60
Huawei-3Com Training Center MPLS L2 VPN MPLS L2 VPN ISSUE 1.0 ISSUE 1.0 ries Routers VRP3.30 Training Presentation Slides

Mpls l2 VPN Principle

Embed Size (px)

DESCRIPTION

Mpls l2 VPN Principle

Citation preview

  • ObjectivesProvide a architectural overview to MPLS L2 VPNGive a rough discussion to data flow of general MPLS L2 VPNProvide a general discussion to Martini and Kompella signaling method

  • Course ContentsMPLS L2 VPN OverviewMPLS L2 VPN Data FlowSignaling Methods

  • Whats L2 VPNTraditional L2 VPN is based on circuit-like technology.It just use virtual circuit to construct connections among VPN sites.It provide better flexibility than leased line.

    SBSASCdlci:103dlci:102dlci:301dlci:302rt1rt2rt3dlci:201dlci:203dlci:504rt5rt4rt6dlci:506dlci:405dlci:406dlci:604dlci:605Frame Relay NetworkWe will refer to these VPNs as "Layer 2 VPNs" because the service provider providers only a layer 2 interface to its customer, and the customer is responsible for creating and managing the layer 3 overlay.

    Enterprises have long built their own wide-area networks by purchasing wide-area point-to-point data link layer connectivity from service providers, and then building their own layer 3 infrastructure on top of that. Originally the data links from the service provider were leased lines, and the layer 3 overlays were termed "private networks". Later, virtual circuits of various sorts (X.25, Frame Relay, ATM) began to replace leased lines, and the layer 3 overlays were termed "virtual private networks". (Though what makes a leased line less virtual than an ATM VC is difficult to understand.) We will refer to these VPNs as "Layer 2 VPNs" because the service provider provides only a layer 2 interface to its customer, and the customer is responsible for creating and managing the layer 3 overlay.

  • Problems of Traditional L2 VPNProblemsToo complex control informationToo much configuration JobsTotal system has to share same l2 technology.MPLS L2 VPN intends to solve all these problems by following technologies:Solution 1: Tunnel TechnologySolution 2: Pre-provisionSolution 3: IP Backbone

    However, many of these service providers would like to replace their Frame Relay or ATM infrastructures with an IP infrastructure.

    using an IP infrastructure to provide a layer 2 interface to customers. The term "Layer 2 VPN" may be somewhat misleading, in that the SP does not actually provide a VPN to the customer. The SP provides layer 2 connectivity, and the customer builds his own VPN, using the provided layer 2 connectivity as one of the building blocks. The problem is really how to provide the layer 2 connectivity over an IP backbone, rather than how to provide a network service over an IP backbone.

  • Basic Scenarios of MPLS L2 VPNObviously, this solution provide better scalability and flexibility.

    dlci:103dlci:102dlci:301dlci:302rt1rt2rt3dlci:201dlci:203dlci:504rt5rt4rt6dlci:506dlci:405dlci:406dlci:604dlci:605TunnelEmulated Virtual Circuit

    an "Emulated VC" must be carried across the IP backbone from PE1 to PE2

  • Whats tunnel?Tunnel just has the traditional meanings. Tunnel here just could be GRE or other tunnel. Certainly, two MPLS LSPs can do same job. X and Y here indicate the data transported in the tunnel.

    Label:17Label:18Label:100Label:101inNHLFE101pop, send to up layerxpush 17, send to B

    LFIB of AABC

    inNHLFE100Swap 101, send to A17Swap 18, send to CLFIB of B

    inNHLFEypush 100, send to B18pop, send to up layerLFIB of CXY

  • Whats Emulated VC?Below scenarios illustrate how to connect 2 local Frame Relay DLCI by 2 MPLS LSP emulated VC in a MPLS tunnel. (Question: why we need tunnel?)

    1718100101inNHLFE101pop, send to up layerCpush 17, send to B

    LFIB of AABC

    inNHLFE100Swap 101, send to A17Swap 18, send to CLFIB of B

    inNHLFEApush 100, send to B18pop, send to up layerLFIB of Cdlci 150 dlci 250 10002000EVC LSPTunnel LSPDlci:150push 1000, send to C2000pop, send to dlci 150Dlci:250push 2000, send to A1000send to dlci 250

    This process is unidirectional, and will be repeated independently for bidirectional operation.

  • How do these VCs and tunnels work?This is MPLS L2 VPN!

    inNHLFE101pop, send to up layerCpush 17, send to BLFIB of AABC

    inNHLFE100Swap 101, send to A17Swap 18, send to CLFIB of B

    inNHLFEApush 100, send to B18pop, send to up layerLFIB of CDlci:150push 1000, send to C2000pop, send to dlci 150Dlci:250push 2000, send to A1000send to dlci 250150L2 frame100017100018250

    Note that this technique allows an unbounded number of layer 2 "VCs" to be carried together in a single "tunnel". Thus it scales quite well in the network backbone.

  • But MPLS L2 VPN is not only this!We have seen basic thoughts of MPLS L2 VPN. But that not all. Since following essential questions still havent been answered:How to transmit L2 data in the MPLS network according control information which is illustrated in before slides?

    Whats the encapsulation?How to simulate different l2 network behaviors in MPLS network? How to establish all the control information?

