Embed Size (px)
Citation preview
Chapter 1
INTRODUCTION
Multi Protocol Label Switching (MPLS) has evolved from being a buzzword in
the networking industry to a widely deployed technology in service provider (SP)
networks. MPLS is a contemporary solution to address a multitude of problems faced by
present-day networks: speed, scalability, quality of service (QoS) management, and
traffic engineering. Service providers are realizing larger revenues by the implementation
of service models based on the flexibility and value added services provided by MPLS
solutions. MPLS also provides an elegant solution to satisfy the bandwidth management
and service requirements for next-generation IP–based backbone networks.
1.1 Aim of the thesis
The basic idea behind this project is to get out the advantages of MPLS. Also we
would be talking about the VPN and later on we would be moving onto
implementation of MPLS over VPN. The targets to be met in the project are:
To learn how to configure a router and then configure a couple of routers and
create a virtual private network
To establish connection between two different routers by using router
configuration commands
Implementing MPLS configuration at the core router
1.2 History
MPLS was originally proposed by a group of engineers from Ipsilon Networks,
but their "IP Switching" technology, which was defined only to work over ATM, did not
achieve market dominance. Cisco Systems, Inc., introduced a related proposal, not
restricted to ATM transmission, called "Tag Switching". It was a Cisco proprietary
proposal, and was renamed "Label Switching". It was handed over to the IETF for open
1
standardization. The IETF work involved proposals from other vendors, and development
of a consensus protocol that combined features from several vendors' work.
One original motivation was to allow the creation of simple high-speed switches,
since for a significant length of time it was impossible to forward IP packets entirely in
hardware. However, advances in VLSI have made such devices possible. Therefore the
advantages of MPLS primarily revolve around the ability to support multiple service
models and perform traffic management. MPLS also offers a robust recovery framework
that goes beyond the simple protection rings of synchronous optical networking
(SONET/SDH).
1.3 Scope of the thesis
The Objective of this project is to do an in-depth analysis of the Multiprotocol
Label Switching (MPLS) architecture and a detailed discussion of the mechanisms and
features that constitute the architecture. Learn how MPLS scales to support tens of
thousands of VPNs with extensive case studies and to understand the design and
deployment of real-world MPLS/VPN networks. In this project we would be throwing
light on various advantages provided by MPLS. There are many uses for this new
technology, both within a service-provider environment and within the enterprise
network, and the most widely deployed usage today is the enabling of Virtual Private
Networks (VPNs). With the introduction of MPLS-enabled VPNs, network designers are
able to better scale their networks than with the methods available in the past.
2
Chapter 2
INTERNET
2.1 Introduction
Figure 2.1: Visualization of the various routes through a portion of the Internet
The Internet is a global system of interconnected computer networks that use the
standard Internet Protocol Suite (TCP/IP) to serve billions of users worldwide. It is a
network of networks that consists of millions of private and public, academic, business,
and government networks of local to global scope that are linked by a broad array of
electronic and optical networking technologies. The Internet carries a vast array of
information resources and services, most notably the inter-linked hypertext documents of
the World Wide Web (WWW) and the infrastructure to support electronic mail.
Most traditional communications media, such as telephone and television
services, are reshaped or redefined using the technologies of the Internet, giving rise to
3
services such as Voice over Internet Protocol (VoIP) and IPTV. Newspaper publishing
has been reshaped into Web sites, blogging, and web feeds. The Internet has enabled or
accelerated the creation of new forms of human interactions through instant messaging,
Internet forums, and social networking sites.
The origins of the Internet reach back to the 1960s when the United States funded
research projects of its military agencies to build robust, fault-tolerant and distributed
computer networks. This research and a period of civilian funding of a new U.S.
backbone by the National Science Foundation spawned worldwide participation in the
development of new networking technologies and led to the commercialization of an
international network in the mid 1990s, and resulted in the following popularization of
countless applications in virtually every aspect of modern human life. As of 2009, an
estimated quarter of Earth's population uses the services of the Internet.
The Internet has no centralized governance in either technological implementation
or policies for access and usage; each constituent network sets its own standards. Only
the overreaching definitions of the two principal name spaces in the Internet, the Internet
Protocol address space and the Domain Name System, are directed by a maintainer
organization, the Internet Corporation for Assigned Names and Numbers (ICANN). The
technical underpinning and standardization of the core protocols (IPv4 and IPv6) is an
activity of the Internet Engineering Task Force (IETF), a non-profit organization of
loosely-affiliated international participants that anyone may associate with by
contributing technical expertise.
2.2 Types Of Connections
Technology is developing rapidly and methods for connecting to the Internet change
almost daily. In the Ithaca area, the following types of connections are most commonly
available:
4
1. Cable: a cable data connection transfers information from the Internet to your
computer and from your computer to the network, through your cable television
connection. Cable connections provide high speeds of data transfer downstream, from
the Internet to your computer, but are slower when sending data from your computer
to the network. Additionally, transfer rates are affected by the number of subscribers
online simultaneously. All connections originate on one line per street, so signals
degrade as more subscribers come online. Cable connections can be used by
individual subscribers to connect one computer to one line, or can be used to connect
multiple computers in a building to the Internet.
2. Dialup: data is transmitted through an analog phone connection. You connect to the
Internet by using your phone line to dial into an ISP’s line. An analog connection is
the slowest type of connection available, and will not permit you to use your
telephone for a voice connection at the same time that you are connected to the
Internet. Dialup connections allow only one computer at a time, per line, to be
connected. Cornell offers the EZ-Remote dialup service.
3. DSL (Digital Subscriber Line): DSL and its variations (such as ADSL -
Asymmetric Digital Subscriber Line), use normal phone lines to transmit and receive
data digitally. Unlike a cable connection, DSL allows you exclusive use of the line –
there is no signal degradation caused by other users. Like cable connections, DSL
offers high-speed connectivity, and allows you to use your phone and be online at the
same time. DSL can be used for individuals who want to connect one computer to one
line, or for an extra investment DSL can be used to connect a building to the Internet.
4. ISDN (Integrated Services Digital Network): ISDN is a slightly older technology
that also provides a high-speed connection. ISDN offers connections over ordinary
telephone wire, facilitating both voice and data transmission so you can maintain your
connection to the Internet while placing telephone calls. ISDN can be used for
individuals who need to connect one computer to one line, or can be used to connect
multiple computers in a building to the Internet.
5
5. T1: is a digital transmission technology that uses copper wire. T1 could be used to
provide data service to an entire building, and data wiring would distribute the service
throughout the building. T1 is the technology used on the Cornell campus. A T1
connection requires a substantial investment and because of this, may not be the most
desirable means of connecting your house.
6. Wireless: is a high-speed technology that transmits data over radio waves. Wireless
transmission can be used to provide connectivity from an ISP to an entire building,
however, service will be dependent on the existence of a clear line of sight between
the ISP and the building. Within a building, a wireless local area network (LAN) can
connect multiple computers to each other and to the Internet. Wireless is a technology
that is continually developing.
2.3 Packet Forwarding
Forwarding is the relaying of packets from one network segment to another by
nodes in a computer network.
Figure 2.2: A unicast forwarding pattern
6
Figure 2.3: A multicast forwarding pattern, typical of PIM
Figure 2.4: A broadcast forwarding pattern, typical of bridged Ethernet
The simplest forwarding model - unicasting - involves a packet being relayed
from link to link along a chain leading from the packet's source to its destination.
However, other forwarding strategies are commonly used. Broadcasting requires a packet
to be duplicated and copies sent on multiple links with the goal of delivering a copy to
every device on the network. In practice, broadcast packets are not forwarded everywhere
on a network, but only to devices within a broadcast domain, making broadcast a relative
term. Less common than broadcasting, but perhaps of greater utility and theoretical
significance, is multicasting, where a packet is selectively duplicated and copies
delivered to each of a set of recipients.
Networking technologies tend to naturally support certain forwarding models. For
example, fiber optics and copper cables run directly from one machine to another form
natural unicast media - data transmitted at one end is received by only one machine at the
other end. However, as illustrated in the diagrams, nodes can forward packets to create
multicast or broadcast distributions from naturally unicast media. Likewise, traditional
Ethernet (10BASE5 and 10BASE2, but not the more modern 10BASE-T) are natural
broadcast media - all the nodes are attached to a single long cable and a packet
7
transmitted by one device is seen by every other device attached to the cable. Ethernet
nodes implement unicast by ignoring packets not directly addressed to them. A wireless
network is naturally multicast - all devices within a reception radius of a transmitter can
receive its packets. Wireless nodes ignore packets addressed to other devices, but require
forwarding to reach nodes outside their reception radius.
At nodes where multiple outgoing links are available, the choice of which, all, or
any to use for forwarding a given packet requires a decision making process that, while
simple in concept, is sometimes bewilderingly complex. Since a forwarding decision
must be made for every packet handled by a node, the total time required for this can
become a major limiting factor in overall network performance. Much of the design effort
of high-speed routers and switches has been focused on making rapid forwarding
decisions for large numbers of packets.
The forwarding decision is generally made using one of two processes: routing,
which uses information encoded in a device's address to infer its location on the network,
or bridging, which makes no assumptions about where addresses are located and depends
heavily on broadcasting to locate unknown addresses. The heavy overhead of
broadcasting has led to the dominance of routing in large networks, particularly the
Internet; bridging is largely relegated to small networks where the overhead of
broadcasting is tolerable. However, since large networks are usually composed of many
smaller networks linked together, it would be inaccurate to state that bridging has no use
on the Internet; rather, its use is localized.
2.4 VPN (Virtual Private Network)
Virtual: Virtual means not real or in a different state of being. In a VPN, private
communication between two or more devices is achieved through a public network the
Internet. Therefore, the communication is virtually but not physically there.
Private: Private means to keep something a secret from the general public. Although
those two devices are communicating with each other in a public environment, there is no
8
third party who can interrupt this communication or receive any data that is exchanged
between them.
Network: A network consists of two or more devices that can freely and electronically
communicate with each other via cables and wire. A VPN is a network. It can transmit
information over long distances effectively and efficiently.
The term VPN has been associated in the past with such remote connectivity
services as the (PSTN), Public Switched Telephone Network but VPN networks have
finally started to be linked with IP-based data networking. Before IP based networking
corporations had expended considerable amounts of time and resources, to set up
complex private networks, now commonly called Intranets. These networks were
installed using costly leased line services, Frame Relay, and ATM to incorporate remote
users. For the smaller sites and mobile workers on the remote end, companies
supplemented their networks with remote access servers or ISDN.
Small to medium-sized companies, who could not afford dedicated leased lines,
used low-speed switched services. As the Internet became more and more accessible and
bandwidth capacities grew, companies began to put their Intranets onto the web and
create what are now known as Extranets to link internal and external users. However, as
cost-effective and quick-to-deploy as the Internet is, there is one fundamental problem –
security. Today’s VPN solutions overcome the security factor using special tunneling
protocols and complex encryption procedures, data integrity and privacy is achieved, and
the new connection produces what seems to be a dedicated point-to point connection.
And, because these operations occur over a public network, VPNs can cost significantly
less to implement than privately owned or leased services. Although early VPNs required
extensive expertise to implement, technology has matured to a level where deployment
can be a simple and affordable solution for businesses of all sizes.
Virtual simply put, a VPN, Virtual Private Network, is defined as a network that uses
public network paths but maintains the security and protection of private networks. For
example, Delta Company has two locations, one in Los Angeles, CA (A) and Las Vegas,
Nevada (B). In order for both locations to communicate efficiently, Delta Company has
9
the choice to set up private lines between the two locations. Although private lines would
restrict public access and extend the use of their bandwidth, it will cost Delta Company a
great deal of money since they would have to purchase the communication lines per mile.
The more viable option is to implement a VPN. Delta Company can hook their
communication lines with a local ISP in both cities. The ISP would act as a middleman,
connecting the two locations. This would create an affordable small area network for
Delta Company.
VPNs were are broken into 4 categories-
1) Trusted VPN: A customer “trusted” the leased circuits of a service provider and used
it to communicate without interruption. Although it is “trusted” it is not secured.
2) Secure VPN: With security becoming more of an issue for users, encryption and
decryption was used on both ends to safeguard the information passed to and fro. This
ensured the security needed to satisfy corporations, customers, and providers.
3) Hybrid VPN: A mix of a secure and trusted VPN. A customer controls the secure
parts of the VPN while the provider, such as an ISP, guarantees the trusted aspect.
4) Provider-provisioned VPN: A VPN that is administered by a service provider.
2.4.1 The Necessity of VPNs
VPNs are necessary because communications between sites using a public
network (like the Internet) are vulnerable to an eavesdropping (or snooping) attack. The
risk of this happening depends on the importance the transmitted information holds for
someone who has the ability to intercept it.
VPNs allow a corporation, at key gateways or communication points, to ensure
that all network traffic is private. Network communication, over the Internet for example,
is vulnerable to "snooping" — electronic eavesdropping. Armed with a PC, a network
interface card for the PC, and access to the communications flow, a hacker or corporate
spy can copy all information flowing between one site and another: e-mail, terminal
sessions, anything. Setting up a VPN between two points guarantees private
communication between those points.
10
If a VPN is set up between site A and site B, all traffic between those sites will be
encrypted. All traffic between either of these sites and other sites on the Internet, for
example, with which no VPN relationship exists will be sent "in the clear."
VPNs also can represent a terrific cost saving over private networks. The March
1996 issue of US Computer reported that using encrypted "tunnels" over the Internet to
connect LANs and WANs can reduce costs 23-50%.
2.4.2 VPN Applications
A Virtual Private Network (VPN) allows two or more private networks to
connect with each other using a publicly accessed network. This is ideal for smaller
companies with small inter-office bandwidth requirements, or where temporary setups
make leased lines impractical to install. VPNs have the same security and encryption
features as a private network, while taking the advantage of the economies of scale and
remote accessibility of large public networks.
Our engineers can build a VPN solution designed especially for the needs of your
company. CN Virtual Private Networks can be crafted with the right mix of access and
security to ensure that only your own people can gain access and all others cannot.
Figure 2.5: A typical VPN might have a main LAN at a company's corporate headquarters, other LANs at remote offices or facilities, and individual users
connecting from the field.
11
2.4.3 The Future of VPNs
Where do we see Virtual Private Networks going in the future? As far as its
appeal to the public it varies substantially. Questions arise of whether businesses need to
switch or implement a VPN due to a decrease in the costs of long distance or leased lines.
At this point, why would the company want to switch its network when expenses have
gone down? Also, companies may worry whether or not their current networks are
application friendly if they were to switch to a VPN. If not, factors to consider would be
additional costs of the conversion, and if it would be worth the expenses. Furthermore, as
VPNs are growing, they are becoming more complex, thus, increasing costs for training.
All these lead to hidden costs for the VPN technology, which may hinder the success of a
VPN. However, we should expect VPNs to strengthen its standards and products and
correct its flaws to avoid these uncertainties.
Despite all the doubts, VPN will continue to grow and improve to make VPN
dominant in the market; thus, giving companies no choice but to switch. VPN providers
along with Internet providers continue to view different aspects possible to be able to
make any necessary improvements, and also help VPN clients be comfortable with the
new technology. As stated in InformationWeek.com, “…GTE Internetworking,
incumbent providers such as Bell Atlantic Corp. and MCI WorldCom…have stepped in
to help companies handle VPN activation, security, and management” (By: Terry
Sweeney). A case from Internetweek.com speaks of a VPN provider, Equant NV,
enhancing their IP VPN by adding a service designed for video traffic, which is directed
at large enterprises “that are cutting back on business travel but still want employees to
interact regularly with distant colleagues.”
Furthermore, as the VPN market becomes larger, more applications will be
created along with more VPN providers and new types of VPN. For instance, The
University of Rochester is using a VPN provided by Information Technology Services
(ITS). Some developments expected in the future of it include the following:
Developing software to allow users to change their VPN password automatically.
Using an Open Transport-based interface instead of a separate application.
12
Allow more control to local support organizations over VPN so they can create new
accounts and be able to reset passwords.
The future should also expect networks to converge to create an integrated VPN
to fit the many different industries that will soon enter the market. Since majority of VPN
users are currently large companies, smaller companies should begin to join the trend due
to the increasing variety of VPNs to choose from. Also, designing improved protocols
will also improve VPNs. The flexibility and performance of VPNs would then improve
also by reducing protocol or data traffic in the tunnels, and customizing the ISP to work
more closely with individual business needs since system reliability is dependent on these
ISPs.
Frame Relay ATM Ethernet
Today Future
Figure 2.6: Comparison today Vs future
With all these improvements in mind, we should expect a considerably rapid
growth of the market for VPN in the future. “The world market for VPN applications and
associated services is expected to increase by 275% from 12.8 billion dollars to 48 billion
dollars, for the period from 2001 to 2005”
Chapter 313
Customer
Premises
IP
MPLSFrame Relay
Customer
Premises
Multi-service Access Layer
- VPN based
ACCESS TECHNOLOGIES
Basically there are two access technologies
1) Wire line access technologies
2) Wireless access technologies
3.1 Wire Line Access Technology
3.1.1 Digital Subscriber Line (DSL)
DSL is a wire line transmission technology that transmits data faster over
traditional copper telephone lines already installed to homes and businesses. DSL-based
broadband provides transmission speeds ranging from several hundred Kbps to millions
of bits per second (Mbps). The availability and speed of your DSL service may depend
on the distance from your home or business to the closest telephone company facility.
