of 15 /15
MPLS (Multiprotocol Label Switching) “MPLS is that it’s a technique, not a service.” The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network, each router makes an independent forwarding decision for each packet based solely on the packet’s network-layer header. Thus, every time a packet arrives at a router, the router has to “think through” where to send the packet next. With MPLS, the first time the packet enters a network, it’s assigned to a specific forwarding equivalence class (FEC), indicated by appending a short bit sequence (the label) to the packet. Each router in the network has a table indicating how to handle packets of a specific FEC type, so once the packet has entered the network, routers don’t need to perform header analysis. Instead, subsequent routers use the label as an index into a table that provides them with a new FEC for that packet. This gives the MPLS network the ability to handle packets with particular characteristics (such as coming from particular ports or carrying traffic of particular application types) in a consistent fashion. Packets carrying real-time traffic, such as voice or video, can easily be mapped to low-latency routes across the network — something that’s challenging with conventional routing. The key architectural point with all this is that the labels provide a way to “attach” additional information to each packet — information above and beyond what the routers previously had. Figure 1 MPLS Basic Architecture

MPLS (Multiprotocol Label Switching)

Embed Size (px)

Text of MPLS (Multiprotocol Label Switching)

  • MPLS (Multiprotocol Label Switching)

    MPLS is that its a technique, not a service.

    The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network,

    each router makes an independent forwarding decision for each packet based solely on the packets

    network-layer header. Thus, every time a packet arrives at a router, the router has to think through

    where to send the packet next.

    With MPLS, the first time the packet enters a network, its assigned to a specific forwarding equivalence

    class (FEC), indicated by appending a short bit sequence (the label) to the packet. Each router in the

    network has a table indicating how to handle packets of a specific FEC type, so once the packet has

    entered the network, routers dont need to perform header analysis. Instead, subsequent routers use

    the label as an index into a table that provides them with a new FEC for that packet.

    This gives the MPLS network the ability to handle packets with particular characteristics (such as coming

    from particular ports or carrying traffic of particular application types) in a consistent fashion. Packets

    carrying real-time traffic, such as voice or video, can easily be mapped to low-latency routes across the

    network something thats challenging with conventional routing. The key architectural point with all

    this is that the labels provide a way to attach additional information to each packet information

    above and beyond what the routers previously had.

    Figure 1 MPLS Basic Architecture

  • MPLS (Multiprotocol Label Switching)

    Multiprotocol Label Switching (MPLS) enables Enterprises and Service Providers to build next-generation

    intelligent networks that deliver a wide variety of advanced, value-added services over a single

    infrastructure.

    MPLS can encapsulate packets of various network protocols. MPLS supports a range of access

    technologies, including T1/E1, ATM, Frame Relay, and DSL.

    MPLS provides these beneficial applications:

    Virtual Private Networking (VPN)

    Traffic Engineering (TE)

    Quality of Service (QoS)

    Any Transport over MPLS (AToM)

    Layer 2 or Layer 3?

    MPLS is best summarized as a Layer 2.5 networking protocol.

    Theres been a lot of confusion over the years about whether MPLS is a Layer 2 or Layer 3 service. But

    MPLS doesnt fit neatly into the OSI seven-layer hierarchy. In fact, one of the key benefits of MPLS is that

    it separates forwarding mechanisms from the underlying data-link service. MPLS can be used to create

    forwarding tables for ATM or frame relay switches (using the existing ATM or DLCI header) or for plain

    old IP routers by appending MPLS tags to IP packets.

    The bottom line is that network operators can use MPLS to deliver a wide variety of services. The two

    most popular implementations of MPLS are layer 3 BGP/MPLS-VPNs (based on RFC 2547) and Layer 2 (or

    pseudowire) VPNs.

    MPLS allows most packets to be forwarded at Layer 2 (the switching level) rather than having to be

    passed up to Layer 3 (the routing level). Each packet gets labeled on entry into the service provider's

    network by the ingress router. All the subsequent routing switches perform packet forwarding based

    only on those labelsthey never look as far as the IP header. Finally, the egress router removes the

    label(s) and forwards the original IP packet toward its final destination.

