Académique Documents
Professionnel Documents
Culture Documents
Overview of MPLS Fundamentals, Basic Operation, and In-Depth overview of Service Capabilities
BNL Update June 29, 2004 Craig Hill Email: crhill@cisco.com Consulting SE IP Core Federal Area
Intro to MPLS AT Seminar
2004, Cisco Systems, Inc. All rights reserved.
Difficulty understanding what advantages MPLS can offer and "why" network architects would consider implementing MPLS into the core of their network? This section will provide in-depth answers to these questions and explain the advantages and "Services" MPLS can offer Federal customers who are either looking to build an MPLS enabled core or utilize a service offering that is MPLS enabled. Services discussed will include VPN, Layer-2 transport, QoS, and IPv6 transport among others.
Agenda
Operation Examples
Cisco Product Overview
Cisco Products Supporting MPLS
Evolution of MPLS
Origins from Tag Switching Proposed in IETFLater combined with ideas from other proposals from IBM (ARIS), Toshiba (CSR)
AToM, VPLS, DS-TE Deployed Cisco Calls a BOF at IETF to Standardize Tag Switching MPLS Croup Formally Chartered by IETF Cisco Ships MPLS (Tag Switching) Cisco Ships MPLS TE MPLS VPN Deployed
Time
1996
1997
1998
1999
2000
2001
2004
4
Why MPLS?
Integrate best of Layer 2 and Layer 3
-Intelligence of IP Routing - performance of high-speed switching -Legacy service transport -QoS -VPN Semantics
Note: MPLS and IP could be optimal solution for overall IP Services Architecture.
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
VPNs
Traffic Engineering
IP+ATM
IP+Optical GMPLS
MPLS
Network Infrastructure
Label Distribution
MPLS Environment
Label-based Forwarding
IP Routing
Address Prefix I/F 1 1 Address Prefix I/F 0 1
Address Prefix
I/F 0
128.89
171.69
128.89
171.69
128.89
Route Update
0 1 128.89
128.89.25.4 Data
1
128.89.25.4 Data
128.89.25.4 Data
128.89.25.4 Data
171.69
Label Distribution
MPLS Environment
Label-based Forwarding
10
Encapsulations
Frame Relay Label Header PPP Header (Packet over SONET/SDH) * LAN MAC Label Header
Frame Relay
Label Header
Layer 3 Header
PPP Header
Label Header
Layer 3 Header
MAC Header
Label Header
Layer 3 Header
* LAN MAC Label Header also used for MPLS packets over an ATM Forum PVC SNAP Header. (Ethertype = 0x8847/8848)
11
Tag
COS S
TTL
Can be used over Ethernet, 802.3, or PPP links Uses two new Ethertypes/PPP PIDs (in MAC hdr) Contains everything needed at forwarding time One word per label
MTU beyond 1518 for Ethernet can be accounted for when adding labels by the mpls mtu command.
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
12
Label Stacking
Arrange labels in a stack Inner labels can be used to designate services/FECs, etc.
E.g. VPNs, fast re-route, alternate forwarding
TE Label
IGP Label VPN Label Inner Label IP Header
13
Label Distribution
MPLS Environment
Label-based Forwarding
14
Adjacency
Control Plane
LIB
MPLS Process
Data Plane
LFIB
FIB
MPLS Traffic
IP Traffic
15
Label Distribution
MPLS Environment
Label-based Forwarding
16
Neighbor discovery
UDP and TCP Ports UDP port for LDP Hello messages = 646 TCP port for establishing LDP session connections = 646
17
18
Used in MPLS Traffic Engineering Additions to base RSVP signaling protocol Leverage the admission control mechanism of RSVP Label requests are sent in PATH messages and binding is done with RESV messages
Note: CR-LDP is another option for label distribution, but is no longer used or implemented
19
Extension to the BGP protocol in order to carry routing information about other protocols
Multicast
MPLS IPv6 VPN-IPv4 Labeled IPv6 unicast (6PE)
VPN-IPv6 (6VPE)
20
Label Distribution
MPLS Environment
Label-based Forwarding
21
General Context
At Edge (ingress):
Classify packets Label them
In Core:
Forward using labels (as opposed to IP addr) Label indicates service class and destination
At Edge (egress):
Remove Label (PE) Provider Edge
22
Operation
Traditional routing
Each router holds entire routing table and forwards to next hop (destination based routing); routes on L3 Destination address
MPLS combines L3 routing with label swapping and forwarding MPLS Forwarding
Label imposed at ingress (ingress to label-switched portion of network) router. Generally, all forwarding decisions then made on label only no routing table lookups but TFIB table lookups.
