Upload
luke-dean
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
1
MPLS
John JamisonJohn Jamison
University of Illinois at ChicagoUniversity of Illinois at Chicago
November 17, 2000November 17, 2000
What’s in it for Research & Education
Networks?
2
Juniper Networks Product Family
Nov 1999Nov 1999M20M20
Sept 1998Sept 1998M40M40
Mar 2000Mar 2000M160M160
Sept 2000Sept 2000M5M5
Sept 2000Sept 2000M10M10
3
Juniper NetworksResearch and Education Customers
MCI Worldcom – vBNS/vBNS+MCI Worldcom – vBNS/vBNS+
Department of Energy – ESnetDepartment of Energy – ESnet DANTE - TEN-155 (Pan-European DANTE - TEN-155 (Pan-European
Research & Education Backbone)Research & Education Backbone)
NYSERNet – New York State NYSERNet – New York State Education & Research NetworkEducation & Research Network
Georgia Tech – SOX GigaPoPGeorgia Tech – SOX GigaPoP
University of Washington – University of Washington – Pacific/Northwest GigaPoPPacific/Northwest GigaPoP
STAR TAP (International Research STAR TAP (International Research & Education Network Meet Point)& Education Network Meet Point)
APAN (Asia Pacific Advanced APAN (Asia Pacific Advanced Network) ConsortiumNetwork) Consortium
NOAA (National Oceanographic NOAA (National Oceanographic and Atmospheric Administration)and Atmospheric Administration)
NASA – Goddard Space Flight NASA – Goddard Space Flight CenterCenter
NIH (National Institutes of Health)NIH (National Institutes of Health)
DoD (Department of Defense)DoD (Department of Defense)
US Army Engineer Research andUS Army Engineer Research andDevelopment CenterDevelopment Center
University of Illinois – NCSA University of Illinois – NCSA (National Center for (National Center for Supercomputing Applications)Supercomputing Applications)
University of California, San Diego - University of California, San Diego - SDSC (San Diego Supercomputer SDSC (San Diego Supercomputer Center)Center)
University of Southern California, University of Southern California, Information Sciences InstituteInformation Sciences Institute
Indiana UniversityIndiana University Stanford UniversityStanford University University of California, DavisUniversity of California, Davis California Institute of TechnologyCalifornia Institute of Technology North Carolina State UniversityNorth Carolina State University University of AlaskaUniversity of Alaska University of Hiroshima, JapanUniversity of Hiroshima, Japan Korea Telcom Research LabKorea Telcom Research Lab ETRI (Electronic and Transmission ETRI (Electronic and Transmission
Research Institute), KoreaResearch Institute), Korea
4
Original Agenda
MPLS FundamentalsMPLS Fundamentals
Traffic Engineering Traffic Engineering
Constraint-Based RoutingConstraint-Based Routing
Refreshment BreakRefreshment Break
Virtual Private NetworksVirtual Private Networks
Optical Applications for Optical Applications for
MPLS Signaling MPLS Signaling
(GMPLS/MP(GMPLS/MPλλS)S)
Juniper Networks SolutionsJuniper Networks Solutions
Questions and CommentsQuestions and Comments
5
Our Agenda
MPLS OverviewMPLS Overview
Traffic EngineeringTraffic Engineering
VPNsVPNs
6
What are we missing out on?
A bunch of pure marketing slidesA bunch of pure marketing slides
A bunch of filler slidesA bunch of filler slides
Slides with content that is of interest mainly Slides with content that is of interest mainly to ISPsto ISPs Here is how you can use MPLS to bring in more Here is how you can use MPLS to bring in more
revenue, offer different services, etc.revenue, offer different services, etc.
Some Details of MPLS Signaling Protocols Some Details of MPLS Signaling Protocols and RFC 2547 VPNsand RFC 2547 VPNs You can (and should) only cover so much in one You can (and should) only cover so much in one
talktalk
Some MP(Lambda)S DetailsSome MP(Lambda)S Details Seems too much like slide ware right nowSeems too much like slide ware right now
7
What are we gaining?
Besides being spared marketing and ISP Besides being spared marketing and ISP centric stuff:centric stuff: We will see some examples from networks and We will see some examples from networks and
applications we are familiar withapplications we are familiar with
We will save some time and cover almost as much We will save some time and cover almost as much informationinformation
8
Why Is MPLSan Important Technology?
