Transcript MPLS

Introduction
MPLS – Technology & Services
Agenda
• Background and business case
• Technology basics
– What is MPLS? Where is it used?
• Label Distribution in MPLS Networks
– LDP, RSVP, BGP
• Building MPLS based Services
– IP+ATM Integration
– VPNs
– Traffic Engineering (FRR & Protection)
• Conclusions
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
2
Evolution of MPLS
• From Tag Switching
• Proposed in IETF – Later combined with other proposals from
IBM (ARIS), Toshiba (CSR)
Cisco Calls a
BOF at IETF to
Standardize
Tag Switching
Time
1996
MPLS Croup
Formally Chartered
by IETF
Cisco Ships
MPLS (Tag
Switching)
1997
1998
Cisco Ships Traffic Engineering
MPLS TE
Deployed
MPLS VPN
Deployed
1999
Large Scale
Deployment
2000
2001
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
3
MPLS-Key Drivers
MPLS as a Foundation for Value Added Services
Any
Provider
Provisioned
Traffic
Engineering
IP+Optical
IP+ATM
GMPLS
VPNs
Transport
Over MPLS
MPLS
Network Infrastructure
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
5
US VPN Spending
2000
1800
1600
30000
1400
25000
1200
20000
1000
15000
800
10000
600
VPN Services
5000
400
0
1999
200
VPN Products
2000
2001
2002
2003
0
1997
1998
1999
2000
2001
Yankee Group Predictions for VPN
Spending ($US millions)
2002
Infonetics VPN Spend Projections in
($US millions
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
6
New Applications for VPN
VPN Types Implemented by 2002
80%
60%
73%
40%
64%
20%
0%
27%
Individual Site-to-site
Remote
Access
Extranets
Source: Infonetics April 2000
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
7
The Service Provider Challenge
• Generate New services
• Protect Existing Infrastructure – ATM/FR
• Combine Private Data Services with Internet Services
• Move into rapid deployment
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
8
Technology Specifics
MPLS Concepts
• MPLS: Multi Protocol Label Switching
• MPLS is a layer 2+ switching
• MPLS forwarding is done in the same way as in ATM
switches
• Packet forwarding is done based on Labels
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
10
LSRs and Labels
• LSR: Label Switch Router
• Edge-LSR: LSRs that do label imposition and
disposition
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
11
LSRs and Labels
IGP domain with a label
distribution protocol
• An IP routing protocol is used within the routing domain
(e.g.:OSPF, i-ISIS)
• A label distribution protocol is used to distribute address/label
mappings between adjacent neighbors
• The ingress LSR receives IP packets, performs packet
classification, assign a label, and forward the labelled packet into
the MPLS network
• Core LSRs switch packets/cells based on the label value
• The egress LSR removes the label before forwarding the
IP packet outside the MPLS network
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
12
LSRs and Labels
0
1
2
3
01234567890123456789012345678901
Label
| Exp|S|
TTL
Label = 20 bits
Exp = Experimental, 3 bits
S = Bottom of stack, 1bit
TTL = Time to live, 8 bits
• Uses new Ethertypes/PPP PIDs/SNAP values/etc
• More than one Label is allowed -> Label Stack
• MPLS LSRs always forward packets based on the value of the label at
the top of the stack
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
13
LSRs and Labels
PPP Header(Packet over
SONET/SDH)
Ethernet
Frame Relay
ATM Cell Header
GFC
PPP Header
Shim Header
Layer 3 Header
Ethernet Hdr
Shim Header
Layer 3 Header
FR Hdr
Shim Header
Layer 3 Header
VPI
VCI
PTI CLP HEC
DATA
VCI
PTI CLP HEC
DATA
Label
Subsequent cells GFC
VPI
Label
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
14
Label Assignment and Distribution
• Labels have link-local significance
Each LSR binds his own label mappings
• Each LSR assign labels to his FECs
• Labels are assigned and exchanged between
adjacent neighboring LSR
• Applications may require non-adjacent
neighbors
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
15
Label Assignment and Distribution
Upstream and Downstream LSRs
171.68.40/24
171.68.10/24
Rtr-A
Rtr-B
Rtr-C
• Rtr-C is the downstream neighbor of Rtr-B for destination
171.68.10/24
• Rtr-B is the downstream neighbor of Rtr-A for destination
171.68.10/24
• LSRs know their downstream neighbors through the IP routing
protocol
– Next-hop address is the downstream neighbor
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
16
Label Assignment and Distribution
Unsolicited Downstream Distribution
Use label 30 for destination
171.68.10/24
Use label 40 for destination
171.68.10/24
171.68.40/24
171.68.10/24
Rtr-A
Rtr-B
Rtr-C
In
I/F
In
Lab
Address
Prefix
Out
I/F
Out
Lab
In
I/F
In
Lab
0
-
171.68.10
1
0
30 171.68.10
...
