Reconfiguring a Ethernet is somewhat difficult to do once it is in place. Any
changes to the network will result in at least some "down time," as the bus must be
broken and a new section spliced in at the point of the break.
2. Fault Intolerant:
If any device or cable section attached to the network fails, it will most likely
make the entire network go down.
3. Difficult Troubleshooting
Ethernet networks are very difficult to troubleshoot. There is no easy way to
determine what node or cable section is causing a problem, and the network must be
troubleshot by a "process of elimination." This can be very time consuming.
4. Specialized Cable
The RG-58A/U coaxial cable used in Ethernet networks cannot be used for any
other purpose. In the event that the network is changed to another type, then the cable
will have to be replaced.
63
6.4 IP Routing
IP Routing is an umbrella term for the set of protocols that determine the path
that data follows in order to travel across multiple networks from its source to its
destination. Data is routed from its source to its destination through a series of routers,
and across multiple networks. The IP Routing protocols enable routers to build up a
forwarding table that correlates final destinations with next hop addresses.
The Internet, for the purpose of routing, is divided into Autonomous Systems (ASs).
An AS is a group of routers that are under the control of a single administration and
exchange routing information using a common routing protocol. For example, a corporate
intranet or an ISP network can usually be regarded as an individual AS. The Internet can
be visualized as a partial mesh of ASs. An AS can be classified as one of the following
three types.
• A Stub AS has a single connection to one other AS. Any data sent to, or received
from, a destination outside the AS must travel over that connection. A small campus
network is an example of a stub AS.
64
• A Transit AS has multiple connections to one or more ASs, which permits data that
is not destined for a node within that AS to travel through it. An ISP network is an
example of a transit AS.
• A Multihomed AS also has multiple connections to one or more ASs, but it does not
permit data received over one of these connections to be forwarded out of the AS
again. In other words, it does not provide a transit service to other ASs. A
Multihomed AS is similar to a Stub AS, except that the ingress and egress points for
data traveling to or from the AS can be chosen from one of a number of connections,
depending on which connection offers the shortest route to the eventual destination. A
large enterprise network would normally be a multihomed AS.
An Interior Gateway Protocol (IGP) calculates routes within a single AS. The IGP
enables nodes on different networks within an AS to send data to one another. The IGP
also enables data to be forwarded across an AS from ingress to egress, when the AS is
providing transit services.
Routes are distributed between ASs by an Exterior Gateway Protocol (EGP). The
EGP enables routers within an AS to choose the best point of egress from the AS for the
data they are trying to route.
The diagram below illustrates the different types of AS in a network. OSPF, IS-IS and
RIP are IGPs used within the individual ASs; BGP is the EGP used between ASs.
65
Figure 6.3: IP routing
6.4.1 Advantages
6.4.2 Disadvantages
5) Usually designed to obtain shortest path-do not take into account additional metrics.
66
Chapter 7
7.1 Introduction
MPLS operates at an OSI Model layer that is generally considered to lie between
traditional definitions of Layer 2 (Data Link Layer) and Layer 3 (Network Layer), and
thus is often referred to as a "Layer 2.5" protocol. It was designed to provide a unified
data-carrying service for both circuit-based clients and packet-switching clients which
provide a datagram service model. It can be used to carry many different kinds of traffic,
including IP packets, as well as native ATM, SONET, and Ethernet frames.
Multiprotocol Label Switching (MPLS) has evolved from being a buzzword in the
networking industry to a widely deployed technology in service provider (SP) networks.
MPLS is a contemporary solution to address a multitude of problems faced by present-
day networks: speed, scalability, quality of service (QoS) management, and traffic
engineering. Service providers are realizing larger revenues by the implementation of
67
service models based on the flexibility and value added services provided by MPLS
solutions. MPLS also provides an elegant solution to satisfy the bandwidth management
and service requirements for next-generation IP–based backbone networks.