Fully integrates IP routing & L2 switchingFully integrates IP routing & L2 switching
Leverages existing IP infrastructuresLeverages existing IP infrastructures
Optimizes IP networks by facilitatingOptimizes IP networks by facilitatingtraffic engineeringtraffic engineering
Enables multi-service networkingEnables multi-service networking
Seamlessly integrates private and public Seamlessly integrates private and public networks networks
The natural choice for exploring new and richerThe natural choice for exploring new and richerIP service offeringsIP service offerings
Dynamic optical bandwidth provisioningDynamic optical bandwidth provisioning
9
What Is MPLS?
IETF Working Group chartered in spring 1997IETF Working Group chartered in spring 1997
IETF solution to support multi-layer switching: IETF solution to support multi-layer switching: IP Switching (Ipsilon/Nokia)IP Switching (Ipsilon/Nokia)
Tag Switching (Cisco)Tag Switching (Cisco)
IP Navigator (Cascade/Ascend/Lucent)IP Navigator (Cascade/Ascend/Lucent)
ARIS (IBM)ARIS (IBM)
ObjectivesObjectives Enhance performance and scalability of IP routingEnhance performance and scalability of IP routing
Facilitate explicit routing and traffic engineeringFacilitate explicit routing and traffic engineering
Separate control (routing) from the forwarding Separate control (routing) from the forwarding mechanismmechanismso each can be modified independentlyso each can be modified independently
Develop a single forwarding algorithm to support a wideDevelop a single forwarding algorithm to support a widerange of routing and switching functionalityrange of routing and switching functionality
10
MPLS Terminology
LabelLabel Short, fixed-length packet identifierShort, fixed-length packet identifier UnstructuredUnstructured Link local significanceLink local significance
Forwarding Equivalence Class (FEC)Forwarding Equivalence Class (FEC) Stream/flow of IP packets: Stream/flow of IP packets:
Forwarded over the same pathForwarded over the same path Treated in the same mannerTreated in the same manner Mapped to the same labelMapped to the same label
FEC/label binding mechanismFEC/label binding mechanism Currently based on destination IP address prefixCurrently based on destination IP address prefix Future mappings based on SP-defined policyFuture mappings based on SP-defined policy
11
MPLS Terminology
Label SwappingLabel Swapping Connection table maintains mappingsConnection table maintains mappings Exact match lookup Exact match lookup Input (port, label) determines:Input (port, label) determines:
Label operationLabel operation Output (port, label)Output (port, label)
Same forwarding algorithm used in Frame Relay and ATMSame forwarding algorithm used in Frame Relay and ATM
Port 1
Port 3
Port 2
Port 4
Connection TableConnection TableIn
(port, label)Out
(port, label)
(1, 22)
(1, 24)
(1, 25)
(2, 23)
(2, 17)
(3, 17)
(4, 19)
(3, 12)
LabelOperation
Swap
Swap
Swap
Swap
25IP
19IP
12
MPLS Terminology
Label-Switched Path (LSP)Label-Switched Path (LSP) Simplex L2 tunnel across a networkSimplex L2 tunnel across a network
Concatenation of one or more label switched hopsConcatenation of one or more label switched hops
Analogous to an ATM or Frame Relay PVCAnalogous to an ATM or Frame Relay PVC
SanSanFranciscoFrancisco
New New YorkYork
LSPLSP
13
MPLS Terminology
SanSanFranciscoFrancisco
New New YorkYork
LSPLSP
LSRLSR
LSRLSR
LSRLSRLSRLSR
Label-Switching Router (LSR)Label-Switching Router (LSR) Forwards MPLS packets using label-switchingForwards MPLS packets using label-switching Capable of forwarding native IP packetsCapable of forwarding native IP packets Executes one or more IP routing protocolsExecutes one or more IP routing protocols Participates in MPLS control protocolsParticipates in MPLS control protocols Analogous to an ATM or Frame Relay Switch (that Analogous to an ATM or Frame Relay Switch (that