    How to establish the tunnel?How to establish the EVC (Emulated Virtual Circuit)?

  • Course ContentsMPLS L2 VPN OverviewMPLS L2 VPN Data FlowSignaling Methods

  • MPLS L2VPN Data Flow L2 EncapsulationData Flow Model

  • L2 Data EncapsulationGenerally, L2 data transmitted in backbone has 3 parts of encapsulation:Tunnel Header

    It contains the information needed to transport the L2 PDU across backbone;Demultiplexer Field

    It is used to distinguish individual emulated virtual circuits within a single tunnel;Emulated VC Encapsulation

    It contains the information about the enclosed layer 2 PDU which is necessary in order to properly emulate the corresponding layer 2 protocol.

  • Tunnel & Demultiplexer EncapsulationTunnel here could be based on any tunnel encapsulation technology: MPLS, GRE, etc. MPLS label should be used be as demultiplexer Field.Here is a typical encapsulation manner:

    EXPTunnel LabelSTTL0EXPEVC LabelTTL1S

    the "tunnel header", which contains the information needed to transport the PDU across the IP or MPLS network; this is header belongs to the tunneling protocol, e.g., MPLS, GRE, L2TP.the "demultiplexer field", which is used to distinguish individual emulated virtual circuits within a single tunnel; this field must be understood by the tunneling protocol as well; it may be, e.g., an MPLS label or a GRE key field.

  • Emulated VC EncapsulationQuotes from draft-martini-l2circuit-encap-mpls-04.txtIn most cases, it is not necessary to transport the layer 2 encapsulation across the network; rather, the layer 2 header can be stripped at R1(the ingress edge router), and reproduced at R2(the egress edge router). This is done using information carried in the control word, as well as information that may already have been signaled from R1 to R2.

    L2 EncapsulationsTunnelDemultiplexerControl word

  • Control Word DetailsFlags is protocol specific.The value of the length field, if non-zero, can be used to remove any padding.The sequence number could be used to guarantee ordered packet delivery.

    In the above diagram the first 4 bits are reserved for future use. They MUST be set to 0 when transmitting, and MUST be ignored upon receipt.The next 4 bits provide space for carrying protocol specific flags. These are defined in the protocol-specific details below.The next 2 bits MUST be set to 0 when transmitting.The next 6 bits provide a length field, which is used as follows: If the packet's length (defined as the length of the layer 2 payload plus the length of the control word) is less than 64 bytes, the length field MUST be set to the packet's length. Otherwise the length field MUST be set to zero. The value of the length field, if non-zero, can be used to remove any padding. When the packet reaches the service provider's egress router, it may be desirable to remove the padding before forwarding the packet.The next 16 bits provide a sequence number that can be used to guarantee ordered packet delivery. The processing of the sequence number field is OPTIONAL.The sequence number space is a 16 bit, unsigned circular space. The sequence number value 0 is used to indicate an unsequenced packet.

  • Layer 2 Frame EncapsulationLayer 2 frames could be transmittedFrame RelayATM AAL5 CPCS-SDUATM CellEthernet VLANEthernetHDLCPPP

    Following are the Protocol-Specific Details for flags

  • Frame RelayB: BECNF: FECND: DEC: C/R

    A Frame Relay PDU is transported without the Frame Relay header or the FCS. The control word is REQUIRED; however, its use is optional, although desirable. Use of the control word means that the ingress and egress LSRs follow the procedures below. If an ingress LSR chooses not to use the control word, it MUST set the flags in the control word to 0; if an egress LSR chooses to ignore the control word, it MUST set the Frame Relay control bits to 0. The BECN, FECN, DE and C/R bits are carried across the network in the control word. The edge routers that implement this document MAY, when either adding or removing the encapsulation described herein, change the BECN and/or FECN bits from zero to one in order to reflect congestion in the network that is known to the edge routers, and the D/E bit from zero to one to reflect marking from edge policing of the Frame Relay Committed Information Rate. The BECN, FECN, and D/E bits SHOULD NOT be changed from one to zero.

  • ATM AAL5 CPCS-SDUT: Transport typeE: EFCIL: CLPC: Command / Response

  • Ethernet VLAN & EthernetEthernet frame without the preamble or FCS is transported as a single packet. The control word is OPTIONAL. The 4 byte VLAN tag is transported as is, and MAY be overwritten by the egress router.

  • PPP & HDLCThe HDLC PDU is transported in its entirety, including the HDLC address, control and protocol fields, but excluding HDLC flags and the FCS.The PPP PDU is transported in its entirety, including the protocol field, but excluding any media-specific framing information, such as HDLC address and control fields or FCS.

  • MPLS L2VPN Data Flow L2 EncapsulationData Flow Model

  • L2 Data Flow ModelWhat MPLS L2 VPN stipulate is L2 network, and all L2 network could be classified as:LAN: Ethernet, Ethernet with VLANWAN: Frame Relay, ATM, HDLC, PPP, Ethernet (PTP), Ethernet with VLAN (PTP)So, all MPLS L2 VPN could be classified as:VPLS: Virtual private LAN serviceVPWS: Virtual private Wire service

  • VPWS ScenariosVPWS provide simple point-to-point services. CE must configure a VC to any site it willing to communicate with.

    dlci:103dlci:301dlci:302CE1CE2CE3dlci:201dlci:203PE1PE2PE3Pdlci:102

    A VPWS is a VPN service that supplies a L2 point-to-point service. Being a point-to-point service where there are very few scaling issues with the service as such. Scaling issues might arise from the number of end-points that can be supported on a particular PE.