68
As shown in Figure 7.1, in the data forwarding path, the following process takes place:
In MPLS enabled networks, packets are forwarded based on labels. These labels
might correspond to IP destination addresses or to other parameters, such as QoS classes
and source address. Labels are generated per router (and in some cases, per interface on a
router) and bear local significance to the router generating them. Routers assign labels to
define paths called Label Switched Paths (LSP) between endpoints. Because of this, only
the routers on the edge of the MPLS network perform a routing lookup.
69
Figure 7.2 illustrates the same network as depicted in Figure 1-1 with MPLS
forwarding where route table lookups are performed only by MPLS edge border routers,
R1 and R4. The routers in MPLS network R1, R2, and R3 propagate updates for
172.16.10.0/24 network via an IGP routing protocol just like in traditional IP networks.
This leads to the creation of an IP forwarding table. Also, because the links connecting
the routers are MPLS enabled, they assign local labels for destination 172.16.10.0 and
propagate them upstream to their directly connected peers using a Label Distribution
Protocol (LDP); for example, R1 assigns a local label L1 and propagates it to the
upstream neighbor R2. R2 and R3 similarly assign labels and propagate the same to
upstream neighbors R3 and R4, respectively. Consequently, as illustrated in Figure 1-2,
the routers now maintain a label forwarding table to enable labeled packet forwarding in
addition to the IP routing table. The concept of upstream and downstream is explained in
greater detail in the section "MPLS Terminology."
As shown in Figure 6.2, the following process takes place in the data forwarding
path from R4 to R1:
1. R4 receives a data packet for network 172.16.10.0 and identifies that the path to the
destination is MPLS enabled. Therefore, R4 forwards the packet to next-hop Router
R3 after applying a label L3 (from downstream Router R3) on the packet and
forwards the labeled packet to R3.
2. R3 receives the labeled packet with label L3 and swaps the label L3 with L2 and
forwards the packet to R2.
3. R2 receives the labeled packet with label L2 and swaps the label L2 with L1 and
forwards the packet to R1.
4. R1 is the border router between the IP and MPLS domains; therefore, R1 removes the
labels on the data packet and forwards the IP packet to destination network
172.16.10.0.
70
7.4 Architectural Blocks of MPLS
MPLS functionality on Cisco devices is divided into two main architectural blocks:
• Data plane— performs the functions relating to forwarding data packets. These
packets can be either Layer 3 IP packets or labeled IP packets. The information in the
data plane, such as label values, is derived from the control plane. Information
exchange between neighboring routers creates mappings of IP destination prefixes to
labels in the control plane, which is used to forward data plane labeled packets.
Figure 7.3: depicts the control plane and data plane functions.
71
7.5 MPLS Terminology
• MPLS Label Switch Router (LSR) — performs the function of label switching; the
LSR receives a labeled packet and swaps the label with an outgoing label and
forwards the new labeled packet from the appropriate interface. The LSR, depending
on its location in the MPLS domain, can either perform label disposition (removal,
also called pop), label imposition (addition, also called push) or label swapping
(replacing the top label in a label stack with a new outgoing label value). The LSR,
depending on its location in the MPLS domain, might also perform label stack
imposition or disposition. The concept of a label stack is explained later in this
section. During label swapping, the LSR replaces only the top label in the label stack;
the other labels in the label stack are left untouched during label swapping and
forwarding operation at the LSR.
Figure 6.4 depicts the network in Figure 6.2 with all routers identified as LSRs or
Edge LSRs based on their location and operation in the MPLS domain.
• MPLS Label Switched Path (LSP) — The path from source to destination for a data
packet through an MPLS-enabled network. LSPs are unidirectional in nature. The
72
LSP is usually derived from IGP routing information but can diverge from the IGP's
preferred path to the destination.
73
• Upstream and downstream— The concept of downstream and upstream are pivotal
in understanding the operation of label distribution (control plane) and data
forwarding in an MPLS domain. Both downstream and upstream are defined with
reference to the destination network: prefix or FEC. Data intended for a particular
destination network always flows downstream. Updates (routing protocol or label
distribution, LDP) pertaining to a specific prefix are always propagated upstream.
