Mpls VPN End

Embed Size (px)

Citation preview

Tiu lun chuyn MPLS-VPN

B GIO DC V O TO TRNG HV CNG NGH BU CHNH VIN THNG TP.H CH MINH KHOA IN T VIN THNG

TIU LUN V CHUYN Multiprotocol Label Switching Virtual Private Network

(MPLS-VPN)

Page 1

Tiu lun chuyn MPLS-VPN

Li cm n:Chn thnh cm n thy Nguyn Xun Khnh to iu kin v gip cho chng em hon thnh bi tiu lun ny v cng rt mong s gp v ch bo nhng iu sai st trong ti ny n hon thin hn. V y l mt bi tiu lun nn chc hn s khng cha ng tt c nhng cu trc m mt mng MPLS-VPN c v c kh nng lm c chng ti c gng tm hiu v c bn nu ln nhng ci chnh v mt mng VPN chy giao thc MPLS. Do rt mong nhn c s gp t cc bn, cc bn c th lin lc qua a ch e-mail ny [email protected]. Chn thnh cm n

Nhm SV thc hin: 1. Trn Trng Quc 2. V Vn Tin 3. Nguyn Th T Trinh 4. Nguyn Bo Lc 5. n Ngc Kim Mai 6. Thch ng Quang 7. Nguyn Vn Tr 8. Cao Tin Dng 9. L Xun M 10.Bnh Quc Cng

Page 2

Tiu lun chuyn MPLS-VPN

Phn nh gi v ti:V phn bo co: Nhn Xt:

V cch trnh bi:

Nhn Xt:

V cch tr li cu hi:

Nhn Xt:

Tp HCM, ngy

thng

nm

Thy: Nguyn Xun Khnh

Page 3

Tiu lun chuyn MPLS-VPN Cu trc bi tiu lunLi cm n: .............................................................................................................................................. 2 Phn nh gi v ti: ....................................................................................................................... 3 Phn 1: Gii thiu v chuyn mch nhn a giao thc MPLS ................................................ 6 A.Gii thiu v MPLS. ............................................................................................................................. 6 1.Kh nng m rng n gin. ................................................................................................... 7 2.Mt s ng dng ca MPLS..................................................................................................... 7 B.Cu trc ca mt MPLS. .................................................................................................................... 8 1.Cu trc nhn MPLS. .............................................................................................................. 8 a)Mt phng chuyn tip (Forwarding Plane). .................................................................... 10 b)Mt phng iu khin (Control Plane). ............................................................................. 11 2.Lp chuyn tip tng ng FEC(Forwarding Equivalence Classes)................................ 11 3.ng chuyn mch nhn LSP (Label Switched Path). ........................................................ 12 4.Giao thc phn phi nhn LDP (Label Distribution Protocol). ........................................... 12 5.B nh tuyn chuyn mch nhn LSR(Label Switched Router)............................................ 12 6.Topo mng MPLS. ................................................................................................................. 13 Phn 2: Mng ring o VPN (Vitrual Private Networking) ................................................... 16 A.Gii thiu c bn v mng ring o VPN................................................................................... 16 1.Cc c ch an ton ca VPN. ................................................................................................ 16 2.S Pht Trin Ca VPNs. ...................................................................................................... 17 3.S Thun Li V Bt Li Ca VPNs : ................................................................................... 19 B.Gii thiu cc loi hnh VPN: ....................................................................................................... 20 1.VPN cho cc nh doanh nghip. ............................................................................................ 20 a)Remote access VPN. .......................................................................................................... 20 b)VPN Site to Site.................................................................................................................. 22 2.VPN cho cc nh cung cp dch v: .............................................................................................. 25 a)Overlay VPN. ..................................................................................................................... 25 b)Peer-to-peer VPN. ............................................................................................................. 28 Phn 3: Gii thiu v MPLS VPN:.................................................................................................... 33 A.Cc thnh phn trong MPLS-VPN: .............................................................................................. 34

Page 4

Tiu lun chuyn MPLS-VPN1.Chuyn tip nh tuyn o VRF (Virtual Routing Forwarding). ........................................... 34 2.RD (Route Distinguishers). .................................................................................................... 36 3.RT (Route Targets.)................................................................................................................ 38 B.Kin trc v hot ng ca mt MPLS VPN............................................................................. 41 Phn 4. M phng bng GNS3. ......................................................................................................... 43 1.Cc lnh cu hnh. ............................................................................................................................ 44 a)Cu hnh router A1. ............................................................................................................... 44 b)Cu hnh router PE01............................................................................................................ 45 c)Cu hnh router P. ................................................................................................................. 46 d)Cu hnh router PE02............................................................................................................ 46 e)Cu hnh router A2. ............................................................................................................... 48 B.Kt qu: ............................................................................................................................................... 48

Page 5

Tiu lun chuyn MPLS-VPN

Phn 1: Gii thiu v chuyn mch nhn a giao thc MPLSA.Gii thiu v MPLS. MPLS l mt cng ngh kt hp c bit tt nht gia nh tuyn lp 3 v chuyn mch lp 2 cho php chuyn ti cc gi rt nhanh trong mng li core v nh tuyn tt mng bin edge bng cch da vo nhn label. MPLS l mt phng php ci tin vic chuyn tip gi trn mng bng cc nhn c gn vi mi gi IP, t bo ATM hoc khung lp 2. Phng php chuyn mch nhn gip cc router v MPLS-Enable ATM switch ra quyt nh theo ni dung nhn tt hn vic nh tuyn phc tp theo a ch Ip ch. MPLS kt ni tnh thc thi v kh nng chuyn mch v kh nng chuyn mch lp 2 vi nh tuyn lp 3. Cho php cc ISP c tnh mm do trong bt k s phi hp vi cng ngh lp 2 no nh vy m cc ISP c th gim chi ph, tng li nhun, cung cp nhiu hiu qu khc nhau v t c hiu qu cnh tranh cao. tng khi a ra MPLS l: nh tuyn bin, chuyn mch li

Hnh 1.1: M hnh c bn mng MPLS

Page 6

Tiu lun chuyn MPLS-VPN 1.Kh nng m rng n gin. Tng cht lng mng, c th trin khai cc chc nng nh tuyn m cc cng ngh trc khng th thc hin c nh nh tuyn hin ( explicit routing), iu khin lp. Tch hp gia IP v ATM cho php tn dng ton b cc thit b hin ti trn mng. Tch bit n v iu khin vi n v chuyn mch cho php MPLS h tr ng thi MPLS v B-ISDN. Vic b sung cc chc nng mi sau khi trin khai mng MPLS ch cn thay i phn mm iu khin.

2.Mt s ng dng ca MPLS. Internet c ba nhm ng dng chnh: voice, data, video vi cc yu cu khc nhau: Voice yu cu tr thp, cho php tht thot d liu tng hiu qu. Video cho php tht thot d liu mc chp nhn c, mang tnh thi gian thc (realtime). Data yu cu bo mt v chnh xc cao. MPLS gip khai thc ti nguyn mng t hiu qu cao. Mt s ng dng c trin khai l: MPLS VPN: nh cung cp dch v s dng c s h tng mng cng cng c sn thc thi cc kt ni gia cc site khch hng. MPLS Traggic Engineer: cung cp kh nng thit lp mt hoc nhiu ng i iu khin lu lng mng v cc c trng thc thi cho mt loi lu lng. MPLS Quality of Service: dng Qos cc nh cung cp dch v c th cung cp nhiu loi dch v vi s m bo ti a v Qos cho khch hng.

