[123doc.vn] - Trien Khai Mpls VPN Tren He Thong Router Cua Cisco
Post on 10-Oct-2015
35 Views
Preview:
DESCRIPTION
Transcript
n tt nghip Mc lc
MC LC
MC LC..................................................................................................................... i
DANH MC HNH V............................................................................................... ii
DANH MC BNG BIU......................................................................................... iv
THUT NG VIT TT...........................................................................................v
LI NI U..........................................................................................................viii
CHNG I..................................................................................................................1
CNG NGH MPLS-VPN........................................................................................1
1.1 Gii thiu chung v VPN..................................................................................1
1.1.1 Khi nim VPN................................................................................................1
1.1.2 Chc nng v u im ca VPN......................................................................2
1.1.2.1 Chc nng .....................................................................................................2
1.1.2.2 u im ........................................................................................................3
1.1.3 Phn loi VPN..................................................................................................4
1.1.3.1 Mng VPN truy nhp t xa ..........................................................................5
1.1.3.2 Mng VPN cc b ........................................................................................7
1.1.3.3 Mng VPN m rng .....................................................................................8
1.1.3.4 Ti sao s dng cng ngh MPLS- VPN?....................................................9
1.2 Gii thiu chung v MPLS.............................................................................11
1.2.1 M hnh nh tuyn lp mng .......................................................................12
1.2.2 Cng ngh ATM v m hnh hng kt ni .................................................12
1.3 Cc thnh phn v hot ng ca MPLS......................................................14
1.3.1 Nhn ...............................................................................................................14
1.3.2 Mt phng d liu v iu khin IP...............................................................16
1.3.3 Mt phng iu khin v mt phng d liu MPLS......................................17
1.4 Cng ngh MPLS-VPN...................................................................................20
1.4.1 Cc thnh phn trong mng MPLS-VPN......................................................21
1.4.2 M hnh nh tuyn MPLS-VPN...................................................................22
1.4.3 Bng nh tuyn v chuyn tip o................................................................23
Nguyn Th Ti- D04VT1 i
n tt nghip Mc lc
1.5 Kt lun chng .............................................................................................23
CHNG II...............................................................................................................25
GII PHP TRIN KHAI MPLS-VPN.................................................................25
2.1 So snh MPLS-VPN v cc k thut VPN truyn thng .............................25
2.2 Bo mt trong mng MPLS-VPN .................................................................29
2.3 Cht lng dch v trong mng MPLS-VPN................................................31
2.4 Kh nng m rng v cc m hnh MPLS- VPN nng cao..........................36
2.4.1 M hnh MPLS-VPN Inter-AS ....................................................................37
2.4.1.1 Kt ni gia cc nh cung cp vi nhau.....................................................38
2.4.1.2 Kt ni gia cc AS vi nhau s dng BGP..............................................41
2.4.2 M hnh Carrier h tr Carrier - CSC............................................................41
2.5 Cc gii php trin khai MPLS-VPN............................................................44
2.5.1 Kt ni Internet v MPLS-VPN chia s.........................................................44
2.5.2 Kt ni Internet v MPLS-VPN chia s mt phn........................................45
2.5.3 Kt ni Internet v MPLS-VPN tch bit hon ton.....................................46
2.6 Kt lun chng .............................................................................................47
CHNG III.............................................................................................................50
TRIN KHAI MPLS-VPN TRN H THNG ROUTER CA CISCO.............50
3.1 Cc bc thc hin cu hnh MPLS- VPN....................................................50