This is depicted in Figure 1-5 where downstream with reference to the destination
prefix 172.16.20.0/24 is in the path R1-R2-R3, and downstream with reference to
172.16.10.0/24 is the path R3-R2-R1. Therefore, in Figure 1-5, R2 is downstream to
R1 for destination 172.16.20.0/24, and R1 is downstream to R2 for destination
172.16.10.0/24.
• MPLS labels and label stacks— An MPLS label is a 20-bit number that is assigned
to a destination prefix on a router that defines the properties of the prefix as well as
forwarding mechanisms that will be performed for a packet destined for the prefix.
The 20-bit label value is a number assigned by the router that identifies the prefix in
question. Labels can be assigned either per interface or per chassis. The 3-bit
experimental field defines the QoS assigned to the FEC in question that has been
assigned a label. For example, the 3 experimental bits can map to the 7 IP precedence
values to map the IP QoS assigned to packets as they traverse an MPLS domain.
74
A label stack is an ordered set of labels where each label has a specific function. If
the router (Edge LSR) imposes more than one label on a single IP packet, it leads to what
is called a label stack, where multiple labels are imposed on a single IP packet. Therefore,
the bottom-of-stack indicator identifies if the label that has been encountered is the
bottom label of the label stack.
The TTL field performs the same function as an IP TTL, where the packet is
discarded when the TTL of the packet is 0, which prevents looping of unwanted packets
in the network. Whenever a labeled packet traverses an LSR, the label TTL value is
decremented by 1.
The label is inserted between the Frame Header and the Layer 3 Header in the packet.
Figure 1-7 depicts the label imposition between the Layer 2 and Layer 3 headers in an IP
packet.
If the value of the S bit (bottom-of-stack indicator) in the label is 0, the router
understands that a label stack implementation is in use. As previously mentioned, an LSR
swaps only the top label in a label stack. an egress Edge LSR, however, continues label
disposition in the label stack until it finds that the value of the S bit is set to 1, which
denotes a bottom of the label stack. After the router encounters the bottom of the stack, it
performs a route lookup depending on the information in the IP Layer 3 Header and
appropriately forwards the packet toward the destination. In the case of an ingress Edge
LSR, the Edge LSR might impose (push) more than one label to implement a label stack
where each label in the label stack has a specific function.
75
Label stacks are implemented when offering MPLS-based services such as
MPLS-VPN or MPLS traffic engineering. In MPLS-VPN the second label in the label
stack identifies the VPN. In traffic engineering, the top label identifies the endpoint of the
TE tunnel, and the second label identifies the destination.
Cisco Express Forwarding (CEF) is the foundation on which MPLS and its
services operate on a Cisco router. Therefore, CEF is a prerequisite to implement MPLS
on all Cisco platforms except traditional ATM switches that support only data plane
functionality. CEF is a proprietary switching mechanism used on Cisco routers that
enhances the simplicity and the IPv4 forwarding performance of a router manifold.
76
CEF avoids the overhead of cache rewrites in the IP Core environment by using a
Forwarding Information Base (FIB) for the destination switching decision, which mirrors
the entire contents of the IP routing table. There is a one-to-one mapping between FIB
table and routing table entries.
When CEF is used on a router, the router maintains, at a minimum, an FIB, which
contains a mapping of destination networks in the routing table to appropriate next-hop
adjacencies. Adjacencies are network nodes that can reach one another with a single hop
across the link layer. This FIB resides in the data plane, which is the forwarding engine
for packets processed by the router.
In addition to the FIB, two other structures on the router are maintained, which
are the Label Information Base (LIB) and Label Forwarding Information Base (LFIB).
The distribution protocol in use between adjacent MPLS neighbors is responsible for the
creation of entries in the LIB and LFIB.