23
Label Distribution
MPLS Environment
Label-based Forwarding
24
128.89 171.69
1 1
128.89 171.69
0 1
128.89
0 1 0
128.89
You Can Reach 128.89 Thru Me You Can Reach 128.89 and 171.69 Thru Me
1
171.69
25
128.89 171.69
1 1
4 5
4 5
128.89 171.69
0 1
9 7
128.89
0 1
128.89
Use Label 9 for 128.89 Use Label 4 for 128.89 and Use Label 5 for 171.69
1
171.69
26
128.89
171.69
1 1
4 5
4
5
128.89 171.69
0 1
9 7
128.89
128.89 Data
128.89.25.4
9
1
128.89.25.4
Data
128.89.25.4 Data
128.89.25.4
Data
27
28
29
MPLS In-Depth
Overview of MPLS Services and Applications currently being Deployed
30
Agenda
MPLS Drivers
- Reasons for deploying MPLS
MPLS Applications
- MPLS VPN Layer-3 - Detailed Overview - IOS Examples - MPLS Layer-2 Transport - PWE3/AToM - Application Example - MPLS Traffic Engineering - Fast-ReRoute for Bandwidth Protection - MPLS QoS - Diffserv over MPLS - Diffserv TE (DS-TE) - Guaranteed Bandwidth Service Applications -Useful Implementations Combining Multiple MPLS Services -IP version 6 (IPv6) Transport Methods over MPLS - 6PE/6VPE (IPv6 Edge and VPN Support)
31
32
Customer Deployment
We are now up to 225+ (Total SP+Enterprise) deployed customers in production networks
Some case studies Documented Very large deployments include a single customer requiring: 30K CEs, ~1000 PEs
MPLS VPNs continues to be majority deployments AToM is the majority in the recent deployments TE Catching on fast
Simple mechanism unequal cost load balancing
33
MPLS Applications
34
35
Virtual LANs
Overlay VPN
Peer-to-Peer VPN
Layer-2 VPN
Layer-3 VPN
MPLS/VPN
X.25
F/R ATM
GRE
IPSec
36
Overlay Network
Provider sells a circuit service
37
Peer Network
Provider (MPLS-VPN)
Spokes distant from hubs connect to their local providers POP, lower access charge because of providers size
The Internet is a large peer network
38
39
12.1/16
VPN C/Site 2
CEB2 RIP
11.2/16
RIP
PE1
BGP
PE2 P2 RIP
VPN B/Site 2
CEA3
16.2/16
BGP PE3
VPN A/Site 2
VPN C/Site 1
40
16.1/16
VPN A/Site 1
MPLS Intro and Services Update
12.2/16
41
O C O
192.168.100.1 [110/11] via 192.168.1.1, 00:04:27, Ethernet0/0 192.168.100.2 is directly connected, Loopback0 192.168.100.3 [110/11] via 192.168.1.3, 00:04:27, Ethernet0/0
CE2
PE2
PE1
42
172.16.0.0/16 is variably subnetted, 8 subnets, 3 masks C C B 172.16.25.0/30 is directly connected, Serial4/0 172.16.25.2/32 is directly connected, Serial4/0 172.16.20.0/24 [20/0] via 172.16.25.2, 00:07:04 10.0.0.0/24 is subnetted, 1 subnets B 10.0.0.0 [200/307200] via 192.168.100.1, 00:06:28
CE2
PE2
172.16.25.2 172.16.25.1
iBGP VPNv4
PE1
10.0.0.0/24
43
VPN-A
0 1
VRF for VPN-B
PE
VPN-B
CE 146.12.7.0/24
44
MPLS Domain
PE
iBGP Domain
Separate router per Customer/VPN
VRF is populated locally through PE and CE routing protocol exchange RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing connected is also supported (i.e. Default-gateway is PE) Separate routing context for each VRF routing protocol context (BGP-4 & RIP V2) separate process (OSPF)
2004, Cisco Systems, Inc. All rights reserved.
