Upload
philippa-kelley
View
215
Download
0
Embed Size (px)
Citation preview
SMU CSE 8344
Agenda
• Summarize MPLS– Discussion from Cisco Presentation
• Discuss QoS in MPLS– Chapter 6 in MPLS Book
• Traffic Engineering in MPLS– Chapter 7 MPLS Book
• Virtual Private Networks– Chapter 8 MPLS Book
• Introduction to Optical Networking
CSE 8344SMU
MPLS Architecture Overview
Adapted from Stefano Previdi’s and Jay Kumarasamy presentation
SMU CSE 8344
Agenda• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Day in the Life of a Packet
SMU CSE 8344
MPLS Concepts
• MPLS: Multi Protocol Label Switching• MPLS is a layer 2+ switching• Developed to integrate IP and ATM• MPLS forwarding is done in the same
way as in ATM switches• Packet forwarding is done based on
Labels
SMU CSE 8344
MPLS ConceptsMPLS Concepts• Unlike IP, classification/label can be based
on:
Destination Unicast address
Traffic Engineering
VPN
QoS
• FEC: Forwarding Equivalence Class
• A FEC can represent a: Destination address prefix, VPN, Traffic Engineering tunnel, Class of Service.
SMU CSE 8344
Agenda
• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Summary
SMU CSE 8344
LSRs and Labels
• LSR: Label Switch Router• Edge-LSR: LSRs that do label
imposition and disposition• ATM-LSR: An ATM switch with
Label Switch Controller
SMU CSE 8344
LSRs and Labels
IGP domain with a label distribution protocol
• An IP routing protocol is used within the routing domain (e.g.:OSPF, i-ISIS)
• A label distribution protocol is used to distribute address/label mappings between adjacent neighbors
• The ingress LSR receives IP packets, performs packet classification, assign a label, and forward the labelled packet into the MPLS network
• Core LSRs switch packets/cells based on the label value
• The egress LSR removes the label before forwarding the IP packet outside the MPLS network
SMU CSE 8344
LSRs and Labels
• Uses new Ethertypes/PPP PIDs/SNAP values/etc
• More than one Label is allowed -> Label Stack• MPLS LSRs always forward packets based on the
value of the label at the top of the stack
Label = 20 bits Exp = Experimental, 3 bits S = Bottom of stack, 1bitTTL = Time to live, 8 bits
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Label | Exp|S| TTL
SMU CSE 8344
LSRs and LabelsPPP HeaderPPP Header Layer 3 HeaderLayer 3 HeaderShim HeaderPPP Header(Packet over
SONET/SDH)
Ethernet HdrEthernet Hdr Layer 3 HeaderLayer 3 HeaderShim HeaderEthernet
FR HdrFR Hdr Layer 3 HeaderLayer 3 HeaderShim HeaderFrame Relay
ATM Cell Header HECHEC DATADATACLPCLPPTIPTIVCIVCIGFCGFC VPIVPI
Label
HECHEC DATADATACLPCLPPTIPTIVCIVCIGFCGFC VPIVPI
Label
Subsequent cells
SMU CSE 8344
AgendaAgenda
• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Day in the Life of a Packet
SMU CSE 8344
Label Assignment and Distribution
• Labels have link-local significanceEach LSR binds his own label mappings
• Each LSR assign labels to his FECs
• Labels are assigned and exchanged between adjacent neighboring LSR
• Applications may require non-adjacent neighbors
SMU CSE 8344
Label Assignment and Distribution
• Rtr-C is the downstream neighbor of Rtr-B for destination 171.68.10/24
• Rtr-B is the downstream neighbor of Rtr-A for destination 171.68.10/24
• LSRs know their downstream neighbors through the IP routing protocol– Next-hop address is the downstream
neighbor
171.68.10/24
Rtr-BRtr-A Rtr-C
171.68.40/24
Upstream and Downstream LSRs
SMU CSE 8344
Label Assignment and Distribution
•LSRs distribute labels to the upstream neighbors
171.68.10/24
Rtr-BRtr-A Rtr-C
171.68.40/24
Next-HopNext-Hop
In In LabLab
--
......