Page 7

Tiu lun chuyn MPLS-VPN B.Cu trc ca mt MPLS. 1.Cu trc nhn MPLS. Nhn l mt thc th c di ngn, c nh v khng c cu trc bn trong. Nhn khng trc tip m ha thng tin ca mo u lp mng nh a ch lp mng. nhn c gn vo mt gi tin c th s i din cho mt FEC m gi tin c n nh. Dng ca nhn ph thuc vo phng tin truyn tin c ng gi. V d cc gi ATM (t bo) s dng gi tr VPI/VCI nh nhn, Frame relay s dng DLCI lm nhn. i vi cc phng tin gc khng c cu trc nhn, mt on m c chn thm s dng cho nhn. Khun dng on m 4 byte c cu trc nh sau:

Hnh 1.2: Cu trc mo u MPLS. MPLS nh ngha mt tiu c di 32 bit v c to nn ti LSR vo. N phi c t ngay sau tiu lp 2 bt k v trc mt tiu lp 3, y l IP v c s dng bi LSR li vo xc nh mt FEC, lp ny s c xt li trong vn to nhn. Sau cc nhn c x l bi LSR chuyn tip.

Page 8

Tiu lun chuyn MPLS-VPN

Hnh 1.3: Nhn MPLS Khun dng v tiu MPLS c chia ra trong hnh trn. N bao gm cc trng sau: Nhn : gi tr 20 bit, gi tr ny cha nhn MPLS. EXP ( 3 bit): dnh cho thc nghim, c th dung cc bit EXP tng t nh cc bit u tin. S: bit ngn xp, s dng sp xp a nhn. TLL: thi gian sng 8 bit, t ra mt gii hn m cc gi MPLS c th i qua. i vi cc khung PPP hay Ethernet gi tr nhn dng giao thc P-ID ( hoc Ethertype) c chn thm vo mo u khung tng ng thng bo khung l MPLS Unicast hay Multicast.

Page 9

Tiu lun chuyn MPLS-VPN Mt nt ca MPLS c hai mt phng: mt phng chuyn tip MPLS v mt phng iu khin MPLS. Nt MPLS c th thc hin nh tuyn lp 3 hoc chuyn lp 2.

Hnh 1.4: Cu trc mt nt MPLS.

a)Mt phng chuyn tip (Forwarding Plane). Mt phng chuyn tip s dng mt c s thng tin chuyn tip nhn (LFIBLabel Forwarding Information Base) chuyn tip cc gi. Mi nt MPLS c 2 bng lin quan n vic chuyn tip l: c s thng tin nhn (LIB-Label Information Base) v LFIB. LIB cha tt c cc nhn c nt MPLS cc b nh du v nh x ca cc nhn ny n cc nhn c nhn t MPLS lng ging ca n. LFIB s dng mt tp con cc nh cha trong LIB thc hin chuyn tip gi.

Page 10

Tiu lun chuyn MPLS-VPN b)Mt phng iu khin (Control Plane). Mt phng iu khin MPLS chu trch nhim to ra v lu tr LFIB. Tt c cc nt MPLS phi chy mt giao thc nh tuyn IP trao i thng tin nh tuyn n cc nt MPLS khc trong mng. Cc nt MPLS enble ATM s dng mt b iu khin nhn (LSC- Label Switch Controller) nh router 7200, 7500 hoc dng mt m un x l tuyn (RMP- Route Processor Module) tham gia x l nh tuyn IP Cc nhn c trao i gia cc nt MPLS k cn xy dng nn LFIB. MPLS dng mt mu chuyn tip da trn s hon i nhn kt ni vi cc m un iu khin khc nhau. Mi m un iu khin chu trch nhim nh du v phn phi mt tp cc nhn cng nh lu tr cc thng tin iu khin c lin quan khc. Cc giao tip cng ni (IGP-Inter Gateway Protocols) c dng xc nhn cc kh nng n c, s lin kt nh x gia cc FEC v a ch trm k (Next Hop Address)

2.Lp chuyn tip tng ng FEC(Forwarding Equivalence Classes). L mt nhm cc gi IP c cng mt ng i trn mng MPLS v x l ging nhau ti bt k LSR no. Trong nh tuyn truyn thng mt gi c gn ti mt FEC ti mi hop. Cn trong MPLS ch gn mt ln ti LSR ng vo. Trong MPLS cc gi tin n vi cc prefix khc nhau c th gp chung mt FEC, bi v qu trnh chuyn tip gi trong min MPLS ch cn c vo LSR ng vo gn ti FEC cho vic xc nh LSP, cn cc LSR cn li da vo nhn chuyn gi. Vi nh tuyn IP, gi c chuyn da vo IP nn ti mi hop gi u c gn ti mt FEC xc nh ng dn.

Page 11

Tiu lun chuyn MPLS-VPN 3.ng chuyn mch nhn LSP (Label Switched Path). L mt kt ni c cu hnh gia hai LSR, tuyn to ra t u vo n u ra ca mng MPLS dng chuyn tip gi ca mt FEC no s dng c ch chuyn i nhn (Label-Swapping Forwarding). C s d liu nhn LIB L bng kt ni trong LSR c cha cc gi tr nhn/FEC c gn vo cng ra cng nh thng tin v ng gi phng tin truyn.

4.Giao thc phn phi nhn LDP (Label Distribution Protocol). Giao thc phn phi nhn LDP l giao thc trao i thng tin nhn gia cc LSR. Cung cp k thut gip cho cc LSR c kt ni trc tip nhn ra nhau v thit lp lin kt c ch khm ph (discovery mechanism). C 4 loi bn tin: Bn tin Discovery: thng bo v duy tr s c mt ca mt LSR trong mng. Bn tin Adjency: c nhim v khi to, duy tr v kt thc nhng phin kt ni gia cc LSR. Bn tin Label advertisement: thc hin vic thng bo, a ra yu cu, hy b v gii phng thng tin nhn. Bn tin Notification: c s dng thng bo li. Thit lp kt ni TCP trao i cc bn tin (ngoi tr bn tin Discovery). Cc bn tin l tp hp nhng thnh phn c cu trc < type, length, value>.

5.B nh tuyn chuyn mch nhn LSR(Label Switched Router). Giao thc ny hot ng trn kt ni UDP v c th c xem l giai on nhn bit nhau ca hai LSR trc khi chng thit lp kt ni TCP. Mt LSR s qung b bn tin hello ti tt c LSR kt ni trc tip vi n trn mt cng UDP mc nh theo mt chu k nht nh. Tt c cc LSR u lng nghe bn tin hello ny trn cng UDP. Nh

Page 12

Tiu lun chuyn MPLS-VPN LSR bit c a ch ca tt c cc LSR kt ni trc tip vi n. Sau khi bit c a ch ca mt LSR no , mt kt ni TCP s c thit lp gia hai LSR ny. Ngay c khi khng kt ni trc tip vi nhau th LSR vn c th gi nh k bn tin hello n cng UDP mc nh ca mt a ch IP xc nh. V LSR nhn cng c th gi li bn tin hello cho LSR gi thit lp kt ni TCP.

Hnh 1.5: Qu trnh khm ph lng ging bng LDP.

6.Topo mng MPLS. Min MPLS l mt tp k tip cc nt hot ng nh tuyn v chuyn tip MPLS. Min MPLS c th chia thnh Li MPLS (MPLS Core) v Bin MPLS (MPLS Edge).

