QOS IN MPLS

FINAL YEAR PROJECT SUBMITTED TO :GOVERNMENT COLLEGE UNIVERSITY LAHORE IN :PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF :BACHELORE OF COMPUTER SCIENCE (BsCs (Hons.)) SUBMITTED BY:AMIR TARIQ AQIB JAVAID (014-BsCs-07) (092-BsCs-07)

Department of Computer Science Government College University, Lahore

DECLARATION OF ORIGANILITY

This is to certify that We are fully responsible for the work submitted in this project paper. This is also to certify that this Project Paper is the original work of our own except of what is specified in the references and acknowledgment and that the original work contained herein are inline of the rules of Plagiarism have not been taken or done by unspecified sources or individuals.

. Amir Tariq Mehmood (014-BsCs-07)

. Aqib Javaid (092-BsCs-07)

RESEARCH COMPLETION CERTIFICATE

I Khaqaan Zaheer certified that research work contained in this Research Paper titled QoS in MPLS has been carried out and completed by Amir Tariq Roll No. 014-BsCs-07 and Aqib Javaid Roll No. 092-BsCs-07 under my supervision.

. Dated

. Signature

Submitted Through

. Dr. Muhammad Saleem Khan Director Department Of Computer Science GC University Lahore

ACKNOWLEDGMENTS

We thank The Almighty and Merciful ALLAH for giving us the opportunity to reach this stage in our lives and making us capable to do complete this Final project. Also, We wish to express our sincere appreciation to our Internal Supervisor Mr. Khaqan Zaheer for his assistance and valuable suggestions in the preparation of this manuscript. In addition, special thanks to Mr. Haroon Ahmad Malik and Mr. Kashif-ul-Haq of Corvit Networks whose knowledge and willingness to help allowed us to complete our research. Thanks also to all the people who had publicized their work on this topic, which had provided us a great insight into MPLS.

TABLE OF CONTENTS

List of Abbreviations ..............................................................................i Abstract............................................................................................. viii Introduction ..........................................................................................x Chapter 1:Problem Statement ............................................................. 1 1.1 Problem Description ......................................................... 1 1.2 Project Aims and Objectives ............................................. 2 1.3 Project Scope ................................................................... 3 Chapter 2:Literature Review ................................................................ 1 2.1 What is MPLS .................................................................. 1 2.2 Drawbacks of Traditional IP Forwarding ........................... 2 2.3 Advantages of MPLS........................................................ 3 2.4 CEF.................................................................................. 3 2.5 Modes of MPLS................................................................ 3 Chapter 3:Architecture and Workings of MPLS.................................... 4 3.1 Control Plane and Data Plane .......................................... 4 3.2 MPLS Label ..................................................................... 5 3.3 Label Switch Router & Label Switch Path ......................... 5 Chapter 4:Label Allocation & Distribution............................................. 6 4.1 Difference between Tag Switching and MPLS .................. 6 4.2 Label Distribution Protocol .............................................. 10 4.3 Label Allocation, Distribution, Retention & LSP Control .. 11 4.4 PHP ............................................................................... 13 Chapter 5:MPLS VPN Technology .................................................... 15 5.1 History of VPNs .............................................................. 15 5.2 Overlay VPNs Vs Peer-to-Peer VPNs ............................ 16 5.3 Architecture & Workings of MPLS VPNs......................... 16 5.4 Complex VPNs (with case study) ................................... 16 5.5 SuperBackbone and Sham Links ................................... 16

Chapter 6:MPLS TE .......................................................................... 15 6.1 Misconceptions about TE ............................................... 15 6.2 What MPLS TE is ........................................................... 16 6.3 How MPLS TE works ..................................................... 16 6.3 Tunnel Formation and Priority ........................................ 16 Chapter 7:MPLS QoS ....................................................................... 15 7.1 IntServ and DiffServ ....................................................... 15 7.2 MQC and NBAR ............................................................. 16 7.3 Classification and Marking.............................................. 16 7.4 Congestion Management ............................................... 16 7.5 Congestion Avoidance ................................................... 16 7.6 Policing and Shaping...................................................... 16 7.7 WAN Efficiency Mechanism ........................................... 16 Chapter 8:Service Provider Configuration.......................................... 15 8.1........................................................................................ 15 8.2........................................................................................ 16 8.3........................................................................................ 16

Summary .......................................................................................... 17 Limitations and Future work .............................................................. 18 Bibliography ...................................................................................... 18

List of Abbreviations

ATM AToM BGP CBWFQ CE CEF CoS CS CSPF DSCP EIGRP FEC FIB FRR IEEE IETF IGP

Asynchronous Transfer Mode Any Transport over MPLS Border Gateway Protocol Class Based Weighted Fair Queue Customer Edge Cisco Express Forwarding Class of Service Class Selector Constrained Shortest Path First Differentiated Services Code Point Enhanced Interior Gateway Routing Protocol Forward Equivalence Class Forwarding Information Base Fast ReRouting Institute of Electrical & Electronics Engineers Internet Engineering Task Force Interior Gateway Protocol

IP IS-IS ISP LAN LDP LFIB LIB LLQ LSA LSP LSR MPLS MQC NBAR OSPF PBR PE PHB PPP

Internet Protocol Integrated System Integrated System Internet Service Provider Local Area Network Label Distribution Protocol Label Forwarding Information Base Label Information Base Low Latency Queue Link State Advertisement Label Switch Path Label Switch Router Multiprotocol Label Switching Modular QoS Command-Line-Interface Network Based Application Recognition Open Shortest Path First Policy Based Routing Provider Edge Per Hop Behavior Point-to-Point Protocol

ii

PVC QoS RED RD RIB RRR RSVP RT SP SLA TCP TE TFIB TIB ToS TDP TSR TTL UDP

Permanent Virtual Circuit Quality of Service Random Early Detection Route Distinguisher Routing Information Base Routing with Resource Reservation Resource Reservation Protocol Route Target Service Provider Service Level Agreement Transport Control Protocol Traffic Engineering Tag Forwarding Information Base Tag Information Base Type of Service Tag Distribution Protocol Tag Switching Router Time to Live User Datagram Protocol

iii

VC VPNs VRF WAN WFQ WRED

Virtual Circuits Virtual Private Networks Virtual Routing and Forwarding Wide Area Network Weighted Fair Queue Weighted Random Early Detection

iv

Abstract

QOS IN MPLS

MPLS has been around for over a decade but only recently it has started to be implemented to its full potential. MPLS, as its name states, is Multiprotocol meaning that it can carry any Network layer protocol and can work upon any Data-link Layer protocol. But the true benefits of MPLS are its Applications. MPLS applications include IP Unicast Routing, IP Multicast Routing, MPLS VPNs, MPLS Traffic-Engineering and MPLS QoS. MPLS is mostly used as a ServiceProvider Technology, but now its starting to be user in Corporate Networks as well because of its Applications. But having a single Network carrying Voice and other critical delay-sensitive applications along with the regular data and web traffic requires special care to avoid delays, data loss and to keep the network operating at an optimal level. This special care is achieved through QoS, which allows us to Prioritize Voice and Critical data over the normal data and applications. The QoS tools that are utilized for this are Classification & Marking, Congestion Management, Congestion Avoidance, Policing and Shaping. Communication Needs. Keywords: MPLS, QoS, TE, VPNs An MPLS Network with MPLS VPNs, MPLS TE and MPLS QoS provide a complete and Robust network suited for todays demanding Network &

Introduction

Background
MPLS stands for Multi-Protocol Label Switching. It is a Standards based mechanism of stacking labels on top of Packets and then Switching them based on those labels instead of the Destination address and these labels are swapped at every hop. MPLS is independent of both the Layer 2 and Layer 3 protocols. The primary intention of MPLS is to create a flexible & robust networking infrastructure that provides increased & efficient performance and stability. MPLS Applications like MPLS VPNs, MPLS TE & MPLS QoS are tools through this goal can be achieved.

Scope
MPLS has capabilities of much more than just a Tag-based Network, It can revolutionize the existing Service-Provider Networks to not only provide end-to-end connectivity but also a lot of value added services such as QoS and Peer-to-Peer VPNs, at the same time efficiently utilizing the available Network resources. Routing can now be based on other things such as Delay, Load on the lines, QoS parameters or Policy-based instead of just the destination, as was the case in traditional IP Routing. These applications are not just limited to be used by the Service-Provider, but can also be used by Corporate Networks who desire such flexible and robust policy-based routing and switching within their organization.

Limitations
MPLS has relatively very few drawbacks. The only significant Drawback is that the Networks deploying MPLS will require a special team of MPLS experts to setup and maintain the MPLS Domain.

vi

Chapter 1

PROBLEM STATEMENT

1.1

Problem Description
MPLS In this project, we wish to discuss The 3 Biggest problems in Networks and the

solutions provided to it by MPLS and hopefully suggest better ways to implement them. The 3 Biggest Problems of Inter-Networks connectivity are:i. Cost of Leased Lines & Problem of Customer Privacy As an Organization expands, it starts setting up more sites throughout the region. And to connect the sites together, it has 2 options, either lay own cable from one site to the next by itself (which is not feasible) or to get connectivity from a Service Provider. Here came the concept of Leased lines, in which the Service Provider makes physical circuits through its network and carves out that bandwidth for the customer. The problem here is that since that part is now physically dedicated to that customer, it cannot be used by anyone else or even by the SP itself. This is the major reason for leased lines to be so expensive. Although the cost of leased lines has come down significantly, its still quite expensive for smaller companies. And due to the limitation of that bandwidth being totally reserved, the Service Provider does not and also cannot allocate more than a certain amount of bandwidth to its customers. Then came Technologies such as Frame-Relay and ATM, which provided the capability for service providers to logically allocate Bandwidth through the concept of Virtual-circuits. This allowed the Service Provider to give out more Bandwidth to its customers than it actually had available based to the fact that not everyone uses all of their bandwidth all of the time and also reduced costs. But this had a major problem of Sub-Optimal Routing, which means that traffic uses a link more than once to reach to the destination i.e. it does not take the best path, which was due to the way VirtualCircuits worked. Cost had come down but was still expensive as compared to DSL lines

and this was due to the burden the Service Provider had taken upon itself of managing the Virtual-Circuits and also for the wastage of the SPs resources due to Sub-optimal Routing. The Alternative solution was for the customers to sign up for simple DSL lines and to construct their own IPSec VPN over it for privacy. This solution, while the cheapest, also shifted the entire configuration burden over to the customer. This caused a significant amount of network downtime due to the problems associated with the IPSec negotiation and Configurations. So the customer suffered in this sense. Both the solution of Virtual-Circuits and DSL are examples of Overlay VPNs, where the Service Provider just provides Layer 2 connectivity and the customer has to build the Layer 3 and above. This is a major cause of Sub-Optimal Routing as the Service Provider is not aware of the Customer Routes. It would be better if the Service Provider would provide Layer 3 connectivity for the ease and benefit of the Customer and also save its own resources and prevent SubOptimal routing, all this also resulting in faster speeds and better Network performance. This can be provided using MPLS VPNs, which is the Best method of providing Peer-to-Peer VPNs. Here the Service Provider is involved in the customer routing and also preserves the customer privacy, all this without the customers having to perform anything. For the customers its like having the remote sites connected as if they were directly connected by cable, while also getting value-added services such as Internet connectivity and QoS. So we wish to present the concepts behind MPLS and MPLS VPNs and the proper way to implement them. ii. Under Utilization of Network Resources

The Routing solutions provided by the present IGPs only utilize the Best path through a network. This Best path selection is usually on the basis of Bandwidth or Hop count and therefore the alternate, but not as good, paths get ignored completely. This is a wastage of Network resources as the lower bandwidth links are almost never utilized and the chosen Best path gets congested resulting in slow performance, Delays,

Packet Loss and also financial loss as a result of having to pay for links that are rarely, if ever, used. Sometimes taking the Best Path to a destination is not always the best option or even the faster way due to congestion and other factors. For Example, lets consider the following real-life situation:-

FIG 1.1 Shortest Path Problem In the above figure, to go from Lahore to Gujarat, It appears that the way through GT road is better as it is shorter both by Distance and Hop count. GT road = (Lahore to Gujranwala) 70 Km + (Gujranwala to Gujarat) 20 Km = 90 Km Other Path= (Lahore to Sheikhupura) 20 Km + (Sheikhupura to Hafizabad) 30 Km + (Hafizabad to Jamke Chatha) 20 Km + (Jamke Chatha to Gujarat) 20 Km = 110 Km And so majority will use this Path to go to Gujarat, and this path gets congested due to large amount of traffic and also due to delays caused by Toll Plazas & other Check posts. Therefore it actually takes more time to reach the Destination through GT Road instead of the other path.

Similarly, if this was a Network and the distance between the Places was the Metric, All the Standards based Routing Protocols will choose the path represented by the GT road in the diagram and completely ignore the other one. This results in congestion in the Network causing Delays, Packet Loss and wastage of network resources. The better option would have been to use one path for some traffic and the other path for the other traffic, or to reroute packets through the other path if one is experiencing Congestion. This can be achieved through MPLS Traffic-Engineering, which uses RSVP to makes one-way tunnels for some traffic based on some criteria or polices or even due to link failures. Therefore, we will study how MPLS TE works and can be properly implemented in order to provide efficient Network utilization.

iii.

Problems for Voice & Critical data traffic In todays world, where VoIP and Critical Application like SQL replication also

travel through the network along with the regular data, even having Peer-to-Peer VPNs and Traffic-Engineering isnt sufficient as both normal data and the Critical & DelaySensitive Voice, Video and other business applications are treated in the same way; which is Best-Effort delivery. Therefore, even a small congestion, delay or link failure can seriously affect those applications. Delay, Jitter and packet loss become normal and the applications important to the business suffer. There should definitely be a way in which one can prioritize these sensitive and critical packets. This is achieved using the tool belt of QoS. So, in this project, our major focus will be on MPLS QoS. We hope to discuss QoS in depth and demonstrate the ways to fully utilize the tool belt of QoS in order to maintain and serve the needs of the networks of today.

1.2

Project Objective
Through This Project, the Objectives that we hope to complete are:i. To Research & Study about the Structure & Workings of MPLS and MPLS VPNs so as to better understand this Protocol and hopefully our findings will be helpful in solving problems arising during the Deployment and day-to-day maintenance. It is crucial that we properly understand the core functionality of this Protocol, without which its impossible implement the remaining features of it or even get it properly running. We expect to shed some more light on it so that other network experts can also benefit from it and will find it easier to Troubleshoot problems arising in their domains. ii. To Explore the inner workings of LDP & MPLS TE so that a better understanding of Label allocation, Label Distribution and the role of RSVP in setting up TE, to provide PBR, can be achieved. LDP is the protocol responsible for the Allocation, Distribution & Retention of MPLS Labels so therefore its important to know how it works and behaves. TE is one of the biggest applications of MPLS and a major case For the adoption of MPLS and therefore through our research, we hope to show the proper way to setup TE in a MPLS Domain and to understand how Fast Rerouting works in MPLS. iii. To Explain in depth the Various Tools of QoS, their purpose, workings, where and how to configure them to help protect the valuable traffic in the network. QoS is one thing without which no major network can perform efficiently in todays world. Peer-to-Peer Applications and useless web and data traffic can prove to be a bigger hurdle, to an organizations workings, than external security threats as they can starve the critical traffic off network bandwidth. Therefore, its important to keep such things in check and to provide special care to the sensitive applications so that the traffic that actually matters get what they need.

iv.

To Improve our own networking skills & gain valuable configuration experience on Cisco hardware. The most Important part of any Final Year project is for the students to help

specialize their skills in their field of interest and to help them gain an edge. So, we wish to invest as much time as possible on this in order to be considered experts in this field and gain a huge edge over our competitors, when we go seeking a career. v. To provide future students with a basis on which they can build upon and gain some insight into MPLS. Instead of re-inventing the wheel, other students after us can use this research paper as a reference or a stepping stone to build their own work upon. And as we gained from reading books of various Authors, future students too can gain something out of this Project.