also knows about IP)also knows about IP)
14
MPLS Terminology
SanSanFranciscoFrancisco
New New YorkYork
LSPLSP
Ingress LSR (“head-end LSR”)Ingress LSR (“head-end LSR”) Examines inbound IP packets and assigns them to an Examines inbound IP packets and assigns them to an
FECFEC Generates MPLS header and assigns initial labelGenerates MPLS header and assigns initial label
Transit LSRTransit LSR Forwards MPLS packets using label swappingForwards MPLS packets using label swapping
Egress LSR (“tail-end LSR”)Egress LSR (“tail-end LSR”) Removes the MPLS headerRemoves the MPLS header
IngressIngressLSRLSR TransitTransit
LSRLSR TransitTransitLSRLSR
EgressEgressLSRLSR
15
MPLS Header
FieldsFields LabelLabel Experimental (CoS)Experimental (CoS) Stacking bitStacking bit Time to liveTime to live
IP packet is encapsulated by ingress LSRIP packet is encapsulated by ingress LSR IP packet is de-encapsulated by egress LSRIP packet is de-encapsulated by egress LSR
TTLLabel (20-bits) CoS S
IP PacketIP Packet
32-bits32-bits
L2 HeaderL2 Header MPLS HeaderMPLS Header
16
134.5.1.5134.5.1.5
200.3.2.7200.3.2.7200.3.2.1200.3.2.1
134.5.6.1134.5.6.1
Routing TableRouting TableDestination Next Hop
134.5/16
200.3.2/24
12.29.31.5
12.29.31.5
DestinationRouting TableRouting Table
Next Hop
134.5/16
200.3.2/24
134.5.6.1
200.3.2.1
IP Packet Forwarding Example
200.3.2.7
200.3.2.7
3 5
2
12.29.31.412.29.31.412.29.31.112.29.31.1
Routing TableRouting TableDestination Next Hop
134.5/16
200.3.2/24
12.29.31.5
12.29.31.9
12.29.31.512.29.31.5
Routing TableRouting TableDestination Next Hop
134.5/16
200.3.2/24
12.29.31.5
12.29.31.4
12.29.31.912.29.31.9
200.3.2.7
200.3.2.7
200.3.2.7
17
134.5.1.5134.5.1.5
200.3.2.7200.3.2.7
1 2
200.3.2.1200.3.2.1
134.5.6.1134.5.6.1
Ingress Routing TableIngress Routing TableDestination Next Hop
134.5/16
200.3.2/24
(2, 84)
(3, 99)
MPLS TableMPLS TableIn Out
(1, 99) (2, 56)
MPLS TableMPLS TableIn Out
(3, 56) (5, 0)
DestinationEgress Routing TableEgress Routing Table
Next Hop
134.5/16
200.3.2/24
134.5.6.1
200.3.2.1
MPLS Forwarding Example
200.3.2.7
9999200.3.2.7 00200.3.2.7
MPLS TableMPLS TableIn Out
(2, 84) (6, 0)
200.3.2.75656200.3.2.7
3 5
2
3
2 6
18
How Is Traffic Mappedto an LSP?
Map LSP to the BGP next hopMap LSP to the BGP next hop FEC = {all BGP destinations reachable via egress FEC = {all BGP destinations reachable via egress
LSR}LSR}
134.5.1.5134.5.1.5
Egress Egress LSRLSR
AS 45AS 45 AS 63AS 63
AS 77AS 77Transit SPTransit SP
LSP 32LSP 32
I-BGP peersI-BGP peers
134.5.1.5 E-BGPE-BGPpeerspeers
E-BGPE-BGPpeerspeers
BGPBGP BGPBGP
BGPBGP BGPBGP
Routing TableRouting Table
134.5/16134.5/16 LSP 32LSP 32
Ingress LSRIngress LSR
19
How are LSPs Set Up?
Two approaches:Two approaches: Manual ConfigurationManual Configuration Using a Signaling ProtocolUsing a Signaling Protocol
LSPLSP
IngressIngressLSRLSR
EgressEgressLSRLSR
20
MPLS Signaling Protocols
The IETF MPLS architecture does not assumeThe IETF MPLS architecture does not assumea single label distribution protocola single label distribution protocol
LDPLDP Executes hop-by-hopExecutes hop-by-hop Selects same physical path as IGPSelects same physical path as IGP Does not support traffic engineering Does not support traffic engineering
RSVPRSVP Easily extensible for explicit routes and label distributionEasily extensible for explicit routes and label distribution Deployed by providers in production networks Deployed by providers in production networks
CR-LDPCR-LDP Extends LDP to support explicit routesExtends LDP to support explicit routes Functionally identical to RSVPFunctionally identical to RSVP Not deployed Not deployed
21
How Is the LSP PhysicalPath Determined?