  • PE ModelPE model in VPWS is very simple: they just works the same thing like WAN switch. Just take MPLS-emulated VC like PVC in frame relay network. (Another approximated conclusion is: Just take tunnel as interface, and take EVC as PVC)

    The PE does a simple mapping between the PW and attachment circuit based on local information, i.e. the PW de-multiplexor and incoming/outgoing logical/physical port. pseudo wireThe PE thus acts as a virtual circuit switch. A "Pseudowire" (PW) is a relation between two PE devices. Whereas an AC is used to carry a frame from CE to PE, a PW is used to carry a frame between two PEs. We use the term "pseudowire" in the sense of [PWE3-FW].

    Setting up and maintaining the PWs is the job of the PEs. State information for a particular PW is maintained at the two PEs which are its endpoints, but not at other PEs, and not in the backbone routers (P routers).

  • VPWS Data Forwarding InformationBefore L2 data forwarding happening, all equipment involved must have the forwarding information established.

    CE1PE1PE2PCE2IPDLCICE2102IN102NHLFEpush 1000; push 100, send to P IN1011000NHLFEpop; send to up layerpop; send DLCI 201 100swap 101, send to PE2 INNHLFEIPDLCICE1201

  • VPWS Data FlowThe forwarding action is simple: just searching and sending.In order to communication with CE2 & CE3, CE1 has to configure 2 address maps. The total system works like a Frame Relay network.

    dlci:103dlci:301dlci:302CE1CE2CE3dlci:201dlci:203PE1PE2PE31000100201tunneldemultiplexerdemultiplexercontrol wordP102dlci:102

  • VPLS ScenariosVPLS provide an LAN-like services. Any CE only need 1 connection to PE.

    CE1CE2CE3PE1PE2PE3PABC

    A VPLS is an L2 service that in all respects emulates LAN across a Wide Area Network (WAN). Thus it also has all the scaling characteristics of a LAN. Other scaling issues might arise from the number of end-points that can be supported on a particular PE.

  • PE ModelPE here simulate a virtual LAN switch for each VPN. VSI works in a same manner with LAN Switch.

    VSI: Virtual Switching InstancesMAC Address TablePhysical Ethernet InterfacesLogical Ethernet Interfacesout going LSPincoming LSPTunnel LSPMACInterfaceControl FlowData FlowForwarding Engine

    The following diagram shows a VPLS reference model where PE devices that are VPLS-capable provide a logical interconnect such that CE devices belonging to a specific VPLS appear to be connected by a single logical Ethernet bridge. A VPLS can contain a single VLAN or multiple, tagged VLANs. The VPWS-PE and VPLS-PE are functionally very similar, the they both use forwarders to map attachment circuits to pseudo-wires. The only differences is that while the forwarder in a VPWS-PE does a one-to-one mapping between the attachment circuit and psedo-wire, the forwarder in a VPLS-PE is a Virtual Switching Instance (VSI) that maps multiple attachment circuits to multiple pseudo-wires

  • VPLS Forwarding InformationJust like LAN switch, VPLS forwarding information is not completely established before data forwarding happen.VSI has been established before the happening of data forwarding, which means that MPLS tunnel and VC LSP has been established.MAC address table contents are dynamically maintained by forwarding action.

  • VPLS Data FlowWhen data forwarding happens, VPLS dynamically establish some control information (Just like LAN Switch).

    PPE1PE2PE3CE1CE2CE3E0E1E0E0E0E1E0E1E0ABCMACInterfaceMACInterface

    A, BAE0

    A, BVSI of the VPLS in PE1VSI of the VPLS in PE2

    A, BAE1VSI of the VPLS in PE3

    A, BAE 1

    MAC address tableInterface ListMACInterfaceInterfaceAttributesE0Physical LinkAVIF 0VIF 0out lsp:(300, 3000) in lsp:(151,1500)VIF 1out lsp:(350, 3500) in lsp:(251,2500)

    MAC address tableInterface ListMACInterfaceInterfaceAttributesAVIF 0E0Physical LinkVIF 0out lsp:(200, 2000) in lsp:(101,1000)VIF 1out lsp:(250, 2500) in lsp:(301,3000)

    MAC address tableInterface ListMACInterfaceInterfaceAttributesAE0E0Physical LinkVIF 0out lsp:(100, 1000) in lsp:(201,2000)VIF 1out lsp:(150, 1500) in lsp:(301,3000)

    INNHLFE100Swap 101, send to PE2;150Swap 151, send to PE3;200Swap 201, send to PE1;250Swap 251, send to PE3;300Swap 301, send to PE1;350Swap 351, send to PE2;

  • Course ContentsMPLS L2 VPN OverviewMPLS L2 VPN Data FlowSignaling Methods

  • Signaling Methods General ConceptMartini MethodKompella Method

  • General ConceptSignaling is not an very accuracy item. Basically, signaling here has relation with following three technologies:Tunnel SignalingVC Signaling VPN Topology Discovery