The following are types of DSL transmission technologies:
Asymmetrical Digital Subscriber Line (ADSL) – used primarily by residential
customers, such as Internet surfers, who receive a lot of data but do not send much.
ADSL typically provides faster speed in the downstream direction than the upstream
14
direction. ADSL allows faster downstream data transmission over the same line used
to provide voice service, without disrupting regular telephone calls on that line.
Symmetrical Digital Subscriber Line (SDSL) – used typically by businesses for
services such as video conferencing, which need significant bandwidth both upstream
and downstream
Faster forms of DSL typically available to businesses include:
High-data-rate Digital Subscriber Line (HDSL); and
Very High-data-rate Digital Subscriber Line (VDSL).
Digital Subscriber Line (DSL) is a family of technologies that provides digital data
transmission over the wires of a local telephone network. DSL originally stood for digital
subscriber loop. In telecommunications marketing, the term Digital Subscriber Line is
widely understood to mean Asymmetric Digital Subscriber Line (ADSL), the most
commonly installed technical varieties of DSL. DSL service is delivered simultaneously
with regular telephone on the same telephone line as it uses a higher frequency band that
is separated by filtering.
The data throughput of consumer DSL services typically ranges from 384 KB/s to 20
MB/s in the direction to the customer, depending on DSL technology, line conditions,
and service-level implementation. Typically, the data throughput in the reverse direction,
i.e. in the direction to the service provider is lower, hence the designation of asymmetric
service, but the two are equal for the Symmetric Digital Subscriber Line (SDSL) service.
Fig. 3.1 A DSL Modem
3.1.2 Cable Modem
15
Cable modem service enables cable operators to provide broadband using the same
coaxial cables that deliver pictures and sound to your TV set.
Most cable modems are external devices that have two connections, one to the cable
wall outlet and the other to a computer. They provide transmission speeds of 1.5
Mbps or more.
Subscribers can access their cable modem service simply by turning on their
computers without dialing-up an ISP. You can still watch cable TV while using it.
Transmission speeds vary depending on the type of cable modem, cable network, and
traffic load. Speeds are comparable to DSL
Cable modem is a type of Network Bridge and modem that provides bi-directional
data communication via radio frequency channels on a cable television (CATV)
infrastructure. Cable modems are primarily used to deliver broadband Internet access in
the form of cable Internet, taking advantage of the high bandwidth of a cable television
network. They are commonly deployed in Australia, Europe, and North and South
America. In the USA alone there were 22.5 million cable modem users during the first
quarter of 2005, up from 17.4 million in the first quarter of 2004.
3.1.3 Fiber
Fiber, or fiber optic, is a newer technology available for providing broadband. Fiber
optic technology converts electrical signals carrying data to light and sends the light
through transparent glass fibers about the diameter of a human hair. Fiber transmits
data at speeds far exceeding current DSL or cable modem speeds, typically by tens or
even hundreds of Mbps.
The actual speed you experience will vary depending upon a variety of factors, such
as how close to your computer the service provider brings the fiber, and how the
service provider configures the service, including the amount of bandwidth used. The
same fiber providing your broadband can also simultaneously deliver voice (VoIP)
and video services, including video-on-demand.
16
Telecommunications providers (mostly telephone companies) are offering fiber
broadband in limited areas and have announced plans to expand their fiber networks
and offer bundled voice, Internet access, and video services.
Variations of the technology run the fiber all the way to the customer’s home or
business, to the curb outside, or to a location somewhere between the provider’s facilities
and the customer. DSL and cable Internet are fast. To put it simply, fiber optic Internet is
faster.
Ultra fast Internet traveling on a beam of light, that's fiber optic Internet. While most
fiber optic networks are not currently as far reaching as broadband or DSL high speed
Internet service, they are most certainly the future of communication. Of course, if your
neighborhood is wired, you can take advantage of fiber optic Internet by bringing the
future of communications and entertainment to your home today!
Coupled with our Best Price Guarantee, you can experience the speed of light by
ordering fiber optic Internet safe in the knowledge that you're getting one of the best
products at the best price. Enter your address in the "Find Services" box above to see
which providers can get you connected on a lightning quick fiber optic network.
3.1.4 Broadband over Power line (BPL)
BPL is the delivery of broadband over the existing low and medium voltage electric
power distribution network. BPL speeds are comparable to DSL and cable modem
speeds. BPL can be provided to homes using existing electrical connections and
outlets.
BPL is an emerging technology, currently available in very limited areas. It has
significant potential because power lines are installed virtually everywhere,
alleviating the need to build new broadband facilities to every customer.
17
3.2wireless Technologies
3.2.1 W LAN
Wireless LANs or "WLANs" are the equivalent of wired LANs (usually Ethernet)
without the wires. They are meant for office environments and even home use. Other
wireless technologies are outlined under "Wireless Communications." Mobile wireless
(cellular telephones) is discussed under "Wireless Mobile Communications." Wireless
access service (broadband Internet connections) is covered under "Wireless Broadband
Access Technologies."
A related wireless technology is the wireless PAN (personal area network), which
is a limited-range network for interconnecting mobile devices connecting with peripheral
devices. Note that WLANs and PANs are very similar, except that the range of PANs is
intentionally limited so that groups of people in the same area (conference room,
restaurants, airport terminal) can spontaneously connect. By limiting the range, a typical
office can have many different PANs operating at the same time. See "Bluetooth" and
"Wireless PANs (Personal Area Networks)."
A typical WLAN consists of a fixed-position wireless transceiver
(transmitter/receiver) that broadcasts a signal within an area called a microcell. The
transceiver is usually called a base station or an access point. Each base station connects
to a wired backbone so that users can communicate with users in other microcells or
connect with back-end server farms, Internet connections, and other wired network
services.
Microcells may cover an office building floor or a workgroup area. Other
microcells may exist next to one another or on different floors of an office building.
Roaming is possible between WLAN microcells just like roaming is possible with cell
phones. As users move out of the range of one microcell and into the range of another,
their connection is handed off to the new microcell base station.
18
Figure 3.2: The notebook is connected to the wireless access point using a PC card wireless card
3.2.2 WiFi
Wireless Fidelity (Wi-Fi) (pronounced /ˈwaɪfaɪ/) is a trademark of the Wi-Fi
Alliance that manufacturers may use to brand certified products that belong to a class of
wireless local area network (WLAN) devices based on the IEEE 802.11 standards.
Because of the close relationship with its underlying standard, the term Wi-Fi is often
used as a synonym for IEEE 802.11 technology.
The Wi-Fi Alliance, a global, non-profit association of companies, promotes
WLAN technology and certifies products if they conform to certain standards of
interoperability. Not every IEEE 802.11-compliant device is submitted for certification to
the Wi-Fi Alliance, sometimes because of costs associated with the certification process.
The lack of the Wi-Fi logo does not necessarily imply a device is incompatible with Wi-
Fi devices.
As of 2010 an IEEE 802.11 device is installed in many personal computers, video
game consoles, smart phones, printers, and other peripherals, and virtually all laptop or
palm-sized computers.
19
Figure 3.3: A typical consumer-quality Wi-Fi access point
3.2.2.1 Internet Access
Figure 3.4: A roof-mounted Wi-Fi antenna
A Wi-Fi enabled device such as a personal computer, video game console, mobile
phone, MP3 player or personal digital assistant can connect to the Internet when within
range of a wireless network connected to the Internet. The coverage of one or more
(interconnected) access points — called a hotspot — can comprise an area as small as a
few rooms or as large as many square miles. Coverage in the larger area may depend on a
group of access points with overlapping coverage. Wi-Fi technology has been used in
wireless mesh networks, for example, in London.
In addition to private use in homes and offices, Wi-Fi can provide public access at
Wi-Fi hotspots provided either free-of-charge or to subscribers to various commercial
services. Organizations and businesses - such as those running airports, hotels and
restaurants - often provide free-use hotspots to attract or assist clients. Enthusiasts or
authorities who wish to provide services or even to promote business in selected areas
20
sometimes provide free Wi-Fi access. As of 2008 more than 300 metropolitan-wide Wi-
Fi (Muni-Fi) projects had started. As of May 2008 the Czech Republic had 879 Wi-Fi
based Wireless Internet service providers.
Routers that incorporate a digital subscriber line modem or a cable modem and a
Wi-Fi access point, often set up in homes and other premises, can provide Internet-access
and internetworking to all devices connected (wirelessly or by cable) to them. One can
also connect Wi-Fi devices in ad-hoc mode for client-to-client connections without a
router. Wi-Fi also enables places that would traditionally not have network access to
connect, for example bathrooms, kitchens and garden sheds.
3.2.3 Bluetooth
Bluetooth is the codename of a wireless personal area network specification that
is being developed by the Bluetooth SIG (Special Interest Group). Bluetooth will enable
electronic devices to spontaneously set up wireless networks within small areas.
Bluetooth is designed for notebooks, telephones, and other devices, including wireless
headsets, handheld and wearable devices (such as inventory scanners), and data/voice
access devices. It also provides peripheral connections for printers, PDAs, desktops, fax
machines, keyboards, joysticks, and virtually any other digital device.
The Bluetooth SIG (special interest group) includes hundreds of leading
technology companies that are determined to make this specification pervasive. Bluetooth
SIG members refer to Bluetooth as third-generation mobile technology. Unlike second-
generation devices, such as GSM phones, which are optimized for voice communication,
third-generation technology smart phones and communicators, are designed for digital
content such as speech, pictures, and video. A typical Bluetooth phone will have two
radios for example, one for the metropolitan cellular system and one for the Bluetooth
personal area network.
Features:
2.4 GHZ band with 1+ mbps speed.
‘always on’ connectivity
21
3 voice channels of 64 kbps each
3.2.4 WMAN
WMAN (1400 AM) is a radio station broadcasting a News Talk Information
format. Licensed to Mansfield, Ohio, USA, the station serves the Mid-Ohio area. The
station is currently owned by Clear Channel Communications and features programming
from Fox News Radio, Fox Sports Radio and Premiere Radio Networks.
3.2.5 WiMAX
WiMAX, meaning Worldwide Interoperability for Microwave Access, is a
telecommunications technology that provides wireless transmission of data using a
variety of transmission modes, from point-to-multipoint links to portable and fully mobile
internet access. The technology provides up to 20 Mbps in real world end-user
throughput without the need for cables. The technology is based on the IEEE 802.16
standard (also called Broadband Wireless Access). The name "WiMAX" was created by
the WiMAX Forum, which was formed in June 2001 to promote conformity and
interoperability of the standard. The forum describes WiMAX as "a standards-based
technology enabling the delivery of last mile wireless broadband access as an alternative
to cable and DSL".
Figure 3.5: WiMAX base station equipment with a sector antenna and wireless modem on top
22
Figure 3.6: A pre-WiMAX CPE of a 26 km (16 mi) connection mounted 13 meters
(43 ft) above the ground (2004, Lithuania).
3.2.6 Wireless Wide Area Network
A WWAN differs from WLAN (wireless LAN) in that it uses Mobile
telecommunication cellular network technologies such as WIMAX (though it's better
applied to WMAN Networks), UMTS, GPRS, CDMA2000, GSM, CDPD, Mobitex,
HSDPA or 3G to transfer data. It can also use LMDS and Wi-Fi to connect to the
Internet. These cellular technologies are offered regionally, nationwide, or even globally
and are provided by a wireless service provider, typically on paid basis.[1] WWAN
connectivity allows a user with a laptop and a WWAN card to surf the web, check email,
or connect to a Virtual Private Network (VPN) from anywhere within the regional
boundaries of cellular service. Various computers now have integrated WWAN
capabilities (Such as HSDPA in Centrino). This means that the system has a cellular
radio (GSM/CDMA) built in, which allows the user to send and receive data.
Since radio communications systems do not provide a physically secure
connection path, WWANs typically incorporate encryption and authentication methods to
make them more secure. Unfortunately some of the early GSM encryption techniques
were flawed, and security experts have issued warnings that cellular communication,
including WWAN, is no longer secure.[2] UMTS (3G) encryption was developed later and
has yet to be broken.
23
3.2.7 GSM (Global System for Mobile Communications)
Originally from (Group Special Mobile) is the most popular standard for mobile
telephone systems in the world. The GSM Association, its promoting industry trade
organization of mobile phone carriers and manufacturers, estimates that 80% of the
global mobile market uses the standard. GSM is used by over 3 billion people across
more than 212 countries and territories. Its ubiquity enables international roaming
arrangements between mobile phone operators, providing subscribers the use of their
phones in many parts of the world. GSM differs from its predecessor technologies in that
both signaling and speech channels are digital, and thus GSM is considered a second
generation (2G) mobile phone system. This also facilitates the wide-spread
implementation of data communication applications into the system.
24
Chapter 4
INTERNET PROTOCOL (IP) ADDRESSING
4.1 Introduction
For any two systems to communicate, they must be able to identify and locate
each other. While these addresses in below Figure are not actual network addresses, they
represent and show the concept of address grouping. This uses the A or B to identify the
network and the number sequence to identify the individual host. A computer may be
connected to more than one network. In this situation, the system must be given more
than one address. Each address will identify the connection of the computer to a different
network. A device is not said to have an address, but that each of the connection points,
or interfaces, on that device has an address to a network. This will allow other computers
to locate the device on that particular network. The combination of letter (network
address) and the number (host address) create a unique address for each device on the
network. Each computer in a TCP/IP network must be given a unique identifier, or IP
address. This address, operating at Layer 3, allows one computer to locate another
computer on a network. All computers also have a unique physical address, known as a
MAC address. These are assigned by the manufacturer of the network interface card.
MAC addresses operate at Layer 2 of the OSI model.
Figure 4.1: ip addressing
An IP address is a 32-bit sequence of 1s and 0s. To make the IP address easier to
use, the address is usually written as four decimal numbers separated by periods. For
example, an IP address of one computer is 192.168.1.2. Another computer might have the
25
address 128.10.2.1. This way of writing the address is called the dotted decimal format.
In this notation, each IP address is written as four parts separated by periods, or dots.
Each part of the address is called an octet because it is made up of eight binary digits. For
example, the IP address 192.168.1.8 would be 11000000.10101000.00000001.00001000
in binary notation. The dotted decimal notation is an easier method to understand than the
binary ones and zeros method. This dotted decimal notation also prevents a large number
of transposition errors that would result if only the binary numbers were used. Using
dotted decimal allows number patterns to be more easily understood. Both the binary and
decimal numbers in the Figure represent the same values, but it is easier to see in dotted
decimal notation. This is one of the common problems found in working directly with
binary number. The long strings of repeated ones and zeros make transposition and
omission errors more likely. It is easy to see the relationship between the numbers
192.168.1.8 and 192.168.1.9, where 11000000.10101000.00000001.00001000 and
11000000.10101000.00000001.00001001 are not as easy to recognize. Looking at the
binary, it is almost impossible to see that they are consecutive numbers
4.2 Ipv4 Addressing
A router forwards packets from the originating network to the destination network
using the IP protocol. The packets must include an identifier for both the source and
destination networks. Using the IP address of destination network, a router can deliver a
packet to the correct network. When the packet arrives at a router connected to the
destination network, the router uses the IP address to locate the particular computer
connected to that network. This system works in much the same way as the national
postal system. When the mail is routed, it must first be delivered to the post office at the
destination city using the zip code. That post office then must locate the final destination
in that city using the street address. This is a two-step process.
Accordingly, every IP address has two parts. One part identifies the network
where the system is connected, and a second part identifies that particular system on the
network.
This kind of address is called a hierarchical address, because it contains different
levels. An IP address combines these two identifiers into one number. This number must
26
be a unique number, because duplicate addresses would make routing impossible. The
first part identifies the system's network address. The second part, called the host part,
identifies which particular machine it is on the network.
IP addresses are divided into classes to define the large, medium, and small
networks. Class A addresses are assigned to larger networks. Class B addresses are used
for medium-sized networks and Class C for small networks. The first step in
determining which part of the address identifies the network and which part identifies the
host is identifying the class of an IP address.
4.3 Class A, B, C, D, and E IP Addresses
To accommodate different size networks and aid in classifying these networks, IP
addresses are divided into groups called classes. This is known as classful addressing.
Each complete 32-bit IP address is broken down into a network part and a host part. A
bit or bit sequence at the start of each address determines the class of the address. There
are five IP address classes as shown in the Figure below.
The Class A address was designed to support extremely large networks, with more than
16 million host addresses available. Class A IP addresses use only the first octet to
indicate the network address. The remaining three octets provide for host addresses.
The first bit of a Class A address is always 0. With that first bit a 0, the lowest
number that can be represented is 00000000, decimal 0. The highest number that can be
represented is 01111111, decimal 127. The numbers 0 and 127 are reserved and cannot
27
be used as network addresses. Any address that starts with a value between 1 and 126 in
the first octet is a Class A address.