The LIB functions in the control plane and is used by the label distribution
protocol where IP destination prefixes in the routing table are mapped to next-hop labels
that are received from downstream neighbors, as well as local labels generated by the
label distribution protocol.
The LFIB resides in the data plane and contains a local label to next-hop label
mapping along with the outgoing interface, which is used to forward labeled packets.
77
Figure 7.9 shows the interoperation of the various tables maintained on a router.
The implementation of MPLS for data forwarding involves the following four steps:
78
and data structures of MPLS, namely FIB, LIB, and LFIB, are populated, and the router
is ready to forward data plane information based on label values.
TDP and LDP function the same way but are not interoperable. It is important to
note that when Cisco routers are in use, the default protocol that is running on an MPLS-
enabled interface is dependent on the version of IOS running on the device; care must be
taken when configuring Cisco routers in a multi-vendor environment. TDP uses TCP port
711 and LDP uses TCP port 646. A router might use both TDP and LDP on the same
interface to enable dynamic formation of LDP or TDP peers depending on the protocol
running on the interface of the peering MPLS neighbor. LDP is defined in RFC 3036 and
is implemented predominantly between adjacent peers (adjacencies as defined by the
79
IGP). In some cases, LDP sessions can also be configured between nonadjacent peers,
where it is called a directed LDP session.
• Session messages— Establish, upkeep, and tear down sessions between LSRs
1. LDP sessions are initiated when an LSR sends periodic hellos (using UDP multicast
on 224.0.0.2) on interfaces enabled for MPLS forwarding. If another LSR is
connected to that interface (and the interface enabled for MPLS), the directly
connected LSR attempts to establish a session with the source of the LDP hello
messages. The LSR with the higher LDP router ID is the active LSR. The active LSR
attempts to open a TCP connection with the passive LSR (LSR with a lower router
ID) on TCP port 646 (LDP).
2. The active LSR then sends an initialization message to the passive LSR, which
contains information such as the session keepalive time, label distribution method,
max PDU length, and receiver's LDP ID, and if loop detection is enabled.
80
Figure 7.10: LDP Session Establishment
3. The passive LDP LSR responds with an initialization message if the parameters are
acceptable. If parameters are not acceptable, the passive LDP LSR sends an error
notification message.
4. Passive LSR sends keep alive message to the active LSR after sending an
initialization message.
The active LSR sends keep alive to the passive LDP LSR, and the LDP session comes up.
At this juncture, label-FEC mappings can be exchanged between the LSRs.
All LDP messages follow the type, length, value (TLV) format. LDP uses TCP port
646, and the LSR with the higher LDP router ID opens a connection to port 646 of
another LSR.
81
7.7.3 MPLS Label Distribution with LDP
Figure 7.11 depicts the two modes of label distribution between R1 (Edge LSR)
and R2 (LSR). In the downstream-on-demand distribution process, LSR R2 requests a
label for the destination 172.16.10.0. R1 replies with a label mapping of label 17 for
82
172.16.10.0. In the unsolicited downstream distribution process, R1 does not wait for a
request for a label mapping for prefix 172.16.10.0 but sends the label mapping
information to the upstream LSR R2.
If an LSR supports liberal label retention mode, it maintains the bindings between
a label and a destination prefix, which are received from downstream LSRs that might
not be the next hop for that destination. If an LSR supports conservative label retention
mode, it discards bindings received from downstream LSRs that are not next-hop routers
for a destination prefix. Therefore, with liberal retention mode, an LSR can almost
immediately start forwarding labeled packets after IGP convergence, where the numbers
of labels maintained for a particular destination are large, thus consuming memory. With
conservative label retention, the labels maintained are labels from the confirmed LDP or
TDP next-hop neighbors, thus consuming minimal memory.
• Implicit-null or POP label— This label is assigned when the top label of the
incoming MPLS packet is removed and the resulting MPLS or IP packet is forwarded
to the next-hop downstream router. The value for this label is 3 (20 bit label field).
This label is used in MPLS networks that implement penultimate hop popping
discussed in the next section.
