* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download MPLS
Survey
Document related concepts
Transcript
Introduction MPLS – Technology & Services Agenda • Background and business case • Technology basics – What is MPLS? Where is it used? • Label Distribution in MPLS Networks – LDP, RSVP, BGP • Building MPLS based Services – IP+ATM Integration – VPNs – Traffic Engineering (FRR & Protection) • Conclusions 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 2 Evolution of MPLS • From Tag Switching • Proposed in IETF – Later combined with other proposals from IBM (ARIS), Toshiba (CSR) Cisco Calls a BOF at IETF to Standardize Tag Switching Time 1996 MPLS Croup Formally Chartered by IETF Cisco Ships MPLS (Tag Switching) 1997 1998 Cisco Ships Traffic Engineering MPLS TE Deployed MPLS VPN Deployed 1999 Large Scale Deployment 2000 2001 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 3 MPLS-Key Drivers MPLS as a Foundation for Value Added Services Any Provider Provisioned Traffic Engineering IP+Optical IP+ATM GMPLS VPNs Transport Over MPLS MPLS Network Infrastructure 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 5 US VPN Spending 2000 1800 1600 30000 1400 25000 1200 20000 1000 15000 800 10000 600 VPN Services 5000 400 0 1999 200 VPN Products 2000 2001 2002 2003 0 1997 1998 1999 2000 2001 Yankee Group Predictions for VPN Spending ($US millions) 2002 Infonetics VPN Spend Projections in ($US millions 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 6 New Applications for VPN VPN Types Implemented by 2002 80% 60% 73% 40% 64% 20% 0% 27% Individual Site-to-site Remote Access Extranets Source: Infonetics April 2000 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 7 The Service Provider Challenge • Generate New services • Protect Existing Infrastructure – ATM/FR • Combine Private Data Services with Internet Services • Move into rapid deployment 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 8 Technology Specifics MPLS Concepts • MPLS: Multi Protocol Label Switching • MPLS is a layer 2+ switching • MPLS forwarding is done in the same way as in ATM switches • Packet forwarding is done based on Labels 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 10 LSRs and Labels • LSR: Label Switch Router • Edge-LSR: LSRs that do label imposition and disposition 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 11 LSRs and Labels IGP domain with a label distribution protocol • An IP routing protocol is used within the routing domain (e.g.:OSPF, i-ISIS) • A label distribution protocol is used to distribute address/label mappings between adjacent neighbors • The ingress LSR receives IP packets, performs packet classification, assign a label, and forward the labelled packet into the MPLS network • Core LSRs switch packets/cells based on the label value • The egress LSR removes the label before forwarding the IP packet outside the MPLS network 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 12 LSRs and Labels 0 1 2 3 01234567890123456789012345678901 Label | Exp|S| TTL Label = 20 bits Exp = Experimental, 3 bits S = Bottom of stack, 1bit TTL = Time to live, 8 bits • Uses new Ethertypes/PPP PIDs/SNAP values/etc • More than one Label is allowed -> Label Stack • MPLS LSRs always forward packets based on the value of the label at the top of the stack 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 13 LSRs and Labels PPP Header(Packet over SONET/SDH) Ethernet Frame Relay ATM Cell Header GFC PPP Header Shim Header Layer 3 Header Ethernet Hdr Shim Header Layer 3 Header FR Hdr Shim Header Layer 3 Header VPI VCI PTI CLP HEC DATA VCI PTI CLP HEC DATA Label Subsequent cells GFC VPI Label 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 14 Label Assignment and Distribution • Labels have link-local significance Each LSR binds his own label mappings • Each LSR assign labels to his FECs • Labels are assigned and exchanged between adjacent neighboring LSR • Applications may require non-adjacent neighbors 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 15 Label Assignment and Distribution Upstream and Downstream LSRs 171.68.40/24 171.68.10/24 Rtr-A Rtr-B Rtr-C • Rtr-C is the downstream neighbor of Rtr-B for destination 171.68.10/24 • Rtr-B is the downstream neighbor of Rtr-A for destination 171.68.10/24 • LSRs know their downstream neighbors through the IP routing protocol – Next-hop address is the downstream neighbor 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 16 Label Assignment and Distribution Unsolicited Downstream Distribution Use label 30 for destination 171.68.10/24 Use label 40 for destination 171.68.10/24 171.68.40/24 171.68.10/24 Rtr-A Rtr-B Rtr-C In I/F In Lab Address Prefix Out I/F Out Lab In I/F In Lab 0 - 171.68.10 1 0 30 171.68.10 ... ... 