The 127.0.0.0 network is reserved for loopback testing. Routers or local machines
can use this address to send packets back to themselves. Therefore, this number cannot be
assigned to a network.
The Class B address was designed to support the needs of moderate to large-sized
networks. A Class B IP address uses the first two of the four octets to indicate the
network address. The other two octets specify host addresses.
The first two bits of the first octet of a Class B address are always 10. The
remaining six bits may be populated with either 1s or 0s. Therefore, the lowest number
that can be represented with a Class B address is 10000000, decimal 128. The highest
number that can be represented is 10111111, decimal 191. Any address that starts with a
value in the range of 128 to 191 in the first octet is a Class B address.
The Class C address space is the most commonly used of the original address
classes. This address space was intended to support small networks with a maximum of
254 hosts.
A Class C address begins with binary 110. Therefore, the lowest number that can
be represented is 11000000, decimal 192. The highest number that can be represented is
11011111, decimal 223. If an address contains a number in the range of 192 to 223 in the
first octet, it is a Class C address.
The Class D address class was created to enable multicasting in an IP address. A
multicast address is a unique network address that directs packets with that destination
address to predefined groups of IP addresses. Therefore, a single station can
simultaneously transmit a single stream of data to multiple recipients.
The Class D address space, much like the other address spaces, is mathematically
constrained. The first four bits of a Class D address must be 1110. Therefore, the first
octet range for Class D addresses is 11100000 to 11101111, or 224 to 239. An IP address
that starts with a value in the range of 224 to 239 in the first octet is a Class D address.
28
A Class E address has been defined. However, the Internet Engineering Task
Force (IETF) reserves these addresses for its own research. Therefore, no Class E
addresses have been released for use in the Internet. The first four bits of a Class E
address are always set to 1s. Therefore, the first octet range for Class E addresses is
11110000 to 11111111, or 240 to 255.
Figure 4.2: Reserved IP addresses
Certain host addresses are reserved and cannot be assigned to devices on a
network. These reserved host addresses include the following:
Network address – Used to identify the network itself
In the below Figure, the section that is identified by the upper box represents the
198.150.11.0 network. Data that is sent to any host on that network (198.150.11.1-
198.150.11.254) will be seen outside of the local area network as 198.150.11.0. The only
time that the host numbers matter is when the data is on the local area network. The LAN
that is contained in the lower box is treated the same as the upper LAN, except that its
network number is 198.150.12.0.
Broadcast address – Used for broadcasting packets to all the devices on a network
In the Figure, the section that is identified by the upper box represents the
198.150.11.255 broadcast address. Data that is sent to the broadcast address will be read
29
8 Bits8 Bits 8 Bits 8 Bits
Class-A:
Class-B:
Class-C:
Class-D:
Class-E:
0-127
128-191
192-223
224-239
240-255
0 0 0 0 0 0 0 0
1 0 0 0 0 0 0 0
1 1 0 0 0 0 0 0
1 1 1 0 0 0 0 0
1 1 1 1 0 0 0 0
0 1 1 1 1 1 1 1
1 0 1 1 1 1 1 1
1 1 0 1 1 1 1 1
1 1 1 0 1 1 1 1
1 1 1 1 1 1 1 1
by all hosts on that network (198.150.11.1- 198.150.11.254). The LAN that is contained
in the lower box is treated the same as the upper LAN, except that its broadcast address is
198.150.12.255.
An IP address that has binary 0s in all host bit positions is reserved for the
network address. In a Class A network example, 113.0.0.0 is the IP address of the
network, known
Figure 4.3: broadcast addressing
as the network ID, containing the host 113.1.2.3. A router uses the network IP address
when it forwards data on the Internet. In a Class B network example, the address
176.10.0.0 is a network address.
In a Class B network address, the first two octets are designated as the network
portion. The last two octets contain 0s because those 16 bits are for host numbers and are
used to identify devices that are attached to the network. The IP address, 176.10.0.0, is an
example of a network address. This address is never assigned as a host address. A host
address for a device on the 176.10.0.0 network might be 176.10.16.1. In this example,
“176.10” is the network portion and “16.1” is the host portion.
To send data to all the devices on a network, a broadcast address is needed. A
broadcast occurs when a source sends data to all devices on a network. To ensure that all
the other devices on the network process the broadcast, the sender must use a destination
30
IP address that they can recognize and process. Broadcast IP addresses end with binary 1s
in the entire host part of the address.
In the network example, 176.10.0.0, the last 16 bits make up the host field or host
part of the address. The broadcast that would be sent out to all devices on that network
would include a destination address of 176.10.255.255. This is because 255 is the
decimal value of an octet containing 11111111.
4.4 Public and Private IP Addresses
IANA has reserved the following three blocks of the IP address space for private
internets (RFC 1918):
10.0.0.0 - 10.255.255.255 (10.0.0.0/8 prefix)
o 24-bit block
o Complete class-A network number
172.16.0.0 - 172.31.255.255 (172.16.0.0/12 prefix)
o 20-bit block
o Set of 16 contiguous class-B network numbers
192.168.0.0 - 192.168.255.255 (192.168.0.0/16 prefix)
o 16-bit block
The stability of the Internet depends directly on the uniqueness of publicly used
network addresses. In the Figure below, there is an issue with the network addressing
scheme. In looking at the networks, both have a network address of 198.150.11.0. The
router in this illustration will not be able to forward the data packets correctly. Duplicate
network IP addresses prevent the router from performing its job of best path selection.
Unique addresses are required for each device on a network.
A procedure was needed to make sure that addresses were in fact unique.
Originally, an organization known as the Internet Network Information Center (InterNIC)
handled this procedure. InterNIC no longer exists and has been succeeded by the Internet
Assigned Numbers Authority (IANA). IANA carefully manages the remaining supply of
IP addresses to ensure that duplication of publicly used addresses does not occur.
31
Duplication would cause instability in the Internet and compromise its ability to deliver
packets to networks.
Public IP addresses are unique. No two machines that connect to a public network
can have the same IP address because public IP addresses are global and standardized.
All machines connected to the Internet agree to conform to the system. Public IP
addresses must be obtained from an Internet service provider (ISP) or a registry at some
expense.
With the rapid growth of the Internet, public IP addresses were beginning to run
out. New addressing schemes, such as classless interdomain routing (CIDR) and IPv6
were developed to help solve the problem.
Private IP addresses are another solution to the problem of the impending
exhaustion of public IP addresses. As mentioned, public networks require hosts to have
unique IP addresses. However, private networks that are not connected to the Internet
may use any host addresses, as long as each host within the private network is unique.
Many private networks exist alongside public networks. However, a private network
using just any address is strongly discouraged because that network might eventually be
connected to the Internet. RFC 1918 sets aside three blocks of IP addresses for private,
internal use. These three blocks consist of one Class A, a range of Class B addresses, and
a range of Class C addresses. Addresses that fall within these ranges are not routed on the
Internet backbone. Internet routers immediately discard private addresses. If addressing a
non-public intranet, a test lab, or a home network, these private addresses can be used
instead of globally unique addresses. Private IP addresses can be intermixed with public
IP addresses. This will conserve the number of addresses used for internal connections.
Connecting a network using private addresses to the Internet requires translation
of the private addresses to public addresses. This translation process is referred to as
Network Address Translation (NAT). A router usually is the device that performs NAT.
4.5 IPv4 versus IPv6
When TCP/IP was adopted in the 1980s, it relied on a two-level addressing
scheme. At the time this offered adequate scalability. Unfortunately, the designers of
32
TCP/IP could not have predicted that their protocol would eventually sustain a global
network of information, commerce, and entertainment. Over twenty years ago, IP
Version 4 (IPv4) offered an addressing strategy that, although scalable for a time,
resulted in an inefficient allocation of addresses.
Figure 4.4: with class A and B virtually exhausted, class C addresses (12.5 percent of the total space) are left to assign to new networks.
The Class A and B addresses make up 75 percent of the IPv4 address space,
however fewer than 17,000 organizations can be assigned a Class A or B network
number. Class C network addresses are far more numerous than Class A and Class B
addresses, although they account for only 12.5 percent of the possible four billion IP
addresses.
Unfortunately, Class C addresses are limited to 254 usable hosts. This does not
meet the needs of larger organizations that cannot acquire a Class A or B address. Even if
there were more Class A, B, and C addresses, too many network addresses would cause
Internet routers to come to a stop under the burden of the enormous size of routing tables
required to store the routes to reach each of the networks.
As early as 1992, the Internet Engineering Task Force (IETF) identified the
following two specific concerns:
Exhaustion of the remaining, unassigned IPv4 network addresses. At the time, the
Class B space was on the verge of depletion.
33
The rapid and large increase in the size of Internet routing tables occurred as more
Class C networks came online. The resulting flood of new network information
threatened the ability of Internet routers to cope effectively.
Over the past two decades, numerous extensions to IPv4 have been developed.
These extensions are specifically designed to improve the efficiency with which the 32-
bit address space can be used. Two of the more important of these are subnet masks and
classless interdomain routing (CIDR).
Meanwhile, an even more extendible and scalable version of IP, IP Version 6
(IPv6), has been defined and developed. IPv6 uses 128 bits rather than the 32 bits
currently used in IPv4. IPv6 uses hexadecimal numbers to represent the 128 bits. IPv6
provides 640 sextillions addresses. This version of IP should provide enough addresses
for future communication needs. IPv6 fields are 16 bits long. To make the addresses
easier to read, leading zeros can be omitted from each field. The field: 0003: is written: 3:
IPv6 shorthand representation of the 128 bits uses eight 16-bit numbers, shown as four
hexadecimal digits.
After years of planning and development, IPv6 is slowly being implemented in
select networks. Eventually, IPv6 may replace IPv4 as the dominant Internet protocol.
4.6 Static vs dynamic IP addresses
When a computer is configured to use the same IP address each time it powers up,
this is known as a static IP address. In contrast, in situations when the computer's IP
address is assigned automatically, it is known as a dynamic IP address.
Static IP addresses are manually assigned to a computer by an administrator. The
exact procedure varies according to platform. This contrasts with dynamic IP addresses,
which are assigned either by the computer interface or host software itself, as in
Zeroconf, or assigned by a server using Dynamic Host Configuration Protocol (DHCP).
Even though IP addresses assigned using DHCP may stay the same for long periods of
time, they can generally change. In some cases, a network administrator may implement
dynamically assigned static IP addresses. In this case, a DHCP server is used, but it is
34
specifically configured to always assign the same IP address to a particular computer.
This allows static IP addresses to be configured centrally, without having to specifically
configure each computer on the network in a manual procedure.
In the absence or failure of static or stateful (DHCP) address configurations, an
operating system may assign an IP address to a network interface using state-less
autoconfiguration methods, such as Zeroconf.
4.7 Routing Protocols
Routing protocols are the software that allow routers to dynamically advertise
and learn routes, determine which routes are available and which are the most efficient
routes to a destination. Routing protocols used by the internet protocol suite include:
1. Routing information protocol (Rip and Rip 2)
2. Open shortest path first (OSPF)
3. Intermediate system to intermediate system (IS - IS)
4. Interior gateway routing protocol (IGRP)
5. Cisco's enhanced interior gateway routing protocol (EIGRP)
6. Border gateway protocol (BGP)
Routing is the process of moving data from one network to another network.
Within a network, all hosts are directly accessible and do not need to pass data through
a default gateway. All hosts on the same network are directly connected and can
communicate directly with each other.
Routed protocols
Routed protocols are nothing more than data being transported across the
networks. Routed protocols include:
Internet protocol
35
Novell IPX
Open standards institute networking protocol
DECNet
AppleTalk
Banyan vines
Xerox Network System (XNS)
Outside a network, specialized devices called routers are used to perform the
routing process of forwarding packets between networks. Routers are connected to the
edges of two or more networks to provide connectivity between them. These devices are
usually dedicated machines with specialized hardware and software to speed up the
routing process. These devices send and receive routing information to each other about
networks that they can and cannot reach. Routers examine all routes to a destination,
determine which routes have the best metric, and insert one or more routes into the ip
routing table on the router. By maintaining a current list of known routes, routers can
quickly and efficiently send your information on it's way when received.
There are many companies that produce routers:
Cisco, Juniper, Bay, Nortel, 3COM, Cabletron, etc. Each company's product is
different in how it is configured, but most will interoperate so long as they share common
physical and data link layer protocols (Cisco HDLC, FR, PPP over serial, Ethernet etc.).
Before purchasing a router for your business, always check with your internet provider to
see what equipment they use, and choose a router which will interoperate with your
internet provider's equipment.
4.7.1 Static vs dynamic routing
Static:
Static routing is not really a protocol, simply the process of manually entering
routes into the routing table via a configuration file that is loaded when the routing device
36
starts up. As an alternative, these routes can be entered by a network administrator who
configures the routes. Since these routes don't change after they are configured (unless a
human changes them) they are called 'static' routes.
Static ROUTING is the simplest form of ROUTING, but it is a manual process and
does not work well when the ROUTING information has to be changed frequently or needs
to be configured on a large number of ROUTING devices (ROUTERS). Static ROUTING also
does not handle outages or down connections well because any ROUTE that is configured
manually must be reconfigured manually to fix or repair any lost connectivity.
Dynamic:
Dynamic routing protocols are software applications that dynamically discover
network destinations and how to get to them.
A router will 'learn' routes to all directly connected networks first. It will then
learn routes from other routers that run the same routing protocol. The router will then
sort through its list of routes and select one or more 'best' routes for each network
destination it knows or has learned.
Dynamic protocols will then distribute this 'best route' information to other
routers running the same routing protocol, thereby extending the information on what
networks exist and can be reached. This gives dynamic routing protocols the ability to
adapt to logical network topology changes, equipment failures or network outages 'on
the fly'.
4.7.2 Interior vs. Exterior routing protocols
Routing is the process of moving data from one network to another. Routing is
unnecessary unless you have multiple networks on different address ranges (different
combinations of ip addresses and masks, for example). If you don't, you need to look at
bridging or switching. You don't need to run a routing protocol unless you have
multiple networks served by more than one router (and even then, manual static routes
are easier for small networks). Once you get beyond three routers, it's time to start
37
thinking about dynamic routing protocols. If you are connecting your networks to the
internet, you will also need to think about running more than one kind of routing
protocol.
Interior gateway protocols:
Interior gateway protocols (IGPs) handle routing within an Autonomous System.
In plain English, IGPs figure out how to get from place to place between the routers you
own. These protocols keep track of how to get from one destination to the other inside a
network or set of networks that you administrate (all of the networks you manage
combined are usually just one Autonomous System). IGPs are how you get all the
networks communicating with each other.
IGPs fall into Two Categories:
Distance vector protocols:
Routing Information Protocol (RIP)
Interior Gateway Routing Protocol (IGRP)
Link state protocols:
Open Shortest Path First (OSPF)
Intermediate System to Intermediate System (IS-IS)
Exterior gateway protocols:
To get from place to place outside your network(s), i.e. on the internet, you must
use an exterior gateway protocol. Exterior gateway protocols handle routing outside an
Autonomous System and get you from your network, through your internet provider's
network and onto any other network. BGP is used by companies with more than one
internet provider
38
Examples of an EGP:
Border Gateway Protocol (BGP)
4.7.2.1 Distance Vector:
Distance:
Distance is the cost of reaching a destination, usually based on the number of
hosts the path passes through, or the total of all the administrative metrics assigned to
the links in the path.
Vector:
From the standpoint of routing protocols, the vector is the interface traffic
forwarded out in order to reach a given destination network along a route or path
selected by the routing protocol as the best path to the destination network.
Distance vector protocols use a distance calculation plus an outgoing network
interface (a vector) to choose the best path to a destination network. The network
protocol (IPX, IP, etc.) will forward data using the best paths selected.
Common distance vector routing protocols include:
AppleTalk RTMP
IPX Rip
IP Rip
IGRP
Advantages of distance vector protocols
Well supported
39
Protocols such as Rip have been around a long time and most, if not all devices
that perform routing will understand Rip.
4.7.2.2 Link state Protocols:
Link state protocols track the status and connection type of each link and produce
a calculated metric based on these and other factors, including some set by the network
administrator. Link state protocols know whether a link is up or down and how fast it is
and calculate a cost to 'get there'. Since routers run routing protocols to figure out how to
get to a destination, you can think of the 'link states' as being the status of the interfaces
on the router. Link state protocols will take a path which has more hops, but that uses a
faster medium over a path using a slower medium with fewer hops.
Because of their awareness of media types and other factors, link state protocols
require more processing power (more circuit logic in the case of ASICs) and memory.
Distance vector algorithms being simpler require simpler hardware.
A comparison:
Link state vs. Distance vector:
See fig. below. If all routers were running a distance vector protocol, the path or
'route' chosen would be from a » b directly over the isdn serial link, even though that link
is about 10 times slower than the indirect route from a » c » d » b.
A link state protocol would choose the a » c » d » b path because it's using a faster
medium (100 Mb Ethernet). In this example, it would be better to run a link state routing
protocol, but if all the links in the network are the same speed, then a distance vector
protocol is better.
40
Fig.