45
Need some way to get the VRF routing information off the PE and to other Pes
This is done with BGP
46
Label
47
Route Distinguisher
To differentiate 10.0.0.0/8 in VPN-A from 10.0.0.0/8 in VPN-B 64-bit quantity Configured as ASN:YY or IPADDR:YY
Almost everybody uses ASN
48
Route Target
To control policy about who sees what routes 64-bit quantity (2 bytes type, 6 bytes value) Carried as an extended community Typically written as ASN:YY Each VRF imports and exports one or more RTs
Exported RTs are carried in VPNv4 BGP Imported RTs are local to the box
49
VPNv4
In BGP for IP, 32-bit address + mask makes a unique announcement
In BGP for MPLS-VPN, (64-bit RD + 32-bit address) + 32-bit mask makes a unique announcement
Since the route encoding is different, need a different address family in BGP
50
51
London
CE
PE-1
PE-2
52
London
CE
PE-1
PE-2
The label associated to the VPN-V4 address will be set on packets forwarded towards the destination
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
53
Penultimate Hop Popping procedures used one hop prior to egress PE router (shown in example)
54
PE-1
41 28 149.27.2.27
Paris 149.27.2.0/24
London
Ingress PE receives normal IP packets PE router performs IP Longest Match from VPN FIB, finds iBGP next-hop and imposes a stack of labels <IGP, VPN>
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
55
PE-1
28 149.27.2.27 41 28 149.27.2.27
149.27.2.27
Paris 149.27.2.0/24
London
Egress PE router uses the VPN label to select which VPN/CE to forward the packet to VPN label is removed and the packet is routed toward the VPN site
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
56
Things to Note
Core does not run VPNv4 BGP!
Same principle can be used to run a BGP-free core for an IP network
MPLS Domain
PE
iBGP Domain
Separate router per Customer/VPN
VRF is populated locally through PE and CE routing protocol exchange RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing connected is also supported (i.e. Default-gateway is PE)
Separate routing context for each VRF routing protocol context (BGP-4 & RIP V2)
58
Multi-VRF CE (VRF-lite)
VPN1 VPN1
Single Physical Link Logical Link per VRF Layer-2 must support logical separation 802.1q, FR/ATM VCs
NO Labels Required
MPLS Domain
VPN2
CE
Routing Updates
PE
iBGP Domain
Single router supporting Multiple VRF Instances
59
Concerning QoS, do they require DSCP or ToS settings from the CE to their PE?
Do they manipulate DSCP/ToS based on congestion in their network? What other services do they have on their roadmap of Service Offerings (Example: IPv6, IP Multicast, Tighter QoS SLA offering, other??) Understand the resiliency in the core Do they offer LEC diversification or bypass?
60
OC3 POS
Si
Si
POS 2/1/0 100.200.112.2 T1 FR dlci 101 OSPF Ser 0 100.200.101.2 T1 FR dlci 102 eBGP AS72
ATM2/0/0 100.200.111.1
SER 1/0/0:0 100.200.109.1 T1 FR dlci 109 RIP v2 Ser 0 100.200.109.2 Ser 1/0 100.200.110.2
10.5.5.5
3.4.4.4
BLUE-Glascow
3640 100.200.200.105
RED-Glascow
2611 100.200.200.104
BLUE-Oxford BLUE-Dover
2611 100.200.200.110 10.3.3.3 3.5.5.5 10.3.3.3 1750 100.200.200.101
10.4.4.4
RED-Dover
1750 100.200.200.109
YELLOW-Dover
3640 100.200.200.111
YELLOW-Oxford
3640 100.200.200.102
VPNs or Service Providers network spoofed label into a Cisco MPLS network and thus gain access to a VPN or the MPLS core
http://mier.com/reports/cisco/MPLS-VPNs.pdf
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
61
Co-Location
Basic Hosting
Multicast VPN
IP Address Management
62
CE
A
New York
CE
B1
San Francisco
CE
B2
Receiver 1
CE
E
Customer CE devices joins the MPLS Core through providers PE devices The MPLS Core forms a Default MDT for a given Customer
CE A High-bandwidth source
F
A B
PE PE
E
PE Default MDT
For low Bandwidth & control traffic only. Los Angeles
Data MDT
D C
For High Bandwidth traffic only.