Address Address PrefixPrefix
171.68.10171.68.10
......
OutOutI/FI/F
11
......
Out Out LabLab
3030......
In In I/FI/F
00
...... Next-HopNext-Hop
In In LabLab
3030
......
Address Address PrefixPrefix
171.68.10171.68.10
......
OutOutI/FI/F
11
......
Out Out LabLab
4040......
In In I/FI/F
00
......
Next-HopNext-Hop
In In LabLab
4040
......
Address Address PrefixPrefix
171.68.10171.68.10
......
OutOutI/FI/F
11
......
Out Out LabLab
--......
In In I/FI/F
00
......
Use label 40 for destination 171.68.10/24
Use label 30 for destination 171.68.10/24
IGP derived routes
Unsolicited Downstream Distribution
SMU CSE 8344
Label Assignment and Distribution
• Upstream LSRs request labels to downstream neighbors
• Downstream LSRs distribute labels upon request
171.68.10/24
Rtr-BRtr-A Rtr-C171.68.40/24
Use label 30 for destination 171.68.10/24
Use label 40 for destination 171.68.10/24
Request label for destination 171.68.10/24
Request label for destination 171.68.10/24
On-Demand Downstream Distribution
SMU CSE 8344
Label Assignment and Distribution
Label Assignment and Distribution
• Liberal retention mode
• LSR retains labels from all neighborsImprove convergence time, when next-hop is again available after IP convergence
Require more memory and label space
• Conservative retention mode
• LSR retains labels only from next-hops neighborsLSR discards all labels for FECs without next-hop
Free memory and label space
Label Retention Modes
SMU CSE 8344
Label Assignment and Distribution
Label Assignment and Distribution
Label Distribution Modes
• Independent LSP control
LSR binds a Label to a FEC independently, whether or not the LSR has received a Label the next-hop for the FEC
The LSR then advertises the Label to its neighbor
• Ordered LSP control
LSR only binds and advertise a label for a particular FEC if:
it is the egress LSR for that FEC or
it has already received a label binding from its next-hop
SMU CSE 8344
Label Assignment and Distribution
Several protocols for label exchange• LDP
Maps unicast IP destinations into labels
• RSVP, CR-LDP
Used in traffic engineering
• BGP
External labels (VPN)
• PIM
For multicast states label mapping
SMU CSE 8344
AgendaAgenda
• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Day in the Life of a Packet
SMU CSE 8344
Label Switch Path (LSP)
• LSPs are derived from IGP routing information
• LSPs may diverge from IGP shortest path
LSP tunnels (explicit routing) with TE
• LSPs are unidirectional
Return traffic takes another LSP
LSP follows IGP shortest path LSP diverges from IGP shortest path
IGP domain with a label distribution protocol
IGP domain with a label distribution protocol
SMU CSE 8344
Label Switch Path (LSP) Penultimate Hop Popping
• The label at the top of the stack is removed (popped) by the upstream neighbor of the egress LSR
• The egress LSR requests the “popping” through the label distribution protocol
•Egress LSR advertises implicit-null label
• The egress LSR will not have to do a lookup and remove itself the label
•One lookup is saved in the egress LSR
SMU CSE 8344
Label Switch Path (LSP) Penultimate Hop Popping
0 1
Summary route for 171.68/16
01
171.68.10/24
Next-HopNext-Hop
In In LabLab
Address Address PrefixPrefix
OutOutI/FI/F
Out Out LabLab
In In I/FI/F
44 171.68/16171.68/16 22 poppop00
...... ...... ...... ............Next-HopNext-Hop
In In LabLab
Address Address PrefixPrefix
OutOutI/FI/F
Out Out LabLab
In In I/FI/F
-- 171.68/16171.68/16 11 4400
...... ...... ...... ............