1.3

Project Scope
The scope of this Project is as follows:i. ii. The major focus of this Research paper is MPLS QoS and MPLS VPNs. The implementation has been exercised on Ciscos Routers and presented using the Real Cisco 2891 series IOS emulated in GNS with SecureCRT being used as the Terminal access utility. The command structure on other vendors hardware may vary but the whole concept and way of implementation is the same. iii. Only OSPF is discussed in the implementation of this project, as it is the most widely used of the 2 Link-state Routing Protocols (the other being IS-IS). And MPLS TE requirements demand a Link-state Routing protocol be used as the IGP within the MPLS domain. Also it is assumed that the reader of this Research paper is well aware about the Routing Protocols used in this research and their workings.

Chapter 2

LITERATURE REVIEW

Networks are growing day by day and so are the services running on them and the users utilizing them. Interoperability of many of the protocols with each other really matters, lower layer protocols must be robust and flexible enough to support a variety of upper layer protocols. Today networks carry not only data but also voice and video. And for Service Providers and large corporate Networks can no longer rely on just the traditional IP Forwarding. Many of todays Applications are becoming increasingly Delay Sensitive or Resource Intensive and therefore perform very poorly in the presence of any significant congestion in the network. Many solutions exist in order to sort out such issues and improve performance but all have their limitations. None can match the revolution that MPLS has brought with it in terms of network connectivity and performance. In this chapter we will discuss what MPLS is, its requirements and its advantages.

2.1

What is MPLS
MPLS is a mechanism of stacking labels on top of Packets and then switching them on the bases of those labels instead of the Destination address. It operates just above the Data-link Layer and below the Network Layer, and is often referred to as a Layer 2.5 protocol. MPLS started out as a Service Provider Technology but is now starting to find its way in corporate networks because of its benefits. Labels are assigned by every router against every entry in the Routing table through a method, which will be discussed later. These labels are then attached between the Layer 2 and Layer 3 headers and then the packet is forwarded based on these labels, which are swapped on every hop. (It is important to note that these labels are attached between the Layer 2 and Layer 3 headers in the case of frame-based Layer 2 technologies like Framerelay, Ethernet, PPP etc.; and they are contained in the VPI and VCI fields in the case of cell-based Layer 2 technologies such as ATM). But our focus will be on Frame-mode

MPLS in this research. These labels can correspond to not only destination IP address but also to other parameters such as QoS markings, source interface, source interface or to any FEC criteria.

MPLS in itself is a QoS solution, it combines Layer 2 switching technologies with Layer 3 routing technologies. A MPLS Domain is said to be like a single router with multiple interfaces. The primary intention of MPLS is to create a flexible & robust networking infrastructure that provides increased & efficient performance and stability.

MPLS is independent of both the Layer 2 and Layer 3 protocols, that why its called Multiprotocol. It run over Ethernet, Frame-relay, PPP, HDLC or ATM. And can carry any network layer protocol on top of it like IP, IPX, AppleTalk or even a layer 2 protocol like Ethernet, HDLC, PPP etc

2.2

Drawbacks of Traditional IP Forwarding

The TCP/IP has served the network needs for a long time but the Traditional IP Forwarding has its limitations:-

2.2.1 Traditional IP Routing is only on the Basis of Destination

Routing protocols are used to exchange Layer 3 routing information and the best entry goes into the routing table and this forms the basis of forwarding the packets which are judged solely on what is contained in the Destination IP address field in the IP header. Which means that all traffic headed for the same destination will follow the same path, potentially causing congestion, and ignore any alternate path despite it being available and completely free.

2.2.2 Problems in Large Service-Providers/ Networks 8

Traditional IP routing causes problems in large service providers, where there are large number of routers and large number of networks and therefore sequential lookup of routing table causes problems. Routing table lookup is always sequential, and so if the destination is at the very end of the routing table and the routing table contains thousands of routes, it can cause a lot of processing load on the router. (CEF has greatly reduced this problem)

2.2.3 Every Router may need the full internet routing Table
If a single router in a domain doesnt have a network in its routing table then it becomes a Black Hole for the network in the domain. And for a ISP to be able to provide internet connectivity to its customers, it must have the complete Internet Routing table. Not only that, but all the routers in the ISPs domain must have the entire internet routing table or they will become a Black Hole in the network and communication will fail.

2.2.4 Suboptimal routing in the case of Frame-relay or ATM

Frame-relay and ATM are based on Virtual-circuits, which have to be statically configured to follow a logical path through a net work. And these logical circuits, known as DLCI in Frame-relay and VPI/VCI Pair in ATM, had to be purchased and to reduce costs the most common structure was a Hub-and-Spoke topology; where only the HeadEnd site had full connectivity to all the spokes. And as the SP was unaware of the customer routes, suboptimal routing took place; which is a disadvantage for both the SP and the customer.

FIG 2.1 Sub Optimal Routing Frame-Relay

2.2.5 Unequal Load-Balancing is very difficult

All standards based routing protocols only install the best path to a destination in the routing table (EIGRP can perform unequal Load-Balancing but its Cisco Proprietary and works only on Cisco gear). And all other paths to that destination are discarded. Therefore, a lot of network resources are wasted due to only the equal best paths being installed in the routing table by the Routing Protocols. Policy Based Routing (PBR) using route-maps can be achieved, providing solutions for Unequal Load-Balancing and routing based on factors other than destination address, but such solutions are not Scalable.

2.3

Advantages of MPLS
MPLS has a lot of benefits that has propelled it to such heights; But Speed isnt the main

reason. MPLS doesnt cause any significant increase in speed and it has often been misquoted that MPLS speeds up the routing lookup decisions because the router no longer have to perform sequential lookup of the routing table for every packet. The truth is that bringing routing to wire speed is the work of CEF, which will be discussed later. But MPLS configures with its applications does speed up the whole domain quite significantly by having to avoid wasting resources on unnecessary things and also avoiding wastage of alternate paths, which lead to congestion. The real benefits of MPLS are its applications:-

2.3.1 Peer-to-Peer VPNs

There are 2 types of VPNs; Overlay VPNs & Peer-to-Peer VPNs. In case of Overlay VPNs, the Service Provider is responsible for building and providing Layer 2 connectivity and the customer has to build the Layer 3 connectivity. Here the Service Provider is not involved in Customer routing and is Unaware of customer routes, which mostly results in Sub-Optimal Routing. Also, here the Customer has to ensure the privacy of its routes. In Peer-to-Peer VPNs, the Service Provider responsible for building and providing Layer 3

10

connectivity and is also involved in customer routing. Here the Service Provider also takes charge of protecting the privacy of Customer routes. MPLS manages to maintain this privacy by maintaining separate Routing Tables a.k.a VRFs on the PE routers for different Customer connected to the PE routers. MPLS VPNs also allow for overlapping customer space and still managing to keep customer routes unique by using Special Tags Known as Route Distinguisher (RD) and Exportation & Importation to different VRFs are controlled using another set of Tags known as Route Target (RT). MPLS VPNs are discussed in Depth in Chapter 4: MPLS VPNs.

2.3.2 MPLS TE
MPLS TE is the method of doing Policy Based Routing (PBR) in an MPLS Domain. As said earlier that all Standards based Routing protocols only select the Path(s) with least metric to be installed in the routing table. And the labels are assigned against the entries in the routing table, therefore in a simple MPLS network the labeled packets will also take the same path that they would normally take in a Normal IP Network. This can lead to congestion of the best links and underutilization of the Alternate paths. TE is required where there is congestion. MPLS TE in Cisco uses Resource Reservation Protocol (RSVP) to setup TE tunnels. RSPV reserves resources and creates a path i.e. tunnel, to send the data. These tunnels are one-way and return traffic follows another path. Labels are allocated for this path through the tunnel which are distributed like the other labels. The Paths can be dynamically figured out by RSVP or can be manually configured, selecting the trajectory of the packets. TE is not only used when there is congestion, but can also be used to fix a selected path for specific customers. It can also be created for traffic belonging to a particular FEC to follow that path or for packets with strict QoS needs to go through a path where they wont have to face much delay. More on MPLS TE will be covered in Chapter 5: MPLS TE.

11

2.3.3 MPLS QoS

Having delay sensitive applications like Voice, Video & SQL replication applications along with the regular data is always going to cause problems. Some applications are bandwidth hungry and will consume the entire available bandwidth if left unchecked. The resources of an organizations Network should be available for its business critical applications and not for web browsing, online games, file sharing etc. To ensure that the important traffic receive the priority that they need and deserve, QoS mechanisms are employed. MPLS provides support for CoS and ToS compatibility, ensuring propagation of QoS markings and allows QoS treatments to be served within the MPLS Domain as well. This allows the SPs to provide Value-added services like offering to classify, mark and then service the packets accordingly at the customers convenience. MPLS QoS is the major part of this research and is discussed in Depth in Chapter 6: MPLS QoS.

2.3.4 BGP Free Core

One of the biggest drawbacks of the Traditional IP routing was that every hop in a Network must have the complete routing table in order to forward packets and prevent Black Holing. And in an ISP environment, every router must have the complete Internet routing table, which contains thousands and thousands of routes. And the only way to get those routes in their routing table is to run BGP on them, which is the routing protocol of the Internet. Maintaining such a huge routing table requires a lot of resources while the routers also have to forward millions of packets per second consulting the routing table while also managing updates about those routes. Adding to this the problems of having to configure BGP Full mesh due to the BGP Split-Horizon or having to configure and maintain Route-reflectors and/or BGP Confederation further complicates things and requires more resources. This can cause wastage of valuable processor, memory and bandwidth resources on unnecessary and avoidable things; instead those resources can be utilized to serve user traffic. Also some routers may not have the IOS to support BGP which would have made them completely useless in a Service Provider Environment. Another way of further increasing speed is by using MPLS Capable L3 Switches instead

12

of Routers in the Core; as Switches are hardware based and Routers are software based, this can result in better performance. Thus removing the complexity of BGP and the Internet Routing Table form the Core, those devices can do what they were actually meant for; i.e. forwarding packets. The way that MPLS allows for a BGP Free Core is by using multiple labels stacked on top of each other. The lower label is actually for the destination network and the top label is for the BGP next hop i.e. the BGP router-id of the remote PE router. And since a LinkState routing protocol like OSPF or IS-IS is running within the SP domain ensuring local reachability, the Provider devices in the Core will be able to forward labeled packet to that remote PE router which will have the destination network in its routing table and will be able to forward it to the correct destination. The exact technical details will again be explained in Chapter 4: MPLS VPNs.

2.3.5 Any Transport over MPLS (AToM)

The designing of MPLS to be Multiprotocol has further advantages as this mean that not only it can work on top of a variety of Layer 2 infrastructures like Ethernet, Framerelay, ATM, PPP, HDLC etc., but also that it can carry a variety of both Layer 2 and Layer 3 protocols on top of it like IP, IPX, AppleTalk and even Ethernet, PPP, HDLC etc. on top of it. Being able to carry L2 protocols allows the service Provider to offer Layer 2 Protocol Tunneling (L2PT) to the customers. These days Ethernet over MPLS (EoMPLS) is gaining popularity. This ability of MPLS effectively enables us to extend the Layer 2 Switched Network over the Internet/MPLS domain. Even Spanning-tree Protocol works over it and End-to-End connectivity is available on the same Subnet. This is an alternative to the MetroEthernet Service (which is also a relatively new revolutionary technology providing L2 Ethernet services over long Distances) but with the added benefits of other MPLS services as well. This is known as Ethernet Pseudowire. There are 2 modes of Ethernet Pseudowire; Tagged mode and Raw mode. In the Tagged mode, each frame must have 802.1q tag attached and that tag is meaningful to both the local and End-point Routers. In the Raw mode, the tag may or may not be attached on to the frame and is not meaningful to both the End-points. You can effectively even run PPP over the MPLS network and then utilize the authentication services of PPP CHAP & PAP.

13

New ways of taking advantage of this Multi-faceted nature of MPLS are constantly being discovered and new usage and Applications are being developed. MPLS has been around for over a decade but continues to grow and give a new dimension to Networking. Another huge Application of MPLS, which isnt part of this research, is MPLS Multicast IP Forwarding; which supports Multicast services over MPLS and ensures they also get the QoS treatment. MPLS provides support for Fast ReRouting (FRR)

2.4

CEF
CEF or Cisco Express Forwarding is a Cisco Proprietary method of building a Cache of

entries in the routing to enable routing at wire Speed. It is a highly sophisticated L3 technology used to optimize networks by speeding up the route look-up process on Cisco devices. CEF is a prerequisite for MPLS on Cisco devices; i.e. all devices that intent to run MPLS should have CEF or any other form of Express-Switching enabled. This is because the 2 tables created when MPLS is created, i.e. LIB & LFIB (introduced in Chapter 2), are formed using and are dependent on the Cache created by CEF. CEF solves the First-Packet look-up problem by pre-building the Route Cache from the RIB, in the Data Plane.

2.4.1 Components of CEF

The 2 main Components of CEF are:i. Forwarding Information Base (FIB) FIB, quite simply, is the cache of the entire routing table. But it contains only the relevant information about the routes, like the prefix, mask, out interface, next-hop etc. When there is a change in the topology, the change also gets updated in the FIB. The Routing Table, known as the RIB, resides in the memory of the router and is thus slower to be sequentially looked up. It also contains other information about the routes such as tags, Administrative

14

Distance, source of update etc.; which are important but not needed for forwarding packets and consume quite a lot of memory. Such information is excluded from the FIB. ii. Adjacency Table It contains the L2 address of the IP next-hop of every entry in the FIB. This eliminates the need of ARP request being send when a packet for a particular destination arrives. Otherwise, there will be a slight delay because of the need to get the Layer 2 address. Therefore FIB alone isnt enough, the process of ARP requests actually take more time than routing table lookups. So having both the entries of the routing table and the L2 address against the next-hops of those entries in the cache, even before the first packet arrives, results in a significant speed up in routing and this is why it is referred to as Routing at Wire Speed or IP switching.

2.4.2 Evolution of CEF

Evolution of CEF can be summed up in 3 phases:i. Process Switching Routing table lookup was performed for every single packet, even for packets headed for the same destination, since there was no caching of routing table entries. Therefore the CPU had to be involved in every decision. This tended to be very slow and also processor intensive. ii. Fast Switching In Fast Switching, Routing table lookup was performed for only the First packet headed to a destination. After that a cache entry for that route was

15

created and the rest of the packets were switched using the Cache. This was a huge improvement from Process Switching but still wasnt fast enough as routing table still had to be consulted for the first packet for every network destination, and considering the thousands of routes typically present in the routing tables of routers; it still wasnt good enough. iii. CEF In CEF, entries in the routing table and the L2 address against the next-hops are Prebuilt even before the arrival of the first packet. Therefore CPU doesnt have to be involved in every routing decision. This enables routing at wire speed as it brings the process of routing into the hardware.

2.5

Modes of MPLS
There are 2 modes of MPLS:i. Frame-mode MPLS When MPLS is running on top of frame-based Layer 2 technologies like Frame-relay, Ethernet, PPP etc., it is called Frame-mode MPLS. Here the MPLS label gets attached between the Layer 2 and Layer 3 Header. ii. Cell-mode MPLS When MPLS is running on top of cell-based Layer 2 technologies like ATM, it is called Cell-mode MPLS. Here the Label are contained in the VPI and VCI fields of the ATM header.

