MPLS VPN

MPLS VPN

Tc gi : Nguyn Vn Phng

Mng ring o (VPNVirtual Private Network) l mt mng m cc kt ni ca khch hng trn cc vng c dng trn mt c s h tng chung . Mng ny i vi ngi dng l mng ring, cung cp kh nng v chnh sch nh mt mng ring. Mt mng ring o c th xy dng da trn k thut lp 2 truyn thng nh frame relay hay ATM.

Cc cng ngh IP VPN khc hin c, nh IPSec, L2TP, L2F v GRE tt c u hot ng tt vi cu hnh mng sao (hubandspoke). Tuy nhin, mng ngy nay cn lin lc nhiu chiu (anytoany). h tr iu ny s dng frame relay hay giao thc ng hm th cn phi c cu hnh dng kt ni y (full mesh) cc PVC hay ng hm gia cc vng l thnh vin. Mng khng th cung cp v qun l mt cu hnh y (full mesh topology) s dng cc cng ngh truyn thng vi hng ngn hay chc ngn VPN.

MPLS/VPN cho php thc hin v qun l cu hnh y VPN trn mng xng sng IP. MPLS/VPN cung cp lu lng tch bit gia cc thu bao bng cch gn mt VPF ring bit cho mi VPN ca khch hng. Khi ngi s dng trong mt VPN khng bit c ngi khc VPN khc, mc tch bit ngi dng c th t c bng cc cng ngh VPN lp 2 truyn thng nh frame relay hay ATM.

C bn k thut ln cung cp kh nng xy dng MPLSVPN:- BGP a giao thc (M-BGP),- Router filtering (lc tuyn ng) da trn ch n (route target) l thuc tnh BGP community m rng,- chuyn tip MPLS mang cc gi qua mng xng sng,- s can thip v nh tuyn v chuyn tip ca cc router bin ca nh cung cp.

BGP a giao thc (MP-BGP) chy gia cc router bin nh cung cp trao i thng tin tin t VPN. BGP a giao thc l m rng ca giao thc BGP hin ti. Giao thc ny cho php mang tin t a ch VPN-IPv4 ca khch hng. a ch VPNIPv4 khch hng l mt a ch 12 byte, kt hp ca a ch IPv4 v s phn bit tuyn ng (RDroute distinguisher). 8 byte u l RD; 4 byte tip theo l a ch IPv4.

RD c 64 bit gm trng Type di 2 byte v trng Value di 6 byte. RD c thm vo trc a ch IPv4 ca khch hng thay i chng thnh tin t VPN-IPv4 duy nht ton cu. Mt RD c lin quan vi ASN (Autonomous System Number), gm s h thng t tr v mt s bt buc, v lin quan ti a ch IP, cha a ch IP v mt s bt buc. iu ny cn thit VPN ny khng trng vi VPN khc. S kt hp ca RD vi a ch IP m bo rng a ch VPNIPv4 mi l duy nht.

Bng nh tuyn/chuyn tip VPN (VRF VPN Routing/Forwarding) c xc nh trn mi router PE cho mi VPN. VRF xc nh thnh vin ca mt mng khch hng ni vi router PE. Mi VPN c cha VRF ring, nh vy khch hng thuc mt VPN ch c th ti cc tuyn cha trong VRF .

Mi VRF cha mt bng nh tuyn IP, mt tp cc giao tip dng bng chuyn tip, v mt tp cc quy tt v giao thc nh tuyn cho mt khch hng. VRF ca khch hng cha tt c cc tuyn c th ti trong mng VPN m n l thnh vin. Chuyn tip IP thng c s dng gia router PE v CE. PE lin kt vi mi CE bng bng chuyn tip trn mi mng, bng ny ch cha cc tuyn c th ti router CE . Gia CE v PE, c th dng nh tuyn tnh hay dng nh tuyn ng thng bo bng chuyn tip VRF. Gia cc router PE, BGP a giao thc c dng qung co tin t VPN. Khi mt router PE qung co a ch VPNIPv4 ti PE khc, n dng mt a ch 32 bit (thng l a ch loopback) ca a ch BGP chng k. Cng vy, PE bt ngun t mt tuyn VPN gn nhn cho tuyn . Nhn c thng qua trong cp nht BGP a giao thc. Nhn ny c dng bi PE vo hng gi tin ti ng CE.