    There are several flavors of layer 2 MPLS services, but what they have in common is that a Layer 2

    packet (or ATM cell or frame relay frame) is encased in an MPLS header and forwarded through the

    MPLS core. When it reaches the other side, the packets labels are removed, and the packet that arrives

    at the ultimate destination exactly where it entered the MPLS network. Thus, Layer 2 MPLS services

    effectively extend services such as Ethernet or frame relay across an IP WAN.

  • MPLS (Multiprotocol Label Switching)

    How Does MPLS Work?

    MPLS works by tagging the traffic, in this example packets, with an identifier (a label) to distinguish the

    LSPs. When a packet is received, the router uses this label (and sometimes also the link over which it

    was received) to identify the LSP. It then looks up the LSP in its own forwarding table to determine the

    best link over which to forward the packet, and the label to use on this next hop.

    A different label is used for each hop, and it is chosen by the router or switch performing the forwarding

    operation. This allows the use of very fast and simple forwarding engines, which are often implemented

    in hardware.

    Ingress routers at the edge of the MPLS network classify each packet potentially using a range of

    attributes, not just the packet's destination address, to determine which LSP to use. Inside the network,

    the MPLS routers use only the LSP labels to forward the packet to the egress router.

    The diagram above shows a simple example of forwarding IP packets using MPLS, where the forwarding

    is based only on packet destination IP address. LSR (Label Switched Router) A uses the destination IP

    address on each packet to select the LSP, which determines the next hop and initial label for each

    packet (21 and 17). When LSR B receives the packets, it uses these labels to identify the LSPs, from

    which it determines the next hops (LSRs D and C) and labels (47 and 11). The egress routers (LSRs D and

    C) strip off the final label and route the packet out of the network.

    Figure 2 How MPLS Works

  • MPLS (Multiprotocol Label Switching)

    The above is only one use of MPLS. Since MPLS uses only the label to forward packets, it is protocol-

    independent, hence the term "Multi-Protocol" in MPLS. It can be used to carry any content (not only

    packets) over any link technology (using different label encoding for each layer 2 link type).

    Forwarding Equivalence Class (FEC)?

    FEC is a group of IP packets which are forwarded in the same manner, over the same path, and with the

    same forwarding treatment. An FEC might correspond to a destination IP subnet, but it also might

    correspond to any traffic class that the Edge-LSR considers significant. For example, all traffic with a

    certain value of IP precedence might constitute a FEC.

    MPLS Operation?

    MPLS works by prefixing packets with an MPLS header, containing one or more labels. This is called a

    label stack. Each label stack entry contains four fields:

    A 20-bit label value. A label with the value of 1 represents the router alert label.

    A 3-bit Traffic Class field for QoS (quality of service) priority (experimental) and ECN (Explicit

    Congestion Notification).

    A 1-bit bottom of stack flag. If this is set, it signifies that the current label is the last in the stack.

    An 8-bit TTL (time to live) field.

    These MPLS-labeled packets are switched after a label lookup/switch instead of a lookup into the IP

    table. As mentioned above, when MPLS was conceived, label lookup and label switching were faster

    than a routing table or RIB (Routing Information Base) lookup because they could take place directly

    within the switched fabric and not the CPU.

    The presence of such a label, however, has to be indicated to the router/switch. In the case of Ethernet

    frames this is done through the use of EtherType values 0x8847 and 0x8848, for unicast and multicast

    connections respectively.

    00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

    Label EXP: Experimental

    (QoS and ECN)

    S: Bottom-

    of-Stack TTL: Time-to-Live

  • MPLS (Multiprotocol Label Switching)

    MPLS Label Stacking?

    MPLS labels can also be stacked multiple times.

    The top label is used to control the delivery of the packet.

    When destination is reached, the top label is removed (or popped), and the second label takes over

    to direct the packet further.

    Some common stacking applications are:

    VPN/Transport services, which use an inner label to map traffic to specific interfaces, and an outer

    label to route through the network.

    Bypass LSPs, which can protect a bundle of other LSPs to redirect traffic quickly without having to

    completely re-signal every LSP, in the event of a router failure.

    MPLS Traffic Engineering?