30 ... ... ... Next-Hop... ... Address Prefix Out I/F Out Lab 1 40 ... Next-Hop... ... In I/F In Lab Address Prefix 0 40 171.68.10 ... ... Out I/F Out Lab 1 ... Next-Hop... ... IGP derived routes • LSRs distribute labels to the upstream neighbors 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 17 Label Assignment and Distribution On-Demand Downstream Distribution Use label 40 for destination 171.68.10/24 Use label 30 for destination 171.68.10/24 171.68.10/24 171.68.40/24 Rtr-A Rtr-B Request label for destination 171.68.10/24 Rtr-C Request label for destination 171.68.10/24 • Upstream LSRs request labels to downstream neighbors • Downstream LSRs distribute labels upon request 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 18 Label Assignment and Distribution Label Retention Modes • Liberal retention mode • LSR retains labels from all neighbors Improve convergence time, when next-hop is again available after IP convergence Require more memory and label space • Conservative retention mode • LSR retains labels only from next-hops neighbors LSR discards all labels for FECs without next-hop Free memory and label space 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 19 Label Assignment and Distribution Label Distribution Modes • Independent LSP control LSR binds a Label to a FEC independently, whether or not the LSR has received a Label the next-hop for the FEC The LSR then advertises the Label to its neighbor • Ordered LSP control LSR only binds and advertise a label for a particular FEC if: it is the egress LSR for that FEC or it has already received a label binding from its next-hop 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 20 Label Assignment and Distribution Several protocols for label exchange • LDP Maps unicast IP destinations into labels • RSVP, CR-LDP Used in traffic engineering • BGP External labels (VPN) • PIM For multicast states label mapping 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 21 Label Switch Path (LSP) IGP domain with a label distribution protocol LSP follows IGP shortest path IGP domain with a label distribution protocol LSP diverges from IGP shortest path • LSPs are derived from IGP routing information • LSPs may diverge from IGP shortest path LSP tunnels (explicit routing) with TE • LSPs are unidirectional Return traffic takes another LSP 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 22 Label Switch Path (LSP) Penultimate Hop Popping • The label at the top of the stack is removed (popped) by the upstream neighbor of the egress LSR • The egress LSR requests the “popping” through the label distribution protocol •Egress LSR advertises implicit-null label • The egress LSR will not have to do a lookup and remove itself the label •One lookup is saved in the egress LSR 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 23 Label Switch Path (LSP) Penultimate Hop Popping In I/F 0 In Lab - ... ... Address Prefix 171.68/16 Out I/F 1 Next-Hop ... ... Out Lab 4 In I/F 0 In Lab 4 ... ... ... Address Prefix 171.68/16 Next-Hop ... ... Summary route for 171.68/16 0 1 Out I/F 2 1 Out Lab pop ... Address Prefix and mask Next-Hop Interface 171.68.10/24 171.68.9.1 Serial1 171.68.44/24 171.68.12.1 Serial2 171.68/16 ... Null Summary route for 171.68/16 0 171.68.44/24 Use label 4 for FEC 171.68/16 Summary route is propagate through the IGP and label is assigned by each LSR Use label “implicit-null” for FEC 171.68/16 171.68.10/24 Egress LSR summarises more specific routes and advertises a label for the new FEC Egress LSR needs to do an IP lookup for finding more specific route Egress LSR need NOT receive a labelled packet 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 24 Loops and TTL • In IP networks TTL is used to prevent packets to travel indefinitely in the network • MPLS may use same mechanism as IP, but not on all encapsulations • TTL is present in the label header for PPP and LAN headers (shim headers) • ATM cell header does not have TTL 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 25 Loops and TTL • LSRs using ATM do not have TTL capability • Some suggested options: - hop-count object in LDP - Path Vector object in LDP 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 26 Loops and TTL LSR-1 LSR-2 IP packet TTL = 10 LSR3 Label = 25 IP packet TTL = 6 Label = 39 IP packet