3.2 Bi ton t ra v cch gii quyt .................................................................52
3.3 Trin khai MPLS-VPN trn h thng router ca Cisco...............................54
3.3.1 Trin khai MPLS-VPN trn h thng router ca Cisco trong m hnh MPLS-VPN Inter AS...........................................................................................................56
.....................................................................................................................................56
3.3.2 Trin khai MPLS-VPN trn h thng router ca Cisco trong m hnh MPLS-VPN CSC.................................................................................................................61
Trong thc t, c rt nhiu nh cung cp dch v ln cung cp back bone ca mnh cho cc nh cung cp dch v nh trin khai dch v ca mnh trn . M hnh CsC l m hnh MPLS VPN phn tng, cho php mt khch hng c th trin khai cng ngh MPLS VPN trn nn mng MPLS VPN ca mt nh cung cp dch v khc.........................................................................................................61
Nguyn Th Ti- D04VT1 ii
n tt nghip Mc lc
3.4 Kt lun chng .............................................................................................67
KT LUN.................................................................................................................67
Hin nay Vit Nam cc nh cung cp Internet ln nh VDC, Viettel, FPT, ... ang y nhanh xy dng h thng mng trc MPLS cung cp dch v MPLS-VPN ti khch hng. Hu ht cc cng ty, t chc mi thit lp ng truyn u hng n s dng MPLS-VPN thay v cc ng truyn khc. Nh vy c th thy xu hng kt ni mng trong nhng nm ti ch yu s l MPLS-VPN. ....67
Tuy nhin cn rt nhiu vn k thut phi quan tm va phn tch khi xy dng cu hnh bo m hot ng ca mng. Mt trong nhng vn quan trng cn quan tm l cn xc nh nguyn tc t chc ca nhng nt LSR trong mng, cn phn nh r rng giao din v chc nng ca tng thnh phn thit b trong mng li, mng bin cc vn v k thut lu lng (MPLS-TE), cc vn v cht lng dch v (MPLS-QoS). c bit l trin khai thc t vic lin kt mng MPLS-VPN gia cc nh cung cp dch v. y l cc vn cn pht trin v hng nghin cu tip theo ca n...............................................67
TI LIU THAM KHO.......................................................................................68
PH LC...................................................................................................................69
Ph lc A. Cu hnh cc router trong m hnh MPLS-VPN Inter AS...................69
Nguyn Th Ti- D04VT1 iii
n tt nghipDanh mc hnh v
DANH MC HNH V
Hnh 1.1 M hnh VPN................................................................................................1
Hnh 1.2 M hnh mng VPN truy nhp t xa........................................................6
Hnh 1.3 M hnh mng VPN cc b........................................................................7
Hnh 1.4 M hnh mng VPN m rng......................................................................8
Hnh 1.5 M hnh cung cp dch v VPN trn nn MPLS......................................10
Hnh 1.6 nh dng nhn.........................................................................................15
Hnh 1.7 Mt phng iu khin v mt phng d liu IP.......................................16
Hnh 1.8 Mt phng iu khin v d liu MPLS..................................................18
Hnh 1.9 Cc thnh phn trong mng MPLS-VPN................................................21
Hnh 1.10 Chc nng router PE..............................................................................23
Hnh 2.1 Kt ni trong mng VPN truyn thng.....................................................25
Hnh 2.2 M hinh ng QoS trong MPLS-VPN........................................................33
Hnh 2.3 M hinh voi QoS trong MPLS-VPN..........................................................34
Hnh 2.4 M hnh kt ni back-to-back VRF...........................................................39
Hnh 2.5 Phn phi route gia hai ASBR s dng giao thc external MP-BGP. .39
Hnh 2.7 Qu trnh truyn route trong gii php BGP Confederation..................41
Hnh 2.8 Kt ni MPLS-VPN chia s........................................................................45
Hnh 2.9 Kt ni Internet v MPLS-VPN chia s mt phn...................................46
Hnh 2.10 Kt ni Internet v MPLS-VPN tch bit hon ton.............................47
Hnh 3.1 Cc bc cu hnh MPLS- VPN................................................................50
Hnh 3.2 Cu hnh chuyn tip MPLS......................................................................50
Hnh 3.3 Cu hnh giao thc nh tuyn BGP trn cc router PE.........................51
Hnh 3.4 nh ngha VPN VRF v cc thuc tnh ca n.......................................51
Hnh 3.5 To MPLS-VPN t CE1 n CE2.............................................................52
Hnh 3.6 Qu trnh nh tuyn v gn nhn............................................................53
Hnh 3.7 Qu trnh chuyn tip v t nhn ...........................................................54