Egress LSR summarises morespecific routes and advertises a label for the new FEC
Summary route is propagate through the IGP and label is assigned by each LSR
Use label “implicit-null” for FEC 171.68/16
Summary route for 171.68/16
Use label 4 for FEC 171.68/16
171.68.44/24
Address Address Prefix and maskPrefix and mask
171.68.10/24171.68.10/24
Next-HopNext-Hop
171.68.9.1171.68.9.1
InterfaceInterface
Serial1Serial1
171.68.44/24171.68.44/24 171.68.12.1171.68.12.1 Serial2Serial2
171.68/16171.68/16 ...... NullNull
Egress LSR needs to do an IP lookup for finding more specific route
Egress LSR need NOT receive a labelled packet
SMU CSE 8344
AgendaAgenda
• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Summary
SMU CSE 8344
ATM LSRs• ATM switches forward cells, not packets
• Label Dist is Downstream on-demand, Ordered
• IGP label is carried in the VPI/VCI field
• Merging LSR: Ability to use the same label for different FECs if outgoing interface is the same
Save label space on ATM-LSRs
Cell interleave problem
• Non Merging LSR: ATM-LSR requests one label per FEC and per incoming interface (upstream neighbors)
Downstream LSR may request itself new label to its downstream neighbors
SMU CSE 8344
ATM LSRs Non-Merging
Downstream on DemandIn In
LabLab
55
88
......
Address Address PrefixPrefix
171.68171.68
171.68171.68
......
OutOutI/FI/F
00
00
......
Out Out LabLab
33
44
......
In In I/FI/F
11
22
......
171.68
IPPacket
IPPacket
ATMcell
5
ATMcell
8
ATMcell
8
ATMcell
8
ATMcell
5
ATMcell
3
ATMcell
4
ATMcell
4
ATMcell
4
ATMcell
3
ATM-LSR requested additional label for same FEC in order to distinguish between incoming interfaces (Downstream on Demand)
SMU CSE 8344
ATM LSRs VC-Merging
Downstream on DemandIn In
LabLab
55
88
......
Address Address PrefixPrefix
171.68171.68
171.68171.68
......
OutOutI/FI/F
00
00
......
Out Out LabLab
33
33
......
In In I/FI/F
11
22
......
171.68
IPPacket
IPPacket
ATMcell
5
ATMcell
8
ATMcell
8
ATMcell
8
ATMcell
5
ATMcell
3
ATMcell
3
ATMcell
3
ATMcell
3
ATMcell
3
ATM-LSR transmitted cells in sequence in order for the downstream LSR to re-assembling correctly the cells into packets
SMU CSE 8344
AgendaAgenda
• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Summary
SMU CSE 8344
Loops and TTL
• In IP networks TTL is used to prevent packets to travel indefinitely in the network
• MPLS may use same mechanism as IP, but not on all encapsulations
• TTL is present in the label header for PPP and LAN headers (shim headers)
• ATM cell header does not have TTL
SMU CSE 8344
Loops and TTL
• LSRs using ATM do not have TTL capability
• Some suggested options:
- hop-count object in LDP
- Path Vector object in LDP
SMU CSE 8344
Loops and TTL
• TTL is decremented prior to enter the non-TTL capable LSP
If TTL is 0 the packet is discarded at the ingress point
• TTL is examined at the LSP exit
IGP domain with a label distribution protocol
LSR-1
LSR-2
LSR-4 LSR-5
LSR-3
LSR-6
Egress
IP packetTTL = 6
Label = 25
IP packetTTL = 6
IP packetTTL = 10
LSR-6 --> 25Hops=4
IP packetTTL = 6
Label = 39
IP packetTTL = 6
Label = 21
SMU CSE 8344
Agenda• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Day in the Life of a Packet
SMU CSE 8344
LDP Concepts
• Label Distribution Protocol
• Labels map to FECs for Unicast Destination Prefix
• LDP works between adjacent/non-adjacent peers
• LDP sessions are established between peers
SMU CSE 8344
LDP Messages
• Discovery messages
• Used to discover and maintain the presence of new peers
• Hello packets (UDP) sent to all-routers multicast address
• Once neighbor is discovered, the LDP session is established over TCP
SMU CSE 8344
LDP Messages
• Session messages
• Establish, maintain and terminate LDP sessions
• Advertisement messages
• Create, modify, delete label mappings
• Notification messages
• Error signalling
SMU CSE 8344
• MPLS Concepts
• LSRs and labels
• Label assignment and distribution
• Label Switch Paths
• ATM LSRs
• Loops and TTL
• LDP overview
• Day in the Life of a Packet
Agenda
SMU CSE 8344
Day in the life of a Packet
0
Summary route for 171.68/16
01
171.68.10/24
Next-HopNext-Hop
In In LabLab
Address Address PrefixPrefix
OutOutI/FI/F
Out Out LabLab
In In I/FI/F
77 171.68/16171.68/16 22 poppop00
...... ...... ...... ............Next-HopNext-Hop
In In LabLab
Address Address PrefixPrefix
OutOutI/FI/F
Out Out LabLab
In In I/FI/F
-- 171.68/16171.68/16 11 4400
...... ...... ...... ............