...
30
...
...
...
Next-Hop...
...
Address
Prefix
Out
I/F
Out
Lab
1
40
...
Next-Hop...
...
In
I/F
In
Lab
Address
Prefix
0
40 171.68.10
...
...
Out
I/F
Out
Lab
1
...
Next-Hop...
...
IGP derived routes
• LSRs distribute labels to the upstream neighbors
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
17
Label Assignment and Distribution
On-Demand Downstream Distribution
Use label 40 for destination
171.68.10/24
Use label 30 for destination
171.68.10/24
171.68.10/24
171.68.40/24 Rtr-A
Rtr-B
Request label for
destination 171.68.10/24
Rtr-C
Request label for
destination 171.68.10/24
• Upstream LSRs request labels to downstream neighbors
• Downstream LSRs distribute labels upon request
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
18
Label Assignment and Distribution
Label Retention Modes
• Liberal retention mode
• LSR retains labels from all neighbors
Improve convergence time, when next-hop is again available
after IP convergence
Require more memory and label space
• Conservative retention mode
• LSR retains labels only from next-hops neighbors
LSR discards all labels for FECs without next-hop
Free memory and label space
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
19
Label Assignment and Distribution
Label Distribution Modes
• Independent LSP control
LSR binds a Label to a FEC independently, whether or not the LSR
has received a Label the next-hop for the FEC
The LSR then advertises the Label to its neighbor
• Ordered LSP control
LSR only binds and advertise a label for a particular FEC if:
it is the egress LSR for that FEC or
it has already received a label binding from its next-hop
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
20
Label Assignment and Distribution
Several protocols for label exchange
• LDP
Maps unicast IP destinations into labels
• RSVP, CR-LDP
Used in traffic engineering
• BGP
External labels (VPN)
• PIM
For multicast states label mapping
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
21
Label Switch Path (LSP)
IGP domain with a label
distribution protocol
LSP follows IGP shortest path
IGP domain with a label
distribution protocol
LSP diverges from IGP shortest path
• LSPs are derived from IGP routing information
• LSPs may diverge from IGP shortest path
LSP tunnels (explicit routing) with TE
• LSPs are unidirectional
Return traffic takes another LSP
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
22
Label Switch Path (LSP) Penultimate Hop Popping
• The label at the top of the stack is removed (popped)
by the upstream neighbor of the egress LSR
• The egress LSR requests the “popping” through the
label distribution protocol
•Egress LSR advertises implicit-null label
• The egress LSR will not have to do a lookup and
remove itself the label
•One lookup is saved in the egress LSR
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
23
Label Switch Path (LSP) Penultimate Hop Popping
In
I/F
0
In
Lab
-
...
...
Address
Prefix
171.68/16
Out
I/F
1
Next-Hop
...
...
Out
Lab
4
In
I/F
0
In
Lab
4
...
...
...
Address
Prefix
171.68/16
Next-Hop
...
...
Summary route
for 171.68/16
0
1
Out
I/F
2
1
Out
Lab
pop
...
Address
Prefix and mask
Next-Hop
Interface
171.68.10/24
171.68.9.1
Serial1
171.68.44/24
171.68.12.1
Serial2
171.68/16
...
Null
Summary route
for 171.68/16
0
171.68.44/24
Use label 4 for
FEC 171.68/16
Summary route is propagate through
the IGP and label is assigned by each
LSR
Use label “implicit-null”
for FEC 171.68/16
171.68.10/24
Egress LSR summarises more
specific routes and advertises
a label for the new FEC
Egress LSR needs to do an IP lookup for finding more
specific route
Egress LSR need NOT receive a labelled packet
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
24
Loops and TTL
• In IP networks TTL is used to prevent packets to travel
indefinitely in the network
• MPLS may use same mechanism as IP, but not on all
encapsulations
• TTL is present in the label header for PPP and LAN
headers (shim headers)
• ATM cell header does not have TTL
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
25
Loops and TTL
• LSRs using ATM do not have TTL capability
• Some suggested options:
- hop-count object in LDP
- Path Vector object in LDP
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
26
Loops and TTL
LSR-1
LSR-2
IP packet
TTL = 10
LSR3
Label = 25
