Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TIME TO CERTIFY
info@timetocertify.com
MPLS Introduction
What is MPLS and how does it work MPLS Labels and Label Switched Paths MPLS Forwarding MPLS Label Distribution Protocol (LDP) MPLS Virtual Private Networks (VPNs) MPLS Layer 2 VPNs MPLS Layer 3 VPNs
Page 3
What is MPLS?
MPLS = Multi Protocol Label Switching MPLS is a technology that tags traffic with Labels being used for fast switching of packets through the network based on a simplified header Originally created to simplify traditional forwarding mechanisms such IP Routing
Slow mechanisms that required CPU consumption and lookups into the Routing Tables
Hardware evolution has made the fast switching (original motivation for MPLS) not so relevant but additional services provided are still beneficial Runs on top of a variety of Layer 2 technologies such as ATM, FR, PPP, POS, Ethernet
Label Indicates:
Destination (at IP layer): Each IP destination network has a different label which has local significance: label for a destination network changes in each hop. Service Class: QoS treatment over the network.
Copyright Time to Certify. All rights reserved.
MPLS Label
Label is added after the Layer 2 MAC header
MAC Header LABEL Layer 2 Frame /Layer 3 Packet
Label
20
EXP
3
T O S
TTL
8
Label = 20 bits. Used for fast switching TOS/EXP = Class of Service, 3 bits S = Bottom of Stack, 1 bit TTL = Time to Live, 8 bits
Label can be added to the following Layer 2 Technologies: Ethernet, ATM, Frame Relay or PPP
Copyright Time to Certify. All rights reserved.
Routing Table (Router B) Interface Next Hop Interface Connected Connected 10.125.1.1 172.15.0.0 E0 10.0.0.0 E1 192.168.1.0 E1
1
S:192.168.1.15 D:172.15.0.25
Assemble IP Packet Destination Address: 172.15.0.25
3 2
S:192.168.1.15 D:172.15.0.25
5 4
Routing Table Lookup 172.15.0.0 ?? Use E0 Host is directly connected
S:192.168.1.15 D:172.15.0.25
Interface E0 172.15.0.25
Interface E0 172.15.0.1
PE
PE
In Label 22 1 Network Interface Out Label 192.168.1.0 E0 172.15.0.0 E1 2 21 In Label 32 21 Network Interface Out Label 192.168.1.0 172.15.0.0 E0 E0 22 31
2
LABEL 1 S:192.168.1.15 D:172.15.0.25
4
LABEL 21 S:192.168.1.15 D:172.15.0.25
6
LABEL 31 S:192.168.1.15 D:172.15.0.25
1 Ingress PE
Adds MPLS Label
3
Lookup In Label 1 Out Label 21, Interface E1
5
Lookup In Label 21 Out Label 31, Interface E0
7 Egress
PE
Removes MPLS Label
Fast Forwarding performed based on label Copyright Very efficiently implemented in hardware Time to Certify. All rights reserved.
Router B P
E1 E0 E1
Router C PE
E0 NET 128.89.x.x
In Label 4 In Label
11
--
Label assigned by upstream router and distributed using LDP Protocol LDP requires an routing protocol to get information about existing networks
Copyright Time to Certify. All rights reserved.
Routing Information Interchange IGP Label Binding Interchange LDP Outgoing IP Packets
Data Plane
Router B P
E0 E1
Router C PE
E0 NET 128.89.x.x
In Label
14
In Label 9
--
Router B P
E0 E1
Router C PE
E0 NET 128.89.x.x
In Label
15
In Label 9
--
1. OSPF runs in the Network 2. Router B learns about 128.89.x.x over OSPF 3. Router B forwards to Router A the label to be used when sending packets to 128.89.x.x (Label 4) using LDP 4. Router A sends packets to Router B for a destination host in 128.89 using the LDP label provided by Router B (Label 4) 5. Router B will forward the packets to Router C only based on incoming label and will switch the label to the one provided by Router C for this network (Label 9)
Copyright Time to Certify. All rights reserved.
16
Payload
S=0 S=1 Next End Hop of Label Labels Membership to a VPN is indicated by adding an extra MPLS Label.
New Label is know as the VPN ID
The S bit is set to 0 in the first label and set to 1 in the second one to indicate no more labels have been added to the layer 2 frame
A number of labels can be added to carry VPNs on top of VPNs. Only the last one sets the S bit to 1
Copyright Time to Certify. All rights reserved.