16

Chapter 3

ARCHITECTURE AND WORKINGS OF MPLS

In this chapter, we will explain the Architecture of MPLS and how it Operates. It is important to know about the fundamental workings of MPLS in order to understand how its Application functions. Without a base one cannot built a tower; similarly without the base of MPLS structure, understanding the bigger picture is impossible. MPLS labels will be introduced and the fields in its Header will be talked about in depth. Then we look at how a MPLS router Label Switches a packet and how it behaves with incoming Labeled packets and with IP Packets. It is also important to understand the concept of the 2 logical planes in a router; the Control Plane and Data Plane, which will help in the better understanding of overall Architecture of MPLS.

3.1 Control Plane and Data Plane

A routing functionality can be divided into 2 Logical components:i. ii. Control Plane Data Plane

It is often wrongly mentioned that these 2 planes are the components of MPLS. But these 2 logical components exist even without MPLS. CEF also is based on these 2 components. Lets look at these 2 components in detail:-

3.1.1 Control Plane

This is where the Layer 3 intelligence lies. It is where routing protocols operate to exchange the routing information and Labels are exchanged. Everything which needs any intelligent decision and needs the CPU to get involved, consults the control plane. All

17

routing protocols like OSPF, IS-IS, EIGRP, RIP, BGP etc. and the protocols used to allocate and distribute labels like LDP, TDP, RSVP etc. operate here. Routing table or RIB and the Label Information Base (LIB) are found here. Decisions based on the Local Policies configured are taken here. Hence, it is slower. 2 major tables that reside over here:i. RIB Routing Information Base a.k.a Routing Table is formed from the information collected by the routing protocols. It contains the networks along with the subnet mask, route metric, route tag, route source, nexthop IP address, Administrative Distance and other relevant route information such as the route up-time etc. Only the best paths from the Routing Protocols Database make their way into the RIB. ii. LIB Label Information Base is the mapping of routes and the Local and remote labels associated with it. LIB is created from the RIB by Label Distribution protocols like TDP and LDP. They generate and assign a unique Locally-significant Label value to each entry in the RIB. So therefore, it can be said that LDP/TDP is dependent on the routing protocols. LDP/TDP then exchanges this Label information with other its neighbors. LDP Neighborship, Label Allocation, Distribution & Retention will be discussed in the next Chapter.

3.1.2 Data Plane

The Data Plane of a router has a very simple but efficient Forwarding Engine. The Cache of the Routing Table (RIB) and Label Table (LIB) along with the L2 Adjacency Table are found here; these are known as the Forwarding Information Base (FIB) and the Label

18

Forwarding Information Base (LFIB). The Data plane just forwards packets based on IP or Label information. Hence, it is Faster. 2 major tables that reside over here:i. FIB As already explained in the previous chapter, FIB is the Cache of all the entries in the RIB. If incoming packet is an IP packet then FIB is used. ii. LFIB LFIB is created from the FIB and the LIB. It is a Cache of all the entries in the FIB with the local Label, best remote label for it and the out interface. If the incoming packet is a Labeled packet then the LFIB is consulted.

FIG 3.1 FIB and LFIB

19

3.2 MPLS Label

A MPLS Label is a 32-bit long header which gets attached between the Layer 2 and Layer 3 Headers (In Frame-mode MPLS). Theoretically you can have an infinite number of MPLS Labels attached to the Packet, but having more than 4 labels attached at a time is considered to be a very poor solution. The receiving routers only use the top-most label. In a simple MPLS network only 1 label is attached to the Packet. Following are the Scenarios where more than 1 label is attached to a Packet at a time:i. MPLS VPNs (2 Labels) The top label indicates the BGP router-id of the remote PE router and the second label identifies the VPN. ii. MPLS TE (2 or more Labels) The top label indicates the end-point of the TE tunnel and the second label identifies the Destination. iii. MPLS VPNs along with MPLS TE (3 or more Labels) The top label indicates the end-point of the TE tunnel and the second label indicates the BGP router-id of the remote PE router and the third label identifies the VPN.

3.2.1 Structure of MPLS Label

A MPLS Label is made up of the following 4 fields:i. Label Value (20 bits) bits 0 -19 represent the MPLS label value and its a number. With 20 bits, 1048576 possible unique labels can be assigned. But Label 0 15 are reserved, so effectively Label number 16 onwards can be assigned to routes

20

in the routing table. Of the 16 reserved labels, label 0 and label 3 are of special significance to our research and understanding the workings of MPLS. Label 0 signifies Explicit Null, it is used to preserve the QoS markings as due to PHP the MPLS label gets popped at the second-last LSR and the QoS markings are Lost (more on this in the following Chapters). And Label 3 signifies Implicit Null; this label is generated by a router for its directly connected networks and advertised to its neighbors which instructs them to pop the MPLS label, rather than swapping, before sending the packet towards it. ii. Experimental Filed (3 bits) The EXP field is used to carry the QoS markings of the packets so that they can be appropriately treated throughout the MPLS domain. The routers in the MPLS domain do not look at the IP Header and just perform forwarding based on the Labels, therefore cannot provide the QoS services based on the ToS field in the IP Header. And ToS markings on incoming IP Packets are automatically copied into the EXP bits of the outermost MPLS Label. iii. Bottom-of-Stack Indicator (1 bit) There can be multiple labels attached to a packet, so the Bottom-of-Stack Indicator is used to indicate whether the next header is also an MPLS Label or whether this is the last MPLS Label and the next Header is an IP Header. The Bottom-of-Stack Indicator is only of 1 bit, which provides 2 possible values; 0 & 1. If the value is 0, that means that this is not the last Label in the Label Stack and the next header is also a Label. But if the value is 1, it indicates that this is the last label and the next header is an IP Header.

FIG 3.2 Bottom of-Stack

21

iv.

Time-to-Live Field (8 bits) The TTL value can be a maximum of 255. It is also copied from the TTL field in the IP Header and its value decrements on every router it passes through, by 1. It is an Infinite Loop avoidance Mechanism and if the TTL Value becomes 0, then the packet is dropped.

FIG 3.3 Time-to-Live When running MPLS, we have to change the size of the Maximum Transmission Unit (MTU) because a 4 byte (and up to 12 bytes) MPLS header is added which takes the size of the Frame to above maximum of 1500 bytes, due to which the router starts performing Segmentation. So usually it is configured to 1488 bytes to avoid Segmentation.

3.3 Label Switch Router & Label Switch Path

i. LSR A MPLS enabled router, which is completely within a MPLS domain, is called a Label Switch Router (LSR). It primarily swaps and forwards labeled packets. ii. Edge LSR A MPLS enabled router at the edge of a MPLS domain, connecting to the outside, is called an Edge Label Switch Router (Edge LSR). It primarily labels IP packets and forwards them into the MPLS domain or removes labels and forwards them out of the Domain.

22

iii.

LSP The Path followed by a Labeled packet through the MPLS Domain is known as the Label Switch Path or LSP. Normally it is Uni-directional. A router can be both an LSR and an Edge LSR; it depends on the path (LSP).

iv.

Ingress Edge LSR & Egress Edge LSR This again depends on the traffic direction. Ingress Edge LSR handles packets entering the MPLS Domain and Egress Edge LSR handles packets leaving the MPLS Domain. A Router can be an Ingress Edge LSR for one LSP and an Egress Edge LSR for another.

Every LSR performs 3 functions:i. ii. iii. Exchange Routing Information Exchange Labels Forward Packets

Function (i) and (ii) are part of the Control plane and Function (iii) is part of Data plane.

A LSR can perform:i. ii. Insert/impose a Label or a Stack of Labels (on Ingress) Swap a Label with another Label (in Core)

23

iii.

Remove/POP a label (on Egress)

3.3.1 Architecture of LSRs

i. Architecture of LRSs

FIG 3.4: Architecture of LRSs ii. Architecture of Edge LSRs

24

FIG 3.5 : Architecture of Edge LRSs

Chapter 4

LABEL ALLOCATION & DISTRIBUTION

We have seen Structure of The MPLS Labels, the Architecture of MPLS and LSRs and the functions of LSRs. Now its time to look at how the Labels are Allocated, Distributed and Retained and the Protocols responsible for it.

4.1 Difference between Tag Switching & MPLS

Before MPLS came into being, many vendors had their own proprietary form of forwarding packets based on Labels. Cisco had come up with Tag Switching. And basically MPLS of Today is a Standardized version of Tag Switching. Since MPLS is just the standardized version of Tag Switching, not much differences exist between the two, except difference in Terminologies and the fact that MPLS uses Label Distribution Protocol (LDP) and Tag Switching uses Tag Distribution Protocol (TDP). LDP runs on port 646 of both TCP and UDP; while TDP runs on port 711 of both TCP and UDP. Both LDP and TDP are identical in function but they use incompatible formats and thus are incompatible with each other; although they can coexist in the same MPLS Domain as long as any 2 peers are using the same protocol on the link between them. So this means that with 1 neighbor, you can peer with TDP and use LDP for another.

25

FIG 4.1: Tag Switching vs. MPLS 4.2 Label Distribution Protocol
Label Distribution Protocol (LDP) is the Protocol used by the LRSs to Allocate Labels against entries in the routing table and to Distribute and Request the Label-to-Prefix Bindings to its peer LSRs within the MPLS Domain. LDP also performs the function of Neighbor Discovery and establishes sessions with its neighbors to exchange the Label information. LDP uses port 646 of both TCP and UDP. It uses UDP for Hello messages, which are needed for neighbor Discovery and as a mechanism to check it the neighbor is still online or has gone down. TCP is used to actually form the neighborship and for creating the sessions between the peers to exchange the Label-to-Prefix bindings information.

26

LDP sends the Hello messages to the Multicast of 224.0.0.2. But a flavor of LDP, knows as Targeted LDP (tLDP), which is used to exchange the VPN labels between PE routers in MPLS VPNs use Unicast Hellos. LSRs establish LDP session per Label-Space. And in Per Platform Label Space, even if there are multiple links between 2 neighbors, only 1 session is established between them. TCP session is initialized by the LSR with the higher Router-Id, which is the highest loopback IP address on a Router or if there are no Loopback interfaces then the Highest IP on a Physical interface is taken as the Router-Id.

FIG 4.2 Label Distribution Protocol

4.3 Label Allocation, Distribution, Retention & LSP Control

4.3.1 Label Allocation/Assignment Every LSR in a MPLS Domain assigns a Label to every entry in its Routing Table using the Label Distribution Protocol. Based on the mode of MPLS, 2 forms of Label Assignment exist:i. Per Platform Label Assignment In Frame-mode MPLS, Label Assignment is Per Platform. In this type of Label Assignment, the same label is sent out all interfaces for every Prefix. Advantage:Size of the LIB, and subsequently, LFIB is reduced as there is only a single Label for every prefix (i.e. memory is saved).

27

Disadvantage:Its a Security loophole; if the confidentiality of the label assigned by an LSR, for a Prefix, on any 1 interface is compromised then a Hacker can take advantage of that situation knowing that the same label has been advertised for that Prefix out of all interfaces. ii. Per Interface Label Assignment In Cell-mode MPLS, Label Assignment is Per Interface. In this type of Label Assignment, different labels are sent out different interfaces for every Prefix. Advantage:Better Security as the loss of confidentiality of the label assigned by an LSR, for a Prefix, on any interface does not affect the confidentiality on others interfaces because of the different Labels being sent out all interfaces for every Prefix. Disadvantage:Size of the LIB, and subsequently, LFIB is increased significantly as there are multiple Local Labels for every prefix. And all this might be unnecessary given that, MPLS is only run on the inside interfaces of the networks.

4.3.2

Label Distribution After a LSR has assigned Labels to every Prefix in its RIB, LDP advertises these Local Labels to all its Peers. Here also 2 Strategies of Label Distribution exist:i. Unsolicited Downstream Label Distribution

28

Unsolicited means not Asked for or done Voluntarily. Hence in this type of Label Distribution, Labels are advertised to every Neighbor without them asking for it. Frame-mode MPLS uses this method. ii. On-Demand Downstream Label Distribution Here, Labels are given only to those neighbors who Request for it and only for the Prefixes they send Requests for. Cell-mode MPLS uses this method.

4.3.3

Label Retention Once the Labels have been Advertised or Requested, LSRs save/retain those received Labels in their LIB along with the Local Labels. Once again there are 2 types of Label Retention Mechanisms:i. Liberal Label Retention The LSRs retain all the Labels for every Prefix from all its Neighbors, in its LIB. Its known as Liberal because all Labels are retained, whether Good or Bad. Frame-mode MPLS has Liberal Label Retention. Advantage:Size of the LIB, and subsequently, LFIB is reduced as there is only a single Label for every prefix (i.e. memory is saved) Disadvantage:Its a Security loophole; if the confidentiality of the label assigned by an LSR, for a Prefix, on any 1 interface is compromised then a Hacker can take advantage of that situation knowing that the same label has been advertised for that Prefix out of all interfaces.

29

ii. Conservative Label Retention The LSRs retain only the Best Labels for every Prefix from all its Neighbors, in its LIB. This criterion of the Best Label for a Prefix is based on which is the Best Path for a Prefix in its Routing Table. Cell-mode MPLS employs Conservative Label Retention. Advantage:Better Security as the loss of confidentiality of the label assigned by an LSR, for a Prefix, on any interface does not affect the confidentiality on others interfaces because of the different Labels being sent out all interfaces for every Prefix. Disadvantage:Size of the LIB, and subsequently, LFIB is increased significantly as there are multiple Local Labels for every prefix. And all this might be unnecessary given that, MPLS is only run on the inside interfaces of the networks

4.3.4

Label Switch Path Control Label Switch Path Control represents the sequence in which the LSRs start allocating and exchanging Labels. Based on the mode of MPLS, 2 forms of Label Switch Path Control exist:i. Independent Path Control

ii. Ordered Path Control

30

4.4 Convergence in Frame-mode MPLS

Now that we have seen the Architecture of MPLS, working of LDP and creation of the various Tables; we can now put it together and see how Convergence in Frame-mode MPLS Network takes place. First the Routing Protocols perform convergence of the RIB. And due to CEF, FIB is created from the RIB. And when you enable MPLS, LIB is created from the TIB using LDP; then LFIB is created from LIB and FIB (i.e. Best Label appears with the Best Path in the most concise way). If a path goes down, then due to the routing protocols, the next best path gets installed in the RIB and similarly the FIB and the LFIB also get updated to represent the change. Now, in the Data Plane of the router, 2 tables exist along with the Adjacency Table; the FIB and the LFIB. Now, when a packet reaches this LSR, if this incoming packet is an IP packet its gets routed via the FIB; and if it is a Labeled Packet then the LFIB get consulted and the label is swapped according to it and switched out the specified Out Interface.

FIG 4.3 :Frame Mode MPLS

31

4.5 PHP
Penultimate Hop Popping (PHP) is a mechanism designed to increase the efficiency and speed of an MPLS network by preventing Double Lookup; which is a problem that occurs on the Last hop router, which has to first lookup the LFIB and pop the label and then lookup the FIB to route it based on the destination IP address. For example, if a packet enters the MPLS domain on R1 and is destined to the 10.0.0.0/8 network connected out R4, it gets labeled with a Label value of 17, which was advertised by R2 for the 10.0.0.0/8 network, and get forwarded towards R2; at R2 the LFIB gets consulted and seeing the entry there it swaps the label with the new Label value 18, that was advertised by R3, and gets forwarded to R3. At R3 the same procedure is repeated and the packet gets its label swapped with a new label value of 19, which was advertised by R4, and forwarded to R4. The packet, now labeled with a value of 19, reaches R4 where it gets looked up in the LFIB; the LFIB, shows that now the label must be untagged. So now R4 pops the label and consults the FIB to route the packet based on its Destination IP, and gets sent out the specific interface. ThusR4 had to perform a Double Lookup.