for that customer starts sending traffic Interested receivers 1 & 2 join that High Bandwidth source Data-MDT is formed for this High-Bandwidth source
PE PE
Receiver 3
CE
D
Dallas
CE
Receiver 2
63
64
Auto-Provisioning
draft-ietf-ppvpn-bgpvpn-auto-02.txt (BGP auto-discovery)
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
65
AToM
66
67
68
CE1
1. L2 transport route entered on ingress PE 4. PE1 sends label mapping message containing VC FEC TLV & VC label TLV
PE2 repeats steps 1-5 so that bidirectional label/VCID mappings CE are established
3. PE1 allocates VC label for new interface & binds to configured VCID
PE1
2. PE1 starts LDP session with PE2 if one does not already exist
PE2
5. PE2 receives VC FEC TLV & VC label TLV that matches local VCID
Tunnel Label
VC Label
PDU
QoS Options, Mapping: L2IPEXP Any Transport over MPLS (AToM) Tunnel MPLS Backbone Cells/frames with labels
PE
ATM/FR
CPE Router
70
MPLS Network
ISP A
PE
PE PE
ISP B
ISP 2
PE
Port-mode Allows a frame coming into an interface to be packed into an MPLS packet VLAN-mode Forwards frames from a SRC 802.1Q VLAN to a DST 802.1Q VLAN
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
71
Broadband Access
MPLS Network
Customer Edge Customer Edge
72
ATM KG
L0: 192.168.100.11/32
ATM KG
OC-3
.2
P
2.0/24
OC-3
.1
PVC 0/200
7507
192.168.0.0/24
FE
4.0/24
FE
.2 .2
PE1
7505
.1 .1
FE
PVC 0/200
PE2
7200
L0: 192.168.100.12/32
Pseudo-wire LSP
L0: 192.168.100.10/32
3.0/24
interface ATM2/0/0 no ip address no atm ilmi-keepalive no atm enable-ilmi-trap! ! interface ATM2/0/0.200 point-to-point no atm enable-ilmi-trap pvc 0/200 l2transport encapsulation aal0 xconnect 192.168.100.12 200 encapsulation mpls
interface ATM2/0/0 no ip address no atm ilmi-keepalive no atm enable-ilmi-trap! ! interface ATM2/0/0.200 point-to-point no atm enable-ilmi-trap pvc 0/200 l2transport encapsulation aal0 xconnect 192.168.100.10 200 encapsulation mpls
73
192.168.100.10
74
75
draft-lasserre-vkompella-ppvpn-vpls-02.txt
PE
PE
CE
MPLS
CE
CE
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
76
77
Fast ReRoute (FRR) is emerging as another application of MPLS-TE Bandwidth Protection: Allows for tighter control on bandwidth packet loss, delay & jitter
Minimal packet loss (msec) when a link goes down Can be used in conjunction with MPLS-TE for primary paths, can also be used in standalone
78
Router A has 40Mb of traffic for Route F, 40Mb of traffic for Router G Massive (44%) packet loss at Router B->Router E! Changing to A->C->D->E wont help
Router F Router E
Router B
Router A
OC-3 DS3
OC-3
Router G
OC-3
Router C
MPLS Intro and Services Update
DS3 DS3
Router D
2004, Cisco Systems, Inc. All rights reserved.