TTL = 6 LSR-6 LSR-6 --> 25 Hops=4 IGP domain with a label distribution protocol Label = 21 IP packet TTL = 6 LSR-4 IP packet TTL = 6 Egress LSR-5 • TTL is decremented prior to enter the non-TTL capable LSP • If TTL is 0 the packet is discarded at the ingress point • TTL is examined at the LSP exit 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 27 Label Distribution Protocol • Defined in RFC 3035 and 3036 • Used to distribute Labels in a MPLS network • Forwarding Equivalence Class • How packets are mapped to LSPs (Label Switched Paths) • Advertise Labels per FEC • Reach destination a.b.c.d with label x • Neighbor discovery • Basic and Extended Discovery 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 28 LDP Concepts • Label Distribution Protocol • Labels map to FECs for Unicast Destination Prefix • LDP works between adjacent/non-adjacent peers • LDP sessions are established between peers 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 29 LDP Messages • Discovery messages • Used to discover and maintain the presence of new peers • Hello packets (UDP) sent to all-routers multicast address • Once neighbor is discovered, the LDP session is established over TCP 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 30 LDP Messages • Session messages • Establish, maintain and terminate LDP sessions • Advertisement messages • Create, modify, delete label mappings • Notification messages • Error signalling 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 31 Label Distribution Protocol • Label Merge • Done by default for packet networks – unique label advertised per FEC • Requires VC merge for ATM networks 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 32 TDP & LDP • Tag Distribution Protocol • Pre-cursor to LDP • Used for Cisco Tag Switching • TDP and LDP supported on the same box • Per neighbor/link basis • Per target basis 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 33 RSVP & Label Distribution • Used in MPLS Traffic Engineering • Additions to RSVP signaling protocol • Leverage the admission control mechanism of RSVP • Label requests are sent in PATH messages and binding is done with RESV messages • EXPLICT-ROUTE object defines the path over which setup messages should be routed • Using RSVP has several advantages • Traffic Engineering, Shared Explicit, FRR 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 34 MPLS Example: Forwarding Packets In label Address Prefix Out Out I’face label In label Address Prefix - 128.89 1 - 171.69 ... ... Out Out I’face label 4 4 128.89 0 9 1 5 5 171.69 1 7 ... ... ... ... ... ... In label Address Prefix Out Out I’face label 9 128.89 0 - ... ... ... ... 0 128.89 0 128.89.25.4 Data 1 9 128.89.25.4 Data 4 128.89.25.4 Data 128.89.25.4 Data 1 Label Switch forwards based on label 171.69 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 35 Label Stacking • IGP Labels – Used for routing packets • BGP Labels – Used for assigning end users/communities • RSVP Labels – Used for TE tunnels • If more than one service is used – Then multiple labels are required – TE and FRR – In some cases a single service requires the use of multiple labels - VPNs 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 36 Label Stacking – how? • Arrange Labels in a stack • Inner labels can be used to designate services/FECs etc • E.g VPNs, Fast Re-route • Outer label used to route/switch the MPLS packets in the network • Allows building services such as Outer Label • MPLS VPNs – Basic & Advanced - CSC • Traffic Engineering and Fast Re-route • VPNs over Traffic Engineered core • Any Transport over MPLS TE Label IGP Label VPN Label Inner Label IP Header 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 37 Day in the life of a Packet In I/F 0 In Lab - ... ... Address Prefix 171.68/16 Out I/F 1 Next-Hop ... ... Out Lab 4 In I/F 0 In Lab 4 ... ... ... Address Prefix 171.68/16 Next-Hop ... ... Out Lab 7 In I/F 0 In Lab 7 ... ... ... P1 1 PE 0 0 CE Out I/F 1 Use label 4 for FEC 171.68/16 P 0 Use label 7 for FEC 171.68/16 Summary route for 171.68/16 Address Prefix 171.68/16 Out I/F 2 Next-Hop ... ... Out Lab pop ... Address Prefix and mask Next-Hop Interface 171.68.10/24 171.68.9.1 Serial1 171.68.44/24 171.68.12.1 Serial2 171.68/16 ... Null 2 0 PE Use label “implicit-null” for FEC 171.68/16 171.68.44/24 Summary route for 171.68/16 171.68.10/24 Summary route is propagate through the IGP and label is assigned by each LSR Egress LSR summarises more specific routes and advertises a label for the new FEC Egress LSR needs to do