Two approaches:Two approaches: Offline path calculation (in house or 3rd party Offline path calculation (in house or 3rd party
tools)tools) Online path calculation (constraint-based routing)Online path calculation (constraint-based routing)
A hybrid approach may be usedA hybrid approach may be used
LSPLSP
IngressIngressLSRLSR
EgressEgressLSRLSR
22
Offline Path Calculation
Simultaneously considersSimultaneously considers All link resource constraintsAll link resource constraints All ingress to egressAll ingress to egress
traffic trunkstraffic trunks
BenefitsBenefits Similar to mechanisms usedSimilar to mechanisms used
in overlay networksin overlay networks Global resource optimizationGlobal resource optimization Predictable LSP placementPredictable LSP placement StabilityStability Decision support systemDecision support system
In-house and third-party In-house and third-party toolstools
23
IngressIngressLSRLSR
EgressEgressLSRLSR
LSPLSP
Offline Path Calculation
Input to offline path calculation utility:Input to offline path calculation utility: Ingress and egress pointsIngress and egress points Physical topologyPhysical topology Traffic matrix (statistics about city - router pairs)Traffic matrix (statistics about city - router pairs)
Output:Output: Set of physical paths, each expressedSet of physical paths, each expressed
as an explicit routeas an explicit route
R1
R3
R2
R4
R5
R6
R7
R8
R9
Explicit route =Explicit route ={R1, R4, R8, R9}{R1, R4, R8, R9}
24
Explicit Routes: Example 1
LSP from R1 to R9LSP from R1 to R9 Partial explicit route:Partial explicit route:
{loose R8, strict R9}{loose R8, strict R9} LSP physical pathLSP physical path
R1 to R8 – follow IGP pathR1 to R8 – follow IGP path R8 to R9 – directly connectedR8 to R9 – directly connected
IngressIngressLSRLSR
EgressEgressLSRLSRR1
R3
R2
R4
R5
R6
R7
R8
R9
25
IngressIngressLSRLSR
EgressEgressLSRLSRR1
R3
R2
R4
R5
R6
R7
R8
R9
Explicit Routes: Example 2
LSP from R1 to R9LSP from R1 to R9 Full explicit route:Full explicit route:
{strict R3, strict R4, strict R7, strict R9}{strict R3, strict R4, strict R7, strict R9} LSP physical pathLSP physical path
R1 to R3 – directly connectedR1 to R3 – directly connected R3 to R4 – directly connectedR3 to R4 – directly connected R4 to R7 – directly connectedR4 to R7 – directly connected R7 to R9 – directly connected R7 to R9 – directly connected
26
Constraint-Based Routing
IngressIngressLSRLSR
EgressEgressLSRLSR
Online LSP path calculationOnline LSP path calculation Operator configures LSP constraints at ingress LSROperator configures LSP constraints at ingress LSR
Bandwidth reservationBandwidth reservation Include or exclude a specific link(s)Include or exclude a specific link(s) Include specific node traversal(s)Include specific node traversal(s)
Network actively participates in selecting an LSPNetwork actively participates in selecting an LSPpath that meets the constraintspath that meets the constraints
User defined LSP User defined LSP constraintsconstraints
27
Constraint-Based Routing
Thirty-two named groups, 0 through 31Thirty-two named groups, 0 through 31 Groups assigned to interfacesGroups assigned to interfaces
SanFrancisco
Gold
Bronze
Silver
28
Constraint-Based Routing
Choose the path from A to I using:Choose the path from A to I using:admin group {admin group {
include [gold sliver];include [gold sliver];}}
C
D
E
F
G
H
B
A
I
Copper
Copper Copper
BronzeBro
nze
Bronze
Bronze
Gold
Gold
Copper
Silver
Gold
Cop
per
Copp
er
6
29
Constraint-Based Routing
A-C-F-G-I uses only gold or silver linksA-C-F-G-I uses only gold or silver links
C
D
E
F
G
H
B
A
I
Copper
Copper Copper
BronzeBro
nze
Bronze
Bronze
Gold
Gold
Copper
Silver
Gold
Cop
per
Copp
er16
2
30
NewNewYorkYork
AtlantaAtlanta
ChicagoChicago
SeattleSeattle
LosLosAngelesAngeles
SanSanFranciscoFrancisco
KansasKansasCityCity
DallasDallaslabel-switched-path SF_to_NY {label-switched-path SF_to_NY { to New_York;to New_York; from San_Francisco;from San_Francisco; admin-group {exclude admin-group {exclude green}green} cspf}cspf}
Constraint-Based Routing: Example 1
31
ParisParis
LondonLondon
StockholmStockholm
MadridMadrid
RomeRome
GenevaGeneva
MunichMunich