Page 13

Tiu lun chuyn MPLS-VPN Hnh 1.6: Topo mng MPLS. Khi mt gi tin IP i qua min MPLS, n i theo mt tuyn c xc nh ph thuc vo FEC m n c n nh khi i vo min. Tuyn ny gi l ng chuyn mch nhn LSP. LSP ch mt chiu, tc l cn hai LSP cho mt truyn thng song cng. Cc nt c kh nng chy giao thc MPLS v chuyn tip cc gi tin gc IP c gi l b nh tuyn chuyn mch nhn LSR. LSR li vo (Ingress LSR) x l lu lng i vo min MPLS. LSR chuyn tip (Transit LSR) x l lu lng bn trong min MPLS. LSR li ra (Egress LSR) x l lu lng ri kh i min MPLS. LSR bin (Edge LSR) thng c s dng nh l tn chung cho c LSR li vo v LSR li ra. Cc thit b tham gia trong mt mng MPLS c th c phn loi thnh cc b nh tuyn bin nhn LER v cc b nh tuyn chuyn mch nhn LSR. Thit b LSR: Thnh phn quan trng nht ca mng MPLS l thit b nh tuyn chuyn mch nhn LSR. Thit b ny thc hin chc nng chuyn tip gi tin trong phm vi mng MPLS bng th tc phn phi nhn. Thit b LER: L mt thit b hot ng ti bin ca mng truy nhp v mng MPLS. Cc LER h tr cc cng c kt ni ti cc mng khng ging nhau (nh Frame Relay, ATM, v Ethernet ) v chuyn tip lu lng ny vo mng MPLS sau khi thit lp LSP, bng vic s dng cc giao thc bo hiu nhn ti li vo v phn b lu lng tr li mng truy nhp ti li ra. LER ng vai tr quan trng trong vic ch nh v hu nhn, khi lu lng vo trong hay ra kh i mng MPLS. LER l ni xy ra vic gn nhn cho cc gi tin trc khi vo mng MPLS. Cc thit b bin khc vi cc thit b li ch l: ngoi vic phi chuyn tip lu lng n cn phi thc hin vic giao tip vi cc mng khc.

Page 14

Tiu lun chuyn MPLS-VPN

Cc kiu phn phi nhn Trong mt min MPLS, mt nhn gn ti mt a ch ch c phn phi ti cc lng ging ngc dng sau khi thit lp session. Vic kt ni gia mng c th vi nhn cc b v mt nhn trm k (nhn t router xui dng) c lu tr trong LFIB v LIB. MPLS dng cc phng thc phn phi nhn nh sau:

Hnh 1.7: Qu trnh trao i thng tin nhn trong LDP

Page 15

Tiu lun chuyn MPLS-VPN

Phn 2: Mng ring o VPN (Vitrual Private Networking)A.Gii thiu c bn v mng ring o VPN. VPN cho php bn m rng phm vi mng ni b bng cch s dng li th ca internet. K thut VPN cho php bn kt ni vi mt host nm xa hng ngn dm vi mng LAN ca bn v lm cho n tr thnh mt node hay mt PC na trong mng LAN. Mt c im na ca VPN l s kt ni gia clients v mng o ca bn kh an ton nh chnh bn ang ngi trong cng mt mng LAN. Mc ch mong mun ca cng ngh VPN l vic s dng Internet v tnh ph cp ca n. Tuy nhin, do Internet l ngun thng tin cng cng nn c th c truy cp t bt k ai, bt k lc no, bt k ni u, vic trao i thng tin c th b nghe trm d dng, s truy cp bt hp php v ph hoi d liu khi trao i d liu. Mc ch chnh ca VPN l cung cp bo mt, tnh hiu qu v tin cy trong mng trong khi vn m bo cn bng gi thnh cho ton b qu trnh xy dng mng. VPN c hiu l phn m rng ca mt mng Intranet c kt ni thng qua mng cng cng nhm bo m an ton v tng hiu qu gi thnh kt ni gia hai u ni. C ch v gii hng bo mt tinh vi cng c s dng bo m tnh an ton cho vic trao i nhng d liu d b nh cp thng qua mt mi trng khng an ton. 1.Cc c ch an ton ca VPN. Encryption : M ho d liu l mt qu trnh x l thay i d liu theo mt chun nht nh v d liu ch c th c c bi ngi dng mong mun. c c d liu ngi nhn buc phi c chnh xc mt kha gii m d liu. Theo phng php truyn thng, ngi nhn v gi d liu s c cng mt kho c th gii m v m ho d liu. Lc public-key s dng 2 kha, mt kha c xem

Page 16

Tiu lun chuyn MPLS-VPN nh mt public-key (kha cng cng) m bt c ai cng c th dng m ho v gii m d liu. Authentication : L mt qu trnh x l bo m chc chn d liu s c chuyn n ngi nhn ng thi cng bo m thng tin nhn c nguyn vn. hnh thc c bn, Authentication i h i t nht phi nhp vo Username v Password c th truy cp vo ti nguyn. Trong mt s tnh hung phc tp, s c thm secret-key hoc public-key m ho d liu. Authorization : y l qu trnh x l cp quyn truy cp hoc ngn cm vo ti nguyn trn mng sau khi thc hin Authentication. 2.S Pht Trin Ca VPNs. VPNs khng phi l mt cng ngh hon ton mi, khi nim v VPNs c t 15 nm trc v tri qua nhiu qu trnh pht trin, thay i cho n nay to ra mt dng mi nht. VPNs u tin c pht sinh bi AT&T t cui nhng nm 80 v c bit nh Software Defined Networks (SDNs). Th h th hai ca VPNs ra i t s xut hin ca cng ngh X.25 v mng dch v tch hp k thut s (Integrated Services Digital Network : ISDN) t u nhng nm 90. Hai cng ngh ny cho php truyn nhng dng gi (package streams) d liu qua cc mng chia s chung. Sau khi th h th hai ca VPNs ra i, th trng VPNs tm thi lng ng v chm tin trin, cho ti khi c s ni ln ca hai cng ngh cell-based Frame Relay (FR) Asynchronous Tranfer Mode (ATM). Th h th ba ca VPNs pht trin da theo 2 cng ngh ny. Hai cng ngh ny pht trin da trn khi nim v Virtual Circuit Switching, theo , cc gi d liu s khng cha a ch ngun v ch. Thay vo , chng s mang nhng con tr , tr n cc virtual curcuit ni m d liu ngun v ch s c gii quyt.

Page 17

Tiu lun chuyn MPLS-VPN Ch : Cng ngh Virtual Circuit switching c tc truyn d liu cao (160 Mbs hoc cao hn) hn so vi th h trc-SDN, X.25, ISDN. Tuy nhin vic ng gi IP lu thng bn trong gi Frame Relay v ATM cells th chm. Ngoi ra, mng FR-based v ATM-based cng khng cung cp phng php xc nhn packet-level end-to-end v m ha cho nhng ng dng high-end chng hn nh multimedia. Tunneling l mt k thut ng gi cc gi d liu trong tunneling protocol, nh IP Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), hoc Layer 2 Tunneling Protocol (L2TP) v cui cng l ng gi nhng gi c tunnel bn trong mt gi IP. Tng hp cc gi d liu sau route n mng ch bng cch s dng lp ph thng tin IP. Bi v gi d liu nguyn bn c th l bt c dng no nn tunneling c th h tr a giao thc gm IP, ISDN, FR v ATM.

VPNs Tunneling Protocol : C 3 dng giao thc tunneling ni bt c s dng trong VPNs : IP Security (IPSec) : c pht trin bi IETF, IPSec l mt chun m m bo chc chn qu trnh trao i d liu c an ton v phng thc xc nhn ngi dng qua mng cng cng. Khng ging vi nhng k thut m ho khc, IPSec thc hin tng th 7 trong m hnh OSI (Open System Interconnect), V th, chng c th chy c lp so vi cc ng dng chy trn mng. V v th mng ca bn s c bo mt hn m khng cn dng bt k chng trnh bo mt no. Point-to-Point Tunneling Protocol (PPTP) : Pht trin bi Microsoft, 3COM, v Ascend Communications, PPTP l mt s chn la thay th cho IPSec. Tuy nhin IPSec vn cn c s dng nhiu trong mt s Tunneling Protocol. PPTP thc hin tng th 2 (Data Link Layer). Layer 2 Tunneling Protocol (L2TP) : c pht trin bi Cisco System, L2TP c d nh s thay th cho IPSec. Tuy nhin IPSec vn chim u th hn so v bo mt trn Internet. L2TP l s kt hp gia Layer 2 Forwarding (L2F) v PPTP v c dng

Page 18

Tiu lun chuyn MPLS-VPN ng gi cc frame s dng giao thc Point-to-point gi qua cc loi mng nh X.25, FR, ATM. Ghi ch : L2F l mt protocol c ng k c quyn bi Cisco System m bo vic vn chuyn d liu trn mng Internet c an ton. 3.S Thun Li V Bt Li Ca VPNs : Thun li : Gim thiu chi ph trin khai : Chi ph cho VPNs t hn ng k so vi cch gii quyt truyn thng Gim chi ph qun l. Ci thin kt ni. An ton trong giao dch. Hiu qu v bng thng. Enhanced scalability. Bt li : Ph thuc trong mi trng Internet. Thiu s h tr cho mt s giao thc k tha. Nhng iu Cn Quan Tm Trong VPNs : Tnh an ton. Thao tc gia cc thit b ca cc nh cung cp khc nhau. Qun l tp trung. D trin khai. D s dng. Scalability. Hiu xut. Qun l bng thng. La chn mt nh cung cp dch v (ISP).Page 19

Tiu lun chuyn MPLS-VPN Bo v mng t nhng d liu gi i t nhin bn ngoi.