Chuyn tip MPLS c dng trong mng xng sng nh cung cp. Mi router PE c mt nhn gn vi a ch BGP a giao thc chng k cho mi PE khc. Khi mt gi tin chuyn tip qua mng xng sng, hai nhn c s dng. Nhn pha trn dn gi ti router PE vo thch hp. Nhn th hai, c gn bi PE ngun, ch cch thc PE vo s chuyn tip gi. Hot ng MPLS/VPN

V d trn hnh 7 din t cch to MPLS/VPN:

Hnh 7 MPLS VPN (1)

1. MPLS chy trn li. Mi router PE qung co a ch loopback ca n: PE1 qung co 1.1.1.1/32 v PE2 qung co 2.2.2.2/32. TDP hay LDP dng phn phi thng tin gn nhn gia cc router chy MPLS. Trn mi router PE, LFIB cha mt nhn gn vi a ch loopback 33bit ca router PE khc. Khi PE1 chuyn tip gi t 2.2.2.2 trn PE2, n s gn thm nhn 20 cho gi v khi PE2 chuyn tip mt gi t 1.1.1.1, n s t nhn 10 cho gi (xem hnh 7).

2. nh tuyn v chuyn tip VPN c to trn PE1 v PE2, gi l VPNA.

3. PE1 dng giao tip S0/0 trong VPN ny v PE2 dng giao tip S0/1.

4. OSPF chy gia cc PE1v CE1; PE2 v CE2.

5. Khi PE1 nhn tuyn ng ti mng 10.1.1.0 t CE1, router t n trong bng nh tuyn ca VPNA. Lc ny, n gn nhn (5) cho tin t. Khi PE2 nhn tuyn ng ti mng 10.1.2.0 t CE2, n t vo bng nh tuyn ca VPNA. Lc ny nhn (6) c gn cho tin t (hnh

6. PE1 sau gi cp nht MP-iBGP a giao thc ti PE2 qung co mng 10.1.1.0. Cp nht cng cha nhn (5) m PE1 gn cho tin t 10.1.1.0, v PE2 gn thm vo bt k gi no ti mng 10.1.1.0 trc khi n chuyn tip gi. Khi PE1 qung co tuyn, n t a ch BGP chng k l 1.1.1.1/32, l a ch loopback ca n.

7. PE2 sau gi cp nht iBGP a giao thc cho PE1 qung co mng 10.1.2.0. Cp nht cng cha nhn (6), m PE2 gn cho tin t 10.1.2.0 v PE1 phi gn thm vo cc gi ti mng 10.1.2.0 trc khi chuyn tip n. Khi PE2 qung co tuyn ng, n t a ch BGP chng k l 2.2.2.2/32 l a ch loopback ca n.

8. PE1 a tin t 10.1.2.0 vo bng nh tuyn ca VPNA v PE2 a tin t 10.1.1.0 vo bng nh tuyn ca VPNA.

Hnh 8 MPLS VPN (2)

9. Lc ny, nu xem bng nh tuyn ca VPNA trn router PE1, s thy thng tin 10.1.2.0 c th ti c qua 2.2.2.2. Tng t nh vy trn bng nh tuyn ca PE2, s cha thng tin mng 10.1.1.0 c th ti c thng qua 1.1.1.1

10. Cc tuyn ng c truyn xung cc router CE dng OSPF, lc ny mng hi t.

11. CE1 by gi gi mt gi ti my 10.1.2.1. Gi c chuyn tip ti PE1. PE1 t nhn trong cho gi l 6. Sau n xem xt ch ti trong bng nh tuyn ca VPNA. N xc nh rng a ch IP chng k l 2.2.2.2. N xem trong LFIB ca n xc nh nhn ra no. Lc ny, PE1 t nhn ngoi cho gi l 20 v chuyn ra giao tip serial hng ti PE2. Nhn ngoi l 20 v nhn trong l 6 (xem hnh 9).

12. Khi PE2 nhn gi nhn, n g b nhn ngoi 20 v kim tra nhn trong. Nhn trong (6) cho router bit giao tip no n s chuyn tip gi ra. Gi sau c chuyn ti CE2.

Hnh 9