83
• Explicit-null Label— This label is assigned to preserve the EXP value of the top
label of an incoming packet. The top label is swapped with a label value of 0 (20 bit
label field) and forwarded as an MPLS packet to the next-hop downstream router.
This label is used in the implementation of QoS with MPLS.
Traffic engineering
84
7.8.1.1 Traffic Engineering
The basic idea behind traffic engineering is to optimally use the network
infrastructure, including links that are underutilized, because they do not lie on the
preferred path. This means that traffic engineering must provide the possibility to steer
traffic through the network on paths different from the preferred path, which is the least-
cost path provided by IP routing. The least-cost path is the shortest path as computed by
the dynamic routing protocol. With traffic engineering implemented in the MPLS
network, you could have the traffic that is destined for a particular prefix or with a
particular quality of service flow from point A to point B along a path that is different
from the least-cost path. The result is that the traffic can be spread more evenly over the
available links in the network and make more use of underutilized links in the network.
The figure below shows an example of this.
85
organization.
3. ERP Solutions : Many companies use ERP solutions for online Business
Transactions with peer companies, customers, dealers, branch offices etc., These
kind of online transactions require high speed, congestion free, robust network
which is made possible by MPLS-VPN.
86
networks it is used to provide commercial television to a set of subscribers over IP
infrastructure.
7.8.3 Advantages:
Savings on Cost
7.8.4 Disadvantages
87
Chapter 8
8.1 Introduction
Businesses today are looking to the Internet for wide area network (WAN)
solutions that in the recent past they could get only by choosing Frame Relay or T1
dedicated links. To achieve the security that is required for corporate users, virtual private
networks (VPNs) can be used to guarantee that traffic is securely tunneled over the
Internet. Up to now, most VPNs have been provisioned using Layer 2 technologies, such
as Frame Relay and asynchronous transfer mode (ATM). These technologies provided
secure tunnels, were resistant to Denial-of-Service (DoS) and intrusion attacks, and
provided address and routing separation. The problem with Layer 2 VPN technology is
that it does not scale well. As the network grows, the number of required virtual circuits
achieving optimal routing scales non-linearly. It is also difficult to provide traffic
engineering using a Layer 2 VPN approach.
88
signaling, MPLS traffic isolation and router support for VRFs (Virtual
Routing/Forwarding) to create an IP based VPN. Compared to other types of VPN such
as IPSec VPN or ATM, MPLS L3VPN is more cost efficient and can provide more
services to customers.
Provider’s network
runs across the public Internet infrastructure
Consists of routers that provide
VPN services to a customer's network
normal IP services to other customers.
Customer's network
89
CPE-VPN PP-VPN
CPE CPE PE CPE
Subscriber VPN Tunnel Subscriber Subscriber
el
VPN Tu
el
nn
Tunn
Site 1 Site 2 Site 1
Tu
PE PE
N
P
PE
nnel
VPN
V
l
Tunne
VPN Tunnel
PE
Subscriber VPN Subscriber Subscriber
PE
Site 3 CPE Site 3 CPE CPE Site 2
90
PE CE VPN A
VPN A CE P P
PE
CE
VPN B VPN B
CE PE
PE Routers
91
• CE devices are Routers or switches located at the customer's site that
connect to the provider's network.
• CE devices are typically IP routers.
• VPN functionality is provided by the PE routers.
• The CE routers have no special configuration requirements for VPNs.
92
VPN A
10.1/16 10.2/16
VPN A Site2
CE–B2
PE 1 10.2/16
PE 3
VPN B VPN A
P P Site 3
Site 1
CE–B1 CE–A3
CE–B3 10.3/16
10.1/16 VPN B
10.3/16
Site3
In the above scenario, figure 8c, the sites within VPN A and VPN B use the address
spaces 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16 for their private networks.
93
• It is a BGP address family added as an extension to the BGP protocol.