  • Tunnel SignalingTunnel Signaling is the technology used to establish tunnel. Some of them are used very widely (not limit in L2 VPN):MPLS Tunnel

    LDP/CR-LDPRSVP-TETraditional Tunnel

    L2TPGREIPSECPEPEPEP

  • VC SignalingVC signaling means the technology used to establish emulated VC between PES. Major differences among different MPLS L2 VPN technologies lies in this point.Typical VPWS technologies Martini Solution (LDP)Kompella Solution (BGP)Typical VPLS technologies Martini Extensive Solution (LDP) Other Solutions (LDP or BGP)

    PPEPECECE

    Dlci 190, name vc1Dlci 290, name vc1I bind vc1 with label1000I bind vc1 with label2000

  • VPN Topology DiscoveryVPN topology discovery means the distribution of the site information that make up of VPN. It is a very important element of constructing scalable L2 VPN.Most implementation adopts BGP as topology discovering technology.

    ABCVPLS V1 VPLS V1 VPLS V1

  • Signaling Methods General ConceptMartini MethodKompella Method

  • Martini MPLS L2 VPNMartini L2 VPN is defined by following 2 drafts:draft-martini-l2circuit-encap-mpls-04draft-martini-l2circuit-trans-mpls-08Martini solution is a VPWS technology:Tunnel Signaling Technology: LDPVC Signaling Technology: LDP Remote Peer

  • Basic Thoughts of Martini SignalingMajor tasks of Martini Signaling are:Tunnel signaling

    LDP is used to establish MPLS tunnels between PEs. However, other tunnels also could be used.VC signaling

    PE names each attached VC by a 32 bits number: VC-ID.LDP remote peer relationship is established between 2 PES, then it is used to distribute and maintain label & VC bindings.PE1CE2PE2CE1PVC-ID:1DLCI:100DLCI:200VC-ID:1(1,1000;PE1)(1,2000;PE2)

  • How could LDP do it?A new LDP FEC TLV is defined:

    VC FEC

    Only a single VC FEC element MUST be advertised per LDP VC label.

  • Fields in VC FECC = 1 means control word will present on this VC.VC Type: Frame Relay DLCI, ATM AAL5 VCC transport, ATM transparent cell transport, Ethernet VLAN, Ethernet, HDLC, PPP, CEM, ATM VCC cell transport, ATM VPC cell transportGroup ID: An arbitrary 32 bit value which represents a group of VCs that is used to create groups in the VC space.VC ID: A non zero 32-bit connection ID that together with the VC type, identifies a particular VC. Interface parameters: This variable length field is used to provide interface specific parameters, such as interface MTU.

    VC information length Length of the VC ID field and the interface parameters field in octets. If this value is 0, then it references all VCs using the specified group ID and there is no VC ID present, nor any interface parameter.

  • Signaling DetailsTunnel SignalingIt could be based on any form of signaling technology.

    PE1PE2CE1PDCLI 500CE1DCLI 600abcd(PE1,100;a)(PE1,101;c)(PE2,200;d)(PE2,201;b)PE2push 201, send to b 100pop, send to up layer INNHLFEPE1push 101, send to c 200pop, send to up layer INNHLFE100Swap 101, send to d 200Swap 201, send to aINNHLFELDP Label Mapping

  • Signaling DetailsVC SignalingLDP Remote Peer, Downstream Unsolicited label distribution

    PE1PE2CE1PDCLI 500CE1DCLI 600abcdPE2push 201, send to b 100pop, send to up layer INNHLFEPE1push 101, send to c 200pop, send to up layer INNHLFE100Swap 101, send to d 200Swap 201, send to aINNHLFE(VC1,1000;PE1)(VC1,2000;PE2)dlci 600push 1000, send to PE1 2000pop, send to dlci 600 dlci 500push 2000, send to PE2 1000pop, send to dlci 500

  • Summary of Martini SolutionIts simple, and so it is efficient. (VPLS signaling could be simply based this solution).It just provide point to point connecting services, so it seems that it is too simple.

  • Signaling Methods General ConceptMartini MethodKompella Method

  • Kompella MPLS L2VPN SolutionKompella solution is defined by following 2 draftsdraft-martini-l2circuit-encap-mpls-04draft-kompella-ppvpn-l2vpn-00.txtKompella solution is a VPWS technology:Tunnel Signaling Technology: LDPVC Signaling Technology: BGP2 significant featuresTopology auto discoveryAuto Configuration

  • General ConceptKompella is a similar L2 VPN solution as Martini solutionThey share same tunnel technology.They are based on similar transporting encapsulation.Basic thoughts of VC signaling are same: establish a binding between 2 simplex LSP and a VC. Compares to Martini solution, Kompella solution provides 3 additional featuresTopology auto discovery. (Martini just provide point to point connection services)Automatic configuration. (Just plug CE, then it will work) .Layer 2 interworking.

  • Basic Thoughts of Kompella SignalingSignaling ProtocolsMBGP(BGP Multiprotocol Extensions): A series of extended communities are defined. They are used both for topology discovery and VC signaling.Basic thoughts of Kompella SignalingPE identify each attached CE with a CE-ID. CE-IDs are unique in the scope of one VPN.PE use MBGP to distribute bindings of each attached CE (say CEI) with a list of labels to all other PEs. Any other PE will pick one label in the list for the VC encapsulation when it want to forward traffic from one of its own attached CE to CEI.BGP extended community RT (Route Target) is used to distinguish different VPNs.