    In MPLS traffic engineering, all configurations are done on a specific network node called the headend

    or ingress node. Here is where all tunnels and constraints are created. Tunnel destination address is also

    specified at the headend. For example, if an MPLS traffic engineering tunnel will be set up between R2

    and R6 in Figure 1, all the definitions are done at R2. The tunnel destinations are called tailend or egress

    node.

    MPLS traffic engineering tunnels are unidirectional tunnels and not congruent. This means that if one

    tunnel is created to carry traffic between R2 and R6, the return tunnel from R6 to R2 is not created

    automatically. Reverse tunnels must also be created, but this time R6 is used as the headend and R2 as

    the tailend. The tailend has no configuration.

    Figure 3 MPLS Label Stacking

  • MPLS (Multiprotocol Label Switching)

    Four steps are required for MPLS traffic engineering to take place:

    1. Link-state protocols carry link attributes in their link-state advertisements (LSAs) or link-state

    packets (LSPs).

    2. Based on the constraints defined, the traffic path is calculated with the help of Constrained

    Shortest Path First (CSPF).

    3. The path is signaled by Resource Reservation Protocol (RSVP).

    4. Traffic is then sent to the MPLS traffic engineering tunnel.

    Let's take a look these steps in detail:

    By default, link-state protocols send only connected interface addresses and metric information

    to their neighbors. Based on this information, the Shortest Path First (SPF) algorithm creates a

    tree and builds the topology of the network. MPLS traffic engineering allows us to add some

    constraints. In Figure 1 above, let's assume the R2-R5 link is 5 Mbit/s; R5-R6 is 10 Mbit/s; and all

    the interfaces between the bottom routers are 6 Mbit/s.

    If we want to set up a 6-Mbit/s tunnel, SPF will not even take the R2-R5-R6 path into

    consideration, because the link from R2 to R5 does not satisfy the minimum requirement.

    In addition, we could assign an administrative attribute, also called a "color," to the link. For

    example, the R2-R5-R6 interfaces could be designated blue, and the R2-R3-R4-R6 route could be

    Figure 4 MPLS Traffic Engineering

  • MPLS (Multiprotocol Label Switching)

    assigned red. At the headend, the constraint can then specify whether to use a path that

    contains a red or blue color.

    The color/affinity information, as well as how much bandwidth must be available, reserved, and

    unreserved for the tunnel are carried within the link-state packet. In order to carry this

    information, some extensions have been added to the link-state protocols. Open Shortest Path

    First (OSPF) carries this information in the Opaque LSA (or Type 10 LSA), and Intermediate

    System to Intermediate System (IS-IS) uses TLV 22 and 135 for traffic engineering information.

    As we stated earlier, SPF is used to calculate the path for destinations. For traffic engineering, a

    slightly modified version of SPF is used, called constrained SPF (CSPF). With the extensions to link

    state protocols that Opaque LSAs and TLVs provide, a traffic engineering database is created that

    is only accessible by CSPF.

    CSPF can understand that the link from R2 to R5 is 5 Mbit/s and does not satisfy the 6 Mbit/s

    tunnel constraint. So it will not take that path into consideration in its calculation.

    If there is an appropriate path, the path is signaled by RSVP. Previously used to provide

    Integrated Services QoS, RSVP incorporated new messages, including path and reservation

    messages, to enable MPLS traffic engineering. Label information is carried within the reservation

    messages.

    Once a path is signaled, traffic is put into the tunnel. This can be accomplished via many methods

    including static routing, policy-based routing, class-of-service-based tunnel selection (CBTS),

    policy-based tunnel selection (PBTS), autoroute, and forwarding adjacency. I'll discuss these

    methods in detail in a future post.

    Path Selection in MPLS Traffic Engineering?

    First, let's have a look at a classic example of traffic engineering.

    Figure 5 Path Selection

  • MPLS (Multiprotocol Label Switching)

    There are two paths you could take to get from Router 2 (R2) to Router 6 (R6):

    1. R2-R5-R6 with the cost of 15+15=30

    2. R2-R3-R4-R6 with the cost of 15+15+15=45

    Since MPLS Traffic Engineering can only work with the link-state protocols Open Shortest Path First

    (OSPF) and Intermediate System to Intermediate System (IS-IS), unless otherwise specified, all our

    examples will be given by using link-state protocols.