Hnh 3.7 M hnh MPLS- VPN Inter AS.................................................................56
Nguyn Th Ti- D04VT1 ii
n tt nghipDanh mc hnh v
Hnh 3.8 Giao din GNS3 vi m hnh MPLS-VPN Inter AS................................58
Hnh 3.9 M hnh MPLS-VPN CSC.........................................................................61
Hnh 3.10 Giao din GNS3 vi m hnh MPLS-VPN CSC.....................................63
Nguyn Th Ti- D04VT1 iii
n tt nghipDanh mc bng biu
DANH MC BNG BIU
Bng 2.1. So snh IP Sec-VPN v MPLS-VPN........................................................28
Nguyn Th Ti- D04VT1 iv
n tt nghipThut ng vit tt
THUT NG VIT TT
Thut ng Ting Anh Ting Vit
AAS Autonomous System H t tr
ASBR Autonomous System Boundary Router B nh tuyn bin trong h t tr
ATM Asynchronous Transfer ModeCh truyn dn khng ng b
B
BGP Border Gateway ProtocolGiao thc cng ng bin
C
CAC Connection Admission Controliu khin chp nhn kt ni
CoS Class of Service Lp dch v
CPE Customer Premise EquipmentThit b khch hng u tin
CPU Central Processing Unit Khi x l trung tm
DDDoS Distributed Denial Of Service Tn cng t chi dch v
DES Data Encryption StandardTiu chun m ha d liu
DiffServ Differentiated ServiceCc dch v c phn bit
DLCI Data Link Connection IdentiferNhn dng kt ni lin kt d liu
DSL Digital Subscriber Line ng dy thu bao s
E
Nguyn Th Ti- D04VT1 v
n tt nghipThut ng vit tt
EGP External Gateway Protocol Giao thc cng ngoi
F
FEC Fowarding Equivalent ClassLp chuyn tip tng ng
FR Frame Relay Chuyn tip khung
GGRE Generic Routing Encapsulation Gi nh tuyn chung
I
ICMP Internet Control Message ProtocolGiao thc bn tin iu khin Internet
IETF Internet Engineering Task ForceNhm tc v k thut Internet
IGP Interior Gateway Protocol Giao thc cng trong
IntServ Integrated ServiceCc dch v c tch hp
IP Internet Protocol Giao thc Internet
IPSec IP securityGiao thc bo mt giao thc Internet
IPX Internetwork Packet Exchange Tng i gi lin mng
ISDN Intergrated Services Digital Network Mng s dch v tch hp
IS-ISIntermediate System to Intermedia System
H thng trung gian n h thng trung gian
ISP Internet Service Provider Nh cung cp dch v
L
L2TP Layer 2 Tunneling ProtocolGiao thc ng hm lp 2
LAN Local Area Network Mng cc b
LDP Label Distribution Protocol Giao thc phn b nhn
Nguyn Th Ti- D04VT1 vi
n tt nghipThut ng vit tt
LFIB Label Forwarding Information BaseC s thng tin chuyn tip nhn
LSP Label Switched Pathng dn chuyn mch nhn
LSR Label Switch Router B nh tuyn chuyn mch nhn
MMP-iBGP Multi-protocol- iBGP a giao thc iBGP
MPLS Multiprotocol Label SwitchingChuyn mch nhn a giao thc
MTU Maximum Transmission Unit n v truyn dn ti a
O
OSPF Open Shortest Path FirstGiao thc ng i ngn nht u tin
PPBX Private Branch Exchange Tng i nhnh ring
POP Present of Point im hin din
PPTP Point-to-Point Tunneling ProtocolGiao thc ng hm im ti im
QQoS Quality of Service Cht lng dch v
RRD Route Distinguisher Tham s phn bit tuyn
RFC Request For Comment Yu cu kin
RSVP Resource Resevation ProtocolGiao thc dnh trc ti nguyn
T
TCP Transission Control Protocol Giao thc iu khin truyn dn
Nguyn Th Ti- D04VT1 vii
n tt nghipThut ng vit tt
TDP Tag Distribution Protocol Giao thc phn phi th
TE Traffic Engineering K thut lu lng
TTL Time To Live Thi gian sng
VVCI Virtual Circuit Identifier Nhn dng knh o
VNPT Vietnam Post & TelecommunicationsTng cng ty BCVT Vit Nam
VPI Virtual Path Identifier Nhn dng ng o
VPN Virtual Private Network Mng ring o
VRF Virtual Routing Forwardingnh tuyn chuyn tip o
WWAN Wide Area Network Mng din rng
Nguyn Th Ti- D04VT1 viii
n tt nghipLi ni u
LI NI U
S pht trin nhanh chng cc dch v IP v s bng n ca Internet hin nay
dn n mt lot s thay i trong nhn thc cng nh kinh doanh ca cc nh khai
thc. Giao thc IP thng tr ton b cc giao thc lp 3. H qu l tt c cc xu hng
pht trin u hng vo IP, lu lng ln nht hin nay trn mng trc hu ht u l
lu lng IP, dn n cc cng ngh lp di u c xu hng h tr cc dch v IP.
Nhu cu th trng cp bch cho mng tc cao v bo mt l c s cho mt lot cc
cng ngh, trong c MPLS-VPN.
Thng thng, mi cng ngh u c u im v nhc im ring. V th,
vic kt hp cc cng ngh tp hp cc u im ca cc cng ngh ny cng nh
khc phc cc nhc im ca tng cng ngh l hng nghin cu pht trin ca cc
nh cung cp dch v, vic kt hp ny nhm a ra mt cng ngh tng i hon
thin cung cp ti khch hng. iu ny ph hp vi xu hng tch hp cng ngh
trong thi i ngy nay.
Vic kt hp gia MPLS v VPN cng nm trong xu th ny. Vic kt hp ny
cho php tn dng cc u im v chuyn mch tin tin ca MPLS vi vic to ra cc
mng ring bo mt di dng cc ng hm ca VPN. ng thi khc phc c
cc nhc im ca MPLS v VPN.
n t vn nghin cu gii php kt hp MPLS v VPN, trn c s
xut gii php trin khai dich vu mang ring ao trn nn cng ngh chuyn mach nhan
a giao thc p dng cho thc t.
n chia lam 3 chng c tm tt nh sau:
Chng I: Cng ngh MPLS- VPN: Gii thiu v cng ngh VPN, MPLS. Cc
thnh phn v hot ng ca MPLS-VPN.
Chng II: So snh MPLS-VPN vi cc k thut VPN truyn thng. Cc vn
v bo mt v cht lng dch v trong mng MPLS- VPN. a ra kh nng m
rng v cc m hnh MPLS-VPN nng cao. Gii php trin khai MPLS-VPN.
Chng III: Trin khai MPLS-VPN trn h thng router ca Cisco.