• In VPN-IPv4 addresses, a value that identifies the VPN is called as Route
Distinguisher
• Route Distinguisher is prefixed to the private IPv4 address to make it unique.
length) length)
94
• Only the PE routers need to support the VPN-IPv4 address extension to BGP.
• Ingress PE router receives an IPv4 route from a device within a VPN & converts it
into a VPN-IPv4 route by prefixing the RD to the route.
• The VPN-IPv4 addresses are used only for routes exchanged between PE routers
using BGP.
• Egress PE router receives a VPN-IPv4 route thru’ BGP it converts it back to an IPv4
route by removing the RD & announces the route to its connected CE routers.
• 2 byte Type field identifies the format of RD.
• The remaining 6-byte value is in one of the following formats:
1. as-number :number
2. ip-address :number
• ipv4 address : 4-byte address of a device within the VPN is suffixed to RD.
8.6.1 VPN Routing and Forwarding Tables
• PE router creates a separate routing table for each VPN, called a VPN routing and
forwarding (VRF) table to separate a VPN routes from normal IP routes in the public
Internet and from routes of other VPNs
• The PE router creates one VRF table for each VPN that has a connection to a
CE router.
• Any customer or site that belongs to the VPN can access only the routes in the
VRF tables for that VPN.
• Each customer connection is associated with one VRF table.
• Only the VRF table associated with a customer site is consulted for packets from that
site.
• If a next hop to a destination is not found in the VRF table, the router performs a
lookup in the global routing table, which is used for Internet access, if configured.
• Each VRF is populated with:
• Routes received from directly connected CE routers associated with the VRF
• Routes received from other PE routers with acceptable BGP attributes
• Only the VRF associated with a VPN is used for packets from a site of that VPN
• This provides isolation between VPNs
95
8.7 Target VPN or Route Target
• Target VPN—identifies a set of sites within a VPN to which a PE router distributes
routes.
• This attribute is also called the Route Target.
• The route target is used by the egress PE router to determine whether a received route
is destined for a VPN that the router services.
• PE Router PE1 adds the route target "VPN B" to routes received from the customer
edge (CE) router at Site 1 in VPN B.
• When it receives the route, the egress router PE2 examines the route target,
determines that the route is for a VPN that it services, and accepts the route.
• When the egress router PE3 receives the same route, it does not accept the route
because it does not service any CE routers in VPN B.
• The PE to PE LSP must be in place before forwarding data across the MPLS
backbone
– LSPs are signaled through LDP or RSVP
• The CE performs a traditional IPv4 lookup and sends packets to the PE
96
• The PE consults the appropriate VRF for the inbound interface
• Two labels are derived from the VRF route lookup and “pushed” onto the packet
• Packets are forwarded using two-level label stack
– Outer IGP label
• Identifies the LSP to egress PE router
• Derived from core’s IGP and distributed by RSVP or LDP
– Inner BGP label
• Identifies outgoing interface from egress PE to CE
• Derived from BGP update from egress PE
• After packets exit the ingress PE, the outer label is used to traverse the service
provider
– P routers are not VPN-aware
• The outer label is removed through penultimate hop popping.
• The inner label is removed at the egress PE
• The native IPv4 packet is sent to the outbound interface associated with the label
Fig 8e
Fig 8f
97
Fig 8g
Fig 8h
98
• In Layer 2 VPN Customers can maintain control over most of the administration of
their own networks.
8.9.2 Implementing a Layer 2 VPN
99
Chapter 9
IMPLEMENTATION OF MPLS-VPN
P Routers
• P-routers are Routers within the core of the provider's network
• Not connected to any routers at a customer site
• Part of the tunnel between pairs of PE routers
• Provider routers support MPLS LSP or LDP functionality
• But do not need to support VPN functionality.
• Forward VPN data transparently over established LSPs
• Do not maintain VPN-specific routing information
100
CE Routers
• CE devices are Routers or switches located at the customer's site that connect to the
provider's network.
• CE devices are typically IP routers.