Egress LSR summarises morespecific routes and advertises a label for the new FEC
Summary route is propagate through the IGP and label is assigned by each LSR
Use label “implicit-null” for FEC 171.68/16
Summary route for 171.68/16
Use label 4 for FEC 171.68/16
Egress LSR needs to do an IP lookup for finding more specific route
171.68.44/24
Address Address Prefix and maskPrefix and mask
171.68.10/24171.68.10/24
Next-HopNext-Hop
171.68.9.1171.68.9.1
InterfaceInterface
Serial1Serial1
171.68.44/24171.68.44/24 171.68.12.1171.68.12.1 Serial2Serial2
171.68/16171.68/16 ...... NullNull
Use label 7 for FEC 171.68/16
Next-HopNext-Hop
In In LabLab
Address Address PrefixPrefix
OutOutI/FI/F
Out Out LabLab
In In I/FI/F
44 171.68/16171.68/16 11 7700
...... ...... ...... ............
CE
PEP P PE
0
0
21
SMU CSE 8344
Day in the life of a Packet Basic Layout
IP Routing Protocols
Label Distribution Protocol
IP Routing Table
Forward Information Block (FIB)
Label Forward Information Block(LFIB)
Control Plane
Forwarding Plane
Incoming IP PacketsOutgoing IP Packets
Outgoing Labelled PacketsIncoming LabelledPackets
Routing Exchange
Label Binding Exchange
Label RemovedL3 lookup
SMU CSE 8344
Day in the life of a Packet Database Layout
OS P F IS IS BGP
fas t-ad jacency
fas ttag-rew ritetag_info
FIB
TFIB
tfib_entrytag_rew rite
Routing Table
LDP
TIB
tfib_entry
tfib_entryloadinfotag_info
output-ifencaps
incom ing-tag
outgoing-tag
tfib_entry
tag_rew rite
Incom ing tag
Dest. IP address
incom ing-tag
tag_rew rite [ ]
tag_hash
IDB v ectors
ip_turbo_fs
tag_optim um _fsip2_tag_optim um _fs
SMU CSE 8344
Key Questions
• How does MPLS Support QoS?• What is the difference between
Integrated Services (INT-SERV) Differentiated Services (DIFF-SERV)?– Integrated services
• T-Spec and R-Spec• Much of this is similar to ATM
SMU CSE 8344
Integrated Services
• An attempt to bring the ATM capabilities to IP– T-Spec: Max burst size, token rate, committed rate,
etc.– R-Spec: Effective bandwidth or amount of resource
required within the network.
• This is very different than “best-effort” and requires sophisticated queuing mechanisms
• Many in the industry saw this as a “reinvention” of ATM
SMU CSE 8344
Integrated Services• architecture for providing QOS guarantees in IP
networks for individual application sessions• resource reservation: routers maintain state
info of allocated resources• admit/deny new call setup requests:
Question: can newly arriving flow be admitted with performance guarantees while not violated QoS guarantees made to already admitted flows?