Nguyn Th Ti- D04VT1 viii
n tt nghipLi ni u
Do nhiu mt cn hn ch nn ni dung ca ti khng trnh khi nhng sai
st. V trong qu trnh tm hiu cng mang nhiu tnh ch quan trong nhn nhn nn
khng trnh khi nhng hn ch. Em rt mong nhn c kin ng gp ca cc
thy c v bn c.
Em xin chn thnh cm n cc thy c gio to iu kin tt trong qu trnh
em thc hin n. c bit, em xin cm n s quan tm ca thc s Nguyn nh
Long tn tnh hng dn v gip em em c th hon thnh n ny.
Em xin chn thnh cm n!
Sinh vin thc hin
Nguyn Th Ti
Nguyn Th Ti- D04VT1 ix
n tt nghipLi ni u
CHNG I
CNG NGH MPLS-VPN
1.1 Gii thiu chung v VPN
1.1.1 Khi nim VPN
Mng ring o VPN c nh ngha l mt kt ni mng trin khai trn c s
h tng mng cng cng (nh mng Internet) vi cc chnh sch qun l v bo mt
ging nh mng cc b.
Hnh 1.1 M hnh VPN
Cc thut ng dng trong VPN nh sau:
Virtual- ngha l kt ni l ng, khng c gn cng v tn ti nh mt kt
ni khi lu lng mng chuyn qua. Kt ni ny c th thay i v thch ng vi
nhiu mi trng khc nhau v c kh nng chu ng nhng khuyt im ca
mng Internet. Khi c yu cu kt ni th n c thit lp v duy tr bt chp c
s h tng mng gia nhng im u cui.
Private- ngha l d liu truyn lun lun c gi b mt v ch c th b truy
cp bi nhng ngui s dng c trao quyn. iu ny rt quan trng bi v giao
Nguyn Th Ti- D04VT1 1
n tt nghipLi ni u
thc Internet ban u TCP/IP- khng c thit k cung cp cc mc bo
mt. Do , bo mt s c cung cp bng cch thm phn mm hay phn cng
VPN.
Network- l thc th h tng mng gia nhng ngi s dng u cui, nhng
trm hay nhng node mang d liu. S dng tnh ring t, cng cng, dy dn,
v tuyn, Internet hay bt k ti nguyn mng dnh ring khc sn c to nn
mng.
Khi nim mng ring o VPN khng phi l khi nim mi, chng tng
c s dng trong cc mng in thoi trc y nhng do mt s hn ch m cng
ngh VPN cha c c sc mnh v kh nng cnh tranh ln. Trong thi gian gn
y, do s pht trin ca mng thng minh, c s h tng mng IP lm cho VPN
thc s c tnh mi m. VPN cho php thit lp cc kt ni ring vi nhng ngi
dng xa, cc vn phng chi nhnh ca cng ty v i tc ca cng ty ang s dng
chung mt mng cng cng.
1.1.2 Chc nng v u im ca VPN
1.1.2.1 Chc nng
VPN cung cp ba chc nng chnh l: tnh xc thc (Authentication), tnh
ton vn (Integrity) v tnh bo mt (Confidentiality).
Tnh xc thc : thit lp mt kt ni VPN th trc ht c hai pha phi xc
thc ln nhau khng nh rng mnh ang trao i thng tin vi ngi mnh
mong mun ch khng phi l mt ngi khc.
Tnh ton vn : m bo d liu khng b thay i hay m bo khng c bt
k s xo trn no trong qu trnh truyn dn.
Tnh bo mt : Ngi gi c th m ho cc gi d liu trc khi truyn qua
mng cng cng v d liu s c gii m pha thu. Bng cch lm nh vy,
khng mt ai c th truy nhp thng tin m khng c php. Thm ch nu c
ly c th cng khng c c.
Nguyn Th Ti- D04VT1 2
n tt nghipLi ni u
1.1.2.2 u im
VPN mang li li ch thc s v tc thi cho cc cng ty. C th dng VPN
khng ch n gin ho vic thng tin gia cc nhn vin lm vic xa, ngi dng
lu ng, m rng Intranet n tng vn phng, chi nhnh, thm ch trin khai
Extranet n tn khch hng v cc i tc ch cht m cn lm gim chi ph cho
cng vic trn thp hn nhiu so vi vic mua thit b v ng dy cho mng WAN
ring. Nhng li ch ny d trc tip hay gin tip u bao gm: Tit kim chi ph
(cost saving), tnh mm do (flexibility), kh nng m rng (scalability) v mt s u
im khc.
Tit kim chi ph
Vic s dng mt VPN s gip cc cng ty gim c chi ph u t v chi ph
thng xuyn. Tng gi thnh ca vic s hu mt mng VPN s c thu nh, do ch
phi tr t hn cho vic thu bng thng ng truyn, cc thit b mng ng trc v
duy tr hot ng ca h thng. Gi thnh cho vic kt ni LAN-to-LAN gim t 20%
ti 30% so vi vic s dng ng thu ring truyn thng. Cn i vi vic truy cp
t xa gim t 60% ti 80%.