B.Gii thiu cc loi hnh VPN: 1.VPN cho cc nh doanh nghip. a)Remote access VPN. VPN truy nhp t xa cung cp kh nng truy nhp t xa cho ngi s dng. VPN cung cp cho cc c nhn, nhn vin di ng hay chi nhnh vn phng xa c th s dng truy nhp vo mng ni b ca cng ty bng h thng v tuyn hay hu tuyn c kt ni mng internet. VPN truy nhp t xa m rng mng cng ty thng qua c s h tng chia s chung, m khng lm thay i chnh sch mng ca cng ty. C th dng cung cp truy nhp an ton cho nhng nhn vin thng xuyn phi i li, nhng chi nhnh hay cc bn hng ca cng ty. Loi VPN ny c s dng thng qua c s h tng cng cng bng cng ngh ISDN, quay s, IP di ng, DSL hay cng ngh cp v thng yu cu mt s phn mm client chy trn my tnh ca ngi s dng. Do nhu cu mng khng dy pht trin nn VPN khng dy (wireless) cng c pht huy tnh nng, cc c th nhn vin c th truy nhp vo mng ni b ca h thng qua kt ni khng dy vo mt trm khng dy (wireless terminal) c kt ni v mng ni b ny. Trong kt ni c dy hay khng dy trong VPN truy nhp t xa, phn mm client chy trn my PC cho php khi to cc kt ni bo mt gi l ng hm. Vic thit k qu trnh xc lp ban u m bo yu cu phi c xut pht t mt ngun tin cy. Thng th giai on ban u ny da trn cng mt chnh sch v bo mt ca cng ty.

Page 20

Tiu lun chuyn MPLS-VPN

Hnh 2.1: M hnh Remote Access VPN. Nhng u im ca VPN truy nhp t xa so vi cc phng php truyn thng l: VPN truy nhp t xa khng cn s h tr ca nhn vin mng bi v qu trnh kt ni t xa c cc ISP thc hin. Gim c cc chi ph cho kt ni t khong cch xa bi v cc kt ni khong cc xa c thay th bi cc kt ni cc b thng qua internet. Cung cp dch v kt ni gi r cho nhng ngi s dng xa. Do kt ni truy nhp l kt ni ni b nn cc modem kt ni hot ng tc cao hn so vi cch truy nhp khong cch xa. VPN cung cp kh nng truy nhp tt hn n cc site ca cng ty bi v chng h tr mc thp nht ca dch v kt ni. Mc d c cc u im nhng mang VPN truy nhp t xa vn cn nhng nhc im sau: VPN truy nhp t xa khng h tr cc dich v m bo QoS.

Page 21

Tiu lun chuyn MPLS-VPN Nguy c b mt d liu cao do cc gi c th phn pht khng n ni hoc b mt. Do thut ton m ha phc tp nn tiu giao thc tang mt cch ng k.

b)VPN Site to Site. L gii php kt ni cc h thng mng nhng ni khc nhau vi mng trung tm thng qua VPN. Trong trng hp ny, qu trnh xc thc ban u cho ngi s dng s l qu trnh xc thc gia cc thit b. Cc thit b ny hot ng nh cng an ninh (Security Gateway), truyn lu lng an ton t Site ny ti Site kia. Cc thit b nh tuyn hay tng la h tr VPN u c kh nng thc hin kt ni ny. Hin nay nhiu thit b VPN c kh nng hot ng theo hai cch remote access VPN v Site to Site VPN. Site to site VPN c phn loi theo qun l chnh sch l VPN cc b hay m rng. Nu h tng mng c chung mt ngun qun l th c xem nh l VPN cc b. Ngc li c coi l VPN m rng. VPN cc b: L mt dng cu hnh tiu biu ca Site to Site VPN, c s dng bo mt cc kt ni gia cc a im khc nhau ca mt cng ty. N lin kt tr s chnh, cc vn phng, chi nhnh trn mt c s h tng chung, cc kt ni s dng lun c m ha bo mt. Do cho php tt c cc a im c th truy nhp an ton cc ngun d liu c php trong ton ni b mng ca cng ty.

Page 22

Tiu lun chuyn MPLS-VPN

Hnh 2.2: M hnh VPN cc b. Nhng u im ca phng php VPN cc b: Cc mng cc b hay din rng c th c thit lp thng qua mt hay nhiu nh cung cp dch v. Yu cu t s nhn vin k thut h tr trn mng i vi nhng ni xa. C th d dng thit lp them mt lin kt ngang hng mi, do kt ni trung gian c thc hin thng qua mng internet. Tit kim chi ph t vic s dng ng hm VPN thng qua internet kt hp vi cng ngh chuyn mch tt cao. Nhc im ca gii php mng cc b da trn VPN: Do d liu c truyn ngm qua mng internet nn vn cn nhng mi e da v mc bo mt d liu v cht lng dch v (QoS). Kh nng mt cc gi d liu khi truyn dn vn cn cao. Cha m bo trong vic truyn khi lng ln d liu nh a phng tin vi yu cu tc cao v m bo thi gian thc trong mi trng Internet.

Page 23

Tiu lun chuyn MPLS-VPN VPN m rng: VPN m rng cung cp ng hm bo mt gia cc khch hng, nh cung cp v i tc thng qua mt c s h tng cng cng. Gii php VPN ny s dng cc kt ni lun c bo mt v khng b co lp vi mng bn ngoi nh cc trng hp VPN cc b hay Remote access VPN. VPN m rng cung cp kh nng iu khin truy nhp ti nhng ngun ti nguyn mng cn thit m rng ti nhng i tng kinh doanh.

Hnh 2.3: M hnh VPN m rng Nhng u im ca VPN m rng: Chi ph cho VPN m rng thp hn nhiu so vi cc gii php kt ni khc t c mc ch nh vy. D dng thit lp, bo tr v thay i i vi mng ang hot ng. C nhiu c hi trong vic cung cp dch v v chn la gii php ph hp vi nhu cu ca tng cng ty do VPN m rng c xy dng da trn mng Internet. Gim chi ph vn hnh, bo tr v s lng nhn vin k thut h tr mng do cc kt ni Internet c nh cung cp dch v internet m nhim.