label-switched-path madrid_to_stockholm{ to Stockholm; from Madrid; admin-group {include red, green} cspf}
Constraint-Based Routing: Example 2
31
32
Other Neat MPLS Stuff
Secondary LSPsSecondary LSPs Fast RerouteFast Reroute Label StackingLabel Stacking GMPLSGMPLS
33
MPLS Secondary LSPs
Standard LSP failoverStandard LSP failover Failure signaledFailure signaled
to ingress LSRto ingress LSR Calculate & signal new LSPCalculate & signal new LSP Reroute traffic to new LSPReroute traffic to new LSP
Standby Secondary LSPStandby Secondary LSP Pre-established LSPPre-established LSP Sub-second failoverSub-second failover
New YorkNew YorkData CenterData CenterSan San
FranciscoFranciscoData CenterData Center
Primary LSPPrimary LSPSecondary LSP
34
MPLS Fast Reroute
Ingress signals fast reroute during LSP setupIngress signals fast reroute during LSP setup Each LSR computes a detour pathEach LSR computes a detour path
(with same constraints)(with same constraints) Supports failover in ~100s of msSupports failover in ~100s of ms
New YorkNew YorkData CenterData CenterSan San
FranciscoFranciscoData CenterData Center
Primary LSPPrimary LSP
Active DetourActive Detour
35
MPLS Label Stacking
A label stack is an ordered set of labelsA label stack is an ordered set of labels Each LSR processes the top labelEach LSR processes the top label ApplicationsApplications
Routing hierarchyRouting hierarchy Aggregate individual LSPs into a “trunk” LSPAggregate individual LSPs into a “trunk” LSP VPNsVPNs
21
3
LSP 1LSP 1
LSP 2LSP 2
Trunk LSPTrunk LSP
2
54
TTLLabel (20-bits) CoSS
3 6 2 5
3
5 2
1
36
3
5 2
1
21
3
2
54
Trunk LSPTrunk LSP
MPLS Label Stack: Example 1
442225IP
118825IP
IP 2525IP
56IP
MPLS TableMPLS TableIn Out
(5, 42) (6, 18)
MPLS TableMPLS TableIn Out
(2, 18) (5, Pop)
MPLS TableMPLS TableIn Out
(4, 25) (2, 56)
In Out
(1, 25) (2, Push [42])
MPLS TableMPLS Table
(4, 35) (5, 17)(3, 35) (2, Push [42])
5 6 2 5
37
3
5 2
1
21
3
2
54
Trunk LSPTrunk LSP
MPLS Label Stack: Example 2
442235IP
118835IP
IP 35
35IP
17IP
MPLS TableMPLS TableIn Out
(5, 42) (6, 18)
MPLS TableMPLS TableIn Out
(2, 18) (5, Pop)
MPLS TableMPLS TableIn Out
(4, 25) (2, 56)
(4, 35) (5, 17)
In Out
(1, 25) (2, Push [42])
(3, 35)
MPLS TableMPLS Table
(2, Push [42])
5 6 2 5
38
Label stacking to create a hierarchy of LSP trunksLabel stacking to create a hierarchy of LSP trunks
LSP 4LSP 4
LSP 3LSP 3
LSP 1LSP 1
LSP 2LSP 2
LSP 1LSP 1
LSP TrunkLSP Trunkof Trunksof Trunks
LSP 2LSP 2
LSP 4LSP 4
LSP LSP TrunkTrunk
LSP 3LSP 3LSP LSP
TrunkTrunk
Label Stacking allows you to Reduce the Number of LSPs
39
IP Service(Routers)
Optical Transport(OXCs, WDMs)
Optical Core
Generalized MPLS (GMPLS)Formally known as MPL(amda)S
Reduce complexityReduce complexity Reduce costReduce cost Router subsumes functions performed by other Router subsumes functions performed by other
layerslayers Fast router interfaces eliminate the need for MUXsFast router interfaces eliminate the need for MUXs MPLS replaces ATM/FR for traffic engineeringMPLS replaces ATM/FR for traffic engineering MPLS fast reroute obviates SONET APS restorationMPLS fast reroute obviates SONET APS restoration
Dynamic provisioning of optical bandwidth is Dynamic provisioning of optical bandwidth is required for growth and innovative service required for growth and innovative service creationcreation
40
GMPLS: LSP Hierarchy
Nesting LSPs enhances system scalability Nesting LSPs enhances system scalability LSPs always start and terminate on similar interface LSPs always start and terminate on similar interface
typestypes LSP interface hierarchyLSP interface hierarchy
Packet Switch Capable (PSC) Packet Switch Capable (PSC) LowestLowest Time Division Multiplexing Capable (TDM)Time Division Multiplexing Capable (TDM) Lambda Switch Capable (LSC)Lambda Switch Capable (LSC) Fiber Switch Capable (FSC) Fiber Switch Capable (FSC) HighestHighest
FA-LSC
FA-TDMFA-PSC
BundleBundleFiber nFiber n
Fiber 1Fiber 1
FSC CloudLSC
CloudTDMCloud
PSCCloud
LSCCloud
TDMCloud
PSCCloud
ExplicitLabel LSPs
Time-slotLSPs Fiber LSPsLSPs
ExplicitLabel LSPs
Time-slotLSPsLSPs
(multiplex low-order LSPs) (demultiplex low-order LSPs)
41
AGENDA
MPLS OverviewMPLS Overview
Traffic EngineeringTraffic Engineering
VPNsVPNs
42
What Is Traffic Engineering?