4.7.3 Routing Information Protocol (RIP)
Rip is a dynamic, distance vector routing protocol based around the Berkeley
BSD application routed and was developed for smaller IP based networks. Rip uses
UDP port 520 for route updates. Rip calculates the best route based on hop count. Like
all distance vector routing protocols, Rip takes some time to converge. While Rip
requires less CPU power and RAM than some other routing protocols, Rip does have
some limitations:
Metric: hop count
Since Rip calculates the best route to a destination based solely on how many
hops it is to the destination network, Rip tends to be inefficient in network using more
than one LAN protocol, such as fast Ethernet and serial or token ring. This is because
Rip prefers paths with the shortest hop count. The path with the shortest hop count
might be over the slowest link in the network.
Hop count limit:
Rip cannot handle more than 15 hops. Anything more than 15 hops away is
considered unreachable by Rip. This fact is used by Rip to prevent routing loops.
Cisco Routers - Configuring Rip
41
Configuring a Cisco router for Rip requires a series of configuration steps. First
you must turn on the Rip routing protocol, then you must identify the network that will
be advertised and which interfaces will advertise it with the network statement.
Basic Rip configuration (Cisco)
Router> enable
Password:
Router# conf t
Router(config)#interface ethernet 0
Router(config-if)# ip address 192.168.42.1
Router(config-if)# interface ethernet 1
Router(config-if)# ip address 192.168.43.1
Router(config-if)# exit
Router(config)# router Rip
Router(config-router)# network 192.168.42.0
Router(config-router)# network 192.168.43.0
Router(config-router)# exit
Router(config-router)# ^z
Router#
The example above assumes that the interfaces that will be running Rip have IP
addresses on them that fall within the 204.191.42.0, and 204.191.43.0 class C ranges.
4.7.4 Open Shortest Path First (OSPF)
42
Open shortest path first (OSPF) is a routing protocol which was first defined as
version 2 in RFC 2328. It is used to allow routers to dynamically learn routes from
other routers and to advertise routes to other routers. Advertisements containing routes
are referred to as link state advertisements (LSAs) in OSPF. OSPF router keeps track of
the state of all the various network connections (links) between itself and a network it is
trying to send data to. This makes it a link-state routing protocol. OSPF supports the use
of classless IP address ranges and is very efficient. OSPF uses areas to organize a
network into a hierarchal structure; it summarizes route information to reduce the
number of advertised routes and thereby reduce network load and uses a designated
router (elected via a process that is part of OSPF) to reduce the quantity and frequency
of link state advertisements. OSPF does require the router have a more powerful
processor and more memory than other routing protocols.
OSPF selects the best routes by finding the lowest cost paths to a destination. All
router interfaces (links) are given a cost. The cost of a route is equal to the sum of all
the costs configured on all the outbound links between the router and the destination
network, plus the cost configured on the interface that OSPF received the link state
advertisement on.
OSPF router types:
OSPF routers serve in various roles depending upon where they are located and which
areas they participate in.
Internal routers
An internal router connects only to one OSPF area. All of its interfaces connect to
the area in which it is located and does not connect to any other area.
If a router connects to more than one area, it will be one of the following types of
routers.
Backbone Routers
43
Backbone routers have one or more interfaces in area 0 (the backbone area).
Area Border Router (ABR)
A router that connects more than one area is called an area border router or ABR.
Usually an ABR is used to connect non-backbone areas to the backbone. If OSPF
virtual links are used an ABR will also be used to connect the area using the
virtual link to another non-backbone area.
Autonomous System Boundary Router (ASBR)
If the router connects the OSPF Autonomous System to another Autonomous
System, it is called an Autonomous System boundary router (ASBR).
OSPF elects two or more routers to manage the link state advertisements:
Designated Router (DR)
Every OSPF area will have a designated router and a backup designated router.
The designated router (DR) is the router to which all other routers within an area send
their link state advertisements. The designated router will keep track of all link state
updates and make sure the LSAs are flooded to the rest of the network using reliable
multicast transport.
Backup Designated Router (BDR)
The election process which determines the designated router will also elect a
backup designated router (BDR). The BDR takes over from the DR when the DR fails.
OSPF areas
OSPF areas are used to impose a hierarchical structure to the flow of data over the
network. A network using OSPF will always have at least one area and if there is more
44
than one area, one of the two areas must be the backbone area. Areas are used to group
routers into manageable groups that exchange routing information locally, but
summarize that routing information when advertising the routes externally. A standard
OSPF network looks something like a big bubble (the backbone area) with a lot of
smaller bubbles (stub areas) attached directly to it. Area border routers (ABR) are used
to connect the areas. Each area will elect a Designated Router (DR) and a Backup
Designated Router (BDR) to assist in flooding link state advertisements (LSAs)
throughout the area.
Backbone (Area 0)
The backbone is the first area you should always build in any network using OSPF
and the backbone is always Area 0 (zero). All areas are connected directly to the OSPF
backbone area. When designing an OSPF backbone area, you should make sure there is
little or no possibility of the backbone area being split into two or more parts by a router
or link failure. If the OSPF backbone is split due to hardware failures or access lists,
sizeable areas of the network will become unreachable.
Totally stub area
A totally stubby area is only connected to the backbone area. A totally stubby /
totally stub area does not advertise the routes it knows. It does not send any link state
advertisements. The only route a totally stub area receives is the default route from an
external area, which must be the backbone area. This default route allows the totally stub
area to communicate with the rest of the network.
Stub area
Stub areas are connected only to the backbone area. Stub areas do not receive routes
from outside the Autonomous System, but do receive the routes from within the
Autonomous System, even if the route comes from another area.
45
4.7.5 Border gateway protocol (BGP)
Border gateway protocol (BGP) is a routing protocol used on the edge of
Autonomous Systems (AS). It is an exterior routing protocol and calculates loop-free
paths across the internet. It is considered to use a path-vector routing algorithm. This
means it tracks the path in terms of which as it passes through, and does not track the
'route' through individual routers within an as, and is not specifically capable of
performing load balancing or packet forwarding itself. BGP is the routing protocol of
choice and is used by all the network service providers (NSPs) such as UUNET, Sprint,
Cable & Wireless, Level3, Qwest etc. It is dynamic and handles outages and link failures
fairly gracefully. To use BGP, you must have a router that supports BGP; register an AS
number and contact your provider to set up a BGP session.
BGP has gone through three revisions. The current version in use is bgp4 and is
supported by most router manufacturers including Cisco, Lucent/Bay, Juniper and many
others, as well as by Unix and Linux programs such as Zebra.
BGP uses a TCP connection to send routing updates using TCP port 179. BGP is
therefore by definition a 'reliable' protocol. While BGP version 3 provides for the
dynamic learning of routes, BGP 4 adds additional route dampening functionality,
communities, and MD5 and Multicasting capability.
External vs. Internal peers (eBGP vs iBGP)
Peering is when you exchange routes with another BGP speaking device. There
are two types of peering sessions:
Internal peers (iBGP)
An internal peer is a BGP speaking neighbor who has the same as number as you
do. An internal peer will only pass on the best routes it knows from its own
connections.
External peers (eBGP)
46
External peers have different AS numbers. An external peer will pass on all the
best routes it knows or has learned from any other peer to all other directly connected
external peers. Routers speaking eBGP gab everything they know to their neighbors
unless you install a gag (a route filter).
4.7.6 Autonomous System:
An Autonomous System is one network or sets of networks under a single
administrative control. An Autonomous System might be the set of all computer
networks owned by a company, or a college. Companies and organizations might own
more than one Autonomous System, but the idea is that each Autonomous System is
managed independently with respect to BGP. An Autonomous System is often referred
to as an 'AS'.
A good example is UUNet, which uses one Autonomous System as their
European network, and a separate Autonomous System for their domestic networks in
the Americas.
4.7.6.1 Autonomous System numbers:
The American registry for internet numbers (ARIN) defines Autonomous System
numbers as:
"Autonomous System numbers (ASNs) are globally unique numbers that are
used to identify Autonomous Systems (ASes) and which enable an AS to exchange
exterior routing information between neighboring ASes. An AS is a connected group of
IP Networks that adhere to a single and clearly defined routing policy."
To identify each Autonomous System, a 'globally unique' number is assigned to
them from a centralized authority (ARIN) so that there are no duplicate numbers.
Globally unique means exactly that. Within the entire internet all around the globe, the
as number should be unique. The AS number will be from 1 to 64511, and the next
highest unused number is what is generally assigned. These numbers are referred to as
47
'AS numbers'. The American registry for internet numbers (ARIN) is the authority
responsible for tracking and assigning these numbers as well as managing IP address
allocations and assignments. ARIN charges a fee to organizations wishing to obtain an
AS number to cover the administrative costs associated with managing as number
registrations and assignments.
To receive an AS number from ARIN, you must be able to prove you are 'Dual
Homed' to the internet, which means that you have more than one internet provider with
which you plan to run BGP. You must also have a 'Unique Routing Policy' that differs from your
BGP peers.
As # Provider
9829 BSNL
701 UUNet (U.S. Domestic)
1239Sprintlink U.S.
domestic
Private AS numbers (64512 - 65535)
If it is not necessary to connect to the internet, or you are part of a special type of
BGP configuration you can use any of the as numbers 64512 through 65535. However,
these numbers should not be seen on the global internet. One example of when you
might use private AS numbers is in BGP confederations. The confederation AS number
should not be seen on the global internet.
AS numbers and BGP
BGP learns and exchanges path information regarding the route to a given
destination network by keeping lists of AS numbers and associating them with
destination networks. This is why AS numbers should be unique. BGP makes certain
48
that an AS number does not appear in a path more than once, thereby preventing routing
loops.
BGP session timers
There are two primary timers in BGP. The first is the hold down timer; the other
is the keep alive interval.
Hold down timer
Cisco default setting: 180 seconds = 3x keepalive
The hold down timer indicates how long a router will wait between hearing
messages from its neighbor. The hold down timer defaults to 180 seconds on a Cisco
router, but can be reconfigured. The timer starts at zero and counts its way up to the
hold down timer value. If either a keepalive or update message is not received in that
time, then the router declares the peering session dead, places all routes learned from
that peer into a 'dampened' state and attempts to reset the session.
Keep alive interval
Cisco default setting: 60 seconds
To be certain that a BGP session stays up and functional, keep alive messages are
exchanged. The keep alive interval counts down to zero and then sends out another keep
alive. There is no timer for route updates, as updates happen dynamically on an
incremental basis.
BGP messages exchange information and help maintain state between the two routers in
the peering session.
BGP Packets
49
Keep alive
This is the packet used to keep the session running when there are no updates.
Keep alives are sent between BGP speakers to let each other know they are still there.
When a BGP router fails to hear a keep alive message, it removes all routes heard from
that peer from its Forwarding Information Base (FIB).
Notification
Notifications are used to send error messages when an update is received but is corrupt,
or when the router needs to turn down the session unexpectedly.
Open
Open messages are used to start a BGP session by requesting that a BGP session be
opened over an existing TCP/IP session.
Update
This message type contains the actual route updates. The route updates are composed of
the following:
1. Network layer reach ability information
2. AS-path
3. AS-path attributes
Updates received are placed in the routing information base (RIB). If a route in an
update message is better than all other routes in the RIB, then that route is placed in the
Forwarding Information Base (FIB).
50
Chapter 5
NETWORK ELEMENTS
5.1 Hubs
In the most basic type of network found today, nodes are simply connected
together using hubs. As a network grows, there are some potential problems with this
configuration:
Scalability - In a hub network, limited shared bandwidth makes it difficult to
accommodate significant growth without sacrificing performance. Applications today
need more bandwidth than ever before. Quite often, the entire network must be
redesigned periodically to accommodate growth.
Latency - This is the amount of time that it takes a packet to get to its destination.
Since each node in a hub-based network has to wait for an opportunity to transmit in
order to avoid collisions, the latency can increase significantly as you add more
nodes. Or, if someone is transmitting a large file across the network, then all of the
other nodes have to wait for an opportunity to send their own packets. You have
probably seen this before at work -- you try to access a server or the Internet and
suddenly everything slows down to a crawl.
Network failure - In a typical network, one device on a hub can cause problems for
other devices attached to the hub due to incorrect speed settings (100 Mbps on a 10-
Mbps hub) or excessive broadcasts. Switches can be configured to limit broadcast
levels.
Collisions - Ethernet uses a process called CSMA/CD (Carrier Sense Multiple
Access with Collision Detection) to communicate across the network. Under
CSMA/CD, a node will not send out a packet unless the network is clear of traffic. If
two nodes send out packets at the same time, a collision occurs and the packets are
51
lost. Then both nodes wait a random amount of time and retransmit the packets. Any
part of the network where there is a possibility that packets from two or more nodes
will interfere with each other is considered to be part of the same collision domain. A
network with a large number of nodes on the same segment will often have a lot of
collisions and therefore a large collision domain.
5.2 Switches
Switches are a fundamental part of most networks. They make it possible for
several users to send information over a network at the same time without slowing each
other down. Just like routers allow different networks to communicate with each other,
switches allow different nodes (a network connection point, typically a computer) of a
network to communicate directly with one another in a smooth and efficient manner.
Switches that provide a separate connection for each node in a company's internal
network are called LAN switches. Essentially, a LAN switch creates a series of instant
networks that contain only the two devices communicating with each other at that
particular moment
While hubs provide an easy way to scale up and shorten the distance that the packets
must travel to get from one node to another, they do not break up the actual network into
discrete segments. That is where switches come in.
Figure 5.1: Imagine that each vehicle is a packet of data waiting for an opportunity to continue on its trip.
Think of a hub as a four-way intersection where everyone has to stop. If more
than one car reaches the intersection at the same time, they have to wait for their turn to
52
proceed. Now imagine what this would be like with a dozen or even a hundred roads
intersecting at a single point. The amount of waiting and the potential for a collision
increases significantly. But wouldn't it be amazing if you could take an exit ramp from
any one of those roads to the road of your choosing? That is exactly what a switch does
for network traffic. A switch is like a cloverleaf intersection -- each car can take an exit
ramp to get to its destination without having to stop and wait for other traffic to go by.
A vital difference between a hub and a switch is that all the nodes connected to a
hub share the bandwidth among themselves, while a device connected to a switch port
has the full bandwidth all to itself. For example, if 10 nodes are communicating using a
hub on a 10-Mbps network, then each node may only get a portion of the 10 Mbps if
other nodes on the hub want to communicate as well. But with a switch, each node could
possibly communicate at the full 10 Mbps. Think about our road analogy. If all of the
traffic is coming to a common intersection, then each car it has to share that intersection
with every other car. But a cloverleaf allows all of the traffic to continue at full speed
from one road to the next.
In a fully switched network, switches replace all the hubs of an Ethernet network
with a dedicated segment for every node. These segments connect to a switch, which
supports multiple dedicated segments (sometimes in the hundreds). Since the only
devices on each segment are the switch and the node, the switch picks up every
transmission before it reaches another node. The switch then forwards the frame over the
appropriate segment. Since any segment contains only a single node, the frame only
reaches the intended recipient. This allows many conversations to occur simultaneously
on a switched network.
53
Figure 5.2: An example of a network using a switch
Switching allows a network to maintain full-duplex Ethernet. Before switching,
Ethernet was half-duplex, which means that data could be transmitted in only one
direction at a time. In a fully switched network, each node communicates only with the
switch, not directly with other nodes. Information can travel from node to switch and
from switch to node simultaneously.
Fully switched networks employ either twisted-pair or fiber-optic cabling, both of
which use separate conductors for sending and receiving data. In this type of
environment, Ethernet nodes can forgo the collision detection process and transmit at
will, since they are the only potential devices that can access the medium. In other words,
traffic flowing in each direction has a lane to itself. This allows nodes to transmit to the
switch as the switch transmits to them -- it's a collision-free environment. Transmitting in
both directions can effectively double the apparent speed of the network when two nodes
are exchanging information. If the speed of the network is 10 Mbps, then each node can
transmit simultaneously at 10 Mbps.
54
Figure 5.3: A mixed network with two switches and three hubs
Most networks are not fully switched because of the costs incurred in replacing all
of the hubs with switches. Instead, a combination of switches and hubs are used to create
an efficient yet cost-effective network. For example, a company may have hubs
connecting the computers in each department and then a switch connecting all of the
department-level hubs.
5.3 Routers
Routers connect LANs at the Network layer of the OSI model Routers connect
LANs that use the same Network-layer protocol, such as IPX-to-IPX and IP-to-IP.
Because routers operate at the Network layer, they can be used to link dissimilar LANs,
such as ARCNET, Ethernet, and Token Ring.
Figure 5.4 Cisco 3640 Series Unit Numbers
55
Two networks connected via a router are physically and logically separate
networks. Network-layer protocols have their own addressing scheme separate from the
addressing scheme of MAC-layer protocols. This addressing scheme may or may not
include the MAC-layer addresses of the network cards. Each network attached to a router
must be assigned a logical identifier, or network address, to designate it as unique from
other physical networks.
For example, NetWare’s IPX routers (NetWare file servers or external NetWare
routers using ROUTER.EXE) use each LAN card’s MAC-layer address and a logical
address for each network assigned by the router installer.