an IP lookup for finding more specific route 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 38 Day in the life of a Packet - Basic Layout Control Plane IP Routing Protocols Routing Exchange IP Routing Table Label Distribution Protocol Label Binding Exchange Label Removed L3 lookup Outgoing IP Packets Incoming IP Packets Forward Information Block (FIB) Incoming LabelledPackets Label Forward Information Block (LFIB) Outgoing Labelled Packets Forwarding Plane 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 39 Day in the life of a Packet - Database Layout ISIS OSPF BGP LDP Routing Table ute -t all_ ag tag s -ro ge han g-c fasttag-rewrite tag_info rou t e-ta tag_rewrite [ ] tag_hash fast-adjacency req _ incoming-tag find FIB TIB Dest. IP address tag_rewrite output-if encaps incoming-tag outgoing-tag IDB vectors TFIB tfib_entry tag_rewrite loadinfo tag_info tfib_entry tfib_entry tfib_entry ip_turbo_fs tag_optimum_fs ip2_tag_optimum_fs Incoming tag 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 40 Day in the life of a Packet In-bound interface driver checks encaps, invokes handler thru IDB vectors - bgp-based policy mapping (QPPB) and set qos-group ID - authentication proxy - check for input ACLs - check for crypto - check for setting input QoS marking - Input police/rate-input - check for NAT (outside -> inside - check policy routing - check for WEB cache redirection check early features FIB lookup - check for NAT (inside -> outside) - perform QoS classification - check for crypto - output ACL check - check for setting output QoS marking - QoS - WFQ - output police/rate-limiting IP adja-cency lookup post lookup features IP fragment ? send IP packet MPLS IP IP MPLS label imposition MPLS process labelled packet - compute length of tag(s) to be copied & check if frag. is required. - copy tos field - set ttl - copy the label(s) - if (features) { - perform output QoS classification - check for setting output QoS marking - do output rate-limiting - check for multi-vc } - fragment, if necessary - send labelled packet 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 41 Day in the life of a Packet In-bound interface driver checks encaps, invokes handler thru IDB vectors check early features IP no rewrite info, do Layer-3 lookup MPLS process check labelled early packet features - Output QoS Classification - Setting output QoS marking - Do output rate-limit/policing tag switch inline tag forward inline - get label header - Input QoS Classification - Setting input QoS marking - from tfib get the tag entry - Do input rate-limit/policing - get rewrite info from the tag entry check post features - update TTL value - update EXP value - SWAP/POP label, process inner label.. - handle multi-vc CoS - Platform specific WRED done in the final transmit path transmit packet 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 42 MPLS based services Provider Provisioned VPNs Categories • BGP MPLS VPNs – RFC 2547 – Supported by Cisco • Virtual Routers – – Alternative proposal – relies on logical partitioning of the physical box – Requires the use of Multicast/broadcast for better convergence 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 45 MPLS Based IP-VPN Architecture • Scalable VPNs • IP QoS and traffic engineering • Easy to manage and No VC provisioning required • Provides a level of Security equivalent to Frame-relay and ATM VPN MembershipBased on Logical Port VPN A Site 2 • Supports the deployment of Corp A new value-added Site 1 applications VPN A Site 3 MPLS Network MPLS VPN Renault MPLS VPN Bankcorp • Customer IP address freedom Corp B Site 3 Corp B Site 2 Corp B Site 1 Traffic Separation at Layer 3 Each VPN has Unique RD 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 46 Using Labels to Build an IP VPN Cust A A A --------- Cust A --------- B --------- B --------- Cust A MPLS Network Cust B Cust B • The network distributes labels to each VPN - only labels for other VPN members are distributed - each VPN is provisioned automatically by IP routing • Privacy and QoS of ATM without tunnels or encryption • each network is as secure as a Frame Relay connection • One mechanism (labels) for QoS and VPNs - no tradeoffs 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 47 Service Provider Benefits of MPLS-based VPNs VPN BVPN A VPN C VPN C Multicast VPN B Hosting Intranet VPN A VoIP VPN A Extranet VPN B VPN C VPN A VPN B VPN C • Overlay VPN –pushes content outside the network –costs scale exponentially –transport dependent –groups endpoints, not groups –complex overlay with QoS, tunnels, IP • MPLS-based VPNs –enables content hosting inside the network –“flat” cost curve –transport independent –easy grouping of users and services –enables QoS inside the VPNs 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 48 Validating Cisco MPLS Based IP-VPN as a Secure Network Miercom independent testing confirmed Cisco MPLS VPN is secure: Customers network topology is not revealed to the outside world Customers can maintain own addressing plans and the freedom to use either public or private address space Attackers cannot gain access into VPNs or Service Provider’s network LONDON GSR12008 100.200.200.107 POS 2/0 100.200.110.1 POS 1/0 100.200.103.1 POS 1/1 100.200.106.1 OC3 POS GLASCOW 7206 100.200.200.106 POS 1/0 100.200.106.2 OC3 POS OXFORD 7206 100.200.200.103 POS 1/0 100.200.112.1 OC3 POS ATM 1/0 100.200.105.1 SER 5/0:0 100.200.104.1 Si DOVER 7505 100.200.200.112 pvc 1/1 OS PF T1 FR dlci 104 RIP v2 ATM1/0 100.200.105.2 3.4.4.4 Si Ser 0 100.200.109.2 BLUE-Glascow T1 FR dlci 102 eBGP AS72 T1 FR dlci 101 OSPF ATM2/0/0 100.200.111.1 T1 FR dlci 109 RIP v2 T1 FR dlci 110 Static 3640 100.200.200.105 Ser 0 100.200.101.2 Ser 0/0 100.200.102.2 pvc 0/11 eBGP AS71 ATM1/0 100.200.111.2 10.4.4.4 Ser 1/0 100.200.110.2 RED-Glascow 2611 100.200.200.104 POS 2/1/0 100.200.112.2 SER 1/0/0:0 100.200.109.1 10.5.5.5 Ser 3/0 100.200.102.1 Si SER 1/0/1:0 100.200.110.1 SER 1/0:0 100.200.104.2 POS 2/0 100.200.103.2 Ser 5/0:0 100.200.101.1 BLUE-Oxford BLUE-Dover 2611 100.200.200.110 10.3.3.3 3.5.5.5 RED-Dover 1750 100.200.200.109 10.3.3.3 10.4.4.4 1750 100.200.200.101 YELLOW-Dover 3640 100.200.200.111 YELLOW-Oxford 3640 100.200.200.102 Test Network Topology Security Impossible for attacker to insert “spoofed” label into a Cisco MPLS network and thus gain access to a VPN or the MPLS core 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 49 BGP/MPLS VPN - Summary • Supports large scale VPN service • Increases value add by the VPN Service Provider • Decreases Service Provider cost of providing VPN services • Mechanisms are general enough to enable VPN Service Provider to support a wide range of VPN customers 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 50 MPLS Traffic Engineering Why Traffic Engineering? • Congestion in the network due to changing traffic patterns –Election news, online trading, major sports events • Better utilization of available bandwidth –Route on the non-shortest path • Route around failed links/nodes –Fast rerouting around failures, transparently to users –Like SONET APS (Automatic Protection Switching) • Build New Services - Virtual leased line services –VoIP Toll-Bypass applications, point-to-point bandwidth guarantees • Capacity planning –TE improves aggregate availability of the network 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 52 IP Routing and The Fish R8 R3 R4 R2 R5 R1 R6 R7 IP (Mostly) Uses Destination-Based Least-Cost Routing Flows from R8 and R1 Merge at R2 and Become Indistinguishable From R2, Traffic to R3, R4, R5 Use Upper Route Alternate Path Under-Utilized 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 53 Applications of MPLS TE R8 LINK & NODE PROTECTION R9 R3 R4 R2 R1 R5 R6 R7 Mimic SONET APS Re-route in 50ms or less • Multiple hops can be by-passed. R2 swaps the label which R4 expects before pushing the label for R6 • R2 locally patches traffic onto the link with R6 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 54 MPLS Traffic Engineering for a QoSOptimized Backbone DiffServ-aware TE & QoS! MPLS Backbone DiffServ over IP on Access Links DiffServ over IP on Access Links PE PE DiffServ aware TE CE CE DiffServ o IP DS-TE + QoS = GB-TE DiffServ o IP Constrained Optimized Constrained Legend Priority – Voice Traffic Priority – Data Traffic Regular Traffic 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 55 DiffServ Aware TE Virtual Leased line Class 5 legacy switches PSTN – Traditional TDM Network Central Traditional Office Telephony Central Office MPLS Network VoIP Gateway VoIP Gateway Toll Bypass Voice Trunking PE GB Tunnel PE PE PE Regular TE Tunnel CE CE Enterprise LAN Enterprise LAN PE VPN Service Traditional Telephony PE Legend Internet Service Enterprise LAN Internet Access Router Internet Access Router GB-TE Tunnel Enterprise LAN Regular TE Tunnel Physical Link 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 56 MPLS TE Summary • Useful for re-routing traffic in congested environments • Build innovative services like Virtual Leased line • Build protection