FIG 4.4: Double lookup

32

Using PHP, the Label is popped at the Second-Last (penultimate) LSR (R3) before being sent to the last LSR (R4) in this LSP which, seeing that its an IP packet, routes it via the FIB. Thus the last LSR is spared the burden of a Double Lookup, i.e. the lookup of both the LFIB and FIB before forwarding the packet.

FIG 4.5: PHP Single Lookup This mechanism is made possible by having every LSR advertise a special Label 3 for its directly connected networks, and the Edge LSRs asking of Untagged packets for networks outside the MPLS domain. The Label 3 is a reserved Label value, which indicated the Popping of the label after it has been switched via the LFIB and is being forwarded to the next LSR. This way the Last LSR only has to make 1 lookup instead of 2, and therefore the problem of double lookup is avoided.

33

Chapter 5

MPLS VPN TECHNOLOGY

This Chapter looks at the MPLS VPN Technologies that revolutionized the whole concept of VPNs and connectivity. We will first look at the history of VPNs as a whole, then explain the difference between other VPNs and MPLS VPNs and the advantages of MPLS VPNs over them. This leads into the Architecture and workings of MPLS VPNs along with the concepts of VRF, RDs, RTs, address-families, MP-BGP, Complex VPNs etc. Then we look at the in depth structure of a Complex VPN and the detailed steps required to configure one. We will follow this with an example of a complex VPN and how communication takes place after configuring it.

5.1

History Of VPNs
As an Organization grows, it starts building more sites and offices in different locations. And to establish Network Connectivity between these sites, it has 2 options, either to take a really long cable and connect them together (which is not feasible) or to get connectivity solution from a third party, i.e. a Service Provider. This is where the concept of Leased Lines comes in; here the Service Provider makes physical circuits through its network and reserves a specific bandwidth for each of its customer. Now this bandwidth is physically dedicated to that customer, and it cannot be utilized or shared by anyone else; even the Service Provider cannot use it. This turned out to be the major reason that leased lines used to be so expensive. Nowadays the cost of getting Leased Lines has come down significantly; but its still expensive for smaller organizations. And due to this limitation the SP does not and also cannot allocate more than a certain amount of bandwidth for each of customers. This also ends up with a SP limited to provide service to a small amount of customers. The Arrival of Virtual Circuit Technologies, such as Frame-Relay and ATM, provided the service providers the ability logically allocate Bandwidth to its customers through the concept of Virtual-circuits. This allowed the SP to serve out more Bandwidth to its customers than it actually had available based to the knowledge that not everyone uses

34

all of their bandwidth all of the time. This also led to the reduction of costs. But this Technology had the problem of Sub-Optimal Routing, which means that traffic uses a link more than once to reach to the destination i.e. it does not take the best path. All this was due to the way VCs worked. It was cheaper than the Leased Lines but was still expensive as compared to DSL lines and this was due to the burden the SP had taken upon itself of managing the VCs and also because of the wastage of the SPs bandwidth and processing due to Sub-optimal Routing. With the arrival of IPSec, another solution was for the companies to get plain old DSL lines and to configure an IPSec tunnel over it for confidentiality. This was the cheapest solution the companies but they had to take the burden of configuration upon them. And this resulted in significant amounts of network downtime due to the problems arising with the IPSec negotiation phases and configurations mistakes. So some companies suffered more than they gained. Then came the revolutionary concept of MPLS VPNs. Here the SP is involved in the customer routing, to prevent Sub-Optimal routing, and is also responsible for the privacy of the customer. For the customers its like having their sites connected as if they were directly connected, while also getting value-added services such as Internet connectivity and QoS.

5.2

Overlay VPNs Vs Peer-to-Peer VPNs

i.

Overlay VPNs In Overlay VPNs, the Service Provider just provides Layer 1 and Layer 2 connectivity and the customer builds Layer 3 connectivity. The SP is not involved in the customers routing; i.e. the SP doesnt know about the routes of the customer. The customer directly exchanges the routing information. Advantage:Simple to Configure Disadvantage:Sub-Optimal Routing, as the SP doesnt know about the customer routes.

35

ii. Peer-to-Peer VPNs In Peer-to-Peer VPNs, the Service Provider provides up to Layer 3 connectivity and is involved in the customer routing; i.e. customer routes are exchanged with the service provider. Advantage:Optimal Routing Disadvantage:-

Difficult to manage
MPLS VPNs combine the best features of both Overlay VPNs and Peer-to-Peer VPNs. But technically MPLS VPNs are Peer-to-Peer VPNs. MPLS VPNs remove the load from the customers for configuring the VPN. The SP is responsible for Creating, Maintaining and Troubleshooting the VPNs. But MPLS VPNs are easier to configure, change, maintain and troubleshoot than traditional Peer-to-Peer VPNs which required huge amounts of configurations to maintain privacy of customer routes and required complex changes in multiple locations each time a new customer was added.

5.3

Architecture & Workings MPLS VPNs

The real meaning of VPNs is that it allows you to use you Private addresses over a public network. This poses a unique problem, in the IPv4 address space the address blocks reserved for private addressing are the 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 subnets. So different organizations can have overlapping Address space and the biggest challenge in Peer-to-Peer VPNs is to keep the customer routes separate; i.e. to avoid getting the customer routes from getting mixed up. But in MPLS VPNs, the customer exchanges routes with the Service Provider. If this happens the routes of different customers will enter the routing table of the SP routers get mixed up and neither will the SP be able to route packets to the correct destination. So for this problem there are 2 solutions:i. Dedicate a Separate router for each Customer (not feasible) ii. Use VRFs

36

5.3.1 Virtual Routing and Forwarding

Virtual Routing and Forwarding (VRF) is the concept that allows the SP to avoid getting the customer routes mixed up. VRFs logically divide the router into multiple routers; i.e. Different Routing Tables are created for each customer. If everything was to be stored in a single Global Routing Table then multiple Customers, using the same networks, will have their routes confused or there will be confusion on where to send the data. We can solve this problem using route-maps and route-tags, but that is a very difficult configuration and management. And will also be processor intensive. Therefore VRFs are created, where there are different routing tables for different customers. The Global routing table will also be present and will contain only the Service Providers local routes, for convergence within the SP Cloud.

5.3.2 Route Distinguisher & Route Target

Route Distinguisher (RD) is a BGP Extension and Route Target (RT) is a BGP Extended Community Attribute, and are commonly given the same value but their functions are completely different. RD is a 64-bits tag, associated with each VRF, which is attached to the customer routes to make them unique throughout the MPLS Domain and to keep the customer routes separate from each other. Every VRF is assigned a Unique RD. IPv4 + RD = VPNv4

32-bits + 64-bits = 96-bits Add the RD to the IPv4 route gives us a new unique 96-bits route known as a VPNv4 route. Now each customers routes, which were same, become unique throughout the Domain.

37

Route Target is an attribute of the VPNv4 route, using which we can control (or Filter) if a route can go to a particular customers VRF. It is used for exporting and importing routes to a particular VRF. RD is always the same for all the routes in a VRF; but RT can be multiple and different for every route within a VRF. This gives us more flexibility to control which route are to be Exported & which are to Imported and in which VRF. RD becomes a part of the Route and RT becomes an Attribute of the route.

5.3.3 Multiprotocol Border Gateway Protocol

The customer routes, after coming into the MPLS domain, are no longer IPv4 routes as a unique RD has been added to them and they have become VPNv4 routes. Normal routing protocols cannot carry these routes; they can carry on IPv4 routes. Therefore a special flavor of BGP, known as Multiprotocol-BGP, is used to carry these routes from one PE router to the next. Since one of MPLSs advantages was that the core LSRs do not need to have the customers routes in their routing tables in order to forward packets toward them, the only protocol that could have been used here was BGP as BGP peers do not have to be directly connected in order to exchange routing information. And since BGP here is configured within a single AS, the flavor of BGP run is internal BGP (iBGP); or more specifically MP-iBGP. Another point to be noted is that the BGP neighborship should be activated under the VPNv4 Address-family also; otherwise it wont carry the VPNv4 routes. And also, as with the normal BGP, it must also be told to send the Extended BGP Community attributes; otherwise they wont be sent along with the routes.

5.3.4 VPN Label

Its a Unique Label generated for each route and is attached, by the PE, before the MPLS Label for customer packets which will tell the other PE router which VRF to look into for the destination of this Packet.

38

5.3.5 Address-Families
Since now we have multiple routing tables (VRFs), we now require routing protocols dedicated to only a single VRF; otherwise the routes will get mixed. Unfortunately for some routing protocols, we can only start a single instance on 1 router; like for BGP and RIP. This is because BGP can have only 1 Autonomous System (AS) running on 1 router and RIP doesnt have any identifier or AS number. The solution here is to run multiple Address-Families under these protocols, with each address family dedicated to a single VRF. OSPF and EIGRP can have a separate process ID or AS dedicated to a particular VRF, so there is no need to configure any Address-family over there.

5.3.6 Intranet VPN Vs Extranet VPN

When a customer/organization/company communicates with only its own sites, its called an Intranet VPN. Here, only ones own RT is Exported and Imported at the different sites. When different customers/organizations/companies communicate/connect with each other, its called Extranet VPN. Here, the RTs of the customers wishing to communicate with each other is imported into their VRFs.

5.4

Complex VPNs (with Case Study)

Complex VPNs are Network Management VPNs, Internet-Access VPNs, Extranet VPN etc.; where sites of different companies exchange some of the routes, by Importing some of the RTs into their VRFs, and communicate with each other. The ability to easily configure and maintain Complex VPNs is the Biggest feature of MPLS based VPN technology.

39

FIG 5.1 MP_eBGP Consider the above Topology of a MPLS Network. There are 2 customers namely Customer A and Customer B; each having 2 sites in remote locations. For connectivity they decided to enlist the services of a Service Provider. Since they wanted the ability to use their private address through the service provider and didnt want to get into the hassle of configuring a VPN themselves and also wanted QoS, they decided to get a MPLS based VPN link between their sites.

40

Within the Service Provider Domain, an IGP is running which is needed so that there is complete convergence within the SP domain. This IGP is for the SPs own routes and populates the Global routing table. MPLS is running and LDP is enabled on all the internal links in the domain. LDP has allocated Labels against all the entries in the RIB and has exchanged the labels with its peers. Now all the LSRs in the Domain have a fully converged FIB and RIB, the process of which was discussed earlier in this chapter, and is ready for Label Switching. Also the SP needs to setup iBGP between all its PE routers. The Core routers do not have to run BGP. The SP creates 2 VRFs on both its PE routers, which are connected to the Customers sites. Under the VRFs, a unique RD is defined for both customers. The interfaces connected to Customer As sites are made a part of Customer As VRF and interfaces connected to Customer Bs sites are made part of the Customers VRF. Now a routing protocol, of the customers choice, is run on those links and the customer routes are exchanged with the SP (on the SP these IGPs are dedicated to this VRF, or must have an instance of address-family dedicated to it). These customer routes will appear in the associated VRFs rather than the global routing table. The SP then mutually Redistributes between the customer IGP and the MP-iBGP under the address-family for IPv4 and of that VRF; this is done on both PE routers. But these routes wont be redistributed into BGP and back into the customer IGP at the other end. We have to define which RTs have to be exported and which has to be imported at all VRFs. Now, the customer tells the service provider which all routes it wants to be exchanged with the other side. The SP will then mark those routes with RT values and define Import/Export actions for each. The customer routes, attached with the RD, become unique VPNv4 routes and are carried by BGP; these routes then get redistributed to the appropriate VRF on the other end. (Note: Another point to be noted is that the BGP neighborship should be activated under the VPNv4 Address-family also; otherwise it wont carry the VPNv4 routes. And also, as with the normal BGP, it must also be told to send the Extended BGP Community attributes; otherwise they wont be sent along with the routes). Lets just create a scenario in which the Customer A and Customer B have decided to start communication between 2 of their sites. They tell the SP which all routes should be

41

available to each other. The SP then just has to go into the customer VFRs, on the appropriate PE, and just Import the RTs which represent those routes. And this simple

configuration makes communication of only those specific routes possible between those sites. Now these are Extranet VPNs. To configure Internet-Access VPNs, the SP just has to import the RTs associated with the internet routes into the requesting customers VRF.

5.5

SuperBackbone and Sham Links

Both these are concepts related to OSPF being used as the Customer IGP. All the sites of the Customer can use any OSPF area between them; but there is a Rule in OSPF that different Areas should and can only communicate with each other through the Backbone area; i.e. Area 0. Here, the MPLS domain acts as a SuperBackbone and makes the communication between the disjoint areas possible. And the IGP used by the SP within the network doesnt have to be OSPF; it can be any IGP of the SPs choice but will still appear to the customer as a SuperBackbone. Although the first portion is just a concept; there arises an interesting problem which is that the routes going from one customer site to another appear as Inter-Area routes (OIA) rather as Intra-area routes (O). And the rule for preference of a route is O>OIA>OE; regardless of the Metric. So it the MPLS VPN is taken as the Primary Link by the customer and has a 128 kbps modem link as a Backup link. OSPF will prefer the routes coming via the backup link because they appear in the Database as Intra-Area routes (via O). And this route alone will be installed in the customer routing table and all this traffic will use that extremely slow backup link instead of the primary. So the solution here is to creates Sham Links in the SP domain to make the routes appear via O instead of OIA.

42

Chapter 6

MPLS TE

This chapter explains a huge Application of MPLS, i.e. MPLS Traffic Engineering, and the concepts behind them. We will look at what MPLS TE is and how and where it is used. Every Big Technology is bound to be misunderstood in some way or in some point of time; therefore, We will also uncover some of the Myths and Misconceptions about TE. Then we will discuss the ways it can be implemented and the benefits that can be achieved.

6.1

Misconceptions about TE
One of the Biggest Misconception and Myth about MPLS Traffic Engineering is that it is often considered and stated that MPLS is a QoS feature. This is completely False. The truth is that while MPLS TE can be used to reroute traffic from congested paths to alternative paths, it contains none of the inherent QoS features like guaranteed bandwidth, priority, queuing techniques, congestion avoidance, policing or shaping. Such features have to be implemented separately on top of the MPLS TE/VPN, through MPLS QoS; which is discussed in depth in the next chapter. The implementation of MPLS TE in a network does not improve the Quality of any of its Services. It is designed to tackle a different type of problem and provide some value-add features. Another one is that TE increases network Convergence speed. MPLS fast Rerouting does indeed help to reroute traffic within 50ms of a link failure. But it cannot reduce the convergence time as it is the work of IGPs and associated with its Hello and Dead intervals and how fast it can resynchronize with its IGP peer.

6.2

What MPLS TE really is

MPLS TE is the preferred method of performing Policy Based Routing (PBR) in a MPLS based Network or can be better defined as the process of routing traffic across another path to facilitate efficient use of the available Bandwidth. TE is not a concept

43

introduced by MPLS; it has been around for a long time. The art of Engineering the Traffic to follow a custom path or an auto-discovered path, other than the primary path, is called Traffic Engineering. In simple IP Networks its called PBR, in Frame-relay networks its called Frame-relay Traffic Engineering/Shaping and in ATM its called ATM TE. But Traffic Engineering in those network architectures was tedious, extremely complicated and also processor intensive. MPLS combines speed of Layer 2 TE with the intelligence of Layer 3. TE in an IP network is complicated and in an ATM network its more feasible but has a requirement of having the Layer 3 topology to be fully meshed in order to achieve the proper benefits and also has a few problems that arise when a link goes down. Therefore the advantages of MPLS TE over other methods of TE are:i. The Headend router (where the tunnel starts) can dictate the paths that the other routers will forward the traffic through, i.e. the policy is only defined at the Headend router, unlike in an IP network where each routers decisions are independent and therefore policies have to be defined on all hops. ii. The biggest advantage of MPLS based TE is that it provides a combination of ATM's TE capabilities along with ToS based packet differentiation of an IP Network. MPLS uses the reachability information generated by the routing protocols; but all IGPs (except Cisco proprietary EIGRP) only select equal Paths with the least metric/cost to be installed in the routing table. Since Labels are assigned against the entries in the RIB, therefore in a straightforward MPLS network the labeled packets will also follow the exact same path that they would have followed in a pure IP Network. Using the same and only the best path can lead to congestion of these links and reduction of the capability of the network due to underutilization of the Alternative/backup paths. TE is Requirement where there is congestion; but TE is not only limited to be used only when there is congestion. It can also be used for custom/service-based routing i.e. to setup a selected path for specific customers or for specific type of data. The more

44

appropriate term to be used is that, It can be created for traffic belonging to a particular FEC to follow a custom path or a path where they wont have to face delay.