OC-3
79
Path Calculation
PCALC takes bandwidth, other constraints into account
Node B C D E F G Next-Hop B C C B Tunnel 0 Tunnel 1 Cost 10 10 20 20 30 30
Link state protocol advertises unreserved capacity Constraints (required bandwidth and policy) are specified for a TE trunk
Router B
Router A
OC-3 DS3
OC-3
Router G
OC-3
Router C
MPLS Intro and Services Update
DS3 DS3
Router D
2004, Cisco Systems, Inc. All rights reserved.
OC-3
80
With the first two, MPLS-TE gets you unequal cost load balancing
81
Fast ReRoute
FRR: A mechanism to minimize packet loss during a failure Pre-provision protection tunnels that carry traffic when a protected resource (link/node) goes down Use MPLS-TE to signal the FRR protection tunnels, taking advantage of the fact that MPLSTE traffic doesnt have to follow the IGP shortest path Used as a mechanism (along with DS-TE) for tight SLA offerings for Guaranteed Bandwidth Services
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
82
Link Protection*
Router A Router B Router D Router E
Router X Router C
Router Y
Primary Tunnel: A -> B -> D -> E BackUp Tunnel: B -> C -> D (Pre-provisioned) Recovery = ~50ms
*Introduced in 12.0(11)ST
83 MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
Node Protection
Router A Router B Router D Router E Router F
Router X Router C
Router Y
Primary Tunnel: A -> B -> D -> E -> F BackUp Tunnel: B -> C -> E (Pre-provisioned) Recovery = ~100ms
Introduced in 12.0(22)S
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
84
Standardization - IETF
MPLS Working Group
Fast Reroute Extensions:
draft-ietf-mpls-rsvp-lsp-fastreroute-01.txt Fast Reroute MIB: draft-ietf-mpls-fastreroute-mib-01.txt
IETF Drafts
Bandwidth Protection draft-vasseur-mpls-backup-computation-01.txt
85
MPLS QoS
86
MPLS doesnt define a new QoS architecture Most of the work on MPLS QoS has focused on supporting current IP QoS architectures Same traffic conditioning and Per-Hop behaviors as defined by DiffServ
87
Label
EXP S
TTL
20 bits Experimental Field, 3 bits Bottom of Stack, 1 Bit Time to Live, 8 Bits
Can be used over other layer-2 technologies Contains all information needed at forwarding time
88
E-LSP
AF1 EF
89
FR Link
MPLS Core
FR Link
Enterprise LAN
Enterprise LAN
PE P P PE
PE In Police Mark
PE - P LLQ WRED
P - PE LLQ WRED
Notes: -Traffic Classified by EXP - Core is MPLS Frame-mode - LLQ on MPLS packets - WRED based on EXP - No need for inbound policy in Core -LLQ for Min B/W guarantee -Unmanaged CE example shown
90
91
POP 1
CORE
POP 4
POP 2
POP
POP
POP
92
POP 1
CORE
POP 4
POP 2
POP
POP
POP
93
94
Control Plane
Bandwidth Allocation
95
POP 1
CORE
POP 4
POP 2
POP
POP
Find Route and Set-Up Tunnel for 15 Mb/s of BE From POP1 to POP4 Find Route and Set-Up Tunnel for 7 Mb/s of BE From POP2 to POP4
POP
96
97
98
FRR Protection of Tunnel Traditional Phone PBX with Packet Interface PBX with Packet Interface Traditional Phone
Toll Bypass
PE
TE Tunnel
PE
Solution Requirements
QoS on PE Router
TE or DS-TE
99
CE
CE
Enterprise LAN PE
Toll Bypass
Enterprise LAN PE
TE Tunnel
Solution Requirements
QoS on CE Router
QoS on PE Router
TE or DS-TE
100
Future QoS Mapping: L2IPEXP FRR Protection of Tunnel Any Transport over MPLS (AToM) Tunnel MPLS Backbone
DS-TE Tunnel
PE
ATM
CPE Router
CPE Router
101
102
(6PE/6VPE)
103
VPNs
Traffic Engineering
GMPLS
MPLS
Network Infrastructure
104
MP-iBGP sessions
IPv6
v6 v6 IPv6
2001:0420:: 2001:0421::
OC48/192
v4 144.254.0.0
Many Carriers, large ISP and Mobile SP have invested on MPLS infrastructure Core devices may be ATM switches, GSR or other vendors routers
Leverages MPLS features, eg. MPLS/VPN, TE, CoS,...