Page 24

Tiu lun chuyn MPLS-VPN Nhc im ca gii php VPN m rng: Vn bo mt gp kh khn hn trong mi trng m rng, t lm tang nguy c ri ro i vi mng ni b ca cng ty. Kh nng mt d liu khi truyn qua mng cng cng vn cn. Cha gii quyt c vn kh khan khi truyn lng ln d liu vi yu cu tc cao va thi gian thc 2.VPN cho cc nh cung cp dch v: a)Overlay VPN. L VPN c cu hnh trn cc thit b ca khch hng s dng cc giao thc ng hm xuyn qua mng cng cng. Nh cung cp dch v s bn cc mch o gia cc site ca khch hng nh l ng kt ni leased line. M hnh overlay VPN ra i t rt sm v c trin khai di nhiu cng ngh khc nhau. Ban u Overlay VPN c thc thi bi SP cung cp cc kt ni lp1 (physicallayer) nh Ghp knh phn chia theo thi gian (TDM), E1, E3,SONET, v ng kt ni SDH, hay mch chuyn vn lp 2 (d liu dngframe hoc cell) gia cc site khch hng bng cch s dng cc thit b Frame Relay hay ATM switch lm PE (v d lp 2 l knh o c to bi X.25, ATM hoc Frame Relay). Do nh cung cp dch v khng th nhn bit c vic nh tuyn pha khch hng. Cho n nhng nm 1990, Frame Relay c gii thiu. Frame Relay c xem nh l mt cng ngh VPN v n p ng kt ni cho khch hng nh dch v leased line, ch khc ch l khch hng khng c cung cp cc ng dnh ring cho mi khch hng, m khch hng s dng mt ng chung nhng c ch nh cc mch o. Cc mch o ny s m bo lu lng cho mi khch hng l ring bit. Mch o c gi l PVC (Permanent Virtual Circuit) hay SVC (Switched Virtual Circuit). Cung cp mch o cho khch hng ngha l nh cung cp dch v xy dng mt

Page 25

Tiu lun chuyn MPLS-VPN ng hm ring cho lu lng khch hng chy qua mng dng chung ca nh cung cp dch v.Mch o #2 Customer SiteThit b PE Frame Relay (Frame Relay Switch) Edge Switch

Customer Site

Router A Customer Site

Mch o #1

Mng nh cung cp

Router C Customer Site

Router B

Frame Relay Edge Switch

Frame Relay Edge Switch

Router D

Mch o #3

Hnh 2.4: M hnh Overlay (Frame Relay) Sau ny cng ngh ATM ra i, v c bn ATM cng hot ng ging nh Frame Relay nhng p ng tc truyn dn cao hn. Khch hng thit lp vic lin lc gia cc thit b u pha khch hng CPE vi nhau qua knh o. Giao thc nh tuyn chy trc tip gia cc router khch hng thit lp mi quan h cn k v trao i thng tin nh tuyn vi nhau. Nh cung cp dch v khng h bit n thng tin nh tuyn ca khch hng. Nhim v ca nh cung cp dch v trong m hnh ny ch l m bo vn chuyn d liu im-im gia cc site ca khch hng m thi. Overlay VPN cn c trin khai di dng ng hm (tunneling). Vic trin khai thnh cng cc cng ngh gn vi IP nn mt vi nh cung cp dch v bt u trin khai VPN qua IP. Nu khch hng no mun xy dng mng ring ca h qua Internet th c th dng gii php ny v chi ph thp. Bn cnh l do kinh t, m hnh tunneling cn p ng cho khch hng vic bo mt d liu. Hai cng ngh VPN ng hm ph bin l IPSec (IP security) v GRE (Generic Route Encapsulation).

Page 26

Tiu lun chuyn MPLS-VPN

Hnh 2.5: ng hm GRE trn mng overlay Cc cam kt v QoS trong m hnh overlay VPN thng l cam kt v bng thng trn mt VC, gi tr ny c gi l CIR (Committed Information Rate). Bng thng c th s dng c ti a trn mt knh o , gi tr ny c gi l PIR (Peak Information Rate). Vic cam kt ny c thc hin thng qua cc thng k t nhin ca dch v lp 2 nhng li ph thuc vo chin lc ca nh cung cp. iu ny c ngha l tc cam kt khng tht s c bo m mc d nh cung cp c th m bo tc nh nht (MIR - Minimum Information Rate). Cam kt v bng thng cng ch l cam kt v hai im trong mng khch hng. Nu khng c ma trn lu lng y cho tt c cc lp lu lng th tht kh c th thc hin cam kt ny cho khch hng trong m hnh overlay. V tht kh cung cp nhiu lp dch v v nh cung cp dch v khng th phn bit c lu lng gia mng. lm c vic ny bng cch to ra nhiu kt ni (kt ni full-mesh), nh trong mng Frame Relay hay ATM l c cc PVC gia cc site khch hng. Tuy nhin, kt ni full-mesh th ch lm tng thm chi ph ca mng.

Page 27

Tiu lun chuyn MPLS-VPN M hnh VPN Overlay c mt s u im sau: l m hnh d thc hin, nhn theo quan im ca khch hng v ca c nh cung cp dch v. Nh cung cp dch v khng tham gia vo nh tuyn khch hng trong mng VPN overlay. Nhim v ca h l vn chuyn d liu im-im gia cc site ca khch hng, vic nh du im tham chiu gia nh cung cp dch v v khch hng s qun l d dng hn. Hn ch ca m hnh overlay VPN: N thch hp trong cc mng khng cn d phng vi t site trung tm v nhiu site u xa, nhng li kh qun l nu nh cn nhiu cu hnh mc li. Vic cung cp cng nhiu VC i h i phi c s hiu bit cn k v loi lu lng gia hai site vi nhau m iu ny thng khng tht s thch hp. Khi thc hin m hnh ny vi cc cng ngh lp 2 th ch to ra mt lp mi khng cn thit i vi cc nh cung cp hu ht ch da trn IP, do lm tng thm chi ph hot ng.

b)Peer-to-peer VPN. M hnh ngang cp (peer-to-peer) c pht trin khc phc nhc im ca m hnh Overlay v cung cp cho khch hng c ch vn chuyn ti u qua SP backbone. Trong m hnh ny, nhng b nh tuyn ca nh cung cp dch v vn chuyn d liu ca khch hng qua mng, nhng n cng tham gia vo vic nh tuyn ca khch hng. Ni mt cch khc, nhng b nh tuyn ca nh cung cp dch v s ngang hng vi b nh tuyn ca khch hng ti Lp 3. Trong m hnh peer-to-peer, thng tin nh tuyn c trao i gia cc router khch hng v cc router ca nh cung cp dch v, d liu ca khch hng c vn chuyn qua mng li ca nh cung cp. Thng tin nh tuyn ca khch hng c mang gia cc router trong mng caPage 28

Tiu lun chuyn MPLS-VPN nh cung cp (P v PE), v mng khch hng (cc CE router). M hnh ny khng yu cu to ra mch o. Quan st hnh di ta thy, cc CE router trao i tuyn vi cc router PE trong SP domain. Thng tin nh tuyn ca khch hng c qung b qua SP backbone gia cc PE v P v xc nh c ng i ti u t mt site khch hng n mt site khc. Vic pht hin cc thng tin nh tuyn ring ca khc hng t c bng cch thc hin lc gi ti cc router kt ni vi mng khch hng. a ch IP ca khch hng do nh cung cp kim sot. Tin trnh ny xem nh l thc thi cc PE peer-topeer chia s (shared PE peer-to-peer).

Hnh 2.6: Khi nim ca m hnh VPN ngang hng. Trong m hnh peer-to-peer, thng tin nh tuyn c M hnh VPN ngang cp gii quyt c cc hn ch ca VPN overlay:

Page 29

Tiu lun chuyn MPLS-VPN Vic nh tuyn n gin hn (nhn t pha khch hng) khi router khch hng ch trao i thng tin nh tuyn vi mt hoc mt vi router PE. Trong khi m hnh overlay VPN, s lng router lng ging c th pht trin vi s lng ln. nh tuyn gia cc site khch hng lun lun c ti u v nh cung cp dch v bit topology mng khch hng v do c th thit lp nh tuyn ti u cho cc route ca h. Vic cung cp bng thng n gin hn bi v khch hng ch phi quan tm n bng thng u vo v ra mi site m khng cn phi chnh xc ton b lu lng t site ny n site kia (site-to-site) nh m hnh overlay VPN. C kh nng m rng v nh cung cp dch v ch cn thm vo mt site v thay i cu hnh trn Router PE. Trong m hnh overlay, nh cung cp dch v phi tham gia vo ton b tp hp cc VC t site ny n site khc ca VPN khch hng.