Layer 2 VPNs
Customer End points (CEs) appear as connected at layer 2 IP Routing among sites is responsibility of the CEs as the network acts as a layer 2 transparent carrier
Routing protocol must be configured among CE routers
Multiple logical connections are established from each end point of the VPN into each of the other end points where connectivity at layer 2 must be established
Mesh of connections
18
Separation of routing tables among VPNs Isolation of traffic in different VPNs Possibility of overlapping IPs Different Virtual Routing Functions in each PE for each VPN A routing function is a virtual router In Layer 3 VPNs, multiple networks with isolated routing can be established between different locations
19 Copyright Time to Certify. All rights reserved.
20
L2VPN
VPWS Point to Point VPLS Multipoint
L2TPv3
FrameATM PPP Ethernet relay AAL5 & CELL HDLC (ERS & EWS)
Ethernet
AToM provides L2 circuit emulation over MPLS Encapsulation format is defined in a standard known as Draft Martini Historical IETF Draft (2001). Encapsulation Methods for Transport of Layer 2 Frames Over MPLS Draft became RFC 4906 Transport of Layer 2 Frames Over MPLS Name comes from the lead author of the RFC: Luca Martini Cisco Systems, Inc. EMail: lmartini@cisco.com
CE PE CE P
CE PE CE
MPLS Network
Virtual Circuit
Circuits at each side of the MPLS network are connected at Layer 2 by an LSP tunnel know as pseudo-wire Attachment circuits can be Ethernet, Frame Relay, ATM, etc.
Copyright Time to Certify. All rights reserved.
Tunnel LSP: LSP between two PE routers acting as end points for the devices willing to communicate at Layer 2. Every tunnel has a tunnel label (external MPLS label) Virtual Circuit (VC): Communication circuit over a LSP tunnel: Every VC has its VC label (internal MPLS Label) Virtual Circuit
PE PE
Tunnel
Copyright Time to Certify. All rights reserved.
When AToM is used to transport Ethernet frames is known as EoMPLS (Ethernet over MPLS) EoMPLS is a mechanism for establishing Layer 2 VPNs
2a
10.10.10.101/32 Label: L1 10.10.10.101/32
2b
10.10.10.101/32 Label: L2
2c
10.10.10.101/32 Label: L3
10.10.10.101/32
10.10.10.101/32
1
P1
.1 .2 .5
1
P2
.6 .7
1
PE2
.8 .1 .2 172.16.20.0/24
PE1
CE1
172.16.1.0/24
10.10.10.0/30
10.10.10.4/30
10.10.10.8/30
172.16.2.0/24 CE2
Ethernet Frame
Customer A Site 1
Ethernet Frame
L1 VC1
Ethernet Frame
L2 VC1
Ethernet Frame
L3 VC1
Ethernet Frame
Customer A Site 2
Data Plane
CE
PE
PE
CE
Set of point to point circuits (Pseudo Wires PSW) established within the MPLS cloud Mapping into PSW:
EWS (Ethernet Wire Service): Mapping based on port ERS (Ethernet Relay Service): Mapping based on VLAN ID. Interface PE-CE is a trunk
27
CE
PE
MPLS Network
201 102
MAC 2
PE
CE
301 103
302 203
PE CE
Address Tx/Rx MAC1 103/301 MAC2 203/302 MAC3 Ethernet
MAC 3
MPLS network behaves as a switch for CEs Mapping at PE into VPLS circuit based on physical port or VLAN ID Full Multipoint topologies (made of individual circuits) PE Routers are aware of all MAC addresses in the VPLS domain
28 Copyright Time to Certify. All rights reserved.
Customer A Site 2
Customer B Site 1
CE P
CE
Customer B Site 2
L3 VPN provides isolation for traffic coming from different customers crossing a shared infrastructure (MPLS net) Isolation provides further benefits
Security IP Address overlapping capabilities
Two planes:
Control Plane: Layer 3 reachability information interchange + Label Distribution Data Plane: Labeling of unlabeled traffic (PE) + Forwarding of labeled traffic (P)
Copyright Time to Certify. All rights reserved.