  • Rough Overview-Tunnel SignalingBy common LDP (or other tunnel technology), tunnels could be established between all PEs.

    ACBPEAPEBPECCE:1CE:3CE:2abc

    INNHLFEPEBPush 201, send from a;PECPush 301, send from a;100Pop, send to up layer;150Pop, send to up layer;

    INNHLFEPEAPush 101, send from b;PECPush 351, send from b;200Pop, send to up layer;250Pop, send to up layer;

    INNHLFEPEAPush 151, send from c;PEBPush 251, send from c;300Pop, send to up layer;350Pop, send to up layer;

  • Rough Overview-VC SignalingYou neednt configure CE-CE connections manually!

    ACBPEAPEBPECCE:1CE:3CE:2RT(100:1),CE-ID(1), Label Block(1000, 1001)RT(100:1),CE-ID(2),Label Block(2000, 2001)RT(100:1),CE-ID(1), Label Block(1000, 1001)RT(100:1),CE-ID(3),Label Block(3000, 3001)RT(100:1),CE-ID(3),Label Block(3000, 3001)RT(100:1),CE-ID(3),Label Block(2000, 2001)Here need a mapping algorithm!

    INNHLFE1-2Push 2000, send to PEB;1-3Push 3000, send to PEC;1000Pop, send to up layer;1001Pop, send to up layer;

    INNHLFE3-1Push 1001, send to PEA;3-2Push 2001, send to PEB;3000Pop, send to up layer;3001Pop, send to up layer;

    INNHLFE2-1Push 1000, send to PEA;2-3Push 3001, send to PEC;2000Pop, send to up layer;2001Pop, send to up layer;

    Why BGP is used?

    It is important to build a VP Network but not only point to point connection. BGP is powerful in this field.It is easy and familiar for objective maintain people.Just like BGP routing, NLRI is same to all peers.Now CE-CE connection configurations is not needed. Here just use a implicit mapping function:

    Each CE has binding with a set of label. This binding is distributed by the PE directly connected with the CE.CEi attached to PE should use ith label of CEj.

  • Rough Overview: Data Flow

    ACBPEAPEBPECCE:1CE:3CE:21->23->12->3

    INNHLFE1-2Push 2000, push 201; send from a;1-3Push 3000, push 301; send from a;1000Pop, send from 2-1;1001Pop, send from 3-1;100Pop, send to up layer;150Pop, send to up layer;

    INNHLFE3-1Push 1001, push 151; send from c;3-2Push 2001, push 251; send from c;3000Pop, send from 1-3;3001Pop, send from 2-3;300Pop, send to up layer;350Pop, send to up layer;

    INNHLFE2-1Push 1000, push 101; send from b;2-3Push 3001, push 351; send from b;2000Pop, send from 1-2;2001Pop, send from 3-2;200Pop, send to up layer;250Pop, send to up layer;

  • CE-Labels Binding: AnalysisAs we have discussed, Its naturally to ask all labels bind with one CE should be continuous. Could it be one contiguous block?The amounts of labels of a CE reflects amounts of remote CEs it need to connect with. When a new CE is added to the VPN, and if one contiguous label block is used, here are following 2 solutions:

    Reallocation: Reallocate attached added VC and reallocate all labels bound with the respect CE.Pre-provision: pre-allocate local VCs (Frame Relay DLCIs, ATM VPI/VCIs etc. ) and labels corresponded for future usage.Reallocation is not a good solution. Pre-provision is a good idea, but you could not always know everything in the future. So, following label space arrangement is used in this solution.

  • CE-Labels Binding: label space arrangementBasic thoughtsAll labels bound with a CE is composed of a number of label block.A label block is a set of contiguous labels.Some conceptsCE Range; Label block ( Label base, Label range); Block Offset.

    9 DLCIs: 100-109CE1Its range is 9.It intends to connect with CE2 to CE10 Labels bound with this CE could be:Block Offset:158Label Base: 1000Label Range: 4Label Base: 2000Label Range:3Label Base: 3000Label Range: 31000100110021003200020012002300030013002Here label 1000 is just used for algorithm simplicity.

    Here label 1000 is just used for algorithm simplicity. It has no meanings, and it could be omitted.

  • CE-Labels Binding: Distribution & UsageSuppose CE1 we just discussed is in a below network:PEB will use choose label 2001 for CE6->CE1 traffic.

    CE1CE6PEAPEB15810001001100210032000200120023000300130026->1

  • How could BGP do this?A new AFI for L2-VPN, a new SAFI, and also a new NLRI format for carrying the individual L2-VPN label-block information are introduced to MBGP.L2VPN NLRIs MUST be accompanied by one or more extended communities. RT is one of them.

    RD is used to distinguish bindings belong to different VPNs. Example: Circuit Status Vector TLV.

  • BGP Extended Communities for L2VPNRoute TargetIt is used to construct VPN topology.Layer2-Info Extended CommunityIt is used to carry layer 2 specific information in a VPN.