6.3

How MPLS TE Works

One of the requirements of MPLS TE is that it requires a Link-state routing protocol, i.e. OSPF or IS-IS, to be running as the IGP within the MPLS domain. This is because MPLS TE needs to create a TE Link-state Database in order to perform its function of creating a tunnel, Auto-routing over it and dictating the path to be followed. In OSPF, LSA type 10 (Opaque LSA) is used for MPLS TE. An instance of OSPF which uses LSA 10, i.e. uses constraints rather than just cost, uses a special flavor of Dijkstras Shortest Path First (SPF) known as Constrained SPF (CSPF) or Path-calculation (Pcalc). These constraints can be loading, reliability or the maximum Data that can be transferred on a link. The simple SPF algorithm just looks at the Cost. Cisco uses Resource Reservation Protocol (RSVP) to implement Traffic Engineering. RSPV performs the function of reserving resources throughout the network and creates a tunnel, to send the data. These tunnels are one-way and return traffic will take the normal path and so if we want the return traffic to also take a different path then another tunnel has to be setup for that. Labels are also allocated against this path, i.e. for this tunnel, and are distributed throughout the MPLS Domain like the other labels. Once a TE tunnel is created using RSVP, there are 3 ways traffic can be forwarded down:i. ii. iii. Auto-route Static Routes Policy Routing

6.4

Tunnel Formation and Priority

For every tunnel formation, the RSVP first starts signaling through the desired tunnel path requesting a certain amount of specified bandwidth to be reserved for this tunnel; if that particular amount of bandwidth is not available at any of the hops then the tunnel

45

wont form and RSVP will test another path (if configured) if it can reserve that particular amount of bandwidth. Each Tunnel has 2 associated priorities with it:i. Setup Priority There can be multiple tunnels and this decides which has the better priority and sets up the tunnel for it. Values are 0-7; and lower value represents higher priority. ii. Holding Priority The Holding priority comes into effect after a Tunnel has been established. If a new tunnel is to be formed then if the Setup priority of the new one is Lower (i.e. better) than the Holding priority of the second then the old tunnel is torn down and the new one is setup.

46

Chapter 7

MPLS QOS

After having looked at the Complete Architecture and in depth workings of MPLS and its Applications of Unicast IP Forwarding, MPLS VPNs and MPLS TE, we now move on to the Biggest feature of MPLS and one of the most important Topics in Networking; which is MPLS QoS. QoS consists of Policies and Strategies applied for better utilization of Network Resources. In todays modern Networks, where Voice, Video and other Critical Application like SQL replication also travel through the network along with the regular data, even having MPLS VPNs and TE isnt sufficient as by default all types of packets are given the same type of treatment; which is Best-Effort delivery. Therefore even temporary congestion, delay or link failure can seriously affect those applications. Delay, Jitter and packet loss become normal and the business critical applications suffer. The major enemies of Voice are latency, jitter and packet loss. For voice, the maximum delay that can be experienced end to end is 150ms in order to maintain a high level of quality. The tool belt of QoS can be used prioritize these sensitive and critical packets. These days QoS is not only used for prioritizing critical applications and enhancing productivity, But its also used for Security purposes and for maintaining network availability (HA) in events of Denial of Service or worm attacks. So, in this We hope to discuss QoS in depth and demonstrate the ways to fully utilize the tool belt of QoS in order to maintain and serve the needs of the networks of today. We will first look at the 2 models of QoS; IntServ and DiffServ. Then we will discuss the tools that make up QoS and how they are incorporated in MPLS. Before beginning, its important to understand that MPLS itself does not introduce any new QoS Architecture; it uses the IP QoS Architecture of Differentiated Services Code Point (DiffServ). The only major difference comes in the place of the QoS markings and how it behaves on every Hop in the MPLS domain & its behavior in case of label Swapping, Label Imposition and with the feature of PHP and the rules it follows in coping the QoS markings when coming into the MPLS domain or going out of it.

47

7.1

IntServ and DiffServ

The Default model of QoS is Best-Effort delivery i.e. no model; It is First Come, First Serve service. The actual 2 QoS models are:7.1.1 Integrated Services Here all hops are integrated on certain specified QoS Policies/Parameters. It is in Advance guaranteed QoS using continuous signaling; this is also called Flowbased QoS. The common, short name that it is normally known by is IntServ. IntServ uses Resource Reservation Protocol (RSVP) to provide the signaling and to reserve the resources (bandwidth) on all hops through the network before sending the important traffic. And if the resources cannot be reserved then this QoS mechanism fails. IntServ is a Rigid QoS and is thus not suitable over Public networks such as the Internet; because no one has the control over all the devices over the Internet and thus resources cannot be reserved end-to-end. one-way tunnels to sent traffic. It is only suitable in Private Networks and for MPLS TE, which utilizes RSPV to reserve resources and form

7.1.2 Differentiated Services Differentiated Services, or DiffServ as it is normally known, is the QoS model of todays modern networks. It is Hop-based QoS. It does not require any Signaling or in Advance QoS Assurance. Every type of data is treated according to the Organizations Requirements. This method of QoS is flexible and is suitable for Public Network like the Internet and also for Private Networks.

48

MPLS itself does not introduce any new QoS Architecture; it uses the DiffServ Architecture. The rest of this chapter will focus on the Architecture of DiffServ and how & where it can be utilized to achieve optimal network utilization and improve Productivity.

7.2

MQC and NBAR

In Cisco, there are 5 ways to configure QoS. But the best and most recommended method is of MQC, which is an acronym for Modular QoS Command-line-interface. Packets are classified into class-maps and these can call upon access-lists, prefix-lists, route-maps or can match interfaces, IP Precedence / DSCP value, packet size directly or can use NBAR to match protocols by their name. These class-maps become templates/groups/classes, identified by unique names, which can be called in policymaps to apply policies to them or just mark them. Then this policy-map is applied to the required interface. These class-maps and policy-maps are reusable and can be edited or deleted without affecting each other, that why this method is called Modular. Network Based Application Recognition (NBAR) is a very powerful tool created by Cisco, using which we can identify applications and protocols on the basis of their names. It uses deep packet inspection, identifying packets at the Application Layer. It identifies packets by their Signature, i.e. it searches for the offset bit in the data payload of the packet, which identifies what sort of packet it is. This is a very powerful feature as there are a lot of Applications, viruses and worms which use Port Tunneling to pretend to be traffic of another type or just use random port numbers that can be difficult to match otherwise. NBAR is also used in Firewalls and IPS devices to inspect and identify traffic because of this powerful feature. This feature is only available on Cisco Devices.

7.3

Classification and Marking Classification and Marking are the 2 Fundamental blocks of QoS. 49

7.3.1 Classification
Classification means to classify/categorize the data/packets into separate classes or groups. Classification can be on the basis of a number of things. It can be based on:i. ii. iii. iv. v. vi. vii. Etc Source/Destination IP Port number Protocol (Using NBAR) Input Interface Packet size/length Mac address IP precedence/DSCP markings

7.3.2 Marking
Marking means to color or mark packets with certain values after they have been identified so that they can be easily recognized elsewhere and be treated accordingly. Classification of packets utilizes resources (especially in case of NBAR) and having to Classify them on every hop can slow things down. Therefore, they are Classified on any one device (its recommended that classification be done as close to the source as possible) and then marked/colored so that when it goes to the next device it can be easily identified. Marking is of 2 types:-

50

i.

Layer 2 marking Marking is in the layer 2 header. For Ethernet, there is the 3-bit field of Class of Service (CoS); in MPLS, the EXP bits are used for it; Frame-relay has the Discard Eligible (DE) bit for this purpose etc.

ii. Layer 3 marking Marking is in the IP header. The IP header has an 8-bit field of Type of Service (TOS) that is reserved for this purpose. Why Layer 3 marking is used when we have Layer 2 marking:y Layer 2 marking is limited only to the segment is on and loses its marking alone with the entire L2 header when the frame moves to the next segment. y While Layer 3 marking is end-to-end and maintains its properties across the Network. 7.3.2.1 CoS Marking Its an 8-bits Field in the Ethernet header. But only the first 3-bits are used for marking. 3-bits give us 8 different values (0-7).

FIG 7.1: COS Markings Table

51

Values 6 and 7 are reserved for a routers own generated traffic like routing updates, CDP, STP etc. 7.3.2.2 ToS Marking Its Field in the IP header which is also of 8-bits. On the basis of this there are 2 types of Markings:i. IP Precedence In IP Precedence, only the first 3-bits are used for making. Again we have 8 different values (0-7). Markings are exactly similar to the CoS markings.

FIG 7.2 : IP Precedence Values ii. Differentiated Services Code Point (DSCP) This is the newer strategy of marking packets. It uses the entire 8bits, although the last 2 bits are reserved for Explicit Congestion Notification (ECN). ECN is used by PCs to generate notification if it experiences congestion on its link. Of the remaining 6 bits, the first 3 are known as Class Selector (CS) or Per Hop Behavior

52

(PHB). The PHBs Value is better when higher. The next 2 bits are used to represent Drop Probability (DP). The sixth bit is not used (its always 0). The Drop Probability provides further Segregation; i.e. if 2 packets have the same PHB, then the one with the Lower DP will be preferred.

FIG 7.3 DSCP 7.3.2.3 MPLS EXP bits Marking In MPLS, the 3 EXP bits are used to carry the QoS markings. Once again, we have 8 different (0-7) marking Values. They are exactly the same as the CoS or the IP Precedence values. When a packet enters into the MPLS domain, the IP Precedence markings are automatically copied to the top most label and these get copied to the next Label on every hop as the Label is swapped. The Explicit Null, i.e. Label value 0, is specifically designed for QoS as due to PHP the Label is popped at the second-last

53

LSR and the QoS markings are lost. Therefore an Explicit Null label, i.e. a blank, label is attached for the sole purpose of carrying the QoS markings to the last router.

7.4

Congestion Management
Congestion management is performed with the help of Queuing Techniques. Congestion Management techniques come into effect when and If there is congestion; i.e. Congestion Management only kicks in when there is Congestion on the

Interface until there is no effect. Only 75 percent of the links bandwidth is available to be assigned to the software Queues. 25 percent is reserved for the routers own Traffic. When there is a speed mismatch or if there are a lot of Packets and all of them
cannot be sent due to congestion on the link then they are not discarded but are put into Queue.

7.4.1 Types of Queues

Queues are of 2 types:i. Hardware Queue All routers have a Hardware Queue at each interface called TxRing. Its based on the principle if First In First Out (FIFO), and this behavior cannot be changed. Since it cannot be changed, therefore we cannot give any priority to any type of packets. ii. Software Queue These queues can be Created, Manipulated and Deleted in the routers RAM and then can be based on any Queuing Principle so we can decide which packets will enter the Hardware Queue First.

54

7.4.2 Queuing Techniques

There have been many different types of Queuing Techniques, which have been used and have kept evolving according to the requirements. In that sense, the Queuing techniques available these days on routers can be divided into 2 categories:-

i.

Legacy Queuing Techniques

These are considered legacy techniques and are not used often these days, but they are still provided as option in the IOS. These queues have combined and evolved into the newer techniques. Major ones include:a. Fair Queue In FIFO, the packet which starts getting buffered first is the first to go out of the interface. In Fair Queuing, the packet which first gets Completely Buffered will be sent out first rather than the one which first starts getting buffered; because that packet is the one which had to wait the Longest Time after getting buffered. b. Weighted Fair Queue (WFQ) It is also known as Flow Based Queuing (FBQ). It serves the packets with higher weight first. Different flows are created and packets are put in to those based on their weights. Different flows have different priorities and the scheduler serves the higher priority flow first. One disadvantage of WFQ that we cannot decide which packets are going in which flow and how to serve each flow it is all decide by the IOS. WFQ is the default Queuing technique on links of less than 2 MB. On high speed serial links the default queuing is FIFO.

55

c. Priority Queue Priority Queue defines 4 Queues which are High, Medium, Normal and Low. All Queues are treated sequentially, but priority wise:Low < Normal < Medium < High. Traffic in the High Queue is processed first, followed by others in their respective order. But if some traffic comes again in the High Queue, then the Scheduler will move back to the High Queue. High Queue is always served before the others and till there is any packet in the High Queue, the scheduler will keep serving it. Traffic type which is not mentioned under any Queue will fall under Normal. d. Custom Queue There are 16 Queues and none of them has higher priority than others. It is sort of a Round Robin Queue. But if traffic comes in two Queues at the same time then the one with lower Queue number will be forwarded first followed by the other. By default each queue is given data size of 1500 bytes, the scheduler will serve 1500 bytes for each queue before moving to the next in a round robin fashion, so, all queues are equal. But we can increase the byte size to be served for different Queues.. Queue 0 is reserved for the routers own traffic. The Data type which is not configured under any Queue will fall under Queue 1.

ii. Modular Queuing Techniques

These are configured using the MQC technique and are the modern Queuing techniques:a. Class Based Weighted Fair Queue (CBWFQ) b. Low Latency Queue (LLQ)

56

7.4.2.1 Class Based Weighted Fair Queue This is a combination of the legacy Queuing Techniques of Custom Queue and Weighted Fair Queue. Here Weights, i.e. Bandwidths, are allocated to different classes of data according to their importance. Using classes we can decide which traffic goes to which Queue and you can make up to 64 Queues (but practically managing them is very difficult). We can also

decide how the scheduler serves each Queue. There is also a classdefault created automatically which matches all other packets; you assign bandwidth to it also and you can also configure flow-based WFQ within the class-default (you can configure it under other classes). This Queue is an Ideal queue for Data, but Voice may still suffer
from delays. In CBWFQ, bandwidth is guaranteed but not the Delay

for that we use LLC.

In the above diagram, voice class is given a guaranteed bandwidth and class Data is guaranteed 8 kbps during congestion. When there is no congestion they can utilize any amount of bandwidth.

57

7.4.2.2 Low Latency Queue This is a combination of the legacy Queuing Techniques of Custom Queue, Weighted Fair Queue and the Priority Queue. Here Priority is allocated only to one class (class for voice) and Bandwidth is allocated to the remaining classes of data according to their importance; i.e. Priority Queue for Voice and CBWFQ for the remaining classes. LLQ is also known as Strict Priority Queue. This is an Ideal Queue for VoIP.

Here, of the 21 kbps available for user traffic, Data will be given 8 kbps but as soon as Voice packets come then the whole Bandwidth (21 kbps) will be given to it and the Data packets will be put into the Queue or will be discarded. Here, Voice is given 21 kbps with Priority.

Here this 21 Kbps is the minimum and also the maximum when there is congestion. But when there is no congestion, then it can use how much ever bandwidth it wants. In LLC, priority means that it should stop a packet comes in it, which will break the cycle and comes to serves this Queue, Delay is minimized in LLC. You can give priority to multiple classes, But internally the Router creates only 1 Queue for all those with Priority. But if one of those classes have 64 kbps priority and the other

58

has 128 kbps then the scheduler will only serve them on the basis of how much they are given, which is first will only get 64 kbps and the other will only get 128 kbps and extra packets will be dropped.