IP packet
TTL = 6
Label = 39
IP packet
TTL = 6
LSR-6
LSR-6 --> 25
Hops=4
IGP domain with a label
distribution protocol
Label = 21
IP packet
TTL = 6
LSR-4
IP packet
TTL = 6
Egress
LSR-5
• TTL is decremented prior to enter the non-TTL capable LSP
• If TTL is 0 the packet is discarded at the ingress point
• TTL is examined at the LSP exit
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
27
Label Distribution Protocol
• Defined in RFC 3035 and 3036
• Used to distribute Labels in a MPLS network
• Forwarding Equivalence Class
• How packets are mapped to LSPs (Label Switched Paths)
• Advertise Labels per FEC
• Reach destination a.b.c.d with label x
• Neighbor discovery
• Basic and Extended Discovery
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
28
LDP Concepts
• Label Distribution Protocol
• Labels map to FECs for Unicast Destination
Prefix
• LDP works between adjacent/non-adjacent peers
• LDP sessions are established between peers
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
29
LDP Messages
• Discovery messages
• Used to discover and maintain the presence of
new peers
• Hello packets (UDP) sent to all-routers multicast
address
• Once neighbor is discovered, the LDP session is
established over TCP
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
30
LDP Messages
• Session messages
• Establish, maintain and terminate LDP sessions
• Advertisement messages
• Create, modify, delete label mappings
• Notification messages
• Error signalling
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
31
Label Distribution Protocol
• Label Merge
• Done by default for packet networks – unique label
advertised per FEC
• Requires VC merge for ATM networks
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
32
TDP & LDP
• Tag Distribution Protocol
• Pre-cursor to LDP
• Used for Cisco Tag Switching
• TDP and LDP supported on the same box
• Per neighbor/link basis
• Per target basis
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
33
RSVP & Label Distribution
• Used in MPLS Traffic Engineering
• Additions to RSVP signaling protocol
• Leverage the admission control mechanism of RSVP
• Label requests are sent in PATH messages and
binding is done with RESV messages
• EXPLICT-ROUTE object defines the path over which
setup messages should be routed
• Using RSVP has several advantages
• Traffic Engineering, Shared Explicit, FRR
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
34
MPLS Example: Forwarding Packets
In
label
Address
Prefix
Out Out
I’face label
In
label
Address
Prefix
-
128.89
1
-
171.69
...
...
Out Out
I’face label
4
4
128.89
0
9
1
5
5
171.69
1
7
...
...
...
...
...
...
In
label
Address
Prefix
Out Out
I’face label
9
128.89
0
-
...
...
...
...
0
128.89
0
128.89.25.4
Data
1
9
128.89.25.4
Data
4
128.89.25.4
Data
128.89.25.4
Data
1
Label Switch forwards
based on label
171.69
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
35
Label Stacking
• IGP Labels – Used for routing packets
• BGP Labels – Used for assigning end
users/communities
• RSVP Labels – Used for TE tunnels
• If more than one service is used
– Then multiple labels are required – TE and FRR
– In some cases a single service requires the use of multiple
labels - VPNs
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
36
Label Stacking – how?
• Arrange Labels in a stack
• Inner labels can be used to designate services/FECs
etc
• E.g VPNs, Fast Re-route
• Outer label used to route/switch the MPLS packets in
the network
• Allows building services such as
Outer Label
• MPLS VPNs – Basic & Advanced - CSC
• Traffic Engineering and Fast Re-route
• VPNs over Traffic Engineered core
• Any Transport over MPLS
TE Label
IGP Label
VPN Label
Inner Label IP Header
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
37
Day in the life of a Packet
In
I/F
0
In
Lab
-
...
...
Address
Prefix
171.68/16
Out
I/F
1
Next-Hop
...
...
Out
Lab
4
In
I/F
0
In
Lab
4
...
...
...
Address
Prefix
171.68/16
Next-Hop
...
...
Out
Lab
7
In
I/F
0
In
Lab
7
...
...
...
P1
1
PE
0
0
CE
Out
I/F
1
Use label 4 for
FEC 171.68/16
P
0
Use label 7 for
FEC 171.68/16
Summary route
for 171.68/16
Address
Prefix
171.68/16
Out
I/F
2
Next-Hop
...
...
Out
Lab
pop
...
Address
Prefix and mask
Next-Hop
Interface
171.68.10/24
171.68.9.1
Serial1
171.68.44/24
171.68.12.1
Serial2
171.68/16
...