  • L2 InterworkingKompella solution of MPLS L2 VPN could provide Layer 2 interworking, where there is no restriction on Layer 2, but Layer 3 must be IP. The idea is straight: only transport IP packets in the backbone. The encapsulation is:

  • Questions

  • Huawei-3Com Technology Co., Ltd.Thank You !www.huawei-3com.com

    6 .ppt4

    Enterprises have long built their own wide-area networks by purchasing wide-area point-to-point data link layer connectivity from service providers, and then building their own layer 3 infrastructure on top of that. Originally the data links from the service provider were leased lines, and the layer 3 overlays were termed "private networks". Later, virtual circuits of various sorts (X.25, Frame Relay, ATM) began to replace leased lines, and the layer 3 overlays were termed "virtual private networks". (Though what makes a leased line less virtual than an ATM VC is difficult to understand.) We will refer to these VPNs as "Layer 2 VPNs" because the service provider provides only a layer 2 interface to its customer, and the customer is responsible for creating and managing the layer 3 overlay.using an IP infrastructure to provide a layer 2 interface to customers. The term "Layer 2 VPN" may be somewhat misleading, in that the SP does not actually provide a VPN to the customer. The SP provides layer 2 connectivity, and the customer builds his own VPN, using the provided layer 2 connectivity as one of the building blocks. The problem is really how to provide the layer 2 connectivity over an IP backbone, rather than how to provide a network service over an IP backbone.an "Emulated VC" must be carried across the IP backbone from PE1 to PE2 This process is unidirectional, and will be repeated independently for bidirectional operation. Note that this technique allows an unbounded number of layer 2 "VCs" to be carried together in a single "tunnel". Thus it scales quite well in the network backbone.the "tunnel header", which contains the information needed to transport the PDU across the IP or MPLS network; this is header belongs to the tunneling protocol, e.g., MPLS, GRE, L2TP.the "demultiplexer field", which is used to distinguish individual emulated virtual circuits within a single tunnel; this field must be understood by the tunneling protocol as well; it may be, e.g., an MPLS label or a GRE key field.In the above diagram the first 4 bits are reserved for future use. They MUST be set to 0 when transmitting, and MUST be ignored upon receipt.The next 4 bits provide space for carrying protocol specific flags. These are defined in the protocol-specific details below.The next 2 bits MUST be set to 0 when transmitting.The next 6 bits provide a length field, which is used as follows: If the packet's length (defined as the length of the layer 2 payload plus the length of the control word) is less than 64 bytes, the length field MUST be set to the packet's length. Otherwise the length field MUST be set to zero. The value of the length field, if non-zero, can be used to remove any padding. When the packet reaches the service provider's egress router, it may be desirable to remove the padding before forwarding the packet.The next 16 bits provide a sequence number that can be used to guarantee ordered packet delivery. The processing of the sequence number field is OPTIONAL.The sequence number space is a 16 bit, unsigned circular space. The sequence number value 0 is used to indicate an unsequenced packet. A Frame Relay PDU is transported without the Frame Relay header or the FCS. The control word is REQUIRED; however, its use is optional, although desirable. Use of the control word means that the ingress and egress LSRs follow the procedures below. If an ingress LSR chooses not to use the control word, it MUST set the flags in the control word to 0; if an egress LSR chooses to ignore the control word, it MUST set the Frame Relay control bits to 0. The BECN, FECN, DE and C/R bits are carried across the network in the control word. The edge routers that implement this document MAY, when either adding or removing the encapsulation described herein, change the BECN and/or FECN bits from zero to one in order to reflect congestion in the network that is known to the edge routers, and the D/E bit from zero to one to reflect marking from edge policing of the Frame Relay Committed Information Rate. The BECN, FECN, and D/E bits SHOULD NOT be changed from one to zero.A VPWS is a VPN service that supplies a L2 point-to-point service. Being a point-to-point service where there are very few scaling issues with the service as such. Scaling issues might arise from the number of end-points that can be supported on a particular PE. The PE does a simple mapping between the PW and attachment circuit based on local information, i.e. the PW de-multiplexor and incoming/outgoing logical/physical port. pseudo wireThe PE thus acts as a virtual circuit switch. A "Pseudowire" (PW) is a relation between two PE devices. Whereas an AC is used to carry a frame from CE to PE, a PW is used to carry a frame between two PEs. We use the term "pseudowire" in the sense of [PWE3-FW].

    Setting up and maintaining the PWs is the job of the PEs. State information for a particular PW is maintained at the two PEs which are its endpoints, but not at other PEs, and not in the backbone routers (P routers). A VPLS is an L2 service that in all respects emulates LAN across a Wide Area Network (WAN). Thus it also has all the scaling characteristics of a LAN. Other scaling issues might arise from the number of end-points that can be supported on a particular PE. The following diagram shows a VPLS reference model where PE devices that are VPLS-capable provide a logical interconnect such that CE devices belonging to a specific VPLS appear to be connected by a single logical Ethernet bridge. A VPLS can contain a single VLAN or multiple, tagged VLANs. The VPWS-PE and VPLS-PE are functionally very similar, the they both use forwarders to map attachment circuits to pseudo-wires. The only differences is that while the forwarder in a VPWS-PE does a one-to-one mapping between the attachment circuit and psedo-wire, the forwarder in a VPLS-PE is a Virtual Switching Instance (VSI) that maps multiple attachment circuits to multiple pseudo-wiresOnly a single VC FEC element MUST be advertised per LDP VC label. VC information length Length of the VC ID field and the interface parameters field in octets. If this value is 0, then it references all VCs using the specified group ID and there is no VC ID present, nor any interface parameter.Why BGP is used?