7.5

Congestion Avoidance
Congestion Management techniques kick in only when there is congestion. But to Avoid Congestion happening, Congestion Avoidance is used. Default behavior of a link, when the threshold limit is reached, is Tail Drop. Problems of tail Drop:

y y y y

Low Performance Jitter Packet Retransmission TCP Session Synchronization

To avoid Tail Drop we use RED or WRED. RED stands for Random Early Detection, WRED stands for Weighted Random Early Detection. The router starts only randomly dropping the packets from the Queues when a particular Threshold is reached so that the Queue wont fill up and tail drop will wont occur which will eventually can result in global TCP slowstart synchronization which can result in inefficient link usage. We define a minimum threshold after which packets are randomly dropped, and a maximum threshold after which Tail drop will start occurring. RED (Random Early Detection):

y y y

Maximum Threshold Minimum Threshold MPB (Mark Probability Demonstration)

MPB is Packet Drop Ratio. Its the maximum number of packets it can drop in between the minimum threshold and maximum threshold.

59

MPB =1/10 (default) Max 2000 Packets

Min 1200 Packets

RED determines 2 levels:-

i. ii.

Minimum Threshold Maximum Threshold

Data packets under minimum threshold are forwarded as usual. But after crossing Minimum Threshold, by default every 10th packet will be randomly dropped to avoid Congestion. Even after configuring RED, if Data Packets reach the Max. Threshold, then the Tail Drop will occur. By default threshold is assigned according to the IP precedence. If there is only one type of traffic coming in to a class, then configure the maximum Threshold to the max size of Queue, so that the space in the Queue wont be wasted. Problems of RED:- It Treats all types of traffic equally i.e. will also Drop Voice Packets Randomly, Max. and Min. Threshold will also be same. Type of Protocol Min. Packets Max. Packets MPB HTTP FTP RTP 1200 1200 1200 2000 2000 2000 1/10 1/10 1/10

60

Cisco uses WRED (Weighted RED): different classes have different threshold and MPB according to their priority. WRED: Type of Protocol HTTP FTP RTP Min. Packets 1200 1400 1600 Max. Packets 2000 2000 2000 MPB 1/10 1/8 1/12

Profile Based Random early detection in which different applications have DSCP Base different Profiles. A Profile can be DHCP value Min Threshold value, Max Threshold value or MPB value.

7.6

Policing and Shaping

Traffic Policing and Shaping is used to get consistent performance from the network if there is congestion or even if there is no congestion. It also gives you control over the network. Both are used in similar circumstances but react differently. If a user exceeds his bandwidth, in traffic policing you drop the excess traffic; and in traffic shaping you Buffer to excess traffic and send it later when the user is under his limit. Traffic Shaping can only be in the out bound direction (because there is buffering). In the Traffic Policing can be applied both ways. Traffic Shaping can be applied on the Customer Edge.

7.6.1 Token Bucket

The measurement tool for both policing and shaping, for measuring traffic, is called Token bucket It is the Measurement Tool through which we can measure, if the Traffic has exceeded the limit or not. In this concept, there is a bucket which is full of to tokens

61

and each traffic before going out has to take a token otherwise it cannot pass fate of the traffic without to them will be decided on the basis of whether you are using traffic policing or shaping. There are three things in Bucketing:1. Rate (CIR- Committed Information Rate) 2. BC (Committed Burst) 3. Interval (TC) And the formulae for it is CIR= Bc/Tc
Where:CIR in bps, Bc is in bits and Tc in seconds Bps=bits/seconds CIR is the limit to which we want to limit Bc is the number of tokens in the Token bucket. Be- Excess Burst

You can give two values and the other will be calculated by the router. Or you can give just one value (CIR) and it will assume the second and calculate the third. Normally it assumes the TC for sec or 1/8 sec or 1/16 sec. 10 msec is the minimum value you can configure, but setting a lower value of TC will increase the load on the processer.

7.6.2 Shaping
Traffic Shaping is only possible when your traffic is busty but not possible if traffic is consistently high. Traffic Shaping is also required when there is a speed miss match. For example, in a hub and spoke scenario, where the Hub sit has a 2 mbps link but remote sites links are of lower bandwidth. Here the spoke links can choke, so we have to apply shaping on the head side.

62

Shape Average VS Shape Peak:i. Shape Average Shaping is on Bc (The IOS just adds to the Bc bucket and adds excess Be (if any) from previous interval to the Be). ii. Shape Peak Shaping is on Be. (The IOS keeps adding the Be to the bucket in each time Interval along with adding to the Be bucket)

In shaping, the buffer (a queue) is based on FIFO by default. But we can create separate Queues and also change the Algorithm.

7.6.3 Policing
1. Single Rate Two Colors No Be concept, only Bc is there. Two color means there is only 2 things:i. ii. Either The Traffic Conforms Or it Exceeds

2. Single Rate Three colors There is separate bucket for Be. Here you can either use Tokens from Bc or Be but not from both. 3 colors because:i. ii. Conform: Which can be served from the Bc Exceed: Which can be served from the Be iii. Violate: Which cannot be served from either Bc nor Be

63

3. Two Rate Three colors Two buckets i.e. Bc and Be And 3 actions:Conform, Exceed or Violate Here Policing is on the Peak; tokens are added to the Be buckets also at every interval. Here if a packet comes and wants a certain amount tokens, that amount will be subtracted from Bc and Be.

7.7

WAN Efficiency Mechanism

These days and especially in the case of MPLS, these techniques are no longer used because of the large amounts of Bandwidth available and also because of the lack of significant benefits of these techniques. But they are still available as options in the Tool Belt

1.

Link Fragmentation Interleaving:Problem: - Freezing of Prioritized Data over the link which is we are prioritizing over voice packets and sending it out of the interface first. But there are already a lot of large Data Packets traveling on the link due to which the voice packets will experience delay. Using LFI we divide the large data packet into smaller chunks and then sent on the link (these packets may not be sent continuously). Large Packets freeze out voice on slow WAN links.

2.

Compression:-

Is of 2 types:i. ii. Header Compression

Compression of the RTP and/or TCP header

Payload Compression Compression of the Payload; i.e. of Data

64

Chapter 8

SERVICE PROVIDER CONFIGURATION

Here we wish to demonstrate how a MPLS based Service Provider network is configured. The topology is carefully designed so that it can cover all the concepts explained in this Project. The configurations are performed on GNS 3, which is a Network emulator and uses the real Cisco IOS. The routers used are all 2691 series Cisco routers with IOS version12.4.

FIG 8.1 Service Provider Configuration

65

FIG 8.2 GNS 3

FIG 8.3 CRT- Progam

66

8.1

Layer 3 Convergence
First and foremost thing required is that the routing tables of all the routers with the SP should be converged; i.e. the internal reachability should be achieved. For this purpose we run OSPF process ID 1 and having the whole domain in Area 0. on PE-1 PE-1>enable PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)# PE-1(config)#router ospf 1 PE-1(config-router)# PE-1(config-router)#router-id 11.1.1.1 PE-1(config-router)# PE-1(config-router)#network 11.1.1.1 0.0.0.0 area 0 PE-1(config-router)#network 192.168.14.1 0.0.0.0 area 0 PE-1(config-router)#network 192.168.13.1 0.0.0.0 area 0 PE-1(config-router)# PE-1(config-router)#end PE-1#

on PE-2 PE-2>enable PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z.

67

PE-2(config)# PE-2(config)#router ospf 1 PE-2(config-router)# PE-2(config-router)#router-id 22.2.2.2 PE-2(config-router)# PE-2(config-router)#net 22.2.2.2 0.0.0.0 area 0 PE-2(config-router)#net 192.168.25.2 0.0.0.0 area 0 PE-2(config-router)#net 192.168.27.2 0.0.0.0 area 0 PE-2(config-router)# PE-2(config-router)#end PE-2# on PE-3 PE-3>enable PE-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-3(config)# PE-3(config)#router ospf 1 PE-3(config-router)# PE-3(config-router)#router-id 33.3.3.3 PE-3(config-router)# PE-3(config-router)#network 33.3.3.3 0.0.0.0 area 0 PE-3(config-router)#network 192.168.13.3 0.0.0.0 area 0 PE-3(config-router)#network 192.168.13.3 0.0.0.0 area 0 PE-3(config-router)#network 192.168.34.3 0.0.0.0 area 0 PE-3(config-router)#

68

PE-3(config-router)#end PE-3# on P-1 P-1>enable P-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-1(config)# P-1(config)#router ospf 1 P-1(config-router)# P-1(config-router)#router-id 44.4.4.4 P-1(config-router)# P-1(config-router)#network 44.4.4.4 0.0.0.0 area 0 P-1(config-router)#network 192.168.14.4 0.0.0.0 area 0 P-1(config-router)#network 192.168.34.4 0.0.0.0 area 0 P-1(config-router)#network 192.168.45.4 0.0.0.0 area 0 P-1(config-router)#network 192.168.46.4 0.0.0.0 area 0 P-1(config-router)# P-1(config-router)#end P-1#

on P-2 P-2>enable P-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-2(config)#

69

P-2(config)#router ospf 1 P-2(config-router)# P-2(config-router)#router-id 55.5.5.5 P-2(config-router)# P-2(config-router)#network 55.5.5.5 0.0.0.0 area P-2(config-router)#network 192.168.25.5 0.0.0.0 area 0 P-2(config-router)#network 192.168.45.5 0.0.0.0 area 0 P-2(config-router)# P-2(config-router)#end P-2# on P-3 P-3>enable P-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-3(config)# P-3(config)#router ospf 1 P-3(config-router)# P-3(config-router)#router-id 66.6.6.6 P-3(config-router)# P-3(config-router)#network 66.6.6.6 0.0.0.0 area 0 P-3(config-router)#network 192.168.67.6 0.0.0.0 area 0 P-3(config-router)#network 192.168.46.6 0.0.0.0 area 0 P-3(config-router)# P-3(config-router)#end P-3#

70

on P-4 P-4>enable P-4#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-4(config)#router ospf 1 P-4(config-router)#router-id 77.7.7.7 P-4(config-router)#network 77.7.7.7 0.0.0.0 area 0 P-4(config-router)#network 192.168.27.7 0.0.0.0 area 0 P-4(config-router)#network 192.168.67.7 0.0.0.0 area 0 P-4(config-router)#end Now the Layer 3 network of the MPLS Sp is converged and reachability has been ensured.

FIG 8.4 CRT-Program Showing MPLS SP

71

Now we can configure BGP to establish session between the edge devices:On PE-1 PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)# PE-1(config)#router bgp 1 PE-1(config-router)# PE-1(config-router)#no auto-summary PE-1(config-router)#no synchronization PE-1(config-router)# PE-1(config-router)#bgp router-id 11.1.1.1 PE-1(config-router)# PE-1(config-router)#nei 22.2.2.2 remote-as 1 PE-1(config-router)#nei 22.2.2.2 update-source loopback 0 PE-1(config-router)# PE-1(config-router)#nei 33.3.3.3 remote-as 1 PE-1(config-router)#nei 33.3.3.3 update-source loopback 0 PE-1(config-router)# PE-1(config-router)#end PE-1#

On PE-2 PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z.

72

PE-2(config)# PE-2(config)#router bgp 1 PE-2(config-router)#no auto-summary PE-2(config-router)#no synchronization PE-2(config-router)# PE-2(config-router)#bgp router-id 22.2.2.2 PE-2(config-router)# PE-2(config-router)#neighbor 11.1.1.1 remote-as 1 PE-2(config-router)#neighbor 11.1.1.1 update-source loopback 0 PE-2(config-router)# PE-2(config-router)#neighbor 33.3.3.3 remote-as 1 PE-2(config-router)#neighbor 33.3.3.3 update-source loopback 0 PE-2(config-router)# PE-2(config-router)#end PE-2#

On PE-3 PE-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-3(config)# PE-3(config)#router bgp 1 PE-3(config-router)# PE-3(config-router)#no auto-summary PE-3(config-router)#no synchronization PE-3(config-router)#

73

PE-3(config-router)#bgp router-id 33.3.3.3 PE-3(config-router)# PE-3(config-router)#neighbor 11.1.1.1 remote-as 1 PE-3(config-router)#neighbor 11.1.1.1 update-source loopback 0 PE-3(config-router)# PE-3(config-router)#neighbor 22.2.2.2 remote-as 1 PE-3(config-router)#neighbor 22.2.2.2 update-source loopback 0 PE-3(config-router)# PE-3(config-router)#end

8.2

Enabling MPLS
After we have a converged network, the next step is to enable MPLS over the network. on PE-1 PE-1# PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)# PE-1(config)#ip cef PE-1(config)#mpls ip PE-1(config)#mpls label protocol ldp PE-1(config)#mpls ldp router

74

PE-1(config)#mpls ldp router-id loopback 0 PE-1(config)#interface fastEthernet 0/0 PE-1(config-if)#mpls ip PE-1(config-if)#mpls label protocol ldp PE-1(config-if)# PE-1(config-if)#int fastEthernet 0/1 PE-1(config-if)#mpls ip PE-1(config-if)# PE-1(config-if)#end PE-1#

On PE-2 PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#ip cef PE-2(config)#mpls ip PE-2(config)#mpls label protocol ldp PE-2(config)#mpls ldp router-id loopback 0 PE-2(config)# PE-2(config)#int fastEthernet 0/0 PE-2(config-if)#mpls ip PE-2(config-if)#int fastEthernet 0/1 PE-2(config-if)#mpls ip

75

PE-2(config-if)# PE-2(config-if)#end PE-2#

On PE-3 PE-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-3(config)# PE-3(config)#ip cef PE-3(config)#mpls ip PE-3(config)#mpls label protocol ldp PE-3(config)#mpls ldp router-id loopback 0 PE-3(config)# PE-3(config)#int serial 0/0 PE-3(config-if)#mpls ip PE-3(config-if)# PE-3(config-if)#int fastEthernet 0/1 PE-3(config-if)#mpls ip PE-3(config-if)# PE-3(config-if)#end PE-3#

On P-1 P-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z.

76

P-1(config)# P-1(config)#ip cef P-1(config)#mpls ip P-1(config)#mpls label protocol ldp P-1(config)#mpls ldp router-id loopback 0 P-1(config)# P-1(config)#int fastEthernet 0/0 P-1(config-if)#mpls ip P-1(config-if)#int fastEthernet 0/1 P-1(config-if)#mpls ip P-1(config-if)#int serial 0/0 P-1(config-if)#mpls ip P-1(config-if)#int fastEthernet 1/0 P-1(config-if)#mpls ip P-1(config-if)# P-1(config-if)#end P-1#

On P-2 P-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-2(config)# P-2(config)#ip cef P-2(config)#mpls ip P-2(config)#mpls label protocol ldp

77

P-2(config)#mpls ldp router-id loopback 0 P-2(config)# P-2(config)#int fastEthernet 0/0 P-2(config-if)#mpls ip P-2(config-if)#int fastEthernet 0/1 P-2(config-if)#mpls ip P-2(config-if)# P-2(config-if)#end P-2#

On P-3 P-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-3(config)# P-3(config)#ip cef P-3(config)#mpls ip P-3(config)#mpls label protocol ldp P-3(config)#mpls ldp router-id loopback 0 P-3(config)# P-3(config)#int fastEthernet 0/0 P-3(config-if)#mpls ip P-3(config-if)#int serial 0/0 P-3(config-if)#mpls ip P-3(config-if)# P-3(config-if)#end

78

P-3#

On P-4 P-4#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-4(config)# P-4(config)#ip cef P-4(config)#mpls ip P-4(config)#mpls label protocol ldp P-4(config)#mpls ldp router-id loopback 0 P-4(config)# P-4(config)#int fastEthernet 0/1 P-4(config-if)#mpls ip P-4(config-if)#int serial 0/0 P-4(config-if)#mpls ip P-4(config-if)# P-4(config-if)#end

After MPLS has been enabled, all LSRs will generate labels against the entries in the RIB and the exchange these labels with each other, as described earlier, resulting in the formation of LIB and subsequently LFIB.