Null
2
0
PE
Use label “implicit-null”
for FEC 171.68/16
171.68.44/24
Summary route
for 171.68/16
171.68.10/24
Summary route is propagate through
the IGP and label is assigned by each
LSR
Egress LSR summarises more
specific routes and advertises
a label for the new FEC
Egress LSR needs to do an IP lookup for finding more specific route
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
38
Day in the life of a Packet - Basic Layout
Control Plane
IP Routing Protocols
Routing Exchange
IP Routing Table
Label Distribution Protocol
Label Binding Exchange
Label Removed
L3 lookup
Outgoing IP Packets
Incoming IP Packets
Forward Information Block (FIB)
Incoming LabelledPackets
Label Forward Information Block
(LFIB)
Outgoing Labelled Packets
Forwarding Plane
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
39
Day in the life of a Packet - Database Layout
ISIS
OSPF
BGP
LDP
Routing Table
ute
-t
all_ ag
tag
s
-ro
ge
han
g-c
fasttag-rewrite
tag_info
rou
t
e-ta
tag_rewrite [ ]
tag_hash
fast-adjacency
req
_
incoming-tag
find
FIB
TIB
Dest. IP address
tag_rewrite
output-if
encaps
incoming-tag
outgoing-tag
IDB vectors
TFIB
tfib_entry
tag_rewrite
loadinfo
tag_info
tfib_entry
tfib_entry
tfib_entry
ip_turbo_fs
tag_optimum_fs
ip2_tag_optimum_fs
Incoming tag
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
40
Day in the life of a Packet
In-bound
interface driver
checks
encaps,
invokes
handler thru
IDB vectors
- bgp-based policy
mapping (QPPB) and set
qos-group ID
- authentication proxy
- check for input ACLs
- check for crypto
- check for setting input
QoS marking
- Input police/rate-input
- check for NAT (outside ->
inside
- check policy routing
- check for WEB cache
redirection
check
early
features
FIB
lookup
- check for NAT (inside ->
outside)
- perform QoS classification
- check for crypto
- output ACL check
- check for setting output
QoS marking
- QoS - WFQ
- output police/rate-limiting
IP
adja-cency
lookup
post
lookup
features
IP
fragment
?
send IP
packet
MPLS
IP
IP
MPLS
label
imposition
MPLS
process
labelled
packet
- compute length of tag(s)
to be copied & check if
frag. is required.
- copy tos field
- set ttl
- copy the label(s)
- if (features) {
- perform output QoS
classification
- check for setting output
QoS marking
- do output rate-limiting
- check for multi-vc
}
- fragment, if necessary
- send labelled packet
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
41
Day in the life of a Packet
In-bound interface
driver checks
encaps, invokes
handler thru IDB
vectors
check
early
features
IP
no
rewrite
info, do
Layer-3
lookup
MPLS
process check
labelled early
packet features
- Output QoS Classification
- Setting output QoS marking
- Do output rate-limit/policing
tag
switch
inline
tag
forward
inline
- get label header
- Input QoS Classification
- Setting input QoS marking - from tfib get the tag entry
- Do input rate-limit/policing - get rewrite info from the tag
entry
check
post
features
- update TTL value
- update EXP value
- SWAP/POP label, process
inner label..
- handle multi-vc CoS
- Platform specific WRED
done in the final transmit
path
transmit
packet
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
42
MPLS based services
Provider Provisioned VPNs
Categories
• BGP MPLS VPNs – RFC 2547
– Supported by Cisco
• Virtual Routers –
– Alternative proposal – relies on logical partitioning of the
physical box
– Requires the use of Multicast/broadcast for better
convergence
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
45
MPLS Based IP-VPN Architecture
• Scalable VPNs
• IP QoS and traffic
engineering
• Easy to manage and No VC
provisioning required
• Provides a level of Security
equivalent to Frame-relay
and ATM
VPN MembershipBased on Logical
Port
VPN A
Site 2
• Supports the deployment of
Corp A
new value-added
Site 1
applications
VPN A
Site 3
MPLS
Network
MPLS VPN Renault
MPLS VPN Bankcorp
• Customer IP address
freedom
Corp B
Site 3
Corp B
Site 2
Corp B
Site 1
Traffic Separation at Layer 3
Each VPN has Unique RD
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
46
Using Labels to Build an IP VPN
Cust A
A
A
---------
Cust A
---------
B
---------
B
---------
Cust A
MPLS
Network
Cust B
Cust B