SMU CSE 8344
Intserv: QoS guarantee scenario
• Resource reservation– call setup, signaling (RSVP)– traffic, QoS declaration– per-element admission control
– QoS-sensitive scheduling (e.g., WFQ)
request/reply
SMU CSE 8344
Call Admission
Arriving session must :• declare its QOS requirement
– R-spec: defines the QOS being requested• characterize traffic it will send into network
– T-spec: defines traffic characteristics• signaling protocol: needed to carry R-spec and T-
spec to routers (where reservation is required)– RSVP
SMU CSE 8344
Intserv QoS: Service models [rfc2211, rfc2212]
Guaranteed service:• worst case traffic arrival:
leaky-bucket-policed source
Controlled load service:• "a quality of service
closely approximating the QoS that same flow would receive from an unloaded network element."
WFQ
token rate, r
bucket size, b
per-flowrate, R
D = b/Rmax
arrivingtraffic
SMU CSE 8344
IETF Differentiated ServicesConcerns with Intserv:• Scalability: signaling, maintaining per-flow router
state difficult with large number of flows • Flexible Service Models: Intserv has only two
classes. Also want “qualitative” service classes– “behaves like a wire”– relative service distinction: Platinum, Gold, Silver
Diffserv approach: • simple functions in network core, relatively
complex functions at edge routers (or hosts)• Don’t define service classes, provide functional
components to build service classes
SMU CSE 8344
Diffserv Architecture
Edge router:- per-flow traffic management
- marks packets as in-profile and out-profile
Core router:
- per class traffic management
- buffering and scheduling
based on marking at edge
- preference given to in-profile packets- Assured Forwarding
scheduling
...
r
b
marking
SMU CSE 8344
Edge-router Packet Marking
• class-based marking: packets of different classes marked differently
• intra-class marking: conforming portion of flow marked differently than non-conforming one
• profile: pre-negotiated rate A, bucket size B• packet marking at edge based on per-flow profile
Possible usage of marking:
User packets
Rate A
B
SMU CSE 8344
Classification and Conditioning
• Packet is marked in the Type of Service (TOS) in IPv4, and Traffic Class in IPv6
• 6 bits used for Differentiated Service Code Point (DSCP) and determine PHB that the packet will receive
• 2 bits are currently unused
SMU CSE 8344
Classification and Conditioning
may be desirable to limit traffic injection rate of some class:
• user declares traffic profile (egs., rate, burst size)
• traffic metered, shaped if non-conforming
SMU CSE 8344
Forwarding (PHB)
• Per Hop Behavior (PHB)• PHB result in a different observable
(measurable) forwarding performance behavior
• PHB does not specify what mechanisms to use to ensure required PHB performance behavior
• Examples: – Class A gets x% of outgoing link bandwidth over time
intervals of a specified length– Class A packets leave first before packets from class
B
SMU CSE 8344
Forwarding (PHB)
PHBs being developed:• Expedited Forwarding: pkt departure
rate of a class equals or exceeds specified rate – logical link with a minimum guaranteed rate
• Assured Forwarding: 4 classes of traffic– each guaranteed minimum amount of
bandwidth– each with three drop preference partitions
SMU CSE 8344
Summary
• REFER TO MPLS 8 LECTUREFOR More Detail on these QoS and CBR (Constraint Based Routing)
SMU CSE 8344
When VPN?
• Internet as your own private network– Communicate securely between
various corporate sites (Intranet) – Communicate securely between
partner sites (Extranet)– Connect remote dial-up users
securely to corporate networks
SMU CSE 8344
Advantages
• Flexible and cost effective• Better business-to-business
connectivity– business partners, service providers,
contractors, and customers• Advances in security
SMU CSE 8344
Layer2 vs. Layer3 VPNs
Layer 3 VPNs Layer 2 VPNs
•Provider devices forward customer packets based on Layer 3 information (e.g., IP)
•MPLS/BGP VPNs (RFC 2547), GRE, virtual router approaches
•SP involvement in routing
•Provider devices forward customer packets based on Layer 2 information
•“pseudo-wire” concept
•Tunnels, circuits, LSPs, MAC address
SMU CSE 8344
Layer2 Example
IP or MPLSCore
IP Core
R2R1
L2TPv3 Tunnel
Ethernet EthernetIP L2TP Ethernet
Server BWorkstation A
Step #2 R1 takes Ethernet frame and
encapsulates it in L2TP and routes it to tunnel
destination
Step #3 R2 receives IP/L2TP/Ethernet
Packet and removes the IP/L2TPv3 headers. The remaining Ethernet frame is forwarded to
Server B.