Thng tin nh tuyn c trao i gia cc router CE v router PE

Customer Site

Mng nh cung cp dch v

Customer Site

Router A Customer Site

PE Router

PE Router

Router C Customer Site

Router B

PE Router

PE Router

Router D

Router PE trao i nhng tuyn khch hng qua mng li Cui cng, nhng tuyn khch hng truyn xuyn qua mng PE v c gi n cc router CE khc

Page 30

Tiu lun chuyn MPLS-VPN Hnh 2.7: M hnh Peer-to-Peer VPN. Nh cung cp dch v trin khai hai ng dng khc s dng VPN ngang cp: Phng php chia s router (shared router): Router dng chung, tc l khch hng VPN chia s cng router bin mng nh cung cp (provider edge PE). phng php ny, nhiu khch hng c th kt ni n cng router PE. Trn router PE phi cu hnh access-list cho mi interface PE-CE m bo chc chn s cch ly gia cc khch hng VPN, ngn chn VPN ca khch hng ny thc hin cc tn cng t chi dch v (DoS Denial of Service) vo VPN ca khch hng khc. Nh cung cp dch v chia mi phn trong khng gian a ch ca n cho khch hng v qun l vic lc gi tin trn Router PE. Phng php router P dnh ring (dedicated router): l phng php m khch hng VPN c router PE dnh ring. Trong phng php ny, mi khch hng VPN phi c router PE dnh ring v do ch truy cp n cc route trong bng nh tuyn ca router PE . M hnh router dnh trc s dng cc giao thc nh tuyn to ra bng nh tuyn trn mt VPN trn Router PE. Bng nh tuyn ch c cc route c qung b bi khch hng VPN kt ni n chng, kt qu l to ra s cch ly tuyt vi gia cc VPN. nh tuyn trn router dnh trc c th c thc hin nh sau: Giao thc nh tuyn chy gia PE v CE l bt k. BGP l giao thc chy gia PE v PE. PE phn phi cc route nhn c t CE vo BGP, nh du vi ID (Identification) ca khch hng (BGP community), v truyn cc route n router P, router P s c tt c cc route t tt c VPN ca khch hng. Router P ch truyn cc route vi BGP community thch hp n Router PE. Do Router PE ch nhn cc route t Router CE trong VPN ca chng.

Page 31

Tiu lun chuyn MPLS-VPN So snh cc phng php ca m hnh VPN ngang cp: Phng php dng chung router rt kh duy tr v n yu cu cn phi c cu hnh access-list di v phc tp trn mi interface ca router. Cn phng php dng router ring, mc d c v n gin v cu hnh v d duy tr hn nhng nh cung cp dch v phi b ra chi ph ln m bo c phc v tt cho s lng ln khch hng. Tt c khch hng dng chung khng gian a ch IP, nn h phi s dng hoc l a ch tht trong mng ring (private network) ca h hoc l ph thuc vo nh cung cp dch v c c a ch IP. Trong c hai trng hp, kt ni mt khch hng mi n dch v VPN ngang cp i h i phi ng k li a ch Ip trong mng khch hng. Khch hng khng th thm route mc nh vo VPN. Gii hn ny ngn chn vic nh tuyn ti u v cm khch hng truy cp Internet t nh cung cp dch v khc. u im ca m hnh VPN peer-to-peer: VPN ngang cp cho ta nh tuyn ti u gia cc site khch hng m khng cn phi cu hnh hay thit k g c bit. D m rng. Hn ch ca m hnh VPN peer-to-peer: Nh cung cp dch v phi p ng c nh tuyn khch hng cho ng v m bo vic hi t ca mng khch hng khi c li lin kt. Router P ca nh cung cp dch v phi mang tt c cc route ca khch hng. Nh cung cp dch v cn phi bit r chi tit v nh tuyn IP, m iu ny thc s khng cn thit i vi nh cung cp t xa n nay.

Page 32

Tiu lun chuyn MPLS-VPN

Phn 3: Gii thiu v MPLS VPN:MPLS VPN l mt trong nhng ng dng cc k thnh cng ca MPLS ra i l s kt hp nhng tnh nng c li v b i cc khuyt im ca cc loi hnh VPN. V d nh MPLS VPN kt hp nhng c im tt nht ca Overlay VPN v Peer-to-Peer VPN: Cc b nh tuyn PE tham gia vo qu trnh nh tuyn ca khch hng (Customer). Ti u vic nh tuyn gia cc im khch hng. Cc b nh tuyn PE s dng cc bng nh tuyn o ( Virtual Routing Table) cho tng khch hng nhm cung cp kh nng kt ni vo mng ca nh cung cp cho nhiu khch hng. Cc khch hng c th s cha thng tin v cc nh tuyn ring bit cho mi im khch hng s dng a ch IP trng nhau (Overlap Addresses) MPLS VPN v cc im trao i thng tin khch hng nh tuyn lp 3.

Hnh 3.1: M hnh c bn ca mt mng MPLS-VPN. Mt b nh tuyn PE c kt ni trc tip vi mt b nh tuyn CE lp 3. Mt b nh tuyn ca nh cung cp P th khng c kt ni trc tip ti b nh tuyn ca khch hng. Trong vic thi hnh MPLS-VPN c router P v PE u chy MPLS. Vic

Page 33

Tiu lun chuyn MPLS-VPN ny c ngha l chng c th phn phi nhn gia chng v gi chuyn tip cc gi c dn nhn. Mt b nh tuyn CE kt ni trc tip lp 3 vi b nh tuyn PE. Mt b nh tuyn khch hng C l b nh tuyn khng c mt kt ni trc tip vi cc b nh tuyn PE. Mt b nh tuyn CE khng cn chy MPLS bi v CE v PE tng tc vi nhau lp 3, gia chng phi chy mt giao thc nh tuyn (hoc l mt nh tuyn tnh) gia chng. Nu b nh tuyn l a a ch n c th ngang hng vi nhiu b nh tuyn PE. B nh tuyn CE th khng ngang hng vi bt k ca b nh tuyn CE t mt im khc ngang qua mng ca nh cung cp dch v, nh vi m hnh overlay. M hnh peer to peer th nhn c t vic thit lp CE v PE ngang hng lp 3.

A.Cc thnh phn trong MPLS-VPN: 1.Chuyn tip nh tuyn o VRF (Virtual Routing Forwarding). VRF l v d v nh tuyn v chuyn tip VPN mi VPN c kt hp vi mt bng nh tuyn v chuyn tip VRF ring bit. VRF cung cp cc thng tin v mi quan h trong VPN ca mt v tr khch hng khi c ni vi b nh tuyn PE. Bng VRF bao gm thng tin bng nh tuyn IP, bng CEF (Cisco Express Forwarding), cc quy tc giao din ca bng nh tuyn, cc tham s ca giao thc nh tuyn... Mi v tr ch c th kt hp vi mt v ch mt VRF. Cc VRF ca v tr khch hng mang ton b thng tin v cc tuyn c sn t v tr ti VPN m n l thnh vin.

Page 34

Tiu lun chuyn MPLS-VPN

Hnh 3.2: VRF trong VPN Bi v vic nh tuyn s c tch ri ring l cho mi khch hng VPN trn mt b nh tuyn PE, mi VPN s c mt bng nh tuyn ring ca ring mnh. Bng nh tuyn ring ny c gi l bng nh tuyn VRF. Giao din trn b nh tuyn PE hng v pha b nh tuyn CE l thuc ca mt VRF. Nh vy, tt c cc gi IP thu c trn giao din VRF c phn bit r l thuc v VRF . Bi v c mt bng nh tuyn ring trn mi VPN, c bng nh tuyn CEF ring trn mi VPN chuyn tip nhng gi ny trn b nh tuyn PE. chnh l bng VRF CEF i vi bng nh tuyn chung v bng CEF chung, bng VRF CEF c ly t bng nh tuyn VRF.Chng ta c th to ra VRF trn b nh tuyn PE vi lnh ip vrf. Bn s dng lnh ip vrf forwarding gn nhng giao din PE v CE trn b nh tuyn PE cho VRF. Bn c th gn mt giao din cho mt VRF, nhng cng c th gn nhng giao din ring cho cc VRF ging nhau. B nh tuyn PE sau t ng to ra bng nh tuyn VRF v bng CEF. Bng nh tuyn VRF khng khc vi bng nh tuyn chnh

Page 35

Tiu lun chuyn MPLS-VPN trong Cisco IOS, hn na n c s dng cho thit b VPN v n c tch bit hon ton t tt c cc bng nh tuyn khc. Ch : Trong cisco IOS, CEF ch l phng php chuyn mch p dng cho cc gi IP chuyn tip t giao din VRF. Nh vy, CEF phi c kh nng bao trm tt c cc router PE v tt c cc giao din VRF.