• The network distributes labels to each VPN
- only labels for other VPN members are distributed
- each VPN is provisioned automatically by IP routing
• Privacy and QoS of ATM without tunnels or encryption
• each network is as secure as a Frame Relay connection
• One mechanism (labels) for QoS and VPNs - no tradeoffs
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
47
Service Provider Benefits of MPLS-based VPNs
VPN BVPN A
VPN C
VPN C
Multicast
VPN B
Hosting
Intranet
VPN A
VoIP
VPN A
Extranet
VPN B
VPN C
VPN A VPN B
VPN C
• Overlay VPN
–pushes content outside the
network
–costs scale exponentially
–transport dependent
–groups endpoints, not groups
–complex overlay with QoS,
tunnels, IP
• MPLS-based VPNs
–enables content hosting inside the
network
–“flat” cost curve
–transport independent
–easy grouping of users and
services
–enables QoS inside the VPNs
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
48
Validating Cisco MPLS Based IP-VPN
as a Secure Network
Miercom independent testing
confirmed Cisco MPLS VPN is
secure:
 Customers network topology is not
revealed to the outside world
 Customers can maintain own
addressing plans and the freedom
to use either public or private
address space
 Attackers cannot gain access into
VPNs or Service Provider’s network
LONDON
GSR12008
100.200.200.107
POS 2/0
100.200.110.1
POS 1/0
100.200.103.1
POS 1/1
100.200.106.1
OC3 POS
GLASCOW
7206
100.200.200.106
POS 1/0
100.200.106.2
OC3 POS
OXFORD
7206
100.200.200.103
POS 1/0
100.200.112.1
OC3 POS
ATM 1/0
100.200.105.1
SER 5/0:0
100.200.104.1
Si
DOVER
7505
100.200.200.112
pvc 1/1
OS PF
T1 FR
dlci 104
RIP v2
ATM1/0
100.200.105.2
3.4.4.4
Si
Ser 0
100.200.109.2
BLUE-Glascow
T1 FR
dlci 102
eBGP AS72
T1 FR
dlci 101
OSPF
ATM2/0/0
100.200.111.1
T1 FR
dlci 109
RIP v2
T1 FR
dlci 110
Static
3640
100.200.200.105
Ser 0
100.200.101.2
Ser 0/0
100.200.102.2
pvc 0/11
eBGP AS71
ATM1/0
100.200.111.2
10.4.4.4
Ser 1/0
100.200.110.2
RED-Glascow
2611
100.200.200.104
POS 2/1/0
100.200.112.2
SER 1/0/0:0
100.200.109.1
10.5.5.5
Ser 3/0
100.200.102.1
Si
SER 1/0/1:0
100.200.110.1
SER 1/0:0
100.200.104.2
POS 2/0
100.200.103.2
Ser 5/0:0
100.200.101.1
BLUE-Oxford
BLUE-Dover
2611
100.200.200.110
10.3.3.3
3.5.5.5
RED-Dover
1750
100.200.200.109
10.3.3.3
10.4.4.4
1750
100.200.200.101
YELLOW-Dover
3640
100.200.200.111
YELLOW-Oxford
3640
100.200.200.102
Test Network Topology
Security
 Impossible for attacker to insert
“spoofed” label into a Cisco MPLS
network and thus gain access to a
VPN or the MPLS core
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
49
BGP/MPLS VPN - Summary
• Supports large scale VPN service
• Increases value add by the VPN Service Provider
• Decreases Service Provider cost of providing VPN
services
• Mechanisms are general enough to enable VPN
Service Provider to support a wide range of VPN
customers
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
50
MPLS Traffic Engineering
Why Traffic Engineering?
• Congestion in the network due to changing traffic
patterns
–Election news, online trading, major sports events
• Better utilization of available bandwidth
–Route on the non-shortest path
• Route around failed links/nodes
–Fast rerouting around failures, transparently to users
–Like SONET APS (Automatic Protection Switching)
• Build New Services - Virtual leased line services
–VoIP Toll-Bypass applications, point-to-point bandwidth
guarantees
• Capacity planning
–TE improves aggregate availability of the network
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
52
IP Routing and The Fish
R8
R3
R4
R2
R5
R1
R6
R7
IP (Mostly) Uses Destination-Based Least-Cost Routing
Flows from R8 and R1 Merge at R2 and Become Indistinguishable
From R2, Traffic to R3, R4, R5 Use Upper Route
Alternate Path Under-Utilized
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
53
Applications of MPLS TE
R8
LINK & NODE PROTECTION
R9
R3
R4
R2
R1
R5
R6
R7
Mimic SONET APS
Re-route in 50ms or less
• Multiple hops can be by-passed. R2 swaps the label which R4 expects before pushing
the label for R6
• R2 locally patches traffic onto the link with R6
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
54
MPLS Traffic Engineering for a QoSOptimized Backbone
DiffServ-aware TE & QoS!