79

FIG 8.5 CRT-Program Displaying MPLS- Forwarding Info. Table

8.3

Creating VRFs
The concepts of VRFs have been explained earlier. Now we create separate VRFs for each customer and then run Routing protocols with the CE routers in order to exchange routes with the customer. On PE-1 PE-1#conf t Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)# PE-1(config)#ip vrf Customer_A PE-1(config-vrf)#rd 1:1 PE-1(config-vrf)#route-target import 10:1

80

PE-1(config-vrf)#route-target export 10:1 PE-1(config-vrf)# PE-1(config-vrf)#exit PE-1(config)#interface fa1/0 PE-1(config-if)#ip vrf forwarding Customer_A % Interface FastEthernet1/0 IP address 1.1.1.1 removed due to enabling VRF Customer_A PE-1(config)#interface fa1/0 PE-1(config-if)#ip vrf forwarding Customer_A PE-1(config-if)#ip address 1.1.1.1 255.255.255.0 PE-1(config-if)# PE-1(config-if)#exit PE-1(config)#ip vrf Customer_B PE-1(config-vrf)# PE-1(config-vrf)#rd 1:2 PE-1(config-vrf)#route PE-1(config-vrf)#route-target import 20:1 PE-1(config-vrf)#route-target export 20:1 PE-1(config-vrf)# PE-1(config-vrf)#exit PE-1(config)#int ser0/0 PE-1(config-if)#ip vrf forwarding Customer_B % Interface Serial0/0 IP address 3.1.1.1 removed due to enabling VRF Customer_B PE-1(config-if)# PE-1(config-if)#ip address 3.1.1.1 255.255.255.0

81

PE-1(config-if)# PE-1(config-if)#end PE-1#

On PE-2 PE-2#conf t Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#ip vrf Customer_A PE-2(config-vrf)#rd 1:1 PE-2(config-vrf)#route-target import 10:1 PE-2(config-vrf)#route-target export 10:1 PE-2(config-vrf)#exi PE-2(config)#int fa1/0 PE-2(config-if)#ip vrf forwarding Customer_A % Interface FastEthernet1/0 IP address 2.1.1.2 removed due to enabling VRF Customer_A PE-2(config-if)# PE-2(config-if)#ip address 2.1.1.2 255.255.255.0 PE-2(config-if)#exi PE-2(config)# PE-2(config)#ip vrf Customer_B PE-2(config-vrf)#rd 1:2 PE-2(config-vrf)#route-target export 20:1 PE-2(config-vrf)#route-target import 20:1 PE-2(config-vrf)#

82

PE-2(config-vrf)#exit PE-2(config)# PE-2(config)#int ser0/0 PE-2(config-if)#ip vrf forwarding Customer_B % Interface Serial0/0 IP address 4.1.1.2 removed due to enabling VRF Customer_B PE-2(config-if)# PE-2(config-if)#ip address 4.1.1.2 255.255.255.0 PE-2(config-if)# PE-2(config-if)#end PE-2#

On PE-1 (ospf 11 for Customer A site 1) PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)# PE-1(config)#router ospf 11 vrf Customer_A PE-1(config-router)# PE-1(config-router)#domain-id 0.0.0.11 PE-1(config-router)#router-id 1.1.1.1 PE-1(config-router)# PE-1(config-router)#network 1.1.1.1 0.0.0.0 area 0 PE-1(config-router)# PE-1(config-router)#end PE-1#

83

On PE-2 (ospf 11 for Customer A site 2) PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#router ospf 11 vrf Customer_A PE-2(config-router)# PE-2(config-router)#domain-id 0.0.0.11 PE-2(config-router)# PE-2(config-router)#router-id 2.1.1.2 PE-2(config-router)#network 2.1.1.2 0.0.0.0 area 0 PE-2(config-router)# PE-2(config-router)#end PE-2#

On PE-1 (RIP for Customer B site 1) PE-1#conf t Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)#router rip PE-1(config-router)#version 2 PE-1(config-router)#no auto-summary PE-1(config-router)# PE-1(config-router)#address-family ipv4 vrf Customer_B PE-1(config-router-af)# PE-1(config-router-af)#version 2

84

PE-1(config-router-af)#no auto-summary PE-1(config-router-af)#network 3.0.0.0 PE-1(config-router-af)#end

On PE-2 (static route for Customer B site 2) PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#ip route vrf Customer_B 192.168.1.0 255.255.255.0 serial 0/0 PE-2(config)# PE-2(config)#end PE-2#

on Customer-A1 and Customer-A2 routers ospf can be run according to the customer's choice here we run it in the most basic way:-

on Customer-A1 Customer-A1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Customer-A1(config)# Customer-A1(config)#router ospf 11

85

Customer-A1(config-router)#network 0.0.0.0 0.0.0.0 a 0 Customer-A1(config-router)# Customer-A1(config-router)#end Customer-A1#

on Customer-A2 Customer-A2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Customer-A2(config)# Customer-A2(config)#router ospf 11 Customer-A2(config-router)#network 0.0.0.0 0.0.0.0 a 0 Customer-A2(config-router)# Customer-A2(config-router)#end Customer-A2#

on Customer-B1 Customer-B1#conf t Enter configuration commands, one per line. End with CNTL/Z. Customer-B1(config)#router rip Customer-B1(config-router)#no auto-summary Customer-B1(config-router)#version 2 Customer-B1(config-router)#network 3.0.0.0 Customer-B1(config-router)#network 10.0.0.0 Customer-B1(config-router)#network 172.16.0.0 Customer-B1(config-router)#

86

Customer-B1(config-router)#end Customer-B1#

on Customer-B2 Customer-B2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Customer-B2(config)# Customer-B2(config)#ip route 0.0.0.0 0.0.0.0 serial 0/0 Customer-B2(config)# Customer-B2(config)#end

Customer-B2#

FIG 8.6 CRT- Progam- VRF Routes

87

8.4

VPNv4 and Redistribution in IPv4 address families

Now the VPNv4 and IPv4 address families are configured in BGP and redistribution in performed between the IGP for each customer and the BGP. On PE-1 PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)#router bgp 1 PE-1(config-router)#address-family vpnv4 PE-1(config-router-af)# PE-1(config-router-af)#neighbor 22.2.2.2 activate PE-1(config-router-af)#neighbor 22.2.2.2 send-community extended PE-1(config-router-af)# PE-1(config-router-af)#end

On PE-1 PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)#router bgp 1 PE-2(config-router)# PE-2(config-router)#address-family vpnv4 PE-2(config-router-af)# PE-2(config-router-af)#neighor 11.1.1.1 activate PE-2(config-router-af)#nei 11.1.1.1 send-community extended PE-2(config-router-af)#

88

PE-2(config-router-af)#end PE-2#

On PE-1 (Redistribution for Customer A site 1)

PE-1(config)# PE-1(config)#router bgp 1 PE-1(config-router)# PE-1(config-router)#address-family ipv4 vrf Customer_A PE-1(config-router-af)# PE-1(config-router-af)#redistribute ospf 1 match internal external 1 external 2 PE-1(config-router-af)# PE-1(config-router-af)#exit PE-1(config-router)#exit PE-1(config)# PE-1(config)#router ospf 11 vrf Customer_A PE-1(config-router)# PE-1(config-router)#redistribute bgp 1 subnets PE-1(config-router)# PE-1(config-router)#end PE-1#

89

On PE-2 (Redistribution for Customer A site 2) PE-2(config)# PE-2(config)#router bgp 1 PE-2(config-router)# PE-2(config-router)#address-family ipv4 vrf Customer_A PE-2(config-router-af)# PE-2(config-router-af)#redistribute ospf 1 match internal external 1 external 2 PE-2(config-router-af)# PE-2(config-router-af)#exit PE-2(config-router)#exit PE-2(config)# PE-2(config)#router ospf 11 vrf Customer_A PE-2(config-router)# PE-2(config-router)#redistribute bgp 1 subnets PE-2(config-router)# PE-2(config-router)#end PE-2#

On PE-1 (Redistribution for Customer B site 1)

PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)#

90

PE-1(config)#router bgp 1 PE-1(config-router)# PE-1(config-router)#address-family ipv4 vrf Customer_B PE-1(config-router-af)# PE-1(config-router-af)#redistribute rip metric 1 PE-1(config-router-af)# PE-1(config-router-af)#exit PE-1(config-router)#exit PE-1(config-router)#address-family ipv4 vrf Customer_B PE-1(config-router-af)# PE-1(config-router-af)#redistribute bgp 1 met transparent PE-1(config-router-af)# PE-1(config-router-af)#end PE-1#

On PE-1 (Redistribution for Customer B site 2) PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#router bgp 1 PE-2(config-router)# PE-2(config-router)#address-family ipv4 vrf Customer_B PE-2(config-router-af)# PE-2(config-router-af)#redistribute static metric 1

91

PE-2(config-router-af)#redistribute connected route-map CUST_B_INTERFACE PE-2(config-router-af)#exit PE-2(config-router)#exit PE-2(config)# PE-2(config)#route-map CUST_B_INTERFACE PE-2(config-route-map)# PE-2(config-route-map)#match interface ser0/0 PE-2(config-route-map)# PE-2(config-route-map)#end PE-2#

FIG 8.6 Customer A1- Info. note that both Customer A and Customer B use the 10.0.0.0/8 networks in their site 1

92

but the pings from their site 2 go to their respective sites instead of the other's site even with them having overlapping address spaces. this proves that the customer routes are kept separate from each other within the MPLS domain and are not confused from eactother.

Testing results can be seen via "Traceroute"

FIG 8.7 Customer A2 Info.

93

FIG 8.8 Customer B2- Info.

8.5

Configuring Complex VPNs

Suppose Customer A and Customer B want their sites (site 2) to communicated with each other and only between their 20.1.1.0/24 and 192.168.1.0/24. This can be done easily on the PE routers so that these specific routes are exchanged between the two. On PE-2(routes from A to B) PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#access-list 20 permit 20.1.1.0 0.0.0.255

94

PE-2(config)# PE-2(config)#route-map EXPORT_A2 permit 5 PE-2(config-route-map)# match ip address 20 PE-2(config-route-map)# set extcommunity rt 100:2 PE-2(config-route-map)#route-map EXPORT_A2 permit 7 PE-2(config-route-map)# set extcommunity rt 10:1 PE-2(config-route-map)#exit PE-2(config)#ip vrf Customer_A PE-2(config-vrf)# PE-2(config-vrf)# export map EXPORT_A2 PE-2(config-vrf)# route-target import 200:2 PE-2(config-vrf)# PE-2(config-vrf)#end

On PE-2(routes from B to A) PE-2#conf t Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#access-list 17 permit 192.168.1.0 0.0.0.255 PE-2(config)# PE-2(config)#route-map EXPORT_B2 permit 5 PE-2(config-route-map)# match ip address 17 PE-2(config-route-map)# set extcommunity rt 200:2

95

PE-2(config-route-map)#route-map EXPORT_B2 permit 7 PE-2(config-route-map)# set extcommunity rt 20:1 PE-2(config-route-map)#exit PE-2(config)# PE-2(config)#ip vrf Customer_B PE-2(config-vrf)# PE-2(config-vrf)# export map EXPORT_B2 PE-2(config-vrf)# route-target import 100:2 PE-2(config-vrf)#end PE-2#

On the PE1 router we have to import these new RTs as well for their respective VRFs

On PE-1 PE-1#conf t Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)#ip vrf Customer_A PE-1(config-vrf)# route-target import 100:2 PE-1(config-vrf)#exit PE-1(config)# PE-1(config)#ip vrf Customer_B PE-1(config-vrf)# route-target import 200:2 PE-1(config-vrf)#end

96

PE-1#

8.6

Internet Access VPNs

Customer As site 1 need the internet routing table to get connected to the internet. So we

configure vrf for the internet on PE3 and then using RTs import those specific routes over to Customer As site 1

On PE-3

PE-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-3(config)#ip vrf INTERNET PE-3(config-vrf)#rd 99:99 PE-3(config-vrf)#route-target both 99:99 PE-3(config-vrf)#route-target import 10:1 PE-3(config-vrf)#exit PE-3(config)# PE-3(config)#int ser0/1 PE-3(config-if)#ip vrf forwarding INTERNET % Interface Serial0/1 IP address 5.1.1.3 removed due to enabling VRF INTERNET PE-3(config-if)#ip add 5.1.1.3 255.255.255.0 PE-3(config-if)# PE-3(config-if)#exit PE-3(config)#

97

PE-3(config)#router bgp 1 PE-3(config-router)# address-family vpnv4 PE-3(config-router-af)# neighbor 11.1.1.1 activate PE-3(config-router-af)# neighbor 11.1.1.1 send-community extended PE-3(config-router-af)# exit-address-family PE-3(config-router)# ! PE-3(config-router)# address-family ipv4 vrf INTERNET PE-3(config-router-af)# neighbor 5.1.1.99 remote-as 99 PE-3(config-router-af)# neighbor 5.1.1.99 activate PE-3(config-router-af)# no synchronization PE-3(config-router-af)# exit-address-family PE-3(config-router)#end

On PE-1 PE-1(config)#ip vrf Customer_A PE-1(config-vrf)# route-target import 99:99 PE-1(config-vrf)#exit PE-1(config)# PE-1(config)#router bgp 1 PE-1(config-router)# PE-1(config-router)# address-family vpnv4 PE-1(config-router-af)# neighbor 33.3.3.3 activate PE-1(config-router-af)# neighbor 33.3.3.3 send-community extended PE-1(config-router-af)# exit-address-family PE-1(config-router)#end

98

FIG 8.9: Customer A1-Routes

8.7

Configure Sham Link

On PE-1

PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)# PE-1(config)#interface loopback 12 PE-1(config-if)#ip vrf forwarding Customer_A PE-1(config-if)#ip add 12.1.1.1 255.255.255.255 PE-1(config-if)# PE-1(config-if)#exit

99

PE-1(config)# PE-1(config)#router bgp 1 PE-1(config-router)#address-family ipv4 vrf Customer_A PE-1(config-router-af)#net 12.1.1.1 mask 255.255.255.255 PE-1(config-router-af)#exit PE-1(config)#router ospf 11 vrf Customer_A PE-1(config-router)# PE-1(config-router)#area 0 sham-link 12.1.1.1 21.1.1.1 cost 1 PE-1(config-router)# PE-1(config-router)#end

On PE-2 PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#interface loopback 21 PE-2(config-if)#ip vrf forwarding Customer_A PE-2(config-if)#ip add 21.1.1.1 255.255.255.255 PE-2(config-if)# PE-2(config-if)#exit PE-2(config)# PE-2(config)#router bgp 1 PE-2(config-router)#address-family ipv4 vrf Customer_A PE-2(config-router-af)#net 21.1.1.1 mask 255.255.255.255 PE-2(config-router-af)#exit

100

PE-2(config)#router ospf 11 vrf Customer_A PE-2(config-router)# PE-2(config-router)#area 0 sham-link 21.1.1.1 12.1.1.1 cost 1 PE-2(config-router)# PE-2(config-router)#end

FIG 8.10 Forming Sham-Link

8.8

MPLS TE Configuration

On PE-1 PE-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-1(config)# PE-1(config)#mpls traffic-eng tunnels