105
MP-iBGP sessions
6VPE
Dual Stack IPv4-IPv6 routers 2001:0621:: CE 192.76.10.0 V6 and v4
P
6VPE
IPv4 MPLS
P
6VPE
v4 CE
v4 CE
For VPN customers (RFC 2547bis), IPv6 VPN service is exactly the same as IPv4 VPN service
IPv6 packets transported from 6VPE to 6VPE inside IPv4 LSPs (IPv4 Core) For ISP offering MPLS/VPN for IPv4 that wish to add IPv6 services as well
- No modification on the MPLS core - Support both IPv4 and IPv6 VPNs concurrently on the same interfaces
106
Reduces the multiple layers into a single, integrated, control layer Extends MPLS control plane to address optical layer constraints and attributes Leverages IP layer management simplicity and distributed intelligence Provides sophisticated traffic engineering capabilities for resource management and control
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
107
NNI
IP+Optical
Router
NNI
Management Plane
Client
UNI
NNI
NNI
108
Summary
MPLS is much more than label switching MPLS allows an IP infrastructure to be Service Enabled Allows the SP/Enterprise to offer multiple Services across a single infrastructure AToM allows layer-2 transport across an MPLS infrastructure Combining TE, TE-FRR, and DS-TE, allows very tight SLAs offerings with high-availability for low-latency applications (e.g. Voice and Virtual Leased Line) MPLS Services will continue to evolve and allow the integration of more Services across a single infrastructure
MPLS Intro and Services Update
2004, Cisco Systems, Inc. All rights reserved.
109
110
Books
MPLS: Technology and Applications by Bruce S. Davie, Yakov Rekhter ISBN: 1558606564 Traffic Engineering with MPLS by Eric Osborne, Ajay Simha ISBN: 1587050315 MPLS and VPN Architectures, Volume I by Ivan Pepelnjak, Jim Guichard ISBN: 1587050811 MPLS and VPN Architectures, Volume II by Ivan Pepelnjak, Jim Guichard, Jeff Apcar Advanced MPLS Design and Implementation by Vivek Alwayn ISBN: 158705020X ISBN: 1587051125
111
MPLS Links
Link to MPLS Home Page (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/
MPLS Technical Documents (CCO): http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml Link to Tunnel Builder Home Page:
http://www.cisco.com/warp/public/732/Tech/mpls/tb/
Link to MPLS Working Group Page (IETF): http://www.ietf.org/html.charters/mpls-charter.html
112
113
MPLS Links
Link to MPLS Home Page (CCO):
http://www.cisco.com/warp/public/732/Tech/mpls/
MPLS Technical Documents (CCO): http://www.cisco.com/warp/public/732/Tech/mpls/mpls_techdoc.shtml Link to Tunnel Builder Home Page:
http://www.cisco.com/warp/public/732/Tech/mpls/tb/
Link to MPLS Working Group Page (IETF): http://www.ietf.org/html.charters/mpls-charter.html
114
115
Backup Slides
116
Terminology, 1/2
RRRoute Reflector
A router (usually not involved in packet forwarding) that distributes BGP routes within a providers network
PProvider router
A router in the core of the MPLS-VPN network, speaks LDP/RSVP but not VPNv4
117
Terminology, 2/2
VPNVirtual Private Network
A network deployed on top of another network, where the two networks are separate and never communicate
VPNv4
Address family used in BGP to carry MPLS-VPN routes
RD
Route Distinguisher, used to uniquely identify the same network/mask from different VRFs (i.e., 10.0.0.0/8 from VPN A and 10.0.0.0/8 from VPN B)
RT
Route Target, used to control import and export policies, to build arbitrary VPN topologies for customers
118