A router can support single or multiple Network-layer protocols. Net Ware 2.2
File servers and Net Ware external routers, for example only support NetWare’s IPX
protocol. NetWare 3.11 file servers on the other hand, can route IPX, IP and Apple Talk,
if the proper routing software is loaded into the file server. Dedicated routers from
Proteon, Cisco, Wellfleet, and others can route a number of different protocols.
Routers only forward traffic addressed to the other side. This means that local
traffic on one LAN will not affect performance on another. Routers can be proprietary
devices, or can be software and hardware residing in a general purpose computer, such as
a PC.
Like transparent bridges, routers maintain routing tables. A router’s routing table,
however, keeps track of network addresses and possible routes between networks, not
individual node addresses. Using routers, redundant paths between networks can be
established, and traffic will be routed between networks based on some algorithm to
determine the best path. The simplest routers usually select the path with the fewest
number of router hops as the best path. More intelligent routers consider other factors,
56
such as the relative response times of various possible routes, when selecting the best
path.
The routing update timer controls the time between routing updates. Default is
usually 30 seconds plus a small random delay to prevent all rip routers from sending
updates simultaneously.
The route time out timer controls when a route is no longer available. The default
is usually 180 seconds. If a router has not seen a route in an update during this specified
interval it is dropped from the router’s announcements. The route is maintained long
enough for the router to advertise the route as down (hop count 16)
The route flush timer controls how long before a route is completely flushed from
the routing table. The default setting is usually 120 seconds.
5.4 Bridges
There are two types of bridges local bridges and remote bridges. Local bridges
have two or more LAN ports and act as a bridge between two or more LANs.
A remote bridge has a LAN and a WAN port and is actually not a bridge. It's a half-
bridge. Only together with its counterpart on the remote LAN it is a full bridge. This
means that the bridge on the local LAN plus the bridge on the remote LAN plus the wires
(leased lines) that connect the two are an entire bridge.
Having said this we can start with the description of bridges.
General
Bridges are only concerned with the MAC layer, so this device is placed at OSI layer 2.
But that is not entirely correct. As the OSI reference model divides layer 2 into the LLC
and the MAC sub-layers, a bridge is actually a MAC sub-layer device. A bridge doesn't
havetospeak802.2(LLC). This does mean that a bridge does not worry about higher layers
and doesn't bother about protocols. A bridge is protocol transparent. It does also mean
that the different MAC layer standards can be connected to each other with a bridge. So
token ring and Ethernet can be connected to each other by means of a bridge.
57
Usage
Bridges are used in situations where repeaters would not function or are not wanted. It
could be one of the following reasons or a combination.
The maximum amount of repeaters is used and more length is needed
The distance is too large to cover for a repeater (WAN links)
There is too much traffic and a router would be too expensive or cannot be used (non-
routable protocols)
Connecting different types of LANs
Security or management
There are various reasons for the use of a bridge and we will not go into detail about
it. The following description shows the way a bridge works and will hopefully explain
the various reasons by it.
A bridge reads the outermost section of data on the data packet, to tell where the
message is going. It reduces the traffic on other network segments, since it does not send
all packets. Bridges do not normally allow connection of networks with different
architectures. The hardware address is also called the MAC (media access control)
address. To determine the network segment a MAC address belongs to, bridges use one
of:
Transparent Bridging - They build a table of addresses (bridging table) as they
receive packets. If the address is not in the bridging table, the packet is forwarded to
all segments other than the one it came from. This type of bridge is used on ethernet
networks.
Source route bridging - The source computer provides path information inside the
packet. This is used on Token Ring networks.
5.5 Gateways
A gateway is a fundamentally different type of device than a router or switch and
can be used in conjunction with them. A gateway makes it possible for an application
58
program, running on a system, confirming to network architecture, to communicate with
an application program running on a system confirming to some other network
architecture. A gateway performs its function in the Application layer of the OSI model.
The function of a gateway is to convert one set of communication protocols to some other
set of communication protocols. Protocol conversion may include the following:
Message Format Conversion- Different networks may employ different message
format, maximum message size, or character codes. The gateway must be able to
convert messages to appropriate format, size and coding.
Address translation- Different networks may employ different addressing mechanism
and network address structures. The gateway must be able to interpret network
address in one network and convert them into network address in other network.
Protocol conversion- When a message is prepared for transmission, each layer adds
control information, unique to the protocol used in that layer. The gateway must be
able to convert control information used by each layer so that the receiving system
receives the control information in the format it expects. Services affected may
include message segmentation and reassembly, data flow control, and error detection
and recovery.
Chapter 6
PACKET FORWARDING TECHNOLOGIES
6.1 Frame Relay
Frame Relay is a standardized wide area networking technology that specifies
the physical and logical link layers of digital telecommunications channels using a packet
switching methodology. Originally designed for transport across Integrated Services
Digital Network (ISDN) infrastructure, it may be used today in the context of many other
network interfaces. Network providers commonly implement Frame Relay for voice
(VoFR) and data as an encapsulation technique, used between local area networks
59
(LANs) over a wide area network (WAN). Each end-user gets a private line (or leased
line) to a frame-relay node. The frame-relay network handles the transmission over a
frequently-changing path transparent to all end-users.
With the advent of MPLS, VPN and dedicated broadband services such as cable
modem and DSL, the end may loom for the Frame Relay protocol and encapsulation.
However many rural areas remain lacking DSL and cable modem services. In such cases
the least expensive type of "always-on" connection remains a 64-kbit/s frame-relay line.
Thus a retail chain, for instance, may use Frame Relay for connecting rural stores into
their corporate WAN.
Figure 6.1: A basic Frame Relay network
6.1.1 Advantages:
Reasonable WAN speed (64kbps -- 1.5Mbps)
** When T1 or Fract. T1 is the transport
Buy bandwidth only when you need it ****
One serial port at the central site can support multiple incoming PVCs
Telco is responsible for insuring connectivity
6.1.2 Disadvantages:
No educational tariff is currently available in Alabama.
60
Full T1? s are almost always less expensive than Frame Relay (due to the edu. Tariff)
More difficult to configure and manage properly
6.2 Asynchronous Transfer Mode (ATM)
Asynchronous Transfer Mode (ATM) is a standardized digital data
transmission technology. ATM is implemented as a network protocol and was first
developed in the mid 1980s. The goal was to design a single networking strategy that
could transport real-time video conference and audio as well as image files, text and
email. The International Telecommunications Union, American National Standards
Institute, European Telecommunications Standards Institute, ATM Forum, Internet
Engineering Task Force, Frame Relay Forum and SMDS Interest Group were involved in
the creation of the standard.
Asynchronous Transfer Mode is a cell-based switching technique that uses
asynchronous time division multiplexing. It encodes data into small fixed-sized cells (cell
relay) and provides data link layer services that run over OSI Layer 1 physical links. This
differs from other technologies based on packet-switched networks (such as the Internet
Protocol or Ethernet), in which variable sized packets (known as frames when
referencing Layer 2) are used. ATM exposes properties from both circuit switched and
small packet switched networking, making it suitable for wide area data networking as
well as real-time media transport. ATM uses a connection-oriented model and establishes
a virtual circuit between two endpoints before the actual data exchange begins.
ATM is a core protocol used over the SONET/SDH backbone of the Integrated Services
Digital Network
6.2.1 Advantages of ATM ATM supports voice, video and data allowing multimedia and mixed services over a
Single network.
High evolution potential, works with existing, legacy technologies
61
Provides the best multiple service support
Supports delay close to that of dedicated services
Supports the broadest range of burstiness, delay tolerance and loss performance
through the implementation of multiple QoS classes
Provides the capability to support both connection-oriented and connectionless traffic
using AALs
Able to use all common physical transmission paths like SONET.
Cable can be twisted-pair, coaxial or fiber-optic
Ability to connect LAN to WAN
Legacy LAN emulation
Efficient bandwidth use by statistical multiplexing
Scalability
Higher aggregate bandwidth
High speed Mbps and possibly Gbps
6.2.2 ATM disadvantages Flexible to efficiency’s expense, at present, for any one application it is usually
possible to find a more optimized technology
Cost, although it will decrease with time
New customer premises hardware and software are required
Competition from other technologies -100 Mbps FDDI, 100 Mbps Ethernet and fast
Ethernet
Presently the applications that can benefit from ATM such as multimedia are rare
the wait, with all the promise of ATM’s capabilities many details are still in the
standards process.
62
6.3 Ethernet
Ethernet is a family of frame-based computer networking technologies for local
area networks (LANs). The name comes from the physical concept of the ether. It defines
a number of wiring and signaling standards for the Physical Layer of the OSI networking
model as well as a common addressing format and Media Access Control at the Data
Link Layer.
Ethernet is standardized as IEEE 802.3. The combination of the twisted pair
versions of Ethernet for connecting end systems to the network, along with the fiber optic
versions for site backbones, is the most widespread wired LAN technology. It has been in
use from around 1980[1] to the present, largely replacing competing LAN standards such
as token ring, FDDI, and ARCNET. A standard 8P8C (often called RJ45) connector used
most commonly on cat5 cable, a type of cabling used primarily in Ethernet networks.
Figure 6.2: Ethernet RJ45 connector
6.3.1 Advantages:
1) Conceptually Simple:
Ethernet is simply daisy-chained together with coax cable and "T" adapters. There are
usually no hubs, transceivers, or other devices used.
2. Relatively Inexpensive:
63
Due to the simplicity inherent in the design of Ethernet, it can be an inexpensive
technology to implement.
3. Noise Immunity:
The coaxial cable used in a Ethernet network is very well shielded, and has a
very high immunity from electrical noise caused by outside sources.
6.3.2 Disadvantages:
1. Difficult To Change:
Reconfiguring a Ethernet is somewhat difficult to do once it is in place. Any
changes to the network will result in at least some "down time," as the bus must be
broken and a new section spliced in at the point of the break.
2. Fault Intolerant:
If any device or cable section attached to the network fails, it will most likely
make the entire network go down.
3. Difficult Troubleshooting
Ethernet networks are very difficult to troubleshoot. There is no easy way to
determine what node or cable section is causing a problem, and the network must be
troubleshot by a "process of elimination." This can be very time consuming.
4. Specialized Cable
The RG-58A/U coaxial cable used in Ethernet networks cannot be used for any
other purpose. In the event that the network is changed to another type, then the cable
will have to be replaced.
6.4 IP Routing
IP Routing is an umbrella term for the set of protocols that determine the path
that data follows in order to travel across multiple networks from its source to its
destination. Data is routed from its source to its destination through a series of routers,
and across multiple networks. The IP Routing protocols enable routers to build up a
forwarding table that correlates final destinations with next hop addresses.
64
These protocols include:
BGP (Border Gateway Protocol)
IS-IS (Intermediate System - Intermediate System)
OSPF (Open Shortest Path First)
RIP (Routing Information Protocol)
When an IP packet is to be forwarded, a router uses its forwarding table to determine
the next hop for the packet's destination (based on the destination IP address in the IP
packet header), and forwards the packet appropriately. The next router then repeats this
process using its own forwarding table, and so on until the packet reaches its destination.
At each stage, the IP address in the packet header is sufficient information to determine
the next hop; no additional protocol headers are required.
The Internet, for the purpose of routing, is divided into Autonomous Systems (ASs).
An AS is a group of routers that are under the control of a single administration and
exchange routing information using a common routing protocol. For example, a corporate
intranet or an ISP network can usually be regarded as an individual AS. The Internet can
be visualized as a partial mesh of ASs. An AS can be classified as one of the following
three types.
A Stub AS has a single connection to one other AS. Any data sent to, or received
from, a destination outside the AS must travel over that connection. A small campus
network is an example of a stub AS.
A Transit AS has multiple connections to one or more ASs, which permits data that
is not destined for a node within that AS to travel through it. An ISP network is an
example of a transit AS.
A Multihomed AS also has multiple connections to one or more ASs, but it does not
permit data received over one of these connections to be forwarded out of the AS
again. In other words, it does not provide a transit service to other ASs. A
Multihomed AS is similar to a Stub AS, except that the ingress and egress points for
65
data traveling to or from the AS can be chosen from one of a number of connections,
depending on which connection offers the shortest route to the eventual destination. A
large enterprise network would normally be a multihomed AS.
An Interior Gateway Protocol (IGP) calculates routes within a single AS. The IGP
enables nodes on different networks within an AS to send data to one another. The IGP
also enables data to be forwarded across an AS from ingress to egress, when the AS is
providing transit services.
Routes are distributed between ASs by an Exterior Gateway Protocol (EGP). The
EGP enables routers within an AS to choose the best point of egress from the AS for the
data they are trying to route.
The diagram below illustrates the different types of AS in a network. OSPF, IS-IS and
RIP are IGPs used within the individual ASs; BGP is the EGP used between ASs.
Figure 6.3: IP routing
6.4.1 Advantages
1) The first defined and used protocol.
2) De facto the only protocol for global internet working
6.4.2 Disadvantages
66
1) Connectionless, example QOS.
2) Each router has to make independent forwarding decision based on IP address.
3) Large IP address-At least 20 bytes.
4) Routing in network layer- slower than switching.
5) Usually designed to obtain shortest path-do not take into account additional metrics.
Chapter 7
MULTIPROTOCOL LABEL SWITCHING
7.1 Introduction
Multiprotocol Label Switching (MPLS) is a mechanism in high-performance
telecommunications networks which directs and carries data from one network node to
the next. MPLS makes it easy to create "virtual links" between distant nodes. It can
encapsulate packets of various network protocols.
MPLS is a highly scalable, protocol agnostic, data-carrying mechanism. In an
MPLS network, data packets are assigned labels. Packet-forwarding decisions are made
solely on the contents of this label, without the need to examine the packet itself. This
allows one to create end-to-end circuits across any type of transport medium, using any
protocol. The primary benefit is to eliminate dependence on a particular Data Link Layer
technology, such as ATM, frame relay, SONET or Ethernet, and eliminate the need for
67
multiple Layer 2 networks to satisfy different types of traffic. MPLS belongs to the
family of packet-switched networks.
MPLS operates at an OSI Model layer that is generally considered to lie between
traditional definitions of Layer 2 (Data Link Layer) and Layer 3 (Network Layer), and
thus is often referred to as a "Layer 2.5" protocol. It was designed to provide a unified
data-carrying service for both circuit-based clients and packet-switching clients which
provide a datagram service model. It can be used to carry many different kinds of traffic,
including IP packets, as well as native ATM, SONET, and Ethernet frames.
Multiprotocol Label Switching (MPLS) has evolved from being a buzzword in the
networking industry to a widely deployed technology in service provider (SP) networks.
MPLS is a contemporary solution to address a multitude of problems faced by present-
day networks: speed, scalability, quality of service (QoS) management, and traffic
engineering. Service providers are realizing larger revenues by the implementation of
service models based on the flexibility and value added services provided by MPLS
solutions. MPLS also provides an elegant solution to satisfy the bandwidth management
and service requirements for next-generation IP–based backbone networks.
Unicast IP forwarding in traditional IP networks
Architectural blocks of MPLS
MPLS terminology
CEF, FIB, LFIB, and LIB
MPLS label assignment
MPLS LDP session establishment
MPLS label distribution and retention
Penultimate hop popping
68
7.2 Unicast IP Forwarding in Traditional IP Networks
In traditional IP networks, routing protocols are used to distribute Layer 3 routing
information. Figure 1-1 depicts a traditional IP network where network layer reach ability
information (NLRI) for network 172.16.10.0/24 is propagated using an IP routing
protocol. Regardless of the routing protocol, packet forwarding is based on the
destination address alone. Therefore, when a packet is received by the router, it
determines the next-hop address using the packet's destination IP address along with the
information from its own forwarding/routing table. This process of determining the next
hop is repeated at each hop (router) from the source to the destination.
Figure 7.1: Traditional IP Forwarding Operation
As shown in Figure 7.1, in the data forwarding path, the following process takes place:
R4 receives a data packet destined for 172.16.10.0 network.
R4 performs route lookup for 172.16.10.0 network in the forwarding table, and the
packet is forwarded to the next-hop Router R3.
R3 receives the data packet with destination 172.16.10.0, performs a route lookup for
172.16.10.0 network, and forwards the packet to next-hop Router R2.
R2 receives the data packet with destination 172.16.10.0, performs a route lookup for
172.16.10.0 network, and forwards the packet to next-hop Router R1.
Because R1 is directly connected to network 172.16.10.0, the router forwards the
packet on to the appropriate connected interface.
69
7.3 Overview of MPLS Forwarding
In MPLS enabled networks, packets are forwarded based on labels. These labels
might correspond to IP destination addresses or to other parameters, such as QoS classes
and source address. Labels are generated per router (and in some cases, per interface on a
router) and bear local significance to the router generating them. Routers assign labels to
define paths called Label Switched Paths (LSP) between endpoints. Because of this, only
the routers on the edge of the MPLS network perform a routing lookup.
Figure 7.2: Forwarding in the MPLS Domain
Figure 7.2 illustrates the same network as depicted in Figure 1-1 with MPLS
forwarding where route table lookups are performed only by MPLS edge border routers,
R1 and R4. The routers in MPLS network R1, R2, and R3 propagate updates for
172.16.10.0/24 network via an IGP routing protocol just like in traditional IP networks.