    Link-state protocols use the Shortest Path First (SPF) or Dijkstra algorithm to calculate the route from

    point A to point B. In this example, they will choose the path R2-R5-R6, because the total cost is less

    than the cost for R2-R3-R4-R6.

    The bottom path will not be used until the primary path fails, because link-state protocols traditionally

    don't support unequal cost multi-path load sharing, although enhancements had been proposed at the

    IETF to change this. Source routing and policy-based routing (PBR) can be used to force traffic to the

    bottom path. However, these are complex from a configuration point of view, and open to

    administrative mistakes.

    In the above example, R5 is connected only to R6. If PBR is used, only R2 needs to be configured. For a

    different topology, you may need to implement PBR at each router to send the traffic through the

    intended path.

    MPLS traffic engineering helps to send selected traffic to alternate paths, which may not be the best

    paths from the interior gateway protocol point of view. To accomplish this, a traffic engineering tunnel

    is configured at the headend to create a point-to-point traffic engineering label-switched path (LSP).

    There are two approaches to creating an LSP: tactical and strategic, also called proactive and reactive.

    Strategic is the systematic approach, in which a traffic matrix is identified between each ingress and

    egress node and a traffic engineering tunnel reservation is made based on the requirements. This is the

    long-term solution for an MPLS traffic engineering LSP.

    Alternatively, the tactical approach can be used as a short-term solution to fix a sudden peak traffic

    load. The LSP can be created through the lower utilized path for a short time until the primary path

    traffic issue is resolved. As an example, the link might be utilized after a major news announcement,

    such Orhan Ergun's appointment as CEO of Cisco, causes a large surge in media traffic. Some LSPs over

    the primary link might be shifted to lower utilized links.

    Fast Reroute In MPLS Traffic Engineering?

    Before explaining how fast reroute is used in the context of MPLS traffic engineering, you'll need to

    understand the basics of fast reroute.

  • MPLS (Multiprotocol Label Switching)

    There are two paths between Router 2 (R2) and Router 6 (R6). If we assume that Open Shortest Path

    First (OSPF) is used in this topology, then based on end-to-end total link cost, the R2-R5-R6 path would

    be chosen. The information for the R2-R3-R4-R6 link is also kept in the OSPF link-state database table. If

    the R2-R5-R6 path fails, the SPF algorithm runs on every router in the same area, and R2 selects R3 as

    the next hop. It puts this information into the routing table, and if the router supports separated control

    and data planes, the routing information is distributed into a forwarding information base.

    The detection of link failure, the propagation of information to every device in the flooding domain, and

    calculating and installing the new paths into the routing and forwarding tables of the devices will require

    some time. Interior gateway protocol parameters for propagation and detection can be changed, and

    convergence time might be reduced to even less one second. But for some applications like voice, this

    may not be enough.

    We may need latency to be less than 100 or 200 ms in order to reroute traffic without experiencing

    adverse effects. MPLS traffic engineering can often provide a backup path within 50 ms, because the

    alternate path is calculated and installed into the routing and forwarding information bases before

    failure happens.

    Figure 6 Fast Reroute

    Figure 7 Fast Reroute

  • MPLS (Multiprotocol Label Switching)

    MPLS traffic engineering is a local protection mechanism. There are two modes of local protection: link

    and node protection. If the R2-R5 link fails and we need to protect that link, we call that link protection.

    Backup and pre-signaled paths can be created between R2-R3 and R5, so that if the R2-R5 link fails,

    traffic is automatically redirected to the backup path. Because the failure is local to R2, it is called local

    protection.

    It's also possible for R5 to fail. In this case, the R2-R3-R5 path will not work, so we need to bypass R5

    completely. An R2-R3-R4-R6 pre-signaled path could be created for node protection purposes, because

    in this case, we want to protect the node, rather than the link.

    Path protection would come into play if we had the path R1-R2-R5-R6 between R1 and R6 and we

    wanted to protect that path from end to end.

    Creating a Label-Switched Path between all the nodes in the domain might be cumbersome, so

    automesh and autotunnel features can streamline path creation and protection.

    MPLS Protection Schemes?