MPLS Backbone
DiffServ over IP
on Access Links
DiffServ over IP
on Access Links
PE
PE
DiffServ aware TE
CE
CE
DiffServ o IP
DS-TE + QoS = GB-TE
DiffServ o IP
Constrained
Optimized
Constrained
Legend
Priority – Voice Traffic
Priority – Data Traffic
Regular Traffic
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
55
DiffServ Aware TE Virtual Leased line
Class 5
legacy switches
PSTN –
Traditional TDM
Network
Central
Traditional Office
Telephony
Central
Office
MPLS Network
VoIP
Gateway
VoIP
Gateway
Toll Bypass
Voice Trunking
PE
GB Tunnel
PE
PE
PE
Regular TE
Tunnel
CE
CE
Enterprise
LAN
Enterprise
LAN
PE
VPN Service
Traditional
Telephony
PE
Legend
Internet Service
Enterprise
LAN
Internet
Access
Router
Internet
Access
Router
GB-TE Tunnel
Enterprise
LAN
Regular TE Tunnel
Physical Link
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
56
MPLS TE Summary
• Useful for re-routing traffic in congested
environments
• Build innovative services like Virtual Leased line
• Build protection solutions using MPLS FRR
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
57
Any Transport over MPLS
Any Transport over MPLS
• Trunking Layer 2 over an MPLS Network
– Ethernet
– Frame Relay
– ATM – AAL5, Cell Mode
– PPP
– Cisco HDLC
– SONET
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
59
Ethernet over MPLS
ISP C
MPLS Network
ISP A
Enterpri
se LAN
PE
ISP 2
PE
PE
ISP B
PE
ISP 1
PE
ISP 3
PE
Enterprise
LAN
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
60
Frame Relay over MPLS
Any Transport
over MPLS
(AToM) Tunnel
MPLS
Backbone
PE
Virtual Leased
Line (DS-TE +
QoS)
DS-TE
Tunnel
Frame
Relay
PE
Frame
Relay
Frame Relay
DLCI
CPE Router,
FRAD
CPE Router,
FRAD
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
61
ATM over MPLS
Any Transport
over MPLS
(AToM) Tunnel
MPLS
Backbone
PE
Virtual Leased
Line (DS-TE +
QoS)
DS-TE
Tunnel
ATM
PE
ATM
ATM Virtual
Circuits
CPE Router
CPE Router
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
62
PPP, Cisco HDLC over MPLS
MPLS
Backbone
Serial
Link
PE
Virtual
Leased Line
(DS-TE +
QoS)
CE
Serial IP
or PPP or
HDLC
over
MPLS
DS-TE Tunnel
PE
Serial
Link
CE
Serial IP
or PPP or
HDLC
over
MPLS
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
63
Pseudo Wire Reference Model
draft-ietf-pwe3-requirements
Custom
er Site
PSN Tunnel
PE
PWES
Custom
er Site
Custom
er Site
Pseudo Wires
PE
PWES
PWES
PWES
Custom
er Site
Emulated Service
A pseudo-wire (PW) is a connection between two provider edge (PE) devices
which connects two pseudo-wire end-services (PWESs) of the same type
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
64
Pseudo Wire Reference Model
PSN Tunnel
Custom
er Site
PW PDUs
PDU
PDU
Custom
er Site
Custom
er Site
PE
Pseudo Wires
PE
PDU
PDU
Custom
er Site
• PDUs are encapsulated at the ingress PE router and forwarded
between PEs as PW PDUs
• The Pseudo wire PDU contains ALL data & control information
(control word) necessary to provide Layer-2 service
–although some information may be stored as state at PW set-up
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
65
Layer-2 Transport across MPLS
• Two relevant drafts by Luca Martini
–draft-martini-l2circuit-trans-mpls
–describes label distribution mechanisms for VC labels
–draft-martini-l2circuit-encap-mpls
–describes emulated VC encapsulation mechanisms
• Relevant for the transport of FR, ATM AAL5, ATM cell,
Ethernet (Port Trunking), Ethernet 802.1q (VLAN),
POS, TDM, Cisco HDLC & PPP protocol data units
–across either an MPLS or an IP backbone
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
66
Layer-2 Transport across MPLS
• ‘Emulated Circuits’ use 3 layers of encapsulation
–Tunnel Header
–to get PDU from ingress to egress PE;
–could be an MPLS label, GRE tunnel, L2TP tunnel
–Demultiplexer field
–to identify individual circuits within a tunnel;
–could be an MPLS label or GRE key
–Emulated VC encapsulation
–information on enclosed Layer-2 PDU;
–implemented as a 32-bit control word
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
67
VC Information Exchange
• VC labels are exchanged across a directed LDP
session between PE routers
–Carried in Generic Label TLV within LDP Label
Mapping Message
• New LDP FEC element defined to carry VC
information
–FEC element type ‘128 – Virtual Circuit FEC
Element’;
–Carried within LDP Label Mapping Message
• VC information exchanged using Downstream
Unsolicited label distribution procedures
–Described in draft-martini-l2circuit-trans-mpls
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
68
Virtual Circuit FEC Element
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
C
VC TLV (0x80)
VC-type
VC info length
Group ID
VC ID
Interface Parameters
C: Control Word (1 bit) – Control word present if bit set
VC-type (15 bits) - Type of VC e.g FR, ATM, VLAN, Ethernet, PPP, HDLC
VC info length (8 bits) – Length of VCID field and interface parameters
Group ID (32 bits) – Represents a groups of VCs. Can be used for mass label