Step #1 Workstation A sends packet destined for
Server B
SMU CSE 8344
Overlay Model
• Each site has a router connected via P-T-P links to routers on other sites– Leased lines– Frame relay– ATM circuit
• Connectivity– Fully connected– Hub-and-spoke
SMU CSE 8344
Limitations of Overlay
• Customers need to manage the back-bones
• Mapping between Layer2 Qos and IP QoS
• Scaling problems– Cannot support large number of
customers– (n-1) peering requirement
SMU CSE 8344
The Peer Model
• Aims to support large-scale VPN service
• Key technologies– Constrained distribution of routing
info.– Multiple forwarding tables– VPN-IP addresses– MPLS switching
SMU CSE 8344
Terminology
• CE router• Customer Edge router
• PE router– Provider Edge router. Part of the P-
Network and interfaces to CE routers • P router
– Provider (core) router, without knowledge of VPN
SMU CSE 8344
Terminology (cont’d)• Route Distinguisher
• Attributes of each route used to uniquely identify prefixes among VPNs (64 bits)
• VPN-IPv4 addresses• Address including the 64 bits Route
Distinguisher and the 32 bits IP address
• VRF– VPN Routing and Forwarding Instance– Routing table and FIB table
SMU CSE 8344
Connection Model
• The VPN backbone is composed by MPLS LSRs• PE routers (edge LSRs)• P routers (core LSRs)
• PE routers are faced to CE routers and distribute VPN information through BGP to other PE routers
• P routers do not run BGP and do not have any VPN knowledge
SMU CSE 8344
Model (cont’d)
• P and PE routers share a common IGP
• PE and CE routers exchange routing information through:• EBGP, OSPF, RIP, Static routing
• CE router run standard routing software
SMU CSE 8344
Routing
• The routes the PE receives from CE routers are installed in the appropriate VRF
• The routes the PE receives through the backbone IGP are installed in the global routing table
• By using separate VRFs, addresses need NOT to be unique among VPNs
SMU CSE 8344
Forwarding
• PE and P routers have BGP next-hop reachability through the backbone IGP
• Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops
• Label Stack is used for packet forwarding• Top label indicates Next-Hop (interior
label)• Second level label indicates outgoing
interface or VRF (exterior label)
SMU CSE 8344
Forwarding (cont’d)
• The upstream LDP peer of the BGP next-hop (PE router) will pop the first level label
• The egress PE router will forward the packet based on the second level label which gives the outgoing interface (and VPN)
SMU CSE 8344
Forwarding Example
PE2
PE1
CE1
CE2
P1 P2
IGP Label(PE2)VPN LabelIPpacket
PE1 receives IP packet
Lookup is done on site VRF
BGP route with Next-Hop and Label is found
BGP next-hop (PE2) is reachable through IGP route with associated label
IGP Label(PE2)VPN LabelIP
packet
P routers switch the packets based on the IGP label (label on top of the stack)
VPN Label
IPpacket
Penultimate Hop Popping
P2 is the penultimate hop for the BGP next-hop
P2 remove the top label
This has been requested through LDP by PE2
IPpacket
PE2 receives the packets with the label corresponding to the outgoing interface (VRF)
One single lookup
Label is popped and packet sent to IP neighbourIP
packet
CE3
SMU CSE 8344
Scalability
• Existing BGP techniques can be used to scale the route distribution
• Each edge router needs only the information for the VPNs it supports
• Directly connected VPNs
• Easy to add new sites– configure the site on the PE connected to it,
the network automatically does the rest