    There are two different ways to provide LSP protection:

    One-to-One Protection / Detour

    An individual backup path is fully signaled through RSVP for every LSP, at every point

    where protection is provided (i.e. every node).

    The label depth remains at 1, but this can involve a huge number of reservations, and can

    cause significant overhead.

    Many-to-One Protection / Facility Backup

    A single bypass LSP is created between two nodes to be protected.

    During a failure, multiple LSPs are rerouted over the bypass LSP.

    Also different types of failures that can be protected against:

    Link Protection / Next-Hop Backup

    A bypass LSP is created for every possible link failure.

    Node Protection / Next-Next-Hop Backup.

    A bypass LSP is created for every possible node (router) failure.

    MPLS with No Protection

    Figure 8 with No Protection

  • MPLS (Multiprotocol Label Switching)

    MPLS Link Protection

    MPLS Node Protection

    MPLS Link and Node Protection

    Figure 9 MPLS Link Protection

    Figure 10 MPLS Node Protection

    Figure 11 MPLS Link & Node Protection

  • MPLS (Multiprotocol Label Switching)

    Advantages of Label Switching?

    1. Cost Savings- Depending on the specific mix of applications, and network configuration, MPLS-

    based services can reduce costs by 10% to 25% over comparable data services (frame relay and

    ATM). As companies add voice and video traffic, cost savings can rise to as much as 40%

    networkwide.

    2. QOS Enablement- One of the primary benefits of MPLS-based services is the ability to support

    QoS, particularly key for companies that are rolling out voice and video.

    3. Improved Performance- Because of the any-to-any nature of MPLS services, network designers

    can reduce the number of hops between network points, which translates directly to increased

    response time and improved application performance.

    4. Disaster Recovery- MPLS-based services improve disaster recovery in a variety of ways. First and

    foremost, data centers and other key sites can be connected in multiply redundant ways to the

    cloud (and thus to other sites on the network). Secondly, remote sites can quickly and easily

    reconnect to backup locations if needed (unlike with ATM and frame networks, in which either

    switched or backup permanent-virtual-circuits are required). Thats why several benchmark

    participants listed flexibility for business recovery as a key justifier behind their MPLS rollouts.

    5. Futureproofing the Network- Most companies have come to the conclusion that MPLS

    represents the wave of the future. Investment in legacy WAN services (ATM, frame) has pretty

    much come to a standstill: Virtually no companies plan to invest in ATM or frame services within

    the next six to 12 months. As a result, companies increasingly say theyre planning to migrate to

    MPLS primarily to avoid being left behind.

    Downsides of MPLS?

    One major drawback is that it hides suboptimal topologies from BGP, where multiple exits may

    exist for the same route.

    For example:

    Say you peer with a major network in San Jose and Los Angeles.

    Traffic coming from Chicago would normally go directly to San Jose.

    But because of a capacity issue, the LSP is forced to go via Los Angeles first.

    In an IP network, the packet would probably be diverted to the local Los Angeles peer as it

    passes through Los Angeles.

    But MPLS will hide the suboptimal topology, the packet will continue to San Jose because thats

    what Chicago saw as the best exit.

    This can be a good or a bad thing depending on your goals.

  • MPLS (Multiprotocol Label Switching)

    MPLS and Traceroute?

    MPLS can also let you hide traceroute hops.

    Since you arent actually doing IP forwarding, there is no need to decrement the IP TTL field as

    you MPLS forward the packet.

    And if you dont, the LSP shows up as a single hop in traceroute.

    Some networks prefer this behavior, as it hides the internals of their network, and makes for

    shorter / prettier traceroutes.

    Some networks also run MPLS-only cores, which carry no IP routes.

    This presents a problem, since if they did want to show the hops in traceroute, the router cant

    do IP routing to return the ICMP TTL Exceed.

    To solve this problem, an icmp tunneling feature was implemented.

    If an ICMP message is generated inside an LSP, the ICMP message is carried all the way to the

    end of the LSP before being routed back.

    This can make traceroute look really weird, since you see all the hops along the LSP, but they all

    appear to have the same latency as the final hop. This causes much end-user confusion.

    Comparisons?