solutions using MPLS FRR 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 57 Any Transport over MPLS Any Transport over MPLS • Trunking Layer 2 over an MPLS Network – Ethernet – Frame Relay – ATM – AAL5, Cell Mode – PPP – Cisco HDLC – SONET 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 59 Ethernet over MPLS ISP C MPLS Network ISP A Enterpri se LAN PE ISP 2 PE PE ISP B PE ISP 1 PE ISP 3 PE Enterprise LAN 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 60 Frame Relay over MPLS Any Transport over MPLS (AToM) Tunnel MPLS Backbone PE Virtual Leased Line (DS-TE + QoS) DS-TE Tunnel Frame Relay PE Frame Relay Frame Relay DLCI CPE Router, FRAD CPE Router, FRAD 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 61 ATM over MPLS Any Transport over MPLS (AToM) Tunnel MPLS Backbone PE Virtual Leased Line (DS-TE + QoS) DS-TE Tunnel ATM PE ATM ATM Virtual Circuits CPE Router CPE Router 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 62 PPP, Cisco HDLC over MPLS MPLS Backbone Serial Link PE Virtual Leased Line (DS-TE + QoS) CE Serial IP or PPP or HDLC over MPLS DS-TE Tunnel PE Serial Link CE Serial IP or PPP or HDLC over MPLS 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 63 Pseudo Wire Reference Model draft-ietf-pwe3-requirements Custom er Site PSN Tunnel PE PWES Custom er Site Custom er Site Pseudo Wires PE PWES PWES PWES Custom er Site Emulated Service A pseudo-wire (PW) is a connection between two provider edge (PE) devices which connects two pseudo-wire end-services (PWESs) of the same type 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 64 Pseudo Wire Reference Model PSN Tunnel Custom er Site PW PDUs PDU PDU Custom er Site Custom er Site PE Pseudo Wires PE PDU PDU Custom er Site • PDUs are encapsulated at the ingress PE router and forwarded between PEs as PW PDUs • The Pseudo wire PDU contains ALL data & control information (control word) necessary to provide Layer-2 service –although some information may be stored as state at PW set-up 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 65 Layer-2 Transport across MPLS • Two relevant drafts by Luca Martini –draft-martini-l2circuit-trans-mpls –describes label distribution mechanisms for VC labels –draft-martini-l2circuit-encap-mpls –describes emulated VC encapsulation mechanisms • Relevant for the transport of FR, ATM AAL5, ATM cell, Ethernet (Port Trunking), Ethernet 802.1q (VLAN), POS, TDM, Cisco HDLC & PPP protocol data units –across either an MPLS or an IP backbone 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 66 Layer-2 Transport across MPLS • ‘Emulated Circuits’ use 3 layers of encapsulation –Tunnel Header –to get PDU from ingress to egress PE; –could be an MPLS label, GRE tunnel, L2TP tunnel –Demultiplexer field –to identify individual circuits within a tunnel; –could be an MPLS label or GRE key –Emulated VC encapsulation –information on enclosed Layer-2 PDU; –implemented as a 32-bit control word 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 67 VC Information Exchange • VC labels are exchanged across a directed LDP session between PE routers –Carried in Generic Label TLV within LDP Label Mapping Message • New LDP FEC element defined to carry VC information –FEC element type ‘128 – Virtual Circuit FEC Element’; –Carried within LDP Label Mapping Message • VC information exchanged using Downstream Unsolicited label distribution procedures –Described in draft-martini-l2circuit-trans-mpls 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 68 Virtual Circuit FEC Element 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 C VC TLV (0x80) VC-type VC info length Group ID VC ID Interface Parameters C: Control Word (1 bit) – Control word present if bit set VC-type (15 bits) - Type of VC e.g FR, ATM, VLAN, Ethernet, PPP, HDLC VC info length (8 bits) – Length of VCID field and interface parameters Group ID (32 bits) – Represents a groups of VCs. Can be used for mass label withdrawal VC ID (32 bits) – Connection identifier used in conjunction with the VC-type to identify a particular VC Interface Parameters (Variable) – Edge facing interface parameters, such as MTU 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 69 LDP Label Mapping Exchange 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0| Label Mapping (0x0400) | Message Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Message ID | LDP Label Mapping Message (Specified in RFC 3036) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|0| FEC (0x0100) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VC