Ability to control traffic flows in the Ability to control traffic flows in the networknetwork
Optimize available resourcesOptimize available resources
Move traffic from IGP path to less congested Move traffic from IGP path to less congested pathpath
SourceSource DestinationDestination
Layer 3 RoutingLayer 3 Routing Traffic EngineeringTraffic Engineering
43
Brief History
Early 1990’sEarly 1990’s Internet core was connected with T1 and Internet core was connected with T1 and
T3 links between routersT3 links between routers Only a handful of routers and links to Only a handful of routers and links to
manage and configuremanage and configure Humans could do the work manuallyHumans could do the work manually Metric-based traffic control was sufficientMetric-based traffic control was sufficient
44
Metric-Based Traffic Engineering
Traffic sent to A or B follows path with Traffic sent to A or B follows path with lowest metricslowest metrics
1 1
1 2
A B
C
45
Metric-BasedTraffic Engineering
DrawbacksDrawbacks Redirecting traffic flow to A via C causes Redirecting traffic flow to A via C causes
traffic for B to move also!traffic for B to move also! Some links become underutilized or Some links become underutilized or
overutilizedoverutilized
1 4
1 2
A B
C
46
Metric-BasedTraffic Engineering
DrawbacksDrawbacks Complexity made metric control trickyComplexity made metric control tricky Adjusting one metric might destabilize Adjusting one metric might destabilize
networknetwork
47
Discomfort Grows
Mid 1990’sMid 1990’s ISPs became uncomfortable with size of ISPs became uncomfortable with size of
Internet coreInternet core Large growth spurt imminentLarge growth spurt imminent Routers too slowRouters too slow Metric “engineering” too complexMetric “engineering” too complex IGP routing calculation was topology IGP routing calculation was topology
driven, not traffic drivendriven, not traffic driven Router based cores lacked predictabilityRouter based cores lacked predictability
48
Overlay Networks are Born
ATM switches offered performance and ATM switches offered performance and predictable behaviorpredictable behavior
ISPs created “overlay” networks that ISPs created “overlay” networks that presented a virtual topology to the edge presented a virtual topology to the edge routers in their networkrouters in their network
Using ATM virtual circuits, the virtual Using ATM virtual circuits, the virtual network could be reengineered without network could be reengineered without changing the physical networkchanging the physical network
BenefitsBenefits Full traffic controlFull traffic control Per-circuit statisticsPer-circuit statistics More balanced flow of traffic across linksMore balanced flow of traffic across links
49
Overlay Networks
ATM core ringed by routersATM core ringed by routers PVCs overlaid onto physical networkPVCs overlaid onto physical network
PhysicalView
A
BC
A
B
CLogicalView
50
vBNS ATM Design
Full UBR PVP mesh between terminal switches to carry “Best Effort” Full UBR PVP mesh between terminal switches to carry “Best Effort” traffictraffic
LosAngeles
Chicago
Cleveland
Boston
SanFrancisco
Denver
Atlanta
WashingtonDC
NewYork City
Houston
SeattlePerryman,
MD
51
San Francisco
National Center forAtmospheric Research
San DiegoSupercomputer Center
Houston
Denver
Ameritech NAP
Chicago
National Center forSupercomputingApplications
Cleveland
Perryman, MD
Sprint NAP
MFS NAP
PittsburghSupercomputing
Center
Los Angeles
A
Atlanta
ANew York City
vBNS Backbone Network Map
Boston
Washington, DC
Seattle
A
A
C
C
C
C
C
CC
C
C
C
C
C
C
C
C
C
C
C
J
J
Ascend GRF 400
Cisco 7507
Juniper M40
FORE ASX-1000
NAP
A
C
DS-3
OC-3C
OC-12C
OC-48
J
52
Overlay Nets Had Drawbacks
Growth in full mesh of ATM PVCs stresses Growth in full mesh of ATM PVCs stresses everythingeverything
Router IGP runs out of steamRouter IGP runs out of steam Practical limitation of updating Practical limitation of updating
configurations in each switch and routerconfigurations in each switch and router ATM 20% Cell TaxATM 20% Cell Tax ATM SAR speed limitationsATM SAR speed limitations
OC-48 SAR very difficult/expensive to OC-48 SAR very difficult/expensive to buildbuild
OC-192 SAR?OC-192 SAR?