• VPN functionality is provided by the PE routers.
• The CE routers have no special configuration requirements for VPNs.
– Located at customer premises.
– Provide access to the service provider network.
– Can use any access technology or routing protocol for the CE-PE connection.
PE Routers
• PE routers in the provider's network connect to customer edge devices located at
customer sites.
• PE routers support VPN and label functionality.
• The label functionality can be provided either by
– Resource Reservation Protocol (RSVP) or
– Label Distribution Protocol (LDP)
• Provider Edge (PE) routers also
– Maintain VPN-specific forwarding tables
– Exchange VPN routing information with other PE routers using BGP
– Use MPLS LSPs to forward VPN traffic
Router# conf t
Router(config)#host name p1
P1(config-if)#no shut
P1(config-if)#exit
P1(config-if)#exit
P1#wr
P1#config t
P1(config)# ip routing
P1(config-router)#exit
P1#wr
#show ip route
9.2 Result:
102
Communication from CE1 to CE2:
CE1>en
Password:
CE1#show run
Building configuration...
Current configuration:
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname CE1
!
enable secret 5 $1$VF3y$uoutdbBZ2XM2f/q8arMf9.
enable password cisco
interface Serial1/0
ip address 10.1.1.1 255.0.0.0
encapsulation ppp
router ospf 20
network 10.0.0.0 0.255.255.255 area 0
!
no ip classless
speed 9650
password cisco
end
CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
103
CE2>en
password:
CE2#show run
Building Configuration...done
! No configuration change since last restart
!
software version 5.1.25(integrity)
!software image file rpl-i-5.1.25.bin
!compiled on Nov 25 2005, 15:15:46
hostname CE2
interface serial1/0
physical-layer sync
encapsulation ppp
ip address 40.1.1.2 255.0.0.0
exit
router ospf 20
network 40.0.0.0 0.255.255.255 area 0
exit
exit
!end
CE2#show ip route
Codes: C - connected, S - static, R - RIP, O - OSPF,
B - BGP
CE2#ping 10.1.1.1
Press key (ctrl + shift + 6) interrupt it.
Sending 5, 76-byte ICMP Echos to 30.1.1.1 , timeout is 2 seconds:
!!!!!
Success rate is 100% (5/5). Round-trip min/avg/max = 49/49/49 ms.
CE2#
9.3 MPLS-VPN Source Code (Global scenario)
104
(Basic MPLS Lab using LDP)
P1# conf t
P1(config-router)# exit
P1(config)#
P1(config)# ip cef
P1(config)# mpls ip
P1(config-if)# mpls ip
P1(config-if)# exit
P1(config-if)# mpls ip
105
P1(config-if)# mpls label protocol ldp
P1(config-if)# exit
P1# wr mem
Building configuration
[ok]
P1#
PE1# conf t
PE1(config-router)# exit
PE1(config)#
PE1(config)# ip cef
PE1(config)# mpls ip
PE1(config-if)# mpls ip
106
PE1(config-if)# mpls label protocol ldp
PE1(config-if)# exit
PE1# wr mem
Building configuration
[ok]
PE1#
PE2# conf t
PE2(config-router)# exit
PE2(config)#
PE2(config)# ip cef
PE2(config)# mpls ip
PE2(config-if)# mpls ip
107
PE2(config-if)# mpls label protocol ldp
PE2(config-if)# exit
PE2# wr mem
Building configuration
[ok]
PE2#
PE1# conf t
PE1(config-vrf)# rd 100:1
PE1(config-vrf)# exit
interface serial 2/7 ip address 10.1.1.2 removed due to enabling vrf vpn1
PE1(config-if)#no shutdown
PE1(config-if)# exit
108
PE1#wr mem
Building configuration
[ok]
PE1#
Configuring MP-iBGP
PE1# conf t
PE1(config-router)# no synchronization
PE1(config-router)# no auto-summary
PE1(config-router-af)# no synchronization
PE1(config-router-af)# no auto-summary
PE1(config-router-af)# exit
109
PE1(config-router-af)# neighbor 3.3.3.3 send-community extended
PE1(config-router-af)# exit
PE1(config-router)# exit
PE1(config)# exit
PE1# wr mem
Building configuration
[ok]
PE1#
Configuring BGP 20 : -
CE1# conf t
CE1(config-router)# no synchronization
CE1(config-router)# no auto-summary
CE1(config-router)# end