Once traffic goes into a LSP, the P routers treat it according to the FEC specific policies In a Layer 3 VPN, routing among sites is transparently provided by the MPLS network to the customer
PEs are aware of all the networks belonging to a specific VPN/VRF Routing information is exchanged among PEs by means of MP-BGP (Multi Protocol BGP)
PE becomes aware of the routes existing on each customer site by means of a routing protocol running between CE and PE
Copyright Time to Certify. All rights reserved.
Customer A Site 1
Net 1
CE
Global Routing Table (GRT) Global Routing Table (GRT)
CE Customer A
Site 2
Net 2
CE to PE Interface Customer Routes Interchange - Static Routing - Routing Protocol (RIP, OSPF, EIGRP, BGP)
MPLS Network
MP-BGP Route Interchange
CE to PE Interface Customer Routes Interchange - Static Routing - Routing Protocol (RIP, OSPF, EIGRP, BGP)
CE
PE Router
PE Router
Customer B Site 1
Net 3
CE Customer B
Site 2
Net 4
Route Target = RT is a 64 bit identifier used as part of the MP-BGP Attributes (Extended Community) to signify which routes should be exported/imported into a specific VRF
Export Route Target Routes Target attribute on exported routes (multiple possible) Import Route Target Routes to be imported from MP-BGP Updates Route targets are used to have a site belonging to multiple VPNs. Also known as route leaking
Copyright Time to Certify. All rights reserved.
Customer A Site 1
CE
4
MP-BGP
Customer A Site 2
MP-BGP
CE
3
Customer A VRF RD: 1:100 Export RT:1:100 Import RT:1:100
5
MPLS Network
MP-BGP Route Interchange Customer A VRF RD: 1:100
Routing Table VRF A 172.2.16.0 172.2.17.0 172.2.17.0 Routing Table VRF B Routing Table VRF B 192.168.10.0 192.168.11.0 192.168.11.0 172.2.16.0
2 Customer B VRF
RD: 1:101 Export RT:1:101 Import RT:1:101
PE Router
CE
CE
Customer B Site 1
Customer B Site 2
2 Routes get injected into the specific VRF/Routing Context 3 Routes get forwarded to the MP-BGP process according to the export RT
MP-BGP
5 Routes get populated into the right VRFs/Routing Context according to the import
RT criteria 6 VRF Routing table gets updated
Customer A Site 1
CE
PE
PE
Customer A Site 2
CE
4 6
172.16.10.0/24
3
172.16.10.0/24
LDP
2a
10.10.10.101/32 Label: L1 10.10.10.101/32
2b
10.10.10.101/32 Label: L2
2c
10.10.10.101/32 Label: L3
IGP 172.16.10/24
10.10.10.101/32
10.10.10.101/32
5
PE
Routing Table VRF A Prefix Next Hop 172.16.10.0/24 10.10.10.101
10.10.10.101
PE
P1
P2
CE
Customer A Site 1
CE
VRF A RD 1:100 Export RT 1:100 Import RT 1:100
Customer A Site 2
1 propagated
Routing information about IP addresses reachable within the MPLS cloud gets
LDP
Note 1: NH, RT and VPN Label are not attributes per se but fields on MP_REACH_NLRI MP-BGP attribute
10.10.10.101 172.16.10/24 .2 .1
PE1
.1 .2
P1
.5 .6
P2
.7 .8
PE2
172.16.20.0/24 .1 .2
CE1
172.16.1.0/24
10.10.10.0/30
10.10.10.4/30
10.10.10.8/30
172.16.2.0/24 CE2
Customer A Site 2
Routing Table GRT + VRF A Prefix Next Hop 10.10.10.101/32 10.10.10.7 GRT 172.16.10.0/24 10.10.10.101 VRF A Routing Table P2 Prefix Next Hop 10.10.10.101/32 10.10.10.5
Customer A Site 2
L1 V1
IP Packet IP Packet Destination IP: 172.16.10.5 Destination IP: 172.16.10.5
L2 V1
IP Packet Destination IP: 172.16.10.5
L3 V1
IP Packet Destination IP: 172.16.10.5 IP Packet Destination IP: 172.16.10.5
10.10.10.101
PE1
P1
P2
PE2
CE
Customer A Site 1
Customer A Site 2
CE
FEC = Subset of Traffic characterized by: Forwarding Path Forwarding Treatment MPLS has powerful mechanisms for influencing the FECs and therefore the paths and treatment that traffic is exposed to.
MPLS VPNs
TIME TO CERTIFY
info@timetocertify.com