Tnh linh hot
Tnh linh hot y khng ch l linh hot trong qu trnh vn hnh v khai
thc m n cn thc s mm do i vi yu cu s dng. Khch hng c th s dng
kt ni T1, T3 gia cc vn phng v nhiu kiu kt ni khc cng c th c s
dng kt ni cc vn phng nh, cc i tng di ng. Nh cung cp dch v VPN
c th cung cp nhiu la chn cho khch hng, c th l kt ni modem 56 kbit/s,
ISDN 128 kbit/s, xDSL, T1, T3
Kh nng m rng
Do VPN c xy dng da trn c s h tng mng cng cng (Internet), bt
c ni no c mng cng cng l u c th trin khai VPN. M mng cng cng c
mt khp mi ni nn kh nng m rng ca VPN l rt linh ng. Mt c quan xa
c th kt ni mt cch d dng n mng ca cng ty bng cch s dng ng dy
in thoi hay DSLV mng VPN d dng g b khi c nhu cu.
Nguyn Th Ti- D04VT1 3
n tt nghipLi ni u
Kh nng m rng bng thng l khi mt vn phng, chi nhnh yu cu bng
thng ln hn th n c th c nng cp d dng.
Gim thiu cc h tr k thut
Vic chun ho trn mt kiu kt ni t i tng di ng n mt POP ca
ISP v vic chun ho cc yu cu v bo mt lm gim thiu nhu cu v ngun h
tr k thut cho mng VPN. V ngy nay, khi m cc nh cung cp dch v m
nhim cc nhim v h tr mng nhiu hn th nhng yu cu h tr k thut i vi
ngi s dng ngy cng gim.
Gim thiu cc yu cu v thit b
Bng vic cung cp mt gii php n cho cc x nghip truy cp bng quay s
truy cp Internet, VPN yu cu v thit b t hn, n gin hn nhiu so vi vic bo
tr cc modem ring bit, cc card tng thch (adapter) cho cc thit b u cui v
cc my ch truy cp t xa. Mt doanh nghip c th thit lp cc thit b khch hng
cho mt mi trng n, nh mi trng T1, vi phn cn li ca kt ni c thc
hin bi ISP. B phn T1 c th lm vic thit lp kt ni WAN v duy tr bng cch
thay i di modem v cc mch nhn ca Frame Relay bng mt kt ni din rng
n c th p ng nhu cu lu lng ca cc ngi dng t xa, kt ni LAN-LAN v
lu lng Internet cng mt lc.
p ng cc nhu cu thng mi
Cc sn phm dch v VPN tun theo chun chung hin nay, mt phn m
bo kh nng lm vic ca sn phm nhng c l quan trng hn l sn phm ca
nhiu nh cung cp khc nhau c th lm vic vi nhau.
i vi cc thit b v Cng ngh Vin thng mi th vn cn quan tm l
chun ho, kh nng qun tr, kh nng m rng, kh nng tch hp mng, tnh k
tha, tin cy v hiu sut hot ng, c bit l kh nng thng mi ca sn phm.
1.1.3 Phn loi VPN
Mc tiu t ra i vi cng ngh mng VPN l tho mn ba yu cu c bn
sau:
Nguyn Th Ti- D04VT1 4
n tt nghipLi ni u
Ti mi thi im, cc nhn vin ca cng ty c th truy nhp t xa hoc di
ng vo mng ni b ca cng ty.
Ni lin cc chi nhnh, vn phng di ng.
Kh nng iu khin c quyn truy nhp ca khch hng, cc nh cung cp
dch v hoc cc i tng bn ngoi khc.
Da vo nhng yu cu c bn trn, mng ring o VPN c phn lm ba
loi:
Mng VPN truy nhp t xa (Remote Access VPN)
Mng VPN cc b (Intranet VPN)
Mng VPN m rng (Extranet VPN)
1.1.3.1 Mng VPN truy nhp t xa
Cc VPN truy nhp t xa cung cp kh nng truy nhp t xa. Ti mi thi
im, cc nhn vin, chi nhnh vn phng di ng c kh nng trao i, truy nhp vo
mng ca cng ty. Kiu VPN truy nhp t xa l kiu VPN in hnh nht. Bi v,
nhng VPN ny c th thit lp bt k thi im no, t bt c ni no c mng
Internet.
VPN truy nhp t xa m rng mng cng ty ti nhng ngi s dng thng qua
c s h tng chia s chung, trong khi nhng chnh sch mng cng ty vn duy tr.
Chng c th dng cung cp truy nhp an ton t nhng thit b di ng, nhng
ngi s dng di ng, nhng chi nhnh v nhng bn hng ca cng ty. Nhng kiu
VPN ny c thc hin thng qua c s h tng cng cng bng cch s dng cng
ngh ISDN, quay s, IP di ng, DSL v cng ngh cp, v thng yu cu mt vi
kiu phn mm client chy trn my tnh ca ngi s dng.
Nguyn Th Ti- D04VT1 5
n tt nghipLi ni u
Hnh 1.2 M hnh mng VPN truy nhp t xa
Cc u im ca mng VPN truy nhp t xa so vi cc phng php truy nhp
t xa truyn thng nh:
Mng VPN truy nhp t xa khng cn s h tr ca nhn vin mng bi
v qu trnh kt ni t xa c cc ISP thc hin.