tlv (0x80) |C| VC Type |VC info Length | FEC TLV Header (Specified in RFC 3036) +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Group ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VC ID | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Interface parameters | " Virtual Circuit FEC Element (Specified in draft-martini-l2circuittrans-mpls) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |0|0| Generic Label (0x0200) | Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Label | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Optional Parameters Label TLV Header (Specified in RFC 3036) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 70 Layer-2 Transport Control Word 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Tunnel Label VC Label Control Word Rsvd Tunnel Label (LDP or RSVP) EXP 0 TTL VC Label (VC) EXP 1 TTL (set to 2) Flags 0 0 Length Sequence number Layer-2 PDU • When transporting layer-2 protocols over an IP or MPLS backbone: The sequence of the packets may need to be preserved; Small packets may need to be padded if the minimum MTU of the medium is larger than actual packet size; Control bits carried in header of Layer-2 frame may need to be transported 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 71 AToM – Any Transport over MPLS • Cisco solution = AToM = Any Transport over MPLS • Tunnel Header is implemented as an MPLS label Which is learned via LDP and is used to transport frames from ingress to egress PE routers • Demultiplexer Field is implemented as a VC label Which is learnt across a directed LDP session between PE routers • Emulated VC encapsulation is implemented as a control word 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 72 AToM – Label Distribution & Usage Customer Site PE Customer Site Customer Site TUNNEL LSP DIRECTED LDP PE Customer Site TUNNEL LSP • Tunnel LSPs between PE routers to transport PW PDU from PE to PE using tunnel labels • Directed LDP session between PE routers to exchange VC information, such as VC labels and control information 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 73 AToM – Label Mapping Exchange PE2 repeats steps 1-5 so that bidirectional label/VCID mappings CE are established CE1 1. L2 transport route entered on ingress PE PE1 3. PE1 allocates VC label for new interface & binds to configured VCID 4. PE1 sends label mapping message containing VC FEC TLV & VC label TLV PE2 2. PE1 starts LDP session with PE2 if one does not already exist Tunnel Label VC Label 5. PE2 receives VC FEC TLV & VC label TLV that matches local VCID PDU Bi-directional Label/VCID mapping exchange 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 74 VC Label Withdrawal Procedures • If a PE router detects a condition that affects normal service it MUST withdraw the corresponding VC label Through the use of LDP signalling • A PE router may provide circuit status signalling FR MUST through the use of LMI procedures; ATM SHOULD through the use of ILMI procedures LDP Label Withdraw VCID 320 VC Label 16 Circuit Status Signalling PE1 1.0.0.4 PE2 1.0.0.8 Layer-2 Circuit MPLS 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 75 AToM - MTU Considerations Ingress PE checks Egress PE outbound interface MTU AND egress interface into MPLS backbone Customer Site PDU Incoming PDU dropped if MTU exceeded Egress MTU Signalled using LDP PE1 Customer Site PE2 NO mechanism to check backbone MTU Provider MUST dictate MTU or direct traffic away from low MTU links 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 76 Transport of Ethernet over MPLS • Three main requirements for transport of Ethernet frames –802.1q VLAN to 802.1q VLAN transport; –802.1q VLAN port to port transport; –Ethernet port to port transport • Phase 1 of AToM supports 802.1q VLAN to VLAN transport ONLY –VC-type 0x0004 within draft-martini-l2circuit-trans-mpls; –7600 will support VC-type 0x0005 port-to-port Ethernet trunking & port-to-port VLAN trunking in Hubble release; –GSR planned to support VC-type 0x0005 in 12.0(23)ST –ISL encapsulation is NOT supported 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 77 Ethernet 802.1q VLAN Transport Interface GigabitEthernet0/0.2 encapsulation dot1q 41 mpls l2transport route 1.0.0.8 312 <sequencing> ! Interface GigabitEthernet1/0.2 encapsulation dot1q 56 mpls l2transport route 1.0.0.8 313 <sequencing> VLAN 41 PE1 1.0.0.4 MPLS VLAN 56 Customer Site PE1 1.0.0.8 VLAN 41 VLAN 56 Customer Site Customer Site Customer Site 802.1q to 802.1q VLAN Transport 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 