This leads to the creation of an IP forwarding table. Also, because the links connecting
the routers are MPLS enabled, they assign local labels for destination 172.16.10.0 and
propagate them upstream to their directly connected peers using a Label Distribution
Protocol (LDP); for example, R1 assigns a local label L1 and propagates it to the
upstream neighbor R2. R2 and R3 similarly assign labels and propagate the same to
upstream neighbors R3 and R4, respectively. Consequently, as illustrated in Figure 1-2,
the routers now maintain a label forwarding table to enable labeled packet forwarding in
70
addition to the IP routing table. The concept of upstream and downstream is explained in
greater detail in the section "MPLS Terminology."
As shown in Figure 6.2, the following process takes place in the data forwarding
path from R4 to R1:
1. R4 receives a data packet for network 172.16.10.0 and identifies that the path to the
destination is MPLS enabled. Therefore, R4 forwards the packet to next-hop Router
R3 after applying a label L3 (from downstream Router R3) on the packet and
forwards the labeled packet to R3.
2. R3 receives the labeled packet with label L3 and swaps the label L3 with L2 and
forwards the packet to R2.
3. R2 receives the labeled packet with label L2 and swaps the label L2 with L1 and
forwards the packet to R1.
4. R1 is the border router between the IP and MPLS domains; therefore, R1 removes the
labels on the data packet and forwards the IP packet to destination network
172.16.10.0.
7.4 Architectural Blocks of MPLS
MPLS functionality on Cisco devices is divided into two main architectural blocks:
Control plane— Performs functions related to identifying reachability to destination
prefixes. Therefore, the control plane contains all the Layer 3 routing information, as
well as the processes within, to exchange reachability information for a specific Layer
3 prefix. Common examples of control plane functions are routing protocol
information exchange like in OSPF and BGP. Hence, IP routing information
exchange is a control plane function. In addition, all protocol functions that are
responsible for the exchange of labels between neighboring routers function in the
71
control plane as in label distribution protocols (explained in detail in section "LDP
Session Establishment").
Data plane— performs the functions relating to forwarding data packets. These
packets can be either Layer 3 IP packets or labeled IP packets. The information in the
data plane, such as label values, is derived from the control plane. Information
exchange between neighboring routers creates mappings of IP destination prefixes to
labels in the control plane, which is used to forward data plane labeled packets.
Figure 7.3: depicts the control plane and data plane functions.
7.5 MPLS Terminology
This section provides an overview of the common MPLS-related terminology used
for the rest of this book:
Forwarding Equivalence Class (FEC) — as noted in RFC 3031(MPLS
architecture), this group of packets are forwarded in the same manner (over the same
path with the same forwarding treatment).
MPLS Label Switch Router (LSR) — performs the function of label switching; the
LSR receives a labeled packet and swaps the label with an outgoing label and
72
forwards the new labeled packet from the appropriate interface. The LSR, depending
on its location in the MPLS domain, can either perform label disposition (removal,
also called pop), label imposition (addition, also called push) or label swapping
(replacing the top label in a label stack with a new outgoing label value). The LSR,
depending on its location in the MPLS domain, might also perform label stack
imposition or disposition. The concept of a label stack is explained later in this
section. During label swapping, the LSR replaces only the top label in the label stack;
the other labels in the label stack are left untouched during label swapping and
forwarding operation at the LSR.
MPLS Edge-Label Switch Router (E-LSR) — An LSR at the border of an MPLS
domain. The ingress Edge LSR performs the functions of label imposition (push) and
forwarding of a packet to destination through the MPLS-enabled domain. The egress
Edge LSR performs the functions of label disposition or removal (pop) and
forwarding an IP packet to the destination. Note that the imposition and disposition
processes on an Edge LSR might involve label stacks versus only labels.
Figure 6.4 depicts the network in Figure 6.2 with all routers identified as LSRs or
Edge LSRs based on their location and operation in the MPLS domain.
MPLS Label Switched Path (LSP) — The path from source to destination for a data
packet through an MPLS-enabled network. LSPs are unidirectional in nature. The
LSP is usually derived from IGP routing information but can diverge from the IGP's
preferred path to the destination.
73
Figure 7-4. LSR and Edge LSR
Figure 7.5 Upstream and Downstream
Upstream and downstream— The concept of downstream and upstream are pivotal
in understanding the operation of label distribution (control plane) and data
74
forwarding in an MPLS domain. Both downstream and upstream are defined with
reference to the destination network: prefix or FEC. Data intended for a particular
destination network always flows downstream. Updates (routing protocol or label
distribution, LDP) pertaining to a specific prefix are always propagated upstream.
This is depicted in Figure 1-5 where downstream with reference to the destination
prefix 172.16.20.0/24 is in the path R1-R2-R3, and downstream with reference to
172.16.10.0/24 is the path R3-R2-R1. Therefore, in Figure 1-5, R2 is downstream to
R1 for destination 172.16.20.0/24, and R1 is downstream to R2 for destination
172.16.10.0/24.
MPLS labels and label stacks— An MPLS label is a 20-bit number that is assigned
to a destination prefix on a router that defines the properties of the prefix as well as
forwarding mechanisms that will be performed for a packet destined for the prefix.
Figure 7.6 MPLS Label
An MPLS label consists of the following parts:
20-bit label value
3-bit experimental field
1-bit bottom-of-stack indicator
8-bit Time-to-Live field
The 20-bit label value is a number assigned by the router that identifies the prefix in
question. Labels can be assigned either per interface or per chassis. The 3-bit
experimental field defines the QoS assigned to the FEC in question that has been
assigned a label. For example, the 3 experimental bits can map to the 7 IP precedence
values to map the IP QoS assigned to packets as they traverse an MPLS domain.
75
A label stack is an ordered set of labels where each label has a specific function. If
the router (Edge LSR) imposes more than one label on a single IP packet, it leads to what
is called a label stack, where multiple labels are imposed on a single IP packet. Therefore,
the bottom-of-stack indicator identifies if the label that has been encountered is the
bottom label of the label stack.
The TTL field performs the same function as an IP TTL, where the packet is
discarded when the TTL of the packet is 0, which prevents looping of unwanted packets
in the network. Whenever a labeled packet traverses an LSR, the label TTL value is
decremented by 1.
The label is inserted between the Frame Header and the Layer 3 Header in the packet.
Figure 1-7 depicts the label imposition between the Layer 2 and Layer 3 headers in an IP
packet.
Figure 7.7 MPLS Label Imposition
If the value of the S bit (bottom-of-stack indicator) in the label is 0, the router
understands that a label stack implementation is in use. As previously mentioned, an LSR
swaps only the top label in a label stack. an egress Edge LSR, however, continues label
disposition in the label stack until it finds that the value of the S bit is set to 1, which
denotes a bottom of the label stack. After the router encounters the bottom of the stack, it
performs a route lookup depending on the information in the IP Layer 3 Header and
appropriately forwards the packet toward the destination. In the case of an ingress Edge
LSR, the Edge LSR might impose (push) more than one label to implement a label stack
where each label in the label stack has a specific function.
76
Label stacks are implemented when offering MPLS-based services such as
MPLS-VPN or MPLS traffic engineering. In MPLS-VPN the second label in the label
stack identifies the VPN. In traffic engineering, the top label identifies the endpoint of the
TE tunnel, and the second label identifies the destination.
Figure 7.8 MPLS Label Stack
7.6 MPLS Control and Data Plane Components
Cisco Express Forwarding (CEF) is the foundation on which MPLS and its
services operate on a Cisco router. Therefore, CEF is a prerequisite to implement MPLS
on all Cisco platforms except traditional ATM switches that support only data plane
functionality. CEF is a proprietary switching mechanism used on Cisco routers that
enhances the simplicity and the IPv4 forwarding performance of a router manifold.
77
CEF avoids the overhead of cache rewrites in the IP Core environment by using a
Forwarding Information Base (FIB) for the destination switching decision, which mirrors
the entire contents of the IP routing table. There is a one-to-one mapping between FIB
table and routing table entries.
When CEF is used on a router, the router maintains, at a minimum, an FIB, which
contains a mapping of destination networks in the routing table to appropriate next-hop
adjacencies. Adjacencies are network nodes that can reach one another with a single hop
across the link layer. This FIB resides in the data plane, which is the forwarding engine
for packets processed by the router.
In addition to the FIB, two other structures on the router are maintained, which
are the Label Information Base (LIB) and Label Forwarding Information Base (LFIB).
The distribution protocol in use between adjacent MPLS neighbors is responsible for the
creation of entries in the LIB and LFIB.
The LIB functions in the control plane and is used by the label distribution
protocol where IP destination prefixes in the routing table are mapped to next-hop labels
that are received from downstream neighbors, as well as local labels generated by the
label distribution protocol.
The LFIB resides in the data plane and contains a local label to next-hop label
mapping along with the outgoing interface, which is used to forward labeled packets.
Information about reach ability to destination networks from routing protocols is
used to populate the Routing Information Base (RIB) or the routing table. The routing
table, in turn, provides information for the FIB. The LIB is populated using information
from the label distribution protocol and from the LIB along with information from the
FIB that is used to populate the LFIB.
78
Figure 7.9 shows the interoperation of the various tables maintained on a router.
Figure 7.9 MPLS Control and Data Plane Components
7.7 MPLS Operation
The implementation of MPLS for data forwarding involves the following four steps:
1. MPLS label assignment (per LSR)
2. MPLS LDP session establishment (between LSRs/Edge LSRs)
3. MPLS label distribution (using a label distribution protocol)
4. MPLS label retention
MPLS operation typically involves adjacent LSRs forming an LDP session,
assigning local labels to destination prefixes and exchanging these labels over established
79
LDP sessions. Upon completion of label exchange between adjacent LSRs, the control
and data structures of MPLS, namely FIB, LIB, and LFIB, are populated, and the router
is ready to forward data plane information based on label values.
7.7.1 MPLS Label Assignment
A label is assigned to IP networks reachable by a router and then imposed on data
packets forwarded to those IP networks. IP routing protocols advertise reachability to
destination networks. The same process needs to be implemented for routers or devices
that are part of the MPLS domain to learn about the labels assigned to destination
networks by neighboring routers. The label distribution protocol (LDP) assigns and
exchanges labels between adjacent LSRs in an MPLS domain following session
establishment. As previously mentioned, labels can be assigned either globally (per
router) or per interface on a router.
7.7.2 LDP Session Establishment
Following label assignment on a router, these labels are distributed among
directly connected LSRs if the interfaces between them are enabled for MPLS
forwarding. This is done either by using LDP or tag distribution protocol (TDP). TDP is
deprecated and, by default, LDP is the label distribution protocol. The command mpls
label protocol {ldp | tdp} is configured only if LDP is not the default label distribution
protocol or if you are reverting from LDP to TDP. The command can be configured in
global and interface configuration mode. The interface configuration command will,
however, override the global configuration.
TDP and LDP function the same way but are not interoperable. It is important to
note that when Cisco routers are in use, the default protocol that is running on an MPLS-
enabled interface is dependent on the version of IOS running on the device; care must be
taken when configuring Cisco routers in a multi-vendor environment. TDP uses TCP port
711 and LDP uses TCP port 646. A router might use both TDP and LDP on the same
interface to enable dynamic formation of LDP or TDP peers depending on the protocol
running on the interface of the peering MPLS neighbor. LDP is defined in RFC 3036 and
80
is implemented predominantly between adjacent peers (adjacencies as defined by the
IGP). In some cases, LDP sessions can also be configured between nonadjacent peers,
where it is called a directed LDP session.
There are four categories of LDP messages:
Discovery messages— Announce and sustain an LSR's presence in the network
Session messages— Establish, upkeep, and tear down sessions between LSRs
Advertisement messages— Advertise label mappings to FECs
Notification messages— Signal errors
See Figure 7-10.
1. LDP sessions are initiated when an LSR sends periodic hellos (using UDP multicast
on 224.0.0.2) on interfaces enabled for MPLS forwarding. If another LSR is
connected to that interface (and the interface enabled for MPLS), the directly
connected LSR attempts to establish a session with the source of the LDP hello
messages. The LSR with the higher LDP router ID is the active LSR. The active LSR
attempts to open a TCP connection with the passive LSR (LSR with a lower router
ID) on TCP port 646 (LDP).
2. The active LSR then sends an initialization message to the passive LSR, which
contains information such as the session keepalive time, label distribution method,
max PDU length, and receiver's LDP ID, and if loop detection is enabled.
81
Figure 7.10: LDP Session Establishment
3. The passive LDP LSR responds with an initialization message if the parameters are
acceptable. If parameters are not acceptable, the passive LDP LSR sends an error
notification message.
4. Passive LSR sends keep alive message to the active LSR after sending an
initialization message.
5. The active LSR sends keep alive to the passive LDP LSR, and the LDP session comes
up. At this juncture, label-FEC mappings can be exchanged between the LSRs.
All LDP messages follow the type, length, value (TLV) format. LDP uses TCP port
646, and the LSR with the higher LDP router ID opens a connection to port 646 of
another LSR.
82
7.7.3 MPLS Label Distribution with LDP
In an MPLS domain running LDP, a label is assigned to a destination prefix found in
the FIB, and it is distributed to upstream neighbors in the MPLS domain after session
establishment. The labels that are of local significance on the router are exchanged with
adjacent LSRs during label distribution. Label binding of a specific prefix to a local label
and a next-hop label (received from downstream LSR) is then stored in the LFIB and LIB
structures. The label distribution methods used in MPLS are as follows:
Downstream on demand— This mode of label distribution allows an LSR to
explicitly request from its downstream next-hop router a label mapping to a particular
destination prefix and is thus known as downstream on demand label distribution.
Unsolicited downstream— This mode of label distribution allows an LSR to
distribute bindings to upstream LSRs that have not explicitly requested them and is
referred to as unsolicited downstream label distribution.
Figure 7.11: Unsolicited Downstream Versus Downstream on Demand
Figure 7.11 depicts the two modes of label distribution between R1 (Edge LSR)
and R2 (LSR). In the downstream-on-demand distribution process, LSR R2 requests a
label for the destination 172.16.10.0. R1 replies with a label mapping of label 17 for
83
172.16.10.0. In the unsolicited downstream distribution process, R1 does not wait for a
request for a label mapping for prefix 172.16.10.0 but sends the label mapping
information to the upstream LSR R2.
7.7.4 MPLS Label Retention
If an LSR supports liberal label retention mode, it maintains the bindings between
a label and a destination prefix, which are received from downstream LSRs that might
not be the next hop for that destination. If an LSR supports conservative label retention
mode, it discards bindings received from downstream LSRs that are not next-hop routers
for a destination prefix. Therefore, with liberal retention mode, an LSR can almost
immediately start forwarding labeled packets after IGP convergence, where the numbers
of labels maintained for a particular destination are large, thus consuming memory. With
conservative label retention, the labels maintained are labels from the confirmed LDP or
TDP next-hop neighbors, thus consuming minimal memory.
7.7.5 Special Outgoing Label Types
LSRs perform the operation of label swapping, imposition, or disposition depending
on their location in the MPLS domain. In certain cases, the incoming label maps to
special outgoing labels that define the operation to be performed at the upstream LSR or
router. These labels are propagated by the downstream LSR during label distribution to
the upstream LSR. The following outlines the types of outgoing labels that can be
associated with a packet:
Untagged— The incoming MPLS packet is converted to an IP packet and forwarded
to the destination (MPLS to IP Domain transition). This is used in the implementation
of MPLS-VPN
Implicit-null or POP label— This label is assigned when the top label of the
incoming MPLS packet is removed and the resulting MPLS or IP packet is forwarded
to the next-hop downstream router. The value for this label is 3 (20 bit label field).
This label is used in MPLS networks that implement penultimate hop popping
discussed in the next section.
84
Explicit-null Label— This label is assigned to preserve the EXP value of the top
label of an incoming packet. The top label is swapped with a label value of 0 (20 bit
label field) and forwarded as an MPLS packet to the next-hop downstream router.
This label is used in the implementation of QoS with MPLS.
Aggregate— In this label, the incoming MPLS packet is converted to an IP packet
(by removing all labels if label stack is found on incoming packet), and an FIB (CEF)
lookup is performed to identify the outgoing interface to destination (used in MPLS-
VPN implementations )
Figure 7.12 Special Label Types
7.8 MPLS Benefits and Services
7.8.1 Benefits of MPLS
This section explains briefly the benefits of running MPLS in your network. These benefits include the following:
The use of one unified network infrastructure
Border Gateway Protocol (BGP)-free core
The peer-to-peer model for MPLS-VPN
Optimal traffic flow
Traffic engineering
7.8.1.1 Traffic Engineering
The basic idea behind traffic engineering is to optimally use the network
85
infrastructure, including links that are underutilized, because they do not lie on the
preferred path. This means that traffic engineering must provide the possibility to steer
traffic through the network on paths different from the preferred path, which is the least-
cost path provided by IP routing. The least-cost path is the shortest path as computed by
the dynamic routing protocol. With traffic engineering implemented in the MPLS
network, you could have the traffic that is destined for a particular prefix or with a
particular quality of service flow from point A to point B along a path that is different
from the least-cost path. The result is that the traffic can be spread more evenly over the
available links in the network and make more use of underutilized links in the network.