53
In the mean time:
Routers caught upRouters caught up Current generation of routers haveCurrent generation of routers have
High speed, wire-rate interfacesHigh speed, wire-rate interfacesDeterministic performanceDeterministic performanceSoftware advancesSoftware advances
MPLS came alongMPLS came along Fuses best aspects of ATM PVCs with high-Fuses best aspects of ATM PVCs with high-
performance routing enginesperformance routing engines Uses low-overhead circuit mechanismUses low-overhead circuit mechanism Automates path selection and configurationAutomates path selection and configuration Implements quick failure recoveryImplements quick failure recovery
54
MPLS for Traffic Engineering
Low-overhead virtual circuits for IPLow-overhead virtual circuits for IP Originally designed to make routers fasterOriginally designed to make routers faster
Fixed label lookup faster than longest match used by IP Fixed label lookup faster than longest match used by IP routingrouting
Not true anymoreNot true anymore Value of MPLS is now in traffic engineeringValue of MPLS is now in traffic engineering Other MPLS Benefits:Other MPLS Benefits:
No second networkNo second network A fully integrated IP solution – no second technologyA fully integrated IP solution – no second technology Traffic engineeringTraffic engineering Lower costLower cost A CoS enablerA CoS enabler Failover/link protectionFailover/link protection Multi-service and VPN supportMulti-service and VPN support
55
AGENDA
MPLS OverviewMPLS Overview
Traffic EngineeringTraffic Engineering
VPNsVPNs
56
What Is a Virtual Private Network?
““A private network constructed over a shared A private network constructed over a shared infrastructure”infrastructure”
VirtualVirtual An artificial object simulated by computers (not really there!)An artificial object simulated by computers (not really there!)
PrivatePrivate Separate/distinct environmentsSeparate/distinct environments Separate addressing and routing systemsSeparate addressing and routing systems
NetworkNetwork A collection of devices that communicate among themselvesA collection of devices that communicate among themselves
SharedSharedInfrastructureInfrastructure Mobile users Mobile users
and and telecommutetelecommute
rsrs
IntranetIntranet
ExtranetExtranet
Remote accessRemote access
BranchBranchofficeoffice
Corporate Corporate headquartersheadquarters
Suppliers, Suppliers, partnerspartners
and customersand customers
57
Deploying VPNs using Overlay Networks
Provider Frame Relay NetworkProvider Frame Relay Network
CPE
CPE
CPE
CPE
CPE
DLCI
DLCI
DLCIFR
switch
FRswitch
FRswitch
FRswitch
FRswitch
FRswitch
FRswitch
Operational modelOperational model PVCs overlay the shared infrastructure (ATM/Frame Relay) PVCs overlay the shared infrastructure (ATM/Frame Relay) Routing occurs at CPERouting occurs at CPE
BenefitsBenefits Mature technologiesMature technologies Inherently ‘secure’Inherently ‘secure’ Service commitments (bandwidth, availability, etc.)Service commitments (bandwidth, availability, etc.)
LimitationsLimitations Scalability and management of the overlay modelScalability and management of the overlay model Not a fully integrated IP solution Not a fully integrated IP solution
CPE
58
MPLS: A VPN Enabling Technology
BenefitsBenefits Seamlessly integrates multiple “networks”Seamlessly integrates multiple “networks” Permits a single connection to the service providerPermits a single connection to the service provider Supports rapid delivery of new servicesSupports rapid delivery of new services Minimizes operational expensesMinimizes operational expenses Provides higher network reliability and availabilityProvides higher network reliability and availability
Service Provider NetworkService Provider Network
Site 1Site 1
Site 1Site 1
Site 2Site 2
Site 3Site 3
Site 2Site 2
Site 3Site 3
59
There are Three Types of VPNs
End to End (CPE Based) VPNsEnd to End (CPE Based) VPNs L2PT & PPTPL2PT & PPTP
IPSECIPSEC
Layer 2 VPNsLayer 2 VPNs CCCCCC
CCC & MPLS HybridCCC & MPLS Hybrid
Layer3 VPNsLayer3 VPNs RFC 2547bisRFC 2547bis
60
End to End VPNs:L2TP and PPTP
Dial Access Provider
V.x modem