withdrawal
VC ID (32 bits) – Connection identifier used in conjunction with the VC-type to
identify a particular VC
Interface Parameters (Variable) – Edge facing interface parameters, such as MTU
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
69
LDP Label Mapping Exchange
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|
Label Mapping (0x0400)
|
Message Length
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Message ID
|
LDP Label Mapping Message
(Specified in RFC 3036)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| FEC (0x0100)
|
Length
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VC tlv (0x80) |C|
VC Type
|VC info Length |
FEC TLV Header
(Specified in RFC
3036)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Group ID
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
VC ID
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Interface parameters
|
"
Virtual Circuit FEC Element
(Specified in draft-martini-l2circuittrans-mpls)
|
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|0|0| Generic Label (0x0200)
|
Length
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Label
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
Optional Parameters
Label TLV Header
(Specified in RFC
3036)
|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
70
Layer-2 Transport Control Word
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Tunnel Label
VC Label
Control Word
Rsvd
Tunnel Label (LDP or RSVP)
EXP
0
TTL
VC Label (VC)
EXP
1
TTL (set to 2)
Flags
0 0
Length
Sequence number
Layer-2 PDU
• When transporting layer-2 protocols over an IP or
MPLS backbone:
The sequence of the packets may need to be preserved;
Small packets may need to be padded if the minimum MTU of the
medium is larger than actual packet size;
Control bits carried in header of Layer-2 frame may need to be
transported
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
71
AToM – Any Transport over MPLS
• Cisco solution = AToM = Any Transport over MPLS
• Tunnel Header is implemented as an MPLS label
Which is learned via LDP and is used to transport frames from
ingress to egress PE routers
• Demultiplexer Field is implemented as a VC label
Which is learnt across a directed LDP session between PE
routers
• Emulated VC encapsulation is implemented as a
control word
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
72
AToM – Label Distribution & Usage
Customer
Site
PE
Customer
Site
Customer
Site
TUNNEL LSP
DIRECTED LDP
PE
Customer
Site
TUNNEL LSP
• Tunnel LSPs between PE routers
to transport PW PDU from PE to PE using tunnel labels
• Directed LDP session between PE routers
to exchange VC information, such as VC labels and control
information
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
73
AToM – Label Mapping Exchange
PE2 repeats steps 1-5 so that bidirectional label/VCID mappings
CE
are established
CE1
1. L2 transport route
entered on ingress PE
PE1
3. PE1 allocates VC
label for new interface
& binds to configured
VCID
4. PE1 sends label
mapping message
containing VC FEC
TLV & VC label TLV
PE2
2. PE1 starts LDP
session with PE2 if
one does not already
exist
Tunnel Label
VC Label
5. PE2 receives VC
FEC TLV & VC label
TLV that matches
local VCID
PDU
Bi-directional Label/VCID mapping exchange
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
74
VC Label Withdrawal Procedures
• If a PE router detects a condition that affects normal service it MUST
withdraw the corresponding VC label
Through the use of LDP signalling
• A PE router may provide circuit status signalling
FR MUST through the use of LMI procedures; ATM SHOULD through
the use of ILMI procedures
LDP Label Withdraw
VCID 320 VC Label 16
Circuit Status
Signalling
PE1
1.0.0.4
PE2
1.0.0.8
Layer-2 Circuit
MPLS
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
75
AToM - MTU Considerations
Ingress PE checks
Egress PE outbound
interface MTU AND
egress interface into
MPLS backbone
Customer
Site
PDU
Incoming PDU
dropped if MTU
exceeded
Egress MTU
Signalled
using LDP
PE1
Customer
Site
PE2
NO mechanism to
check backbone MTU
Provider MUST dictate MTU or direct traffic
away from low MTU links
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
76
Transport of Ethernet over MPLS
• Three main requirements for transport of Ethernet
frames
–802.1q VLAN to 802.1q VLAN transport;
–802.1q VLAN port to port transport;
–Ethernet port to port transport
• Phase 1 of AToM supports 802.1q VLAN to VLAN
transport ONLY
–VC-type 0x0004 within draft-martini-l2circuit-trans-mpls;
–7600 will support VC-type 0x0005 port-to-port Ethernet trunking &
port-to-port VLAN trunking in Hubble release;
–GSR planned to support VC-type 0x0005 in 12.0(23)ST
–ISL encapsulation is NOT supported
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
77
Ethernet 802.1q VLAN Transport
Interface GigabitEthernet0/0.2
encapsulation dot1q 41
mpls l2transport route 1.0.0.8 312 <sequencing>
!