Gim c cc chi ph cho kt ni t khong cch xa bi v cc kt ni
khong cch xa c thay th bi cc kt ni cc b thng qua mng Internet.
Cung cp dch v kt ni gi r cho nhng ngi s dng xa.
Bi v cc kt ni truy nhp l ni b nn cc Modem kt ni hot ng
tc cao hn so vi cc truy nhp khong cch xa.
VPN cung cp kh nng truy nhp tt hn n cc site ca cng ty bi v
chng h tr mc thp nht ca dch v kt ni.
Mc d c nhiu u im nhng mng VPN truy nhp t xa vn cn nhng
nhc im c hu i cng nh:
Mng VPN truy nhp t xa khng h tr cc dch v m bo QoS.
Nguy c b mt d liu cao. Hn na, nguy c cc gi c th b phn
pht khng n ni hoc mt gi.
Bi v thut ton m ho phc tp, nn tiu giao thc tng mt cch
ng k.
Nguyn Th Ti- D04VT1 6
n tt nghipLi ni u
1.1.3.2 Mng VPN cc b
Cc VPN cc b c s dng bo mt cc kt ni gia cc a im khc
nhau ca mt cng ty. Mng VPN lin kt tr s chnh, cc vn phng, chi nhnh trn
mt c s h tng chung s dng cc kt ni lun c m ho bo mt. iu ny cho
php tt c cc a im c th truy nhp an ton cc ngun d liu c php trong
ton b mng ca cng ty.
Nhng VPN ny vn cung cp nhng c tnh ca mng WAN nh kh nng
m rng, tnh tin cy v h tr cho nhiu kiu giao thc khc nhau vi chi ph thp
nhng vn m bo tnh mm do. Kiu VPN ny thng c cu hnh nh l mt
VPN Site- to- Site.
Hnh 1.3 M hnh mng VPN cc b
Nhng u im chnh ca mng cc b da trn gii php VPN bao gm:
Cc mng li cc b hay ton b c th c thit lp (vi iu kin mng
thng qua mt hay nhiu nh cung cp dch v).
Gim c s nhn vin k thut h tr trn mng i vi nhng ni xa.
Bi v nhng kt ni trung gian c thc hin thng qua mng Internet, nn
n c th d dng thit lp thm mt lin kt ngang cp mi.
Tit kim chi ph thu c t nhng li ch t c bng cch s dng
ng ngm VPN thng qua Internet kt hp vi cng ngh chuyn mch tc
cao. V d nh cng ngh Frame Relay, ATM.
Nguyn Th Ti- D04VT1 7
n tt nghipLi ni u
Tuy nhin mng cc b da trn gii php VPN cng c nhng nhc im i
cng nh:
Bi v d liu c truyn ngm qua mng cng cng mng Internet
cho nn vn cn nhng mi e da v mc bo mt d liu v mc cht
lng dch v (QoS).
Kh nng cc gi d liu b mt trong khi truyn dn vn cn kh cao.
Trng hp truyn dn khi lng ln d liu, nh l a phng tin, vi yu
cu truyn dn tc cao v m bo thi gian thc l thch thc ln trong mi
trng Internet.
1.1.3.3 Mng VPN m rng
Khng ging nh mng VPN cc b v mng VPN truy nhp t xa, mng VPN
m rng khng b c lp vi th gii bn ngoi. Thc t mng VPN m rng cung
cp kh nng iu khin truy nhp ti nhng ngun ti nguyn mng cn thit m
rng nhng i tng kinh doanh nh l cc i tc, khch hng, v cc nh cung
cp
Hnh 1.4 M hnh mng VPN m rng
Cc VPN m rng cung cp mt ng hm bo mt gia cc khch hng, cc
nh cung cp v cc i tc qua mt c s h tng cng cng. Kiu VPN ny s dng
cc kt ni lun lun c bo mt v c cu hnh nh mt VPN SitetoSite. S
Nguyn Th Ti- D04VT1 8
n tt nghipLi ni u
khc nhau gia mt VPN cc b v mt VPN m rng l s truy cp mng c
cng nhn mt trong hai u cui ca VPN.
Nhng u im chnh ca mng VPN m rng:
Chi ph cho mng VPN m rng thp hn rt nhiu so vi mng truyn thng.
D dng thit lp, bo tr v d dng thay i i vi mng ang hot ng.
V mng VPN m rng c xy dng da trn mng Internet nn c nhiu
c hi trong vic cung cp dch v v chn la gii php ph hp vi cc nhu cu
ca mi cng ty hn.
Bi v cc kt ni Internet c nh cung cp dch v Internet bo tr, nn
gim c s lng nhn vin k thut h tr mng, do vy gim c chi ph
vn hnh ca ton mng.
Bn cnh nhng u im trn gii php mng VPN m rng cng cn nhng
nhc im i cng nh:
Kh nng bo mt thng tin, mt d liu trong khi truyn qua mng cng
cng vn tn ti.