101

PE-1(config)# PE-1(config)#router ospf 1 PE-1(config-router)# PE-1(config-router)#mpls traffic-eng router-id loopback 0 PE-1(config-router)#mpls traffic-eng area 0 PE-1(config-router)# PE-1(config-router)#exit PE-1(config)# PE-1(config)#interface fastEthernet 0/1 PE-1(config-if)# PE-1(config-if)#mpls traffic-eng tunnels PE-1(config-if)#ip rsvp bandwidth 1000 PE-1(config-if)#exit PE-1(config)#interface tunnel 0 PE-1(config-if)# PE-1(config-if)#ip unnumbered loopback 0 PE-1(config-if)# PE-1(config-if)#tunnel destination 22.2.2.2 PE-1(config-if)#mpls traffic-eng tunnels PE-1(config-if)# PE-1(config-if)#tunnel mode mpls traffic-eng PE-1(config-if)#tunnel mpls traffic-eng bandwidth 256 PE-1(config-if)#tunnel mpls traffic-eng priority 0 0 PE-1(config-if)# PE-1(config-if)#tunnel mpls traffic-eng autoroute announce

102

PE-1(config-if)#tunnel mpls traffic-eng path-option 7 explicit name RESERVEDPATH PE-1(config-if)# PE-1(config-if)#exit PE-1(config)# PE-1(config)#ip explicit-path name RESERVEDPATH PE-1(cfg-ip-expl-path)# PE-1(cfg-ip-expl-path)#next-address 33.3.3.3 Explicit Path name RESERVEDPATH: 1: next-address 33.3.3.3 PE-1(cfg-ip-expl-path)#next-address 44.4.4.4 Explicit Path name RESERVEDPATH: 1: next-address 33.3.3.3 2: next-address 44.4.4.4 PE-1(cfg-ip-expl-path)#next-address 66.6.6.6 Explicit Path name RESERVEDPATH: 1: next-address 33.3.3.3 2: next-address 44.4.4.4 3: next-address 66.6.6.6 PE-1(cfg-ip-expl-path)#next-address 77.7.7.7 Explicit Path name RESERVEDPATH: 1: next-address 33.3.3.3 2: next-address 44.4.4.4 3: next-address 66.6.6.6 4: next-address 77.7.7.7 PE-1(cfg-ip-expl-path)#next-address 22.2.2.2

103

Explicit Path name RESERVEDPATH: 1: next-address 33.3.3.3 2: next-address 44.4.4.4 3: next-address 66.6.6.6 4: next-address 77.7.7.7 5: next-address 22.2.2.2 PE-1(cfg-ip-expl-path)# PE-1(cfg-ip-expl-path)#end

On PE-3 PE-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-3(config)# PE-3(config)#mpls traffic-eng tunnels PE-3(config)# PE-3(config)#router ospf 1 PE-3(config-router)# PE-3(config-router)#mpls traffic-eng router-id loopback 0 PE-3(config-router)#mpls traffic-eng area 0 PE-3(config-router)# PE-3(config-router)#exit PE-3(config)#int fa0/1 PE-3(config-if)#mpls traffic-eng tunnels PE-3(config-if)#ip rsvp bandwidth 1000 PE-3(config-if)#

104

PE-3(config-if)#int ser0/0 PE-3(config-if)#mpls traffic-eng tunnels PE-3(config-if)#ip rsvp bandwidth 1000 PE-3(config-if)# PE-3(config-if)#end PE-3#

On P-1 P-1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-1(config)# P-1(config)#mpls traffic-eng tunnels P-1(config)# P-1(config)#router ospf 1 P-1(config-router)# P-1(config-router)#mpls traffic-eng router-id loopback 0 P-1(config-router)#mpls traffic-eng area 0 P-1(config-router)# P-1(config-router)#exit P-1(config)#int ser0/0 P-1(config-if)#mpls traffic-eng tunnels P-1(config-if)#ip rsvp bandwidth 1000 P-1(config-if)# P-1(config-if)#int fa1/0 P-1(config-if)#mpls traffic-eng tunnels

105

P-1(config-if)#ip rsvp bandwidth 1000 P-1(config-if)# P-1(config-if)#end P-1#

On P-3 P-3#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-3(config)# P-3(config)#mpls traffic-eng tunnels P-3(config)# P-3(config)#router ospf 1 P-3(config-router)# P-3(config-router)#mpls traffic-eng router-id loopback 0 P-3(config-router)#mpls traffic-eng area 0 P-3(config-router)# P-3(config-router)#exit P-3(config)#int fa0/0 P-3(config-if)#mpls traffic-eng tunnels P-3(config-if)#ip rsvp bandwidth 1000 P-3(config-if)# P-3(config-if)#int ser0/0 P-3(config-if)#mpls traffic-eng tunnels P-3(config-if)#ip rsvp bandwidth 1000 P-3(config-if)#

106

P-3(config-if)#end On P-1 P-4#configure terminal Enter configuration commands, one per line. End with CNTL/Z. P-4(config)# P-4(config)#mpls traffic-eng tunnels P-4(config)# P-4(config)#router ospf 1 P-4(config-router)# P-4(config-router)#mpls traffic-eng router-id loopback 0 P-4(config-router)#mpls traffic-eng area 0 P-4(config-router)# P-4(config-router)#exit P-4(config)#int ser0/0 P-4(config-if)#mpls traffic-eng tunnels P-4(config-if)#ip rsvp bandwidth 1000 P-4(config-if)# P-4(config-if)#int fa0/1 P-4(config-if)#mpls traffic-eng tunnels P-4(config-if)#ip rsvp bandwidth 1000 P-4(config-if)# P-4(config-if)#end P-4#

107

On PE-2 PE-2#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-2(config)# PE-2(config)#mpls traffic-eng tunnels PE-2(config)# PE-2(config)#router ospf 1 PE-2(config-router)# PE-2(config-router)#mpls traffic-eng router-id loopback 0 PE-2(config-router)#mpls traffic-eng area 0 PE-2(config-router)# PE-2(config-router)#exit PE-2(config)# PE-2(config)#int fa0/1 PE-2(config-if)#mpls traffic-eng tunnels PE-2(config-if)#ip rsvp bandwidth 1000 PE-2(config-if)# PE-2(config-if)# PE-2(config-if)#end

108

FIG 8.11: MPLS TE

8.9

Implementing QoS Features

2 solutions offered. Some Customers may prefers to mark their packets by themselves. While some may ask the SP to do all the markings and to make sure that Voice is given priority. The following commands are to be given to all the Edge routers in the Service Proviser domain (i.e. on the PE routers). But the interfaces where they are to be implemented are different. On all PE routers

PE-X#enable

109

PE-X#configure terminal Enter configuration commands, one per line. End with CNTL/Z. PE-X(config)# PE-X(config)#class-map match-any VOICE PE-X(config-cmap)# PE-X(config-cmap)#match mpls experimental topmost 5 PE-X(config-cmap)#match protocol rtp PE-X(config-cmap)#match protocol skype PE-X(config-cmap)# PE-X(config-cmap)#exit PE-X(config)# PE-X(config)#class-map match-any CRITICAL_DATA PE-X(config-cmap)# PE-X(config-cmap)#match mpls experimental topmost 3 PE-X(config-cmap)#match protocol sqlnet PE-X(config-cmap)#match protocol sqlserver PE-X(config-cmap)#match protocol citrix PE-X(config-cmap)#exit PE-X(config)# PE-X(config)#class-map match-any TELNET_SSH PE-X(config-cmap)# PE-X(config-cmap)#match mpls experimental topmost 2 PE-X(config-cmap)#match protocol telnet PE-X(config-cmap)#match protocol ssh PE-X(config-cmap)#exit

110

PE-X(config)# PE-X(config)#class-map match-any WEB_TRAFFIC PE-X(config-cmap)# PE-X(config-cmap)#match mpls experimental topmost 1 PE-X(config-cmap)#match protocol http PE-X(config-cmap)#match protocol secure-http PE-X(config-cmap)# PE-X(config-cmap)#exit PE-X(config)# PE-X(config)# PE-X(config)#policy-map POLICY_1 PE-X(config-pmap)# PE-X(config-pmap)#class VOICE PE-X(config-pmap-c)#priority percent 30 PE-X(config-pmap-c)#set mpls experimental topmost 5 PE-X(config-pmap-c)#exit PE-X(config-pmap)# PE-X(config-pmap)#class CRITICAL_DATA PE-X(config-pmap-c)#bandwidth percent 25 PE-X(config-pmap-c)#set mpls experimental topmost 3 PE-X(config-pmap-c)#exit PE-X(config-pmap)# PE-X(config-pmap)#class WEB_TRAFFIC PE-X(config-pmap-c)#bandwidth percent 10 PE-X(config-pmap-c)#set mpls experimental topmost 1

111

PE-X(config-pmap-c)#exit PE-X(config-pmap)# PE-X(config-pmap)#class TELNET_SSH PE-X(config-pmap-c)#bandwidth percent 5 PE-X(config-pmap-c)#set mpls experimental topmost 2 PE-X(config-pmap-c)#exit PE-X(config-pmap)# PE-X(config-pmap)#class class-default PE-X(config-pmap-c)# PE-X(config-pmap-c)#fair-queue PE-X(config-pmap-c)#random-detect PE-X(config-pmap-c)#shape average percent 5 PE-X(config-pmap-c)#end PE-X#

The core routers do not need to inspect and then classify the packets, they can just look at the markings. On all Core LSRs

P-X>enable P-X#configure terminal Enter configuration commands, one per line. End with CNTL/Z.

112

P-X(config)# P-X(config)#class-map match-any VOICE P-X(config-cmap)# P-X(config-cmap)#match mpls experimental topmost 5 P-X(config-cmap)#exit P-X(config)# P-X(config)#class-map match-any CRITICAL_DATA P-X(config-cmap)# P-X(config-cmap)#match mpls experimental topmost 3 P-X(config-cmap)#exi P-X(config)# P-X(config)#class-map match-any TELNET_SSH P-X(config-cmap)# P-X(config-cmap)#match mpls experimental topmost 2 P-X(config-cmap)#exit P-X(config)# P-X(config)#class-map match-any WEB_TRAFFIC P-X(config-cmap)# P-X(config-cmap)#match mpls experimental topmost 1 P-X(config-cmap)#exit P-X(config)# P-X(config)# P-X(config)#policy-map POLICY_1 P-X(config-pmap)# P-X(config-pmap)#class VOICE

113

P-X(config-pmap-c)#priority percent 30 P-X(config-pmap-c)#exit P-X(config-pmap)# P-X(config-pmap)#class CRITICAL_DATA P-X(config-pmap-c)#bandwidth percent 25 P-X(config-pmap-c)#exit P-X(config-pmap)# P-X(config-pmap)#class WEB_TRAFFIC P-X(config-pmap-c)#bandwidth percent 10 P-X(config-pmap-c)#exit P-X(config-pmap)# P-X(config-pmap)#class TELNET_SSH P-X(config-pmap-c)#bandwidth percent 5 P-X(config-pmap-c)#exit P-X(config-pmap)# P-X(config-pmap)#class class-default P-X(config-pmap-c)# P-X(config-pmap-c)#fair-queue P-X(config-pmap-c)#random-detect P-X(config-pmap-c)#shape aver per 5 P-X(config-pmap-c)#end

The interfaces where they are to be implemented:

114

PE-1(config)#interface fastEthernet 0/1 PE-1(config-if)# PE-1(config-if)#service-policy output POLICY_1 PE-1(config-if)#exit PE-1(config)#interface fastEthernet 0/1 PE-1(config-if)#service-policy output POLICY_1 PE-1(config-if)#end

PE-2(config)#int fa0/0 PE-2(config-if)#service-policy output POLICY_1 PE-2(config-if)#int fa0/1 PE-2(config-if)#service-policy output POLICY_1 PE-2(config-if)#end

PE-3(config)#int fa0/1 PE-3(config-if)#service-policy output POLICY_1 PE-3(config-if)#int ser0/0 PE-3(config-if)#service-policy output POLICY_1 PE-3(config-if)#end

P-1(config)#int fa0/0 P-1(config-if)#service-policy output POLICY_1 P-1(config-if)#int fa0/1 P-1(config-if)#service-policy output POLICY_1

115

P-1(config-if)#int fa1/0 P-1(config-if)#service-policy output POLICY_1 P-1(config-if)#int ser0/0 P-1(config-if)#service-policy output POLICY_1 P-1(config-if)#end

P-2(config)#int fa0/0 P-2(config-if)#service-policy output POLICY_1 P-2(config-if)#int fa0/1 P-2(config-if)#service-policy output POLICY_1 P-2(config-if)#end

P-3(config)#int fa0/0 P-3(config-if)#service-policy output POLICY_1 P-3(config-if)#int ser0/0 P-3(config-if)#service-policy output POLICY_1 P-3(config-if)#end

P-4(config)#int fa0/1 P-4(config-if)#service-policy output POLICY_1 P-4(config-if)#int ser0/0 P-4(config-if)#service-policy output POLICY_1 P-4(config-if)#end

116

Fig 8.12: QOS Enabled

.

117

Summary

118

Limitations and Future work

The scope of this research has been limited to Frame-mode MPLS due to lack of ATM Hardware to perform practical research and demonstration on. Also, of the 5 major Applications of MPLS, only 3 namely MPLS Unicast IP Forwarding, MPLS VPNs and MPLS QoS were in the scope of this Research. Some of the technical details of every message type and session establishment havent been discussed in the depths that they can be. The Implementation, demonstration and study of behavior had been limited to Cisco hardware and could not be implemented and tested on the devices of other vendors due to lack of availability of their equipment. And finally, some apologies have to be made for our own personal limitations. A lot of Future work can be done on this present subject. Better ways can be researched for proper migration to this technology. Also, the 2 other major Applications of MPLS, i.e. MPLS TE and MPLS IP Multicast Forwarding can be further explored and can be made in to a separate research. MPLSs behavior with IPv6 can be studies and solutions be found for any potential problems. The emerging products to support this technology can be shed light upon. . A significant amount of research can be done on MPLS being used as an end-to-end protocol in Network communication. Also, MPLSs Architecture can be critically reviewed and ways suggested in which it can be even improved further

119

Bibliography

(MPLS Fundamentals2007) (MPLS and VPN Architectures, 2000) (MPLS and VPN Architectures, 2003) (MPLS Configuration, 2006) (MPLS Traffic Engineering, 2002) (MPLS/Tag Switching, 2011) (MPLS Point-toPoint Traffic Engineering Configuration, 2011) (MPLS VPN over IP Tunnels, 2008) (MPLS VPN Technology, 2007) (MPLS VPN VRF Selection, 2007) (MPLS VPNs Sham Link Support, 2011) (MPLS VPN QoS Design, 2011) (MPLS Quality of Service ,2011) (Overview of QoS, 2006) (QOS Over MPLS VPNs,2007)

Luc De Ghein. MPLS Fundamentals, Indianapolis USA :Cisco Press 2007

Jim Guichard, Ivan Pepelnjak, Jeff Apcar. MPLS and VPN Architectures VOL I Indianapolis USA :Cisco Press 2000 Jim Guichard, Ivan Pepelnjak, Jeff Apcar. MPLS and VPN Architectures VOL II Indianapolis USA :Cisco Press 2003 Umesh Lakshman, Lancy Lobo. MPLS Configuration on Cisco IOS Software Indianapolis USA : Cisco Press 2006 Eric Osborne, Ajay Simha. Traffic Engineering with MPLS Indianapolis USA : Cisco Press 2002 http://docwiki.cisco.com/wiki/MPLS/Tag_Switching http://docwiki.cisco.com/wiki/MPLS_Point-to Multipoint_Traffic_Engineering_Configuration_Example

http://sites.google.com/site/amitsciscozone/home/important-tips/mpls-wiki/mplsvpn-over-ip-tunnels http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/vrfselec.html

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/vrfselec.html

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/VPNQoS.html

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fs22cos.html www.nuntius.com/docs/QoSandMPLS1.pdf http://searchtelecom.techtarget.com/feature/Implementing-quality-of-serviceQoS-over-MPLS-VPNs

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134