78 EoMPLS Encapsulation Details • Ethernet PDUs are transported without the preamble, SFD and FCS but including all VLAN information such as VCID • The control word is optional C bit is set by default in Cisco implementation (except 7600) • If the control word is used then the flags must be set to zero The VLAN tag is transmitted unchanged but may be overwritten by the egress PE router 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Rsvd 0 0 0 0 0 0 Length Sequence number Optional Ethernet PDU 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 79 Ethernet Frame Formats Ethernet II Encapsulation <7 octets> <1 octet> <6 octets> <6 octets> <2 octets> <46-1500> <4 octets> Preamble SFD SA DA FCS Data Ethertype TPID TCI 802.1q Encapsulation <2 octets> <2 octets> 802.3/802.2/SNAP Encapsulation <7 octets> <1 octet> <6 octets> <6 octets> <2 octets> <8 octets> <46-1492> <4 octets> Preamble SFD 802.1q Encapsulation DA TPID SA TCI <2 octets> <2 octets> Length LLC Data FCS OUI AA-AA-03 0x00-00-00 Ethertype <3 octets> <3 octets> <2 octets> Different Ethernet frame formats supported 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 80 EoMPLS Transport Formats Ethernet II Encapsulation <7 octets> <1 octet> <6 octets> <6 octets> <2 octets> Preamble SFD DA SA TPID <2 octets> TCI <2 octets> <46-1500> Ethertype Data <4 octets> FCS Transported using AToM Preamble <7 octets> SFD DA SA TPID TCI Length <1 octet> <6 octets> <6 octets> <2 octets> <2 octets> <2 octets> OUI AA-AA- 0x00-00-00 Ethertype Data 03 FCS <3 octets> <3 octets> <2 octets> <46-1492> <4 octets> 802.3/802.2/SNAP Encapsulation 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 81 MPLS QoS MPLS Class of Service TTL S 8 bits 1 bit CoS 3 bits LABEL 20 bits • Class of Service (CoS) – network implements distinct service classes – traffic flows are classified • based on Layer 3: application, destination, etc. – simpler and more efficient than mesh of VCs • Two methods to indicate service class: – IP precedence copied to MPLS header (CoS field) • up to 8 classes can be defined (3 bits) – use separate labels for different service classes • no limit to number of labels 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 83 MPLS QoS Summary • Use the same underlying IP QoS mechanisms – Queuing – LLQ, CBWFQ – Policing – WRED • Classification and marking done on EXP bits in the label header • Label header marking can be different from the IP header DSCP providing a transparency 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 84 Summary What isn’t MPLS? • MPLS is not just integration of IP and ATM, BUT • Integration of IP and ATM is just one of the applications of MPLS 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 86 What isn’t MPLS? • MPLS is not a way to make routers (much) faster, BUT • MPLS forwarding algorithm is simpler than IP forwarding algorithm, AND it enables more functionality than could be provided with the IP forwarding algorithm 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 87 MPLS and the OSI Reference Model (OSIRM) • MPLS is not a Network Layer – doesn’t have routing and addressing on its own - uses IP addressing + IP routing (with extensions) • MPLS is not a Link Layer – because MPLS works over various Link Layer technologies (e.g., SONET, Ethernet, ATM, etc…) • MPLS is not a Layer in the OSIRM sense – doesn’t have a single format for transport of the data from the layer above • “shim” on SONET, VCI/VPI on ATM, lambda on OXC, etc... MPLS does not fit into the OSI Reference Model 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 88 MPLS – Key Benefits • New value added services – BGP MPLS VPNS – RFC 2547 – Traffic Engineering – L2 VPNS – Protection Solutions • Link and Node protection • Bandwidth Protection - Future 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 89 MPLS and its applications • Separate forwarding information (label) from the content of IP header • Single forwarding paradigm (label swapping) - multiple routing paradigms • Traffic Engineering • Multiple link-specific realizations of the label swapping forwarding paradigm • “Hard” QoS support • Flexibility of forming FECs • Fast re-route • Integration with Optical Cross Connects • Scalable VPN • Forwarding hierarchy via label stacking 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 90 End-to-End Solution VPN HQ Back-up 5 Mbps HQ1 1 Mbps MPLS TE MPLS VPN VPN and Traffic Engineering Combined to Provide End-to-End Services 凌群電腦股份有限公司 SYSCOM COMPUTER ENGINEERING.CO 91 Questions?