Truyn dn khi lng ln d liu, nh l a phng tin, vi yu cu truyn
dn tc cao v m bo thi gian thc, l thch thc ln trong mi trng
Internet.
Lm tng kh nng ri ro i vi cc mng cc b ca cng ty.
1.1.3.4 Ti sao s dng cng ngh MPLS- VPN?
Xu hng ton cu ha buc cc doanh nghip, cc t chc ngy cng phi
hiu qu ha h thng thng tin ca chnh mnh. Cc Cng ty ln, cc tp on xuyn
quc gia hin nay thng c h thng tr s, chi nhnh ri rng trn khp th gii.
Mt s ngnh c th nh vin thng, ngn hng, ti chnhnhu cu kt ni, giao
dch thng tin gia cc chi nhnh, gia Cng ty v cc i tc l rt ln. Do vic
phi s dng mt mng kt ni - trao i thng tin ring (WAN) trong ni b Cng ty
c nhiu chi nhnh l v cng quan trng. Vic kt ni cc Cng ty, t chc vi nhau
Nguyn Th Ti- D04VT1 9
n tt nghipLi ni u
bng phng thc bo mt, tin cy cng c ngha quan trng v cc thng tin trao i
c nhiu thng tin nhy cm nh chin lc kinh doanh, k hoch ti chnh,
m bo cc thng tin truyn i gia cc khu vc a l khc nhau c bo
mt, iu kin tin quyt cn phi c mng ng trc p ng c cc yu cu v
bo mt, v d liu khi c lu chuyn trn mng din rng d b l nht. Do vic
xy dng mng ng trc c n nh v an ton cao lun l yu t quan trng vi
cc nh cung cp dch v Internet.
Vi cc cng ngh mng trc y nh Leased Line hoc Frame Relay hoc
VPN, kt ni gia cc chi nhnh vi Vn phng, doanh nghip s phi u t chi
ph rt ln v c thit b mng cng nh chi ph s dng. Tuy nhin, do hn ch v
cng ngh, cng ngh mng truyn thng ny rt phc tp, kh qun tr, v kh nng
m rng mng kh khn.
Gii php MPLS-VPN c ng dng trin khai vi mc tiu to ra mt gii
php mng an ton bo mt ti u, tr thp, v tch hp vi mi ng dng d liu
nh Data, Voice, Video
Hnh 1.5 M hnh cung cp dch v VPN trn nn MPLS
Khc vi cc cng ngh VPN trn Internet (PPTP, L2TP, VPN IPsec), c ch
ng hm c thit lp hon ton trong MPLS core ca nh cung cp dch v.
Nguyn Th Ti- D04VT1 10
n tt nghipLi ni u
Mi kt ni VPN s thit lp mt ng hm ring bit bng c ch gn nhn v
chuyn tip gi IP. Mi kt ni VPN ch nhn mt gi tr nhn duy nht do thit b
nh tuyn MPLS trong mng cung cp, do vy, mi ng hm trong MPLS core
l ring bit hon ton. Vi kh nng che giu a ch mng li (MPLS core), mi
tn cng mng (Hacker) nh DDoS, IP snoofing, Label snoofing... s c gim
thiu ti a.
Cc u im ni bt ca cng ngh MPLS-VPN trong mng ng trc:
p ng m hnh im a im: Cho php kt ni mng ring vi
ch 1 ng knh vt l duy nht.
Bo mt an ton: Bo mt tuyt i trn mng MPLS core.
Kh nng m rng n gin: Mi cu hnh kt ni u thc hin ti
mng MPLS core, thnh vin mng khng cn bt k mt cu hnh no.
Tc cao, a ng dng v cam kt QoS: MPLS-VPN cho php
chuyn ti d liu ln ti tc Gbps qua h thng truyn dn cp quang. Khng ch
l Data, MPLS-VPN c th trin khai y cc ng dng v thi gian thc nh
VoIP, Video Conferencing vi tr thp nht. Cung cp cc kh nng cam kt tc
v bng thng ti thiu ( QoS).
Cng ngh MPLS c th s dng kt hp vi nhiu cng ngh khc nh IP,
ATM, tuy nhin ng dng ng ch nht hin nay l s dng MPLS trong mng IP
xy dng mng ring o phc v cho nhu cu kt ni ca cc t chc v doanh
nghip. Vi kh nng qun l v m rng d dng v da trn c s hng tng Internet
hin c, ng dng ny ang c pht trin rt mnh m ti nhiu khi ngnh: cc
doanh nghip, cc t chc ti chnh, ngn hngc bit l cc t chc yu cu tin
cy v bo mt d liu mc cao.
y chnh l cc c s thc t n chn nghin cu gii php trin khai
MPLS-VPN.