    It is important to build a VP Network but not only point to point connection. BGP is powerful in this field.It is easy and familiar for objective maintain people.Just like BGP routing, NLRI is same to all peers.Now CE-CE connection configurations is not needed. Here just use a implicit mapping function:

    Each CE has binding with a set of label. This binding is distributed by the PE directly connected with the CE.CEi attached to PE should use ith label of CEj.Here label 1000 is just used for algorithm simplicity. It has no meanings, and it could be omitted.


Mpls Mpls VPN

Mpls Mpls VPN

Documents
Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/2/2d/MPLS.pdf · Multiprotocol Label Switching (MPLS) ... L2 VPN, L2 virtual P2P lines, Voice (->QoS, ... •

Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/2/2d/MPLS.pdf · Multiprotocol Label Switching (MPLS) ... L2 VPN, L2 virtual P2P lines, Voice (->QoS, ... •

Documents
Document de spécification - RENATER · propose des solutions de VPN (L2/L3 VPN) reposant sur le protocole MPLS. Avec le service de L2VPN MPLS, deux établissements peuvent bénéficier

Document de spécification - RENATER · propose des solutions de VPN (L2/L3 VPN) reposant sur le protocole MPLS. Avec le service de L2VPN MPLS, deux établissements peuvent bénéficier

Documents
L2 MPLS VPN (VPLS) Technology White Paper - H3Cmpls v… · S9500 L2 MPLS VPN (VPLS) Technology White Paper Hangzhou H3C Technologies Co., ... L3 VPN, L2 VPN, traffic engineering,

L2 MPLS VPN (VPLS) Technology White Paper - H3Cmpls v… · S9500 L2 MPLS VPN (VPLS) Technology White Paper Hangzhou H3C Technologies Co., ... L3 VPN, L2 VPN, traffic engineering,

Documents
MPLS aware MPLS L2-VPN VPWS (PW) and VPLS MPLS L3 … · MPLS L3-VPN unified RFC 3107 carry label information BGPv4 ... Le VCT sono scambiate tra i PE routers attraverso il protocollo

MPLS aware MPLS L2-VPN VPWS (PW) and VPLS MPLS L3 … · MPLS L3-VPN unified RFC 3107 carry label information BGPv4 ... Le VCT sono scambiate tra i PE routers attraverso il protocollo

Documents
Диплом MPLS VPN

Диплом MPLS VPN

Documents
Artigo VPN Mpls

Artigo VPN Mpls

Documents
MPLS - VPN

MPLS - VPN

Documents
L3VPN in SURFnet een verkenning · Multi Protocol Label Switching –Laag 2.5 Label EXP S TTL MPLS header: Inner/VPN label Outer label DATA L3 L2 DATA L3 MPLS hdr L2 DATA L3 MPLS

L3VPN in SURFnet een verkenning · Multi Protocol Label Switching –Laag 2.5 Label EXP S TTL MPLS header: Inner/VPN label Outer label DATA L3 L2 DATA L3 MPLS hdr L2 DATA L3 MPLS

Documents
Juniper L2 MPLS VPN

Juniper L2 MPLS VPN

Technology
Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/0/0c/MPLS-frame.pdf · Multiprotocol Label Switching (MPLS) ... L3 VPN, L2 VPN, L2 virtual P2P lines, ... •Between

Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/0/0c/MPLS-frame.pdf · Multiprotocol Label Switching (MPLS) ... L3 VPN, L2 VPN, L2 virtual P2P lines, ... •Between

Documents
MPLS-VPN Services

MPLS-VPN Services

Documents
Multi-Provider MPLS-VPN Trials - SwiNOG · • L2 tells PE router to treat packet according to red VRF 10.0.0.1 IP Packet • L2 removed, ... • Plain MPLS-VPN works within one single

Multi-Provider MPLS-VPN Trials - SwiNOG · • L2 tells PE router to treat packet according to red VRF 10.0.0.1 IP Packet • L2 removed, ... • Plain MPLS-VPN works within one single

Documents
Troubleshooting MPLS VPN Networks · 2019-05-03 · MPLS VPN Control Plane—MPBGP • MPLS VPN is based on RFC2547 • The whole MPLS VPN concept revolves around MP-BGP • MP-BGP

Troubleshooting MPLS VPN Networks · 2019-05-03 · MPLS VPN Control Plane—MPBGP • MPLS VPN is based on RFC2547 • The whole MPLS VPN concept revolves around MP-BGP • MP-BGP

Documents
Mpls vpn toi

Mpls vpn toi

Engineering
MPLS VPN - utcluj.roftp.utcluj.ro/pub/users/dadarlat/retele_master/mpls-vpn/MPLS_VPN/... · MPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across

MPLS VPN - utcluj.roftp.utcluj.ro/pub/users/dadarlat/retele_master/mpls-vpn/MPLS_VPN/... · MPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across