2.RD (Route Distinguishers). VPN c truyn qua mng MPLS VPN bng giao thc BGP (MP-BGP). iu kh khn l khi BGP vn chuyn giao thc IPv4 qua mng ca nh cung cp dch v chng phi l a ch IP duy nht nu nh khch hng c a ch trng lp vic nh tuyn s b sai. gii quyt vn ny, khi nim RD c trnh by cu to tin t IP duy nht. Khi nim c s l mi tin t t mi khch hng thu nhn nh danh duy nht (RD) phn bit tin t ging nhau t nhng khch hng khc nhau. Tin t bt ngun t s kt hp ca tin t IPv4 v RD gi chung l VPNv4. MP-BGP cn vn chuyn nhng VPNv4 ny gia cc router PE. RD l mt trng 64 bt s dng to nn nhng tin VRF duy nht khi MP- BGP vn chuyn chng. RD khng biu th ra m do tin t VRF biu th iu . Chc nng ca RD khng phi l nh danh VPN bi v cu trc VPN phc tp hn nu yu cu nhiu hn mt RD trn mi VPN. Mi VRF a ra trn b nh tuyn PE phi c mt RD gn n n. Gi tr 64-bit ny c hai nh dng sau: ASN: nn hoc IP-address:nn, trong nn l hng s. RD l mt nh danh 64 bit duy nht. Gii quyt trng a ch IP ca cc khch hang bng cch ghp thm 64 bit vao IPv4 to thnh a ch VPNv4 (96 bit). Do ch duy nht mt RD c cu hnh cho mt VRF tren router PE. Cc a ch VPNv4 c trao i gia cc router PE qua BGP. RD c th c hai nh dng : dng a ch IP hoc ch s AS.Page 36

Tiu lun chuyn MPLS-VPN

Hnh 3.3: Cu trc ca mt RD. Thng thng nht s dng nh dng ASN:nn,trong ASN (Autonomous System Number) ng trong s cc h thng t tr thng thng nh cung cp dch v s dng ASN:nn, trong ASN l s h thng t tr m IANA (Internetassigned Numbers Authority ) gn n nh cung cp dch v v nn l s nh cung cp dch v duy nht gn n VRF, RD phi c s dng nhn din cc tuyn VPN. iu ny l cn thit bi v cc tuyn IPv4 t mi khch hng c th b trng lp vi cc tuyn IPv4 t khch hng khc. S kt hp ca RD vi tin t IPv4 cung cp mt VPNv4, vi chiu di l 96-bit. Trong c 32-bit IPv4 kt hp 64-bit RD. Nu bn c a ch IPv4 prefix l 10.1.1.0/24 v RD l 1:1 th VPNv4 c a ch 1:1:10.1.1.0/24 khi mt khch hng c th s dng cc RD khc nhau cho tuyn IPv4 ging nhau. Khi m mt VPN c kt ni n hai b nh tuyn PE, cc tuyn t VPN c c hai RD khc nhau ph thuc vo b nh tuyn PE c thu nhn t cc tuyn. Mi tuyn IPv4 s c c 2 RD khc nhau gn vo v c hai tuyn VPNv4 khc nhau hon ton. iu ny cho php BGP xem chng nh nhng tuyn khc nhau v p dng chnh sch khc nhau cho cc tuyn.

Page 37

Tiu lun chuyn MPLS-VPN 3.RT (Route Targets.) Nu RDs c s dng nhn bit VPN th s truyn thng tin gia cc im ca nhng VPN khc nhau s khng r rng. Mt im nh cng ty A s khng c kh nng ni chuyn vi im ca cng ty B bi v cc RD khng ph hp. Khi nim c nhng im ca cng ty A c kh nng ni chuyn vi nhng im ca cng ty B c gi l mng ni b m rng VPN. Trng hp s truyn thng tin gia cc im ca cng ty ging nhau,VPN ging nhau c gi l mng ni b. S truyn thng tin gia cc im c iu khin bi MPLS VPN khc gi l RTs. Mt RT l BGP m rng nhn bit nhng tuyn no c nhp vo VRF t MP-BGP. Vic xu mt RT ngha l mt tuyn VPNv4 c xut khi theo BGP c m rng y l RT, nh cu hnh di y ip vrf trn b nh tuyn PE, khi tuyn c phn phi li t bng nh tuyn VRF thnh MP-BGP. Vic nhp mt RT c ngha l thu nhn mt tuyn VPNv4 t MPBGP v c kim tra cho ph hp vi s m rng y l mc tiu tuyn ng vi nhng im c cu hnh. Nu kt qu l ph hp, th tin t c t vo bng nh tuyn VRF l mt tuyn IPv4. Nu khng ph hp th prefix s loi ra. Cu lnh cu hnh RTs cho mt VRF l route-target { import | export | both }route-target-ext-community.T kha both cho bit c import v export. Hnh di m t RTs iu khin nhng tuyn no c nhp vo VRF t nhng router PE xa v nhng RT no m cc tuyn VPNv4 c xut khu hng v pha cc router PE xa. Nhiu hn mt RT gn vo tuyn VPNv4. VRF cho php cn c nhp vo th ch mt RT ph hp t tuyn VPNv4 vi cu hnh ca cc RT xut.

Page 38

Tiu lun chuyn MPLS-VPN

Hnh 3.4: Hot ng ca RT. Khi cu hnh mt VRF vi nhng im ngi dng c nhn thuc mt VPN khng phi truyn n im thuc VPN khc, bn cn cu hnh mt RT nhp v xut trn tt c cc b nh tuyn PE vi im thuc VRF. y l trng hp ca mng cc b. Khi bn c nhng im thuc mt VPN m cn truyn ti nhng site t VPN khc (trng hp ca mng cc b m rng) dnh cho mt ng cu hnh RTs chnh xc.

Page 39

Tiu lun chuyn MPLS-VPN

Hnh 3.5:Gii thiu v Cust one v Cust two im A v im B t VRF cust-one c kh nng lin lc vi cc mi thnh phn khc. Tng t i vi site A v site B ca VRF cust-two. RT m VPN cust-one s dng l 1:1. RT m VPN cust-two s dng l 1:2. Site A ca VRF cust-one cn ni chuyn vi site A ca VRF cust-two. y hon ton c th v c xc nh r bng cu hnh RTs cho ph hp. RT 100:1 l c nhp khu v xut khu cho site A ca VRF custone v cust-two trn PE1 v PE2 t c iu ny. y gi l extranet.

Page 40

Tiu lun chuyn MPLS-VPN

Hnh 3.6: S truyn b nh tuyn VPNv4 trong mng MPLS VPN. VRF phn bit cc tuyn ng ca khch hng trn cc b nh tuyn PE, nhng lm th no l tin t vn chuyn qua mng ca nh cung cp dch v ? Bi v, c kh nng nhiu tuyn ng v c l hng trm hng ngn tuyn ng c th c vn chuyn, BGP l ng c vin l tng v n chng minh l mt giao thc nh tuyn n nh v thc hin bng nhiu tuyn ng. Ch cn nhn ra rng BGP tiu chun nh tuyn tiu cc giao thc thc hin cc bng nh tuyn hon chnh ln Internet. Bi v tuyn ng khch hng VPN thc hin duy nht bng cch thm cc RD cho mi tuyn ng IPv4 bin chng thnh VPNv4 trn tt c cc tuyn ng ca khch hng mt cch an ton v c th c vn chuyn qua cc mng MPLS VPN. B.Kin trc v hot ng ca mt MPLS VPN.