    MPLS can make use of existing ATM network or Frame Relay infrastructure, as its labeled flows can be

    mapped to ATM or Frame Relay virtual-circuit identifiers, and vice versa.

    With Frame Relay

    Frame Relay aimed to make more efficient use of existing physical resources, which allow for the

    underprovisioning of data services by telecommunications companies (telcos) to their customers, as

    clients were unlikely to be utilizing a data service 100 percent of the time. In more recent years, Frame

    Relay has acquired a bad reputation in some markets because of excessive bandwidth overbooking by

    these telcos.

    Telcos often sell Frame Relay to businesses looking for a cheaper alternative to dedicated lines; its use in

    different geographic areas depended greatly on governmental and telecommunication companies'

    policies.

    Many customers are likely to migrate from Frame Relay to MPLS over IP or Ethernet within the next two

    years, which in many cases will reduce costs and improve manageability and performance of their wide

    area networks.

    With ATM

    While the underlying protocols and technologies are different, both MPLS and ATM provide a

    connection-oriented service for transporting data across computer networks. In both technologies,

  • MPLS (Multiprotocol Label Switching)

    connections are signaled between endpoints, connection state is maintained at each node in the path,

    and encapsulation techniques are used to carry data across the connection. Excluding differences in the

    signaling protocols (RSVP/LDP for MPLS and PNNI: Private Network-to-Network Interface for ATM) there

    still remain significant differences in the behavior of the technologies.

    The most significant difference is in the transport and encapsulation methods. MPLS is able to work with

    variable length packets while ATM transports fixed-length (53 byte) cells. Packets must be segmented,

    transported and re-assembled over an ATM network using an adaptation layer, which adds significant

    complexity and overhead to the data stream. MPLS, on the other hand, simply adds a label to the head

    of each packet and transmits it on the network.

    Differences exist, as well, in the nature of the connections. An MPLS connection (LSP) is unidirectional

    allowing data to flow in only one direction between two endpoints. Establishing two-way

    communications between endpoints requires a pair of LSPs to be established. Because 2 LSPs are

    required for connectivity, data flowing in the forward direction may use a different path from data

    flowing in the reverse direction. ATM point-to-point connections (virtual circuits), on the other hand, are

    bidirectional, allowing data to flow in both directions over the same path (Both SVC and PVC ATM

    connections are bidirectional. Check ITU-T I.150 3.1.3.1).

    Both ATM and MPLS support tunneling of connections inside connections. MPLS uses label stacking to

    accomplish this while ATM uses virtual paths. MPLS can stack multiple labels to form tunnels within

    tunnels. The ATM virtual path indicator (VPI) and virtual circuit indicator (VCI) are both carried together

    in the cell header, limiting ATM to a single level of tunnelling.

    The biggest advantage that MPLS has over ATM is that it was designed from the start to be

    complementary to IP. Modern routers are able to support both MPLS and IP natively across a common

    interface allowing network operators great flexibility in network design and operation. ATM's

    incompatibilities with IP require complex adaptation, making it comparatively less suitable for today's

    predominantly IP networks.

    Evolution?

    MPLS has been originally proposed to allow high performance traffic forwarding and traffic engineering

    in IP networks. However it evolved in Generalized MPLS (GMPLS) to allow the creation of label-switched

    paths (LSPs) also in not native IP networks, such as SONET/SDH networks and wavelength switched

    optical networks.

    Competitors?

    MPLS can exist in both an IPv4 and an IPv6 environment (using appropriate routing protocols). The

    major goal of MPLS development was the increase of routing speed. Now, therefore, the main

    application of MPLS is to implement limited traffic engineering and layer 3 / layer 2 service provider

    type VPNs over IPv4 networks.

  • MPLS (Multiprotocol Label Switching)

    Besides GMPLS, the main competitors to MPLS are Shortest Path Bridging (SPB), Provider Backbone

    Bridges (PBB), and MPLS-TP. These also provide services such as service provider layer 2 and layer 3

    VPNs. L2TPv3 has been suggested as a competitor, but has not reached any wider success.

    Types?

    As long as we know these are the MPLS types:

    - MPLS VPN,

    - LV1 MPLS,

    - LV2 MPLS.