Documents
MPLS VPN. MPLS/BGP VPNs Goals MPLS/BGP VPN Features Implementation Conclusions

MPLS VPN. MPLS/BGP VPNs Goals MPLS/BGP VPN Features Implementation Conclusions

Documents
IxNetwork Multiprotocol Label Switching (MPLS) Test Solution...MPLS device and network • Ethernet VPN emulation validates next -generation VPN technology, delivering both L2 and

IxNetwork Multiprotocol Label Switching (MPLS) Test Solution...MPLS device and network • Ethernet VPN emulation validates next -generation VPN technology, delivering both L2 and

Documents
VPN, MPLS, L2TP, IPsec - rti.etf.bg.ac.rs - VPN, MPLS... · VPN, MPLS, L2TP, IPsec dr Pavle ... L2, L3 • Po poverljivosti podataka – Trusted VPN – Secure VPN MPLS tehnologija

VPN, MPLS, L2TP, IPsec - rti.etf.bg.ac.rs - VPN, MPLS... · VPN, MPLS, L2TP, IPsec dr Pavle ... L2, L3 • Po poverljivosti podataka – Trusted VPN – Secure VPN MPLS tehnologija

Documents
VPN, MPLS, L2TP, IPsec - rti.etf.bg.ac.rsrti.etf.bg.ac.rs/rti/ir4roi/Prezentacije/02 - VPN, MPLS, IPsec.pdf · VPN, MPLS, L2TP, IPsec ... NetA, L3 NetA, L1 NetA, L4 NetA, L2 28 Na

VPN, MPLS, L2TP, IPsec - rti.etf.bg.ac.rsrti.etf.bg.ac.rs/rti/ir4roi/Prezentacije/02 - VPN, MPLS, IPsec.pdf · VPN, MPLS, L2TP, IPsec ... NetA, L3 NetA, L1 NetA, L4 NetA, L2 28 Na

Documents
Troubleshooting MPLS VPN Networks - MIK · • MPLS VPN Troubleshooting Control Plane Forwarding Plane ... Troubleshooting MPLS VPN Networks

Troubleshooting MPLS VPN Networks - MIK · • MPLS VPN Troubleshooting Control Plane Forwarding Plane ... Troubleshooting MPLS VPN Networks

Documents
Mpls l2 VPN Tmpll2v001

Mpls l2 VPN Tmpll2v001

Documents
Deploying Carrier Ethernet L2VPN Over DOCSIS Public 10 What VPN Services? Mass scale Carrier Ethernet Services adoption MPLS-based L3 VPN and L2 VPN services ... IP/MPLS Network HFC

Deploying Carrier Ethernet L2VPN Over DOCSIS Public 10 What VPN Services? Mass scale Carrier Ethernet Services adoption MPLS-based L3 VPN and L2 VPN services ... IP/MPLS Network HFC

Documents
Multiprotocol BGP MPLS VPN - cisco.com...Multiprotocol BGP MPLS VPN AMultiprotocolLabelSwitching(MPLS)virtualprivatenetwork(VPN)consistsofasetofsitesthatare interconnectedbymeansofanMPLSprovidercorenetwork

Multiprotocol BGP MPLS VPN - cisco.com...Multiprotocol BGP MPLS VPN AMultiprotocolLabelSwitching(MPLS)virtualprivatenetwork(VPN)consistsofasetofsitesthatare interconnectedbymeansofanMPLSprovidercorenetwork

Documents
VPN, Mpls, Ipsec

VPN, Mpls, Ipsec

Documents
MPLS VPN Enterprise

MPLS VPN Enterprise

Documents
ISP Architecture MPLS Overview, Design and …...MPLS Basic MPLS Untagged VPN MPLS Tagged VPN L2 MTU - 1522 L2 MTU - 1526 L2 MTU - 1530 L3 MTU ... loopback and next hop reachability

ISP Architecture MPLS Overview, Design and …...MPLS Basic MPLS Untagged VPN MPLS Tagged VPN L2 MTU - 1522 L2 MTU - 1526 L2 MTU - 1530 L3 MTU ... loopback and next hop reachability

Documents
Layer 3 MPLS VPN Enterprise Consumer Guide€¦ · 3 Layer 3 MPLS VPN Enterprise Consumer Guide OL-8851-01 MPLS VPN Primer MPLS VPN Primer VPN service offers a cost-effective way

Layer 3 MPLS VPN Enterprise Consumer Guide€¦ · 3 Layer 3 MPLS VPN Enterprise Consumer Guide OL-8851-01 MPLS VPN Primer MPLS VPN Primer VPN service offers a cost-effective way

Documents
MPLS e VPN

MPLS e VPN

Documents
MPLS NA PLATFORMIE HUAWEI - VECTOR SOLUTIONS · Zalety z L2 i L3 ETYKIETA MPLS LabelDistribution Protocol ... TE QoS VPN DLACZEGO MPLS? VPN. VPN Martini VLL(Virtual Leased Line) KompellaVLL(Virtual

MPLS NA PLATFORMIE HUAWEI - VECTOR SOLUTIONS · Zalety z L2 i L3 ETYKIETA MPLS LabelDistribution Protocol ... TE QoS VPN DLACZEGO MPLS? VPN. VPN Martini VLL(Virtual Leased Line) KompellaVLL(Virtual

Documents