Page 41

Tiu lun chuyn MPLS-VPN

Hnh 3.7: Topology MPLS VPN MPLS cung cp mt gii php kt ni multi-site linh hot cho khch hng khi khng ch n b cc site khch hng c th giao tip c vi nhau m t site ca khch hng ny cng c th kt ni c ti site ca khch hng khc. Khi chy MPLS VPN, trc ht MPLS phi c xy dng trc bng vic chy nh tuyn ni trong vng MPLS backbone v bt cc tnh nng MPLS hnh thnh nn cc bng cha thng tin nhn. Tnh cht VPN c xy dng thng qua cc bc nh sau: Mi router bin ca nh cung cp dch v s chy nh tuyn cng vi khch hng. Thng tin v nh tuyn vi mi khch hng s c lu trong mt bng nh tuyn ring cho khch hng gi l VRF (virtual route forwarding). Cc thng tin nh tuyn sau s c redistribute tc qung b qua li gia CE v PE.

Page 42

Tiu lun chuyn MPLS-VPN Thit lp phin kt ni gia cc PE v ch c PE mi cn chy IBGP vi nhau. Cc con P trung chuyn khng cn phi thit lp IBGP. Lc ny, cc PE s s dng mt loi a ch 96 bit mi giao dch vi nhau gi l VPNv4, n l s kt hp ca 32 bit a ch IP v 64 bit gi tr RD (router distinguisher). Vi RD l gi tr nhn dng cho mt di a ch ca mt site khch hng. ng vi mi RD cn xc nh gi tr RT. Gi tr ny nhm xc nh ch n ca gi tin trong trng hp mun kt ni n site ca khch hng khc. MPLS VPN s dng 2 loi nhn l IGP label v VPN label. IGP label l nhn c gn cho cc prefix IPv4 trong bng nh tuyn RIB c xy dng bi cc giao thc nh tuyn ni IGP, nhn ny nm trn cng trn chng nhn v s c s dng trong vic chuyn mch cc gi tin trong mng li MPLS. VPN label l nhn dng xc nh VRF m mt gi tin thuc v. Nhn ny nm di cng trong chng nhn. Trong nhiu trng hp, n dng xc nh next hop forward gi tin v ng CE t mt PE.

Phn 4. M phng bng GNS3.

Page 43

Tiu lun chuyn MPLS-VPN

Cu hnh MPLS domain gia PE01, P, PE02 Cu hnh BGP AS 1 gia PE01, PE02 Trn PE01 to vrf A1 tng ng vi router A1 Trn PE02 to vrf A2 tng ng vi routerA2 Cu hnh site A1 c th kt ni vi A2

1.Cc lnh cu hnh. a)Cu hnh router A1. hostname A1 ip cef ip audit po max-events 100 interface Loopback0 ip address 10.10.10.10 255.255.255.0 interface Serial1/0 ip address 192.168.1.2 255.255.255.0 serial restart-delay 0 router rip version 2

Page 44

Tiu lun chuyn MPLS-VPN network 10.0.0.0 network 192.168.1.0 no auto-summary End b)Cu hnh router PE01. hostname PE01 ip vrf A1 rd 1:100 route-target export 1:100 route-target import 1:100 ip cef ip audit po max-events 100 interface Loopback0 ip address 1.1.1.1 255.255.255.0 interface Serial1/0 ip vrf forwarding A1 ip address 192.168.1.1 255.255.255.0 interface Serial1/1 ip address 192.168.3.1 255.255.255.0 mpls label protocol ldp tag-switching ip serial restart-delay 0 router eigrp 100 network 1.0.0.0 network 192.168.3.0 no auto-summary address-family ipv4 vrf A1 redistribute bgp 1 metric transparent network 192.168.1.0 no auto-summary exit-address-family router bgp 1 no synchronization bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 update-source Loopback0 no auto-summary address-family vpnv4 neighbor 2.2.2.2 activatePage 45

Tiu lun chuyn MPLS-VPN neighbor 2.2.2.2 next-hop-self neighbor 2.2.2.2 send-community both exit-address-family address-family ipv4 vrf A1 redistribute rip no auto-summary no synchronization exit-address-family End c)Cu hnh router P. hostname P ip cef ip audit po max-events 100 interface Loopback0 ip address 3.3.3.3 255.255.255.0 interface Serial1/0 ip address 192.168.3.2 255.255.255.0 mpls label protocol ldp tag-switching ip serial restart-delay 0 interface Serial1/1 ip address 192.168.4.1 255.255.255.0 mpls label protocol ldp tag-switching ip serial restart-delay 0 router eigrp 100 network 3.0.0.0 network 192.168.3.0 network 192.168.4.0 no auto-summary End d)Cu hnh router PE02. hostname PE02 ip vrf A2 rd 1:100 route-target export 1:100 route-target import 1:100

Page 46

Tiu lun chuyn MPLS-VPN ip cef ip audit po max-events 100 interface Loopback0 ip address 2.2.2.2 255.255.255.0 interface Serial1/0 ip address 192.168.4.2 255.255.255.0 mpls label protocol ldp tag-switching ip serial restart-delay 0 nterface Serial1/1 ip vrf forwarding A2 ip address 192.168.5.1 255.255.255.0 serial restart-delay 0 router eigrp 100 network 2.0.0.0 network 192.168.4.0 no auto-summary router rip version 2 address-family ipv4 vrf A2 redistribute bgp 1 metric transparent network 192.168.5.0 no auto-summary exit-address-family router bgp 1 no synchronization bgp log-neighbor-changes neighbor 1.1.1.1 remote-as 1 neighbor 1.1.1.1 update-source Loopback0 no auto-summary address-family vpnv4 neighbor 1.1.1.1 activate neighbor 1.1.1.1 next-hop-self neighbor 1.1.1.1 send-community both exit-address-family address-family ipv4 vrf A2 redistribute rip no auto-summary no synchronization exit-address-family

Page 47

Tiu lun chuyn MPLS-VPN End e)Cu hnh router A2. hostname A2 ip cef ip audit po max-events 100 interface Loopback0 ip address 30.30.30.30 255.255.255.0 interface Serial1/0 ip address 192.168.5.2 255.255.255.0 serial restart-delay 0 router rip version 2 network 30.0.0.0 network 192.168.5.0 no auto-summary End

B.Kt qu:

Page 48

Tiu lun chuyn MPLS-VPN

Hnh 1: Bng nh tuyn trn A1.

Hnh 2: Bng nh tuyn trn A2.

Page 49

Tiu lun chuyn MPLS-VPN

Hnh 3: Bng nh tuyn trn PE01.

Hnh 4: Bng nh tuyn trn PE02.Page 50

Tiu lun chuyn MPLS-VPN

Hnh 5: Bng nh tuyn trn P.

Hnh 6:Show mpls ldp bindings ca router P.

Page 51

Tiu lun chuyn MPLS-VPN

Hnh 7: SHOW MPLS LDP BINDINGS ca router PE02.

Hnh 8: Bng LFIB trn PE01.

Page 52

Tiu lun chuyn MPLS-VPN Hnh 9: Bng LFIB trn PE02 v bng nh tuyn vrf A2 trn PE02.

Hnh 10: Bng nh tuyn vrf A1 trn PE01.

Hnh 11: kim tra kt ni gia A1 v A2 thnh cng.

Page 53

Tiu lun chuyn MPLS-VPN

Page 54

Tiu lun chuyn MPLS-VPN Gii thch t vit tt trong ti:

Page 55