PPP dial-upService Provider or VPN
L2TPaccess server
Dial accessserver
L2TP tunnel
Dial accessserver
PPTPaccess serverPPTP tunnel
Application: Dial access for remote usersApplication: Dial access for remote users Layer 2 Tunneling Protocol (L2TP)Layer 2 Tunneling Protocol (L2TP)
RFC 2661RFC 2661 Combination of L2F and PPTPCombination of L2F and PPTP
Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol (PPTP) Bundled with Windows/Windows NTBundled with Windows/Windows NT
Both support IPSec for encryptionBoth support IPSec for encryption Authentication & encryptionAuthentication & encryption
at tunnel endpointsat tunnel endpoints
61
End to End VPNs: The IP Security Protocol (IPSec)
Defines the IETF’s layer 3 security architectureDefines the IETF’s layer 3 security architecture Applications:Applications:
Strong security requirements Strong security requirements Extend a VPN across multiple service providersExtend a VPN across multiple service providers
Security services include:Security services include: Access controlAccess control Data origin authenticationData origin authentication Replay protectionReplay protection Data integrityData integrity Data privacy (encryption)Data privacy (encryption) Key managementKey management
62
End to End VPNs: IPSec – Example
Routing must be performed at CPERouting must be performed at CPE Tunnels terminate on subscriber premiseTunnels terminate on subscriber premise
Only CPE equipment needs to support IPSecOnly CPE equipment needs to support IPSec Modifications to shared resources are not requiredModifications to shared resources are not required
ESP tunnel modeESP tunnel mode Authentication insures integrity from CPE to CPEAuthentication insures integrity from CPE to CPE Encrypts original header/payload across internetEncrypts original header/payload across internet Supports private address spaceSupports private address space
Public Internet
CorporateHQ
BranchofficeCPE CPE
IPSec ESP Tunnel ModeIPSec ESP Tunnel Mode
63
Layer 2 VPNs: CCC/MPLS
ATM (or ATM (or Frame Relay)Frame Relay)
PEPE
PEPE
PEPE
ATM (or ATM (or Frame Relay)Frame Relay)
LSPs
CCC Function
In Out
LSP 2 in LSP 5DLCI 600
LSP 6 in LSP 5DLCI 610
CCC TableCCC Table
LSP 2 LSP 6
LSP 5
In Out
LSP 2 in LSP 5 DLCI 506
LSP 6 in LSP 5 DLCI 408
CCC TableCCC Table
DLCIDLCI600600
DLCIDLCI610610
DLCIDLCI506506
DLCIDLCI408408(MPLS core)
CPECPECPECPE
BenefitsBenefits Reduces provider configuration complexityReduces provider configuration complexity MPLS traffic engineered coreMPLS traffic engineered core Subscriber can run any Layer 3 protocolSubscriber can run any Layer 3 protocol User Nets do not know there is a cloud in the User Nets do not know there is a cloud in the
middlemiddle LimitationsLimitations
Circuit type (ATM/FR) must be “like to like”Circuit type (ATM/FR) must be “like to like”
64
CCC Example: Abilene and ISP Service on one link
University XUniversity X
ATM Access
Big “I” Internet Traffic:ATM VC1 terminated, IP packets delivered to Qwest ISP
Abilene Traffic:ATM VC2 mapped to port facing Abilene
An M20/40/160 can both terminate ATM PVCs (layer 3 lookup) and support CCC pass-through on the same port.
AbileneAbilene
Qwest ISPQwest ISP
M40M40
65
vBNS used CCC and MPLS to tunnel IPv6 across their backbone for SC2000
ChicagoChicagoSC2000 SC2000
in Dallasin Dallas
IPv6
IPv6
vBNS/vBNS+vBNS/vBNS+
IPv4IPv4
LSPLSP
ATMATMATMATM
CCCCCCCCCCCC
66
Layer 3 VPNs:RFC 2547 - MPLS/BGP VPNs
MPLS (Multiprotocol Label Switching) is used for MPLS (Multiprotocol Label Switching) is used for forwarding packets over the backboneforwarding packets over the backbone
BGP (Border Gateway Protocol) is used for BGP (Border Gateway Protocol) is used for distributing routes over the backbonedistributing routes over the backbone
Multiple Forwarding Tables (FT) on some edge Multiple Forwarding Tables (FT) on some edge routers, one for each VPNrouters, one for each VPN
Service Provider NetworkService Provider Network
CPECPE
CPECPE
CPECPE
PEPE PEPE
PEPE
CPECPE
CPECPE
CPECPE
Site 1Site 1
Site 1Site 1
Site 2Site 2
Site 3Site 3
Site 2Site 2
Site 3Site 3PP
PP
PP
PP
PP
PEPE
FT
FT
FT
FTFT
FT
67
Questions?