CE1# wr mem
110
Configuring BGP 30 : -
CE2# conf t
CE2(config-router)# no synchronization
CE2(config-router)# no auto-summary
CE2(config-router)# end
CE2# wr mem
Building configuration
[ok]
CE2#
111
PE1# show ip bgp vpnv4 vrf vpn1 neighbors
Note: LDP protocol uses loopback ip foe sending updates between routers
Router# conf t
VRF vpn1 (VRF Id = 100); default RD 100:1; default VPNID <not set>
Description: *** VRF Name: vpn1, Date: 2010.10.15 13:33:07, Customer id: 304 ***
Interfaces:
Se2/7
112
VRF Table ID = 100
RT: 100:10
RT: 100:10
No import route-map
No export route-map
<cr>
113
Redistributing: connected, static
Maximum path: 1
114
BGP table version is 12872, local router ID is
r RIB-failure, S Stale
| Output modifiers
6495/6186 BGP path/best path attributes entries using 493620 bytes of memory
115
0 BGP route-map cache entries using 0 bytes of memory
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
127.0.0.0/8 drop
116
20.1.1.1 attached Serial2/7
255.255.255.255/32 receive
Description: *** Site Name: VRF Name: vpn1, Date: 2010.10.15 19:53:16, Customer
id: 304, Service:56724 ***
117
Last input 00:00:07, output 00:00:07, output hang never
!!!!!
118
119
120
121
Chapter 10
10.1 Conclusion
MPLS has become popular and has seen many implementations and deployments
by service providers. The original idea for inventing MPLS was a better integration of IP
in ATM networks. However, MPLS—or Tag Switching as it was called originally—has
seen success that has surprised many people in the networking industry. A big part of the
sensation is the result of the huge success of MPLS-VPN in the industry. Service
providers quickly recognized the great benefits of MPLS-VPN and deployed it quickly
while features for it were still being developed. These days even enterprise customers are
looking at MPLS-VPN with interest. They might have already deployed MPLS-VPN for
the benefit of a greater scalability. Other benefits to them are the separation of
departments, or the easier deployment of PE and CE routers. Today, Any Transport over
MPLS (AToM), MPLS traffic engineering (TE), and VPLS are experiencing a growing
interest from the industry, and service providers are deploying these MPLS applications.
Because most service provider networks are already running MPLS for the MPLS-VPN
service, the operators and technical support people have the experience in deploying and
troubleshooting MPLS. It then becomes a smaller step to deploy one of the other MPLS
applications.
122
MPLS will have more development and the proliferation will continue to happen.
For now, MPLS can still grow in those two areas. MPLS is no longer solely used by
service providers, but more and more by enterprise networks that have a larger network
diameter or that have specific needs. Furthermore, MPLS has already moved from the
core of the network closer to the edge. An example of this is the extensions of the LSPs
onto the CE router for the easier deployment of QoS in MPLS-VPN networks. Although
MPLS-VPN autonomous systems are still interconnected via IP most of the time, in the
future, more and more MPLS-VPN networks will be interconnected via MPLS, and the
packets will be sent labeled toward the other autonomous system. The interconnection
between MPLS networks will not be limited to interconnecting MPLS-VPN networks but
will also be used to switch AToM or IPv6 traffic from one provider to another. This trend
of more labeled packets in places where they are not today will most likely continue.
123
REFERENCES
9. Wikiepedia.com
10. www.ciscopress.com
11. www.google.com
12. www.howstuffworks.com
13. www.bsnl.co.in
124