Interface GigabitEthernet1/0.2
encapsulation dot1q 56
mpls l2transport route 1.0.0.8 313 <sequencing>
VLAN 41
PE1
1.0.0.4
MPLS
VLAN 56
Customer
Site
PE1
1.0.0.8
VLAN 41
VLAN 56
Customer
Site
Customer
Site
Customer
Site
802.1q to 802.1q VLAN Transport
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
78
EoMPLS Encapsulation Details
• Ethernet PDUs are transported without the preamble,
SFD and FCS
but including all VLAN information such as VCID
• The control word is optional
C bit is set by default in Cisco implementation (except 7600)
• If the control word is used then the flags must be set to
zero
The VLAN tag is transmitted unchanged but may be
overwritten by the egress PE router
0
1
2
3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Rsvd
0 0 0 0 0 0
Length
Sequence number
Optional
Ethernet PDU
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
79
Ethernet Frame Formats
Ethernet II Encapsulation
<7 octets> <1 octet> <6 octets> <6 octets> <2 octets> <46-1500> <4 octets>
Preamble
SFD
SA
DA
FCS
Data
Ethertype
TPID
TCI
802.1q
Encapsulation
<2 octets> <2 octets>
802.3/802.2/SNAP Encapsulation
<7 octets> <1 octet> <6 octets> <6 octets> <2 octets> <8 octets> <46-1492> <4 octets>
Preamble
SFD
802.1q
Encapsulation
DA
TPID
SA
TCI
<2 octets> <2 octets>
Length
LLC
Data
FCS
OUI
AA-AA-03 0x00-00-00
Ethertype
<3 octets> <3 octets>
<2 octets>
Different Ethernet frame formats supported
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
80
EoMPLS Transport Formats
Ethernet II Encapsulation
<7 octets>
<1 octet>
<6 octets>
<6 octets>
<2 octets>
Preamble
SFD
DA
SA
TPID
<2 octets>
TCI
<2 octets>
<46-1500>
Ethertype
Data
<4 octets>
FCS
Transported using AToM
Preamble
<7 octets>
SFD
DA
SA
TPID
TCI
Length
<1 octet> <6 octets> <6 octets> <2 octets> <2 octets> <2 octets>
OUI
AA-AA- 0x00-00-00 Ethertype Data
03
FCS
<3 octets> <3 octets> <2 octets> <46-1492> <4 octets>
802.3/802.2/SNAP Encapsulation
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
81
MPLS QoS
MPLS Class of Service
TTL
S
8 bits 1 bit
CoS
3 bits
LABEL
20 bits
• Class of Service (CoS)
– network implements distinct service classes
– traffic flows are classified
• based on Layer 3: application, destination, etc.
– simpler and more efficient than mesh of VCs
• Two methods to indicate service class:
– IP precedence copied to MPLS header (CoS field)
• up to 8 classes can be defined (3 bits)
– use separate labels for different service classes
• no limit to number of labels
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
83
MPLS QoS Summary
• Use the same underlying IP QoS mechanisms
– Queuing – LLQ, CBWFQ
– Policing
– WRED
• Classification and marking done on EXP bits in the
label header
• Label header marking can be different from the IP
header DSCP providing a transparency
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
84
Summary
What isn’t MPLS?
• MPLS is not just integration of IP and ATM, BUT
• Integration of IP and ATM is just one of the
applications of MPLS
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
86
What isn’t MPLS?
• MPLS is not a way to make routers (much) faster,
BUT
• MPLS forwarding algorithm is simpler than IP
forwarding algorithm, AND it enables more
functionality than could be provided with the IP
forwarding algorithm
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
87
MPLS and the OSI Reference Model (OSIRM)
• MPLS is not a Network Layer
– doesn’t have routing and addressing on its own - uses IP
addressing + IP routing (with extensions)
• MPLS is not a Link Layer
– because MPLS works over various Link Layer technologies
(e.g., SONET, Ethernet, ATM, etc…)
• MPLS is not a Layer in the OSIRM sense
– doesn’t have a single format for transport of the data from the
layer above
• “shim” on SONET, VCI/VPI on ATM, lambda on OXC, etc...
MPLS does not fit into the OSI Reference Model
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
88
MPLS – Key Benefits
• New value added services
– BGP MPLS VPNS – RFC 2547
– Traffic Engineering
– L2 VPNS
– Protection Solutions
• Link and Node protection
• Bandwidth Protection - Future
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
89
MPLS and its applications
• Separate forwarding
information (label) from the
content of IP header
• Single forwarding paradigm
(label swapping) - multiple
routing paradigms
• Traffic Engineering
• Multiple link-specific
realizations of the label
swapping forwarding
paradigm
• “Hard” QoS support
• Flexibility of forming FECs
• Fast re-route
• Integration with Optical Cross
Connects
• Scalable VPN
• Forwarding hierarchy via
label stacking
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
90
End-to-End Solution
VPN HQ
Back-up
5 Mbps
HQ1
1 Mbps
MPLS TE
MPLS VPN
VPN and Traffic Engineering Combined
to Provide End-to-End Services
凌群電腦股份有限公司
SYSCOM COMPUTER ENGINEERING.CO
91
Questions?