The figure below shows an example of this.
As the operator of the MPLS-with-traffic-engineering-enabled network, you can
steer the traffic from A to B over the bottom path, which is not the shortest path between
A and B (four hops versus three hops on the top path). As such, you can send the traffic
over links that might otherwise not be used much. You can guide the traffic in this
network onto the bottom path by changing the routing protocols’ metrics.
7.8.2 MPLS Services
VPN is the most popular service of MPLS.
1. Multimedia Services: It becomes possible to distribute Voice, Video and Data
across the MPLS-VPN network as it is possible in a LAN environment. This
facilitates rapid exchange of information across various sections of an
organization.
2. Intra-Office Voice Calls: MPLS-VPN can carry Intra-Office Voice Calls. It
86
gives high priority to Voice thus ensuring QoS.
3. ERP Solutions : Many companies use ERP solutions for online Business
Transactions with peer companies, customers, dealers, branch offices etc., These
kind of online transactions require high speed, congestion free, robust network
which is made possible by MPLS-VPN.
4. Access VPNs: Employees of a company who are constantly on the move require
to connect to their Office Network to access various kinds of information like
Product Catalogs, Inventory checks, Tariff Plans etc., Such Users can access this
information from their Office networks with the help of Access VPNs irrespective
of their location.
5. Intranet: An intranet is a private computer network that uses Internet protocols,
network connectivity to securely share part of an organization's information or
operations with its employees
6. Extranet: One Company may prefer to exchange information from other
companies to speedup business transactions. An extranet is a private network that
uses Internet protocols, network connectivity, and possibly the public
telecommunication system to securely share part of an organization's information
or operations with suppliers, vendors, partners, customers or other businesses. An
extranet can be viewed as part of a company's Intranet that is extended to users
outside the company .
7. Multicast: Multicast is widely deployed in enterprises, but not all, commercial
stock exchanges and multimedia content delivery networks, where it is used for
efficiently utilizing the networks resources for one to many or many to many
communication. For example, a common enterprise use of IP Multicast is for IP
TV applications like distance learning or televising company meetings. In stock
exchanges it is used for distributing stock trading data. In content delivery
networks it is used to provide commercial television to a set of subscribers over IP
infrastructure.
8. Virtual Private LAN Service (VPLS) emulates a LAN segment across the MPLS
backbone across pseudowires or virtual circuits. VPLS creates one or more LANs
87
for each customer who is using the service from the service provider. Each LAN,
of course, is completely separate from the other emulated LAN segments—hence
the “P” for “Private” in VPLS. When the customer with different Ethernet sites
connects to an MPLS backbone where VPLS is deployed, it appears as if all the
sites are interconnected through a virtual Ethernet switch.
7.8.3 Advantages:
Reduction in Complexity of the Network
Savings on Cost
Fully Managed Services
Reduction of trained man power for maintaining the network
All services given over a single CORE network
High Reliability and Security
7.8.4 Disadvantages
The router has to understand MPLS An additional layer is added
88
Chapter 8
VIRTUAL PRIVATE NETWORK
8.1 Introduction
Businesses today are looking to the Internet for wide area network (WAN)
solutions that in the recent past they could get only by choosing Frame Relay or T1
dedicated links. To achieve the security that is required for corporate users, virtual private
networks (VPNs) can be used to guarantee that traffic is securely tunneled over the
Internet. Up to now, most VPNs have been provisioned using Layer 2 technologies, such
as Frame Relay and asynchronous transfer mode (ATM). These technologies provided
secure tunnels, were resistant to Denial-of-Service (DoS) and intrusion attacks, and
provided address and routing separation. The problem with Layer 2 VPN technology is
that it does not scale well. As the network grows, the number of required virtual circuits
achieving optimal routing scales non-linearly. It is also difficult to provide traffic
engineering using a Layer 2 VPN approach.
MPLS-VPN is a family of methods for harnessing the power of Multiprotocol
Label Switching (MPLS) to create Virtual Private Networks (VPNs). MPLS is well
suited to the task as it provides traffic isolation and differentiation without substantial
overhead. A layer 3 MPLS-VPN, also known as L3VPN, combines enhanced BGP
signaling, MPLS traffic isolation and router support for VRFs (Virtual
Routing/Forwarding) to create an IP based VPN. Compared to other types of VPN such
as IPSec VPN or ATM, MPLS L3VPN is more cost efficient and can provide more
services to customers.
A private network constructed over a shared infrastructure
A virtual private network (VPN) consists of two topological areas
89
1. the Provider's network
2. the Customer's network
Provider’s network
runs across the public Internet infrastructure
Consists of routers that provide
VPN services to a customer's network
normal IP services to other customers.
Customer's network
The customer's network is commonly located at multiple physical sites.
The provider's network connects the various customer sites
This network appears to the customer/provider a private network.
VPNs have to remain private and isolated from other VPNs and from the
public Internet
o Provider's network ensures this by maintaining policies that keep
routing information separate for individual VPNs
8.2 VPN Classification Model
Fig 8a: Classification model
• Customer premises VPN (CPE-VPNs)
– L2TP and PPTP
– IPsec tunnel mode
90
PE
PE
CPE
CPE
Subscriber
Site 3
PP-VPN
Subscriber
Site 2CPE
PE
VPN Tunnel
VPN Tun
nel V
PN
Tun
nel
CPE
PE PE
PE
CPE
CPE
CPE-VPN
VPN TunnelSubscriber
Site 1
Subscriber
Site 3
Subscriber
Site 2
VP
N T
unn
el
VPN Tun
nel
Subscriber
Site 1
• Provider-provisioned VPN (PP-VPNs)
– BGP/MPLS-based Layer 3 VPNs
– Layer 2 MPLS-VPNs
The general types of VPNs are:
– Layer 2 VPNs
– Layer 3 VPNs
• Each of the above VPNs has different capabilities and requires different type of
configuration
8.3 Layer 3 VPN Terminologies
Layer 3 VPNs contain the following types of network devices
– Provider edge (PE) routers
– Provider (P) routers
– Customer edge (CE) devices
Fig 8b: Layer 3 layout diagram
PE Routers
• PE routers in the provider's network connect to customer edge devices located at
customer sites.
• PE routers support VPN and label functionality.
• The label functionality can be provided either by
– Resource Reservation Protocol (RSVP) or
– Label Distribution Protocol (LDP)
• Provider Edge (PE) routers also
91
CEPP
PECE
CE
CE
PE VPN AVPN AVPN AVPN A
VPN BVPN B VPN BVPN B
PE
– Maintain VPN-specific forwarding tables
– Exchange VPN routing information with other PE routers using BGP
– Use MPLS LSPs to forward VPN traffic
P Routers
• P-routers are Routers within the core of the provider's network
• Not connected to any routers at a customer site
• Part of the tunnel between pairs of PE routers
• Provider routers support MPLS LSP or LDP functionality
• But do not need to support VPN functionality.
• Forward VPN data transparently over established LSPs
• Do not maintain VPN-specific routing information
CE Routers
• CE devices are Routers or switches located at the customer's site that connect to
the provider's network.
• CE devices are typically IP routers.
• VPN functionality is provided by the PE routers.
• The CE routers have no special configuration requirements for VPNs.
8.4 IPv4 Addresses For VPNs
• Layer 3 VPNs connect private networks
• Can use public address space or
• Private addresses, as defined in RFC 1918
– 10.0.0.0/8
– 172.16.0.0/12
– 192.168.0.0/16
• When the private networks use private addresses, the addresses might overlap
with the addresses of another private network.
92
Fig 8c: Example Scenario
In the above scenario, figure 8c, the sites within VPN A and VPN B use the address
spaces 10.1.0.0/16, 10.2.0.0/16, and 10.3.0.0/16 for their private networks.
• MPLS/BGP VPNs solve this problem by prefixing a VPN identifier to each
address from a particular VPN site.
• An address that is unique both within the VPN and within the public Internet is
created.
• In addition, each VPN has its own VPN-specific routing table that contains the
routing information for that VPN only.
• The new address is part of the VPN-Internet Protocol Version 4 (IPv4) address
family,
• It is a BGP address family added as an extension to the BGP protocol.
• In VPN-IPv4 addresses, a value that identifies the VPN is called as Route
Distinguisher
• Route Distinguisher is prefixed to the private IPv4 address to make it unique.
93
PP
PP
PP PE 2 PE 2
VPN AVPN A
Site 3Site 3
VPN AVPN A
Site 1Site 1VPN BVPN B
Site2Site2
VPN BVPN B
Site 1Site 1
PE 1PE 1PE 3PE 3
VPN AVPN A
Site2 Site2
CE–A1CE–A1
CE–B1CE–B1 CE–A3CE–A3
CE–A2CE–A2
CE–B2CE–B2
PP
VPN BVPN B
Site3Site3
CE–B3CE–B3
10.1/1610.1/16
10.3/1610.3/16
10.2/1610.2/16
10.3/1610.3/16
10.2/1610.2/16
10.1/1610.1/16
Fig 8d: IPv4 addressing
8.5 VPN-IPv4 address family
– New BGP-4 address family identifier
– Route Distinguisher (RD) + Subscriber IPv4 prefix
– Route distinguisher disambiguates IPv4 addresses
– Supports the private IP address space
– Allows ISP to administer its own “numbering space”
• VPN-IPv4 routes
– Ingress PE prefixes RD to IPv4 prefix of routes received from each CE
– VPN-IPv4 routes are exchanged between PEs using BGP
– Egress PE converts VPN-IPv4 routes into IPv4 routes before inserting into
site’s routing table
• VPN-IPv4 is used only in the control plane
– Data plane uses MPLS and IPv4 addressing
8.6 Route Distinguisher (RD)
• Only the PE routers need to support the VPN-IPv4 address extension to BGP.
• Ingress PE router receives an IPv4 route from a device within a VPN & converts it
into a VPN-IPv4 route by prefixing the RD to the route.
• The VPN-IPv4 addresses are used only for routes exchanged between PE routers
using BGP.
94
Route Distinguisher (RD)Route Distinguisher (RD)
TypeType AdministratorAdministrator AssignedAssigned
numbernumber
Subscriber IPv4 prefixSubscriber IPv4 prefix
(2 bytes)(2 bytes) (variable(variable
length)length)
(variable(variable
length)length)
(4 bytes)(4 bytes)
• Egress PE router receives a VPN-IPv4 route thru’ BGP it converts it back to an IPv4
route by removing the RD & announces the route to its connected CE routers.
• 2 byte Type field identifies the format of RD.
• The remaining 6-byte value is in one of the following formats:
1. as-number :number
2. ip-address :number
• ipv4 address : 4-byte address of a device within the VPN is suffixed to RD.
8.6.1 VPN Routing and Forwarding Tables
• PE router creates a separate routing table for each VPN, called a VPN routing and
forwarding (VRF) table to separate a VPN routes from normal IP routes in the public
Internet and from routes of other VPNs
• The PE router creates one VRF table for each VPN that has a connection to a
CE router.
• Any customer or site that belongs to the VPN can access only the routes in the
VRF tables for that VPN.
• Each customer connection is associated with one VRF table.
• Only the VRF table associated with a customer site is consulted for packets from that
site.
• If a next hop to a destination is not found in the VRF table, the router performs a
lookup in the global routing table, which is used for Internet access, if configured.
• Each VRF is populated with:
• Routes received from directly connected CE routers associated with the VRF
• Routes received from other PE routers with acceptable BGP attributes
• Only the VRF associated with a VPN is used for packets from a site of that VPN
• This provides isolation between VPNs
8.7 Target VPN or Route Target
95
• Target VPN—identifies a set of sites within a VPN to which a PE router distributes
routes.
• This attribute is also called the Route Target.
• The route target is used by the egress PE router to determine whether a received route
is destined for a VPN that the router services.
Figure 8.13: route target
• PE Router PE1 adds the route target "VPN B" to routes received from the customer
edge (CE) router at Site 1 in VPN B.
• When it receives the route, the egress router PE2 examines the route target,
determines that the route is for a VPN that it services, and accepts the route.
• When the egress router PE3 receives the same route, it does not accept the route
because it does not service any CE routers in VPN B.
8.8 Typical Data Flow In VPN
The PE to PE LSP must be in place before forwarding data across the MPLS
backbone
– LSPs are signaled through LDP or RSVP
• The CE performs a traditional IPv4 lookup and sends packets to the PE
• The PE consults the appropriate VRF for the inbound interface
• Two labels are derived from the VRF route lookup and “pushed” onto the packet
• Packets are forwarded using two-level label stack
96
– Outer IGP label
• Identifies the LSP to egress PE router
• Derived from core’s IGP and distributed by RSVP or LDP
– Inner BGP label
• Identifies outgoing interface from egress PE to CE
• Derived from BGP update from egress PE
• After packets exit the ingress PE, the outer label is used to traverse the service
provider
– P routers are not VPN-aware
• The outer label is removed through penultimate hop popping.
• The inner label is removed at the egress PE
• The native IPv4 packet is sent to the outbound interface associated with the label
Fig 8e
Fig 8f
97
Fig 8g
Fig 8h
8.9 MPLS - Layer 2 VPN
• Provider edge device delivers Layer 2 circuit IDs (DLCI, VPI/VCI, or VLAN ID) to
the customer
– Customer sees standard FR or ATM PVCs
• Provider edge device maps the circuit ID to an MPLS LSP to traverse the provider
core
– Label stacking could be used to improve scalability
• Customer maps their own routing architecture to the circuit mesh
– Customer routes are transparent to provider
– Separation of administrative responsibility is present
8.9.1 The benefits of Layer 2 MPLS-VPNs
• Service providers do not have to invest in separate Layer 2 equipment to provide
Layer 2 VPN service.
• A Layer 2 MPLS-VPN allows you to provide Layer 2 VPN service over an existing
IP and MPLS backbone.
• You can configure the PE router to run any Layer 3 protocol in addition to the
Layer 2 protocols.
• In Layer 2 VPN Customers can maintain control over most of the administration of
their own networks.
8.9.2 Implementing a Layer 2 VPN
• Implementing a Layer 2 VPN on a router is similar to implementing a VPN using
ATM/FR.
98
• The Layer 2 VPN traffic is forwarded to the PE router in a Layer 2 format from CE
router.
• It is carried by MPLS over the service provider's network and then converted back to
Layer 2 format at the receiving site.
• Different Layer 2 formats can be configured at the sending and receiving sites.
• The security and privacy of an MPLS Layer 2 VPN are equal to those of an ATM or
Frame Relay VPN.
• On a Layer 2 VPN, routing occurs on the customer's routers, typically on the
customer edge (CE) router.
• The CE router connected to a service provider on a Layer 2 VPN must select the
appropriate circuit to send traffic.
• The provider edge (PE) router receiving the traffic sends it across the service
provider's network to the PE router connected to the receiving site.
• PE routers do not need to know the customer's routes or routing topology; they need
to know only in which tunnel to send the data.
• For a Layer 2 VPN, customers need to configure their own routers to carry all Layer 3
traffic.
• The service provider needs to know only how much traffic the Layer 2 VPN will need
to carry.
• The service provider's routers carry traffic between the customer's sites using Layer 2
VPN interfaces.
Chapter 9
IMPLEMENTATION OF MPLS-VPN
99
Figure 9: Major implementation of MPLS-VPN
P Routers
• P-routers are Routers within the core of the provider's network
• Not connected to any routers at a customer site
• Part of the tunnel between pairs of PE routers
• Provider routers support MPLS LSP or LDP functionality
• But do not need to support VPN functionality.
• Forward VPN data transparently over established LSPs
• Do not maintain VPN-specific routing information
CE Routers
• CE devices are Routers or switches located at the customer's site that connect to the
provider's network.
100
• CE devices are typically IP routers.
• VPN functionality is provided by the PE routers.
• The CE routers have no special configuration requirements for VPNs.
– Located at customer premises.
– Provide access to the service provider network.
– Can use any access technology or routing protocol for the CE-PE connection.
PE Routers
• PE routers in the provider's network connect to customer edge devices located at
customer sites.
• PE routers support VPN and label functionality.
