Académique Documents
Professionnel Documents
Culture Documents
IP Network Architecture
Outline
Requirements Associated with the Deployment of MPLS VPN in an ISP Network Strategy for the Incremental Deployment of MPLS VPN MPLS VPN - Implementation Options Carrier s Carrier and Inter-provider Backbone VPN Deployment Issues and Future Work
2
the new service features must not entail the risk of degrading the reliability and availability of the existing network Scaleable to large number of provider-based VPN Network of network VPN services
Scalability
Satisfaction of customers security requirements Proactive management and fast restoration in case of failure
3
The steps described here are simplified for illustrative purposes The steps may not be followed in the exact order proposed in a production environment Different steps may also be taken simultaneously, depending on the business needs, feature availability, and interoperability
Step 1. Preparation:
Extensive lab test: feature, regression, network integration Potential hardware and software upgrade on all routers (P s - Provider backbone routers, and PE s - Provider Edge routers) for supporting MPLS LDP, VPN, RSVP features Routing
IGP - link state protocol, e.g. OSPF or IS-IS BGP - multiple BGP sessions for VPN PE routers
5
Enable LDP on all backbone routers if possible MPLS TE may be enabled in certain areas as necessary The distribution and access routers may not be all MPLS enabled at this time
Step 3. Basic MPLS VPN connectivity with limited sites and limited number of VPN s:
Upgrade the hardware and software on the VPN PE routers only Enable LDP and VPN on the selected PE s Enable MPLS LDP in more (or all) router locations Enable VPN in additional PE routers as needed
Interconnect different AS s of the same provider providing MPLS VPN services Interconnect with international partners for Global reachability Provide VPN services to other ISP s Carrier s Carrier VPN Enable QoS features for the MPLS network, including VPN
VPN B
VPN B P1 VPN A P2
P3 P5
VPN
VPN A P4
Setting up LSP through LDP, LSP path = IGP path - Simplicity Requires LDP interoperability; VPN/LDP inter-working No control on LSP, label failure on IGP path can cause VPN failure
NANOG21, February 2001, Atlanta 10
OSPF area 0
TE VPN
TE VPN PHP TE
VPN B P1 VPN A P2
P3 P5
VPN
VPN A P4
Requires RSVP TE tunnel, potentially across multi-OSPF areas Requires RSVP TE interoperability; VPN / TE inter-working End-to-end LSP control - better failure protection, fast re-route may be used
NANOG21, February 2001, Atlanta 11
OSPF area 0
VPN B P1 VPN A P2
P3 P5
VPN
VPN A P3
P4
Requires RSVP TE interoperability Requires VPN/LDP inter-working, LDP/TE inter-working Provides feasible solutions when cases 1 and 2 cannot be realized
NANOG21, February 2001, Atlanta 12
ISP B - Site X
CE1
LDP VPN B
ISP B s Customers
PE1
LDP VPN A VPN B LDP VPN A VPN B LDP VPN A VPN B
LDP
ASBR1, RR
VPN B
ASBR2, RR
MP- iBGP
PE2
LDP VPN B
CE2
ISP B - Site Y
MPLS (LDP) used between PE and CE in all three cases PE-CE routing: OSPF/RIP/Static Security mechanism needed for label spoofing prevention iBGP sessions between ISP B sites Use Route Reflectors to improve scalability ISP A distributes ISP B s internal routes through MPLS-VPN only ISP B s external routes advertised to all ISP B site through ISP B s Route Reflector iBGP session
14
AS A
PE1
VPN B VPN AB
AS B
VPN B
CE1
LDP VPN A
PE-ASBR1
LDP VPN A
CE2 PE2
MP- iBGP
Customers have sites connected to different AS s or ISP s PE-ASBR s connect the two AS s
E-BGP sessions for VPN-IPv4 single VPN label, no LDP label no VRF assigned, based on policy agreed by the two ISP s (AS s)
Route reflectors reflect VPN-IPv4 internal routes within its AS Security, scalability, policies between ISP s
15
VPN, LDP, RSVP, CR-LDP: individually, and Interworking amongst subsets of these Coping with reality of feature availability Required in an heterogeneous IP network Partially enable MPLS vs. Fully enable MPLS in the entire IP backbone TE tunnels, use only as needed vs. fully meshed QoS VPN: map VPN into guaranteed bandwidth tunnels with class of service
16
Multi-vendor inter-operability
Deployment strategy
Scalability
The use of Route Reflectors Performance impact on PE s needs to be measured Carrier of Carriers and Inter-AS backbone Assign different RDs to different sites vs. single RD for each VPN One VPN s route does not exist in other nonconnected VPN s VRF or the global routing table FR/ATM equivalent security - more study needed
17
Security
LSR MIB, LDP MIB, VPN MIB, MBGP MIB, RSVP TE MIB, FTN MIB, Auto-provisioning tools needed for large scale VPN deployment
18
Performance
All MPLS features impact on performance, including basic VPN on PE routers, and need to be studied More study needed for VPN supporting QoS Network performance: delay, jitter, loss, throughput, availability Element performance: utilization Authentication, control access, monitoring
19
Security management
Traffic Management/Engineering
Characterize traffic for VPN s Profiling, correlation, and optimization Monitoring and troubleshooting VPN failure detection and recovery
PE1 VPN A X CE1 PE3 P1 P3 P4 PE4 CE2 P2 PE2 VPN A Y
Fault management
Example:
Config: LDP in the core for all P and PE router; IGP: OSPF; iBGP full mesh between PEs LSP: OSPF shortest path: PE1-P1-P3-P4-PE2; no TE tunnels. Failure: All links and nodes are up, but P3 label switching fails, LSP breaks, VPN fails. Solution need: PE1 and PE2 need to to be notified of the LSP failure; LSP needs to be re-established through recovery mechanism, restore VPN
NANOG21, February 2001, Atlanta 20
Summary
Implementation alternatives and examples illustrated here are being experimented with through lab testing Deployment Challenges Feature availability Interoperability Manageability
21
Summary (2)
Future work
Resolve open issues on scalability, load sharing, and security Better understand service deployment and management
22
Thank You
Luyuan Fang Principal Technical Staff Member IP Network Architecture AT&T luyuanfang@att.com