• The label functionality can be provided either by
– Resource Reservation Protocol (RSVP) or
– Label Distribution Protocol (LDP)
• Provider Edge (PE) routers also
– Maintain VPN-specific forwarding tables
– Exchange VPN routing information with other PE routers using BGP
– Use MPLS LSPs to forward VPN traffic
9.1 Basic Router configuration commands
For p1 router:
Router# conf t
101
Router(config)#host name p1
P1(config) # interface serial 3/7
P1(config-if)#ip address 20.1.1.2 255.0.0.0
P1(config-if)#no shut
P1(config-if)# encapsulation ppp
P1(config-if)# clock rate 64000
P1(config-if)#exit
P1(config-if)#exit
P1#wr
Invoking OSPF protocol on router
P1#config t
P1(config)# ip routing
P1(config)# router OSPF 20
P1(config-router)#network 20.0.0.0 0.255.255.255 area_0
P1(config-router)#network 30.0.0.0 0.255.255.255 area_0
P1(config-router)#exit
P1#wr
#show ip route
9.2 Result:Communication from CE1 to CE2:CE1>en Password: CE1#show run Building configuration...
102
Current configuration: version 11.2 no service password-encryption no service udp-small-servers no service tcp-small-servers !hostname CE1 ! enable secret 5 $1$VF3y$uoutdbBZ2XM2f/q8arMf9. enable password cisco
interface Serial1/0 ip address 10.1.1.1 255.0.0.0 encapsulation ppp router ospf 20 network 10.0.0.0 0.255.255.255 area 0 ! no ip classless speed 9650 password cisco end
CE1#show ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 10.1.1.1/32 is directly connected, Serial1/0C 10.0.0.0/8 is directly connected, Serial1/0O 40.0.0.0/8 [110/845] via 30.1.1.2, 00:02:11, Serial1/0P1#ping 40.1.1.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 40.1.1.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 msCommunication from CE2 to CE1:CE2>en password: CE2#show run Building Configuration...done ! No configuration change since last restart
103
! software version 5.1.25(integrity) !software image file rpl-i-5.1.25.bin !compiled on Nov 25 2005, 15:15:46
hostname CE2
interface serial1/0 physical-layer sync encapsulation ppp ip address 40.1.1.2 255.0.0.0 exit
router ospf 20 network 40.0.0.0 0.255.255.255 area 0 exit
exit
!end
CE2#show ip route Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP
Gateway of last resort is not set
O 30.0.0.0/8 [110/1562] via 40.1.1.1, 00:10:25, serial1/0 C 40.0.0.0/8 is directly connected, 00:10:36, serial1/0 C 127.0.0.0/8 is directly connected, 00:10:53, lo0 C 40.1.1.1/32 is directly connected, 00:10:36, serial1/0
CE2#ping 10.1.1.1Press key (ctrl + shift + 6) interrupt it.Sending 5, 76-byte ICMP Echos to 30.1.1.1 , timeout is 2 seconds:!!!!!Success rate is 100% (5/5). Round-trip min/avg/max = 49/49/49 ms.
CE2#9.3 MPLS-VPN Source Code (Global scenario)
(Basic MPLS Lab using LDP)
P1: Basic MPLS configuration using LDP:
104
Configuring OSPF 100
P1# conf t
P1(config)# router ospf 100
P1(config-router)# network 2.2.2.2 0.0.0.0 area 0
P1(config-router)# network 20.0.0.0 0.255.255.255 area 0
P1(config-router)# network 30.0.0.0 0.255.255.255 area 0
P1(config-router)# exit
P1(config)#
Configuring / Saving MPLS / CEF on all interfaces
P1(config)# ip cef
P1(config)# mpls ip
P1(config)# mpls label protocol ldp
P1(config)# mpls ldp router-id loopback 0
P1(config)# interface serial 1/0
P1(config-if)# mpls ip
P1(config-if)# mpls label protocol ldp
P1(config-if)# exit
P1(config)# interface serial 1/1
P1(config-if)# mpls ip
P1(config-if)# mpls label protocol ldp
P1(config-if)# exit
105
P1# wr mem
Building configuration
[ok]
P1#
PE1: Basic MPLS configuration using LDP:
Configuring OSPF 100
PE1# conf t
PE1(config)# router ospf 100
PE1(config-router)# network 1.1.1.1 0.0.0.0 area 0
PE1(config-router)# network 20.0.0.0 0.255.255.255 area 0
PE1(config-router)# exit
PE1(config)#
Configuring / Saving MPLS / CEF on all interfaces except PE1-CE1 interface
PE1(config)# ip cef
PE1(config)# mpls ip
PE1(config)# mpls label protocol ldp
PE1(config)# mpls ldp router-id loopback 0
PE1(config)# interface serial 1/6
PE1(config-if)# mpls ip
PE1(config-if)# mpls label protocol ldp
PE1(config-if)# exit
106
PE1# wr mem
Building configuration
[ok]
PE1#
PE2: Basic MPLS configuration using LDP:
Configuring OSPF 100
PE2# conf t
PE2(config)# router ospf 100
PE2(config-router)# network 3.3.3.3 0.0.0.0 area 0
PE2(config-router)# network 30.0.0.0 0.255.255.255 area 0
PE2(config-router)# exit
PE2(config)#
Configuring / Saving MPLS / CEF on all interfaces except PE2-CE2 interface
PE2(config)# ip cef
PE2(config)# mpls ip
PE2(config)# mpls label protocol ldp
PE2(config)# mpls ldp router-id loopback 0
PE2(config)# interface serial 1/2
PE2(config-if)# mpls ip
PE2(config-if)# mpls label protocol ldp
PE2(config-if)# exit
107
PE2# wr mem
Building configuration
[ok]
PE2#
MPLS-VPN BASED L3 VPN USING MP-iBGP/e-BGP
PE1: MPLS-VPN BASED L3 VPN USING MP-BGP/e-BGP
Creation of VPN ( VRF-table) and assigning route-distinguisher / Route-target :
PE1# conf t
PE1(config)# ip vrf vpn1
PE1(config-vrf)# rd 100:1
PE1(config-vrf)# route-target both 100:10
PE1(config-vrf)# exit
Assigning an interface to the VRF table :
PE1(config)# interface serial 2/7
PE1(config-if)# ip vrf forwarding vpn1
interface serial 2/7 ip address 10.1.1.2 removed due to enabling vrf vpn1
PE1(config-if)# ip address 10.1.1.2 255.0.0.0
PE1(config-if)#no shutdown
PE1(config-if)# exit
PE1#wr mem
Building configuration
108
[ok]
PE1#
Configuring MP-iBGP
PE1# conf t
PE1(config)# router bgp 100
PE1(config-router)# neighbor 3.3.3.3 remote-as 100
PE1(config-router)# neighbor 3.3.3.3 update-source loopback 0
PE1(config-router)# no synchronization
PE1(config-router)# no auto-summary
PE1(config-router)# address-family ipv4 vrf vpn1
PE1(config-router-af)# neighbor 10.1.1.1 remote-as 20
PE1(config-router-af)# neighbor 10.1.1.1 activate
PE1(config-router-af)# neighbor 10.1.1.1 next-hop self
PE1(config-router-af)# no synchronization
PE1(config-router-af)# no auto-summary
PE1(config-router-af)# exit
PE1(config-router)# address-family vpnv4
PE1(config-router-af)# neighbor 3.3.3.3 activate
PE1(config-router-af)# neighbor 3.3.3.3 next-hop self
PE1(config-router-af)# neighbor 3.3.3.3 send-community extended
PE1(config-router-af)# exit
109
PE1(config-router)# exit
PE1(config)# exit
PE1# wr mem
Building configuration
[ok]
PE1#
CE1 : eBGP configuration
Configuring BGP 20 : -
CE1# conf t
CE1(config)# router bgp 20
CE1(config-router)# no synchronization
CE1(config-router)# no auto-summary
CE1(config-router)# network 10.0.0.0
CE1(config-router)# network 100.100.100.100 mask 255.255.255.255
CE1(config-router)# neighbor 10.1.1.2 remote-as 100
CE1(config-router)# end
CE1# wr mem
Building configuration [ok] CE1#
CE2 : eBGP configuration
Configuring BGP 30 : -
CE2# conf t
110
CE2(config)# router bgp 30
CE2(config-router)# no synchronization
CE2(config-router)# no auto-summary
CE2(config-router)# network 40.0.0.0
CE2(config-router)# network 200.200.200.200 mask 255.255.255.255
CE2(config-router)# neighbor 40.1.1.1 remote-as 100
CE2(config-router)# end
CE2# wr mem
Building configuration
[ok]
CE2#
9.4 Verification commands
E.g.: for PE1 router
PE1# show ip vrf
PE1# show ip vrf detail
PE1# show ip vrf interfaces
PE1# show ip protocols vrf vpn1
PE1# show ip route vrf vpn1
PE1# show ip bgp vpnv4 vrf vpn1
PE1# show ip bgp vpnv4 vrf vpn1 neighbors
PE1# show ip bgp vpnv4 all summary
111
PE1# show ip bgp neighbors
PE1# show mpls forwarding vrf vpn1
PE1# show ip cef vrf vpn1
PE1# ping vrf vpn1 200.200.200.200
PE1# trace vrf vpn1 200.200.200.200
Note: LDP protocol uses loopback ip foe sending updates between routers
How to give loop back address
Router# conf t
Router(config)# interface loopback 0
Router(config-if)# ip address 1.1.1.1 255.255.255.255
9.5 Output Result:
PE1#sh ip vrf vpn1
Name Default RD Interfaces
Vpn1 100:1 Se2/7
PE1#sh ip vrf detail vpn1
VRF vpn1 (VRF Id = 100); default RD 100:1; default VPNID <not set>
Description: *** VRF Name: vpn1, Date: 2010.10.15 13:33:07, Customer id: 304 ***
Interfaces:
Se2/7
VRF Table ID = 100
Export VPN route-target communities
112
RT: 100:10
Import VPN route-target communities
RT: 100:10
No import route-map
No export route-map
VRF label distribution protocol: not configured
VRF label allocation mode: per-prefix
Vrf-conn-aggr for connected and BGP aggregates (Label 2834)
<cr>
PE1#sh ip vrf interfaces vpn1
Interface IP-Address VRF Protocol
Se2/7 10.1.1.2 vpn1 up
PE1#sh ip protocols vrf vpn1
*** IP Routing is NSF aware ***
Routing Protocol is "bgp 9829"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGP synchronization is disabled
Automatic route summarization is disabled
Redistributing: connected, static
Maximum path: 1
113
Routing Information Sources:
Gateway Distance Last Update
Distance: external 20 internal 200 local 200
PE1#sh ip route vrf c vpn1
Routing Table: vpn1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is not set
C 10.1.1.2/8 is directly connected, Serial2/7
C 20.1.1.1/8 is directly connected, Serial1/6
L 192.168.3.1/24 is directly connected, Ethernet0/0
L 1.1.1.1/32 is directly connected, loopback 0
PE1#sh ip bgp vpnva 4 vpn1
BGP table version is 12872, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
114
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - Incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf vpn1)
*> 10.1.1.2/8 0.0.0.0 0 32768 ?
*> 20.1.1.1/8 0.0.0.0 0 32768 ?
PE1#sh ip bgp vpnv4 vrf vpn1 neighbors
A.B.C.D Neighbor to display information about
| Output modifiers
PE1#sh ip bgp vpnv4 all summary
BGP router identifier local AS number 100
BGP table version is 128471, main routing table version 128471
109199 network entries using 159054 bytes of memory
193987 path entries using 131916 bytes of memory
1 multipath network entries and 2 multipath paths
6495/6186 BGP path/best path attributes entries using 493620 bytes of memory
453 BGP rrinfo entries using 10872 bytes of memory
868 BGP AS-PATH entries using 23492 bytes of memory
2009 BGP extended community entries using 76774 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
115
BGP using 29738928 total bytes of memory
BGP activity 934914/825075 prefixes, 4293032/4098156 paths, scan interval 15 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.1 4 20 262 2047 128471 0 0 04:20:39 3
3.3.3.3 4 100 4309 32652 12844471 0 0 3d00h 4
192.168.3.1 4 65065 5577 22237 12846049 0 0 3d20h 1
PE1#sh mpls forwarding-table vrf vpn1
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or VC or Tunnel Id Switched interface
2834 Pop Label IPv4 VRF [V] 0 aggregate/vpn1
PE1# sh mpls forwarding-table vrf vpn1 ip cef vrf vpn1
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
127.0.0.0/8 drop
10.1.1.2 Attached Serial2/7
10.1.1.2 receive Serial2/7
20.1.1.1 attached Serial2/7
20.1.1.1 receive Serial2/7
116
20.1.1.2 attached Serial2/7
20.1.1.2 receive Serial2/7
30.1.1.1 attached Serial2/7
30.1.1.1 receive Serial2/7
30.1.1.2 attached Serial2/7
30.1.1.2 receive Serial2/7
40.1.1.1 attached Serial2/7
40.1.1.2 receive Serial2/7
1.1.1.1/32 receive Serial2/7
2.2.2.2/32 receive Serial2/7
3.3.3.3/32 receive Serial2/7
255.255.255.255/32 receive
PE1# sh int se2/7
Serial2/7 is up, line protocol is up
Hardware is Multichannel T1/E1 without TDM
Description: *** Site Name: VRF Name: vpn1, Date: 2010.10.15 19:53:16, Customer
id: 304, Service:56724 ***
Encapsulation PPP, LCP Open
Keepalive set (10 sec)
Last input 00:00:07, output 00:00:07, output hang never
Last clearing of "show interface" counters 1d01h
117
Input queue: 0/75/0/2 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 7000 bits/sec, 3 packets/sec
5 minute output rate 5000 bits/sec, 3 packets/sec
PE1#ping vrf vpn1 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/24 ms
9.6 Screen Shots:
118
119
120
121
Chapter 10
CONCLUSION & FUTURE SCOPE
10.1 Conclusion
We have concluded that MPLS is having better traffic engineering when
compared to its peers. It has maximum efficiency and has zero packet dropping. We have
built a virtual private network using five routers and implemented MPLS on that network
and found the results to be very much relative to the theoretical results. It provides better
quality of services.
10.2 Future Scope
MPLS has become popular and has seen many implementations and deployments
by service providers. The original idea for inventing MPLS was a better integration of IP
in ATM networks. However, MPLS—or Tag Switching as it was called originally—has
seen success that has surprised many people in the networking industry. A big part of the
sensation is the result of the huge success of MPLS-VPN in the industry. Service
providers quickly recognized the great benefits of MPLS-VPN and deployed it quickly
while features for it were still being developed. These days even enterprise customers are
looking at MPLS-VPN with interest. They might have already deployed MPLS-VPN for
the benefit of a greater scalability. Other benefits to them are the separation of
departments, or the easier deployment of PE and CE routers. Today, Any Transport over
MPLS (AToM), MPLS traffic engineering (TE), and VPLS are experiencing a growing
interest from the industry, and service providers are deploying these MPLS applications.
Because most service provider networks are already running MPLS for the MPLS-VPN
service, the operators and technical support people have the experience in deploying and
troubleshooting MPLS. It then becomes a smaller step to deploy one of the other MPLS
applications.
122
MPLS will have more development and the proliferation will continue to happen.
For now, MPLS can still grow in those two areas. MPLS is no longer solely used by
service providers, but more and more by enterprise networks that have a larger network
diameter or that have specific needs. Furthermore, MPLS has already moved from the
core of the network closer to the edge. An example of this is the extensions of the LSPs
onto the CE router for the easier deployment of QoS in MPLS-VPN networks. Although
MPLS-VPN autonomous systems are still interconnected via IP most of the time, in the
future, more and more MPLS-VPN networks will be interconnected via MPLS, and the
packets will be sent labeled toward the other autonomous system. The interconnection
between MPLS networks will not be limited to interconnecting MPLS-VPN networks but
will also be used to switch AToM or IPv6 traffic from one provider to another. This trend
of more labeled packets in places where they are not today will most likely continue.
123
REFERENCES
1. Multiprotocol Label Switching (MPLS) Traffic Engineering
2. IP Based Virtual Private Networks, RFC 2341, A. ValenciaPoint-to-Point
Tunneling Protocol (PPTP), RFC 2637, K. Hamzeh
3. RFC 2917, A Core MPLS IP VPN Architecture
4. "AT&T Frame Relay and IP-Enabled Frame Relay Service", Research and
Markets
5. Framework for Multi-Protocol Label Switching (MPLS)-based Recovery, RFC
3469, V. Sharma & F. Hellstrand
6. OpenBSD ssh manual page, VPN section
7. JANET UK "Different Flavours of VPN: Technology and Applications"
8. www.mplsrc.com
9. Wikiepedia.com
10. www.ciscopress.com
11. www.google.com
12. www.howstuffworks.com
13. www.bsnl.co.in
124
![Les VPN MPLS - igm.univ-mlv.frigm.univ-mlv.fr/~dr/XPOSE2010/LesVPNMPLS/doc/[IR3][Xpose]-bdavenel... · Cours d’histoire VPN MPLS Et apr es? Les VPN MPLS B. DAVENEL Ing enieurs 2000,](https://img.dokumen.tips/doc/110x75/5bef13e109d3f2eb288bc490/les-vpn-mpls-igmuniv-mlvfrigmuniv-mlvfrdrxpose2010lesvpnmplsdocir3xpose-bdavenel.jpg)
![Les VPN MPLS - dr/XPOSE2010/LesVPNMPLS/doc/[IR3][Xpose... · Cours d’histoire VPN MPLS Et apr es? Les VPN MPLS B. DAVENEL Ing enieurs 2000, Universit e Paris-Est Marne la Vall ee](https://img.dokumen.tips/doc/110x75/5b98ab7809d3f2ef798c7a56/les-vpn-mpls-drxpose2010lesvpnmplsdocir3xpose-cours-dhistoire.jpg)