1.2 Gii thiu chung v MPLS
Chuyn tip gi IP truyn thng phn tch a ch IP ch cha trong tiu ca
lp mng mi gi. Mi b nh tuyn phn tch a ch ch c lp mi chng
Nguyn Th Ti- D04VT1 11
n tt nghipLi ni u
trong mng. Giao thc nh tuyn ng hay tnh khi xy dng c s d liu cn phi
phn tch a ch IP ch to ra bng nh tuyn. Qu trnh ny gi l nh tuyn
unicast tng chng da trn ch n ca cc gi tin. Vic nh tuyn bng cc giao
thc phi kt ni p ng c nhu cu n gin ca khch hng. Khi mng Internet
pht trin v m rng, lu lng Internet trn mng bng n, phng thc chuyn tip
gi hin ti t ra khng hiu qu, mt tnh linh hot. Do cn mt k thut mi
gn a ch v m rng cc chc nng ca cu trc mng da trn IP.
MPLS l kt qu ca qu trnh pht trin nhiu gii php chuyn mch IP vi
nhng c gng kt hp cc u im ca c hai cng ngh IP v ATM.
1.2.1 M hnh nh tuyn lp mng
Trong mi trng phi kt ni truyn thng khng phi s dng cc bn tin bo
hiu thit lp kt ni, phng thc chuyn tin l chuyn tng chng mt. Tt c cc
gi tin c chuyn i da trn cc giao thc nh tuyn lp mng (nh giao thc tm
ng ngn nht [OSPF] hay giao thc cng bin [BGP]), hay nh tuyn tnh. Cc
router x l tt c cc gi tin nh nhau v c quyn hu b cc gi tin m khng cn
bt k thng bo no cho c bn gi v bn nhn. Chnh v vy, IP ch cung cp cc
dch v c bit vi n lc ti a ch khng thch hp cho cc dch v c yu cu
nghim ngt v QoS. C ch phi kt ni gy kh khn trong vic iu khin lung v
phn b lu lng mng lm tc nghn ti cc nt mng. Cc nh cung cp dch v
Internet (ISP) x l bng cch tng dung lng cc kt ni v nng cp router nhng
hin tng nghn mch vn xy ra. L do l cc giao thc nh tuyn Internet thng
hng lu lng vo cng mt s cc kt ni nht nh dn ti cc kt ni ny b qu
ti trong khi mt s khu vc khc ti nguyn khng c s dng. y l tnh trng
phn b ti khng ng u v s dng lng ph ti nguyn mng. Tuy nhin, bn cnh
hn ch nh vy, m hnh phi kt ni cng c nhng u im, l: kh nng nh
tuyn gi tin mt cch c lp v c cu nh tuyn, chuyn tin n gin, hiu qu,
nn m hnh phi kt ni rt ph hp vi cc lung c thi gian kt ni chm.
1.2.2 Cng ngh ATM v m hnh hng kt ni
ATM l cng ngh chuyn mch hng kt ni, tc l kt ni t im u n
im cui phi c thit lp trc khi thng tin c gi i. Vic to kt ni mch o
Nguyn Th Ti- D04VT1 12
n tt nghipLi ni u
c th t hiu qu trong mng nh, nhng i vi mng ln th nhng vn c th
xy ra: Mi khi mt router mi a vo mng li WAN th mch o phi c thit
lp gia router ny vi cc router cn li m bo vic nh tuyn ti u. iu ny
lm lu lng nh tuyn trong mng tng. Thng thng vic thit lp kt ni ny
c thc hin bi giao thc bo hiu. Giao thc ny cung cp cc thng tin trng thi
lin quan n kt ni cho cc chuyn mch nm trn ng nh tuyn. Chc nng
iu khin chp nhn kt ni CAC m bo rng cc ti nguyn lin quan n kt ni
hin ti s khng c a vo s dng cho cc kt ni mi. iu ny buc mng
phi duy tr trng thi ca tng kt ni (bao gm thng tin v s tn ti ca kt ni v
ti nguyn m kt ni s dng) ti cc node c d liu i qua. Vic la chn tuyn
c thc hin da trn cc yu cu v QoS i vi kt ni v da trn kh nng ca
thut ton nh tuyn trong vic tnh ton cc tuyn c kh nng p ng cc yu cu
QoS . Do kh nng nhn dng mng, kh nng c lp tng kt ni vi cc ti
nguyn lin quan n kt ni trong sut thi gian tn ti ca kt ni m mi trng
hng kt ni c th m bo cht lng cho tng lung thng tin. Mng s gim st
tng kt ni, thc hin nh tuyn li trong trng hp c s c v vic thc hin nh
tuyn li ny cng phi thng qua bo hiu.
T c ch truyn tin ta thy mng hng kt ni thch hp vi cc ng dng
yu cu phi m bo QoS mt cch nghim ngt v cc ng dng c thi gian kt ni
ln. i vi cc ng dng c thi gian kt ni ngn th mi trng hng kt ni
dng nh khng thch hp do thi gian thit lp kt ni cng nh t l phn thng
tin header ln. Vi cc loi lu lng nh vy th mi trng phi kt ni vi phng
thc nh tuyn n gin, trnh phi s dng cc giao thc bo hiu phc tp s ph
hp hn.
Nh vy cn c mt phng thc chuyn mch c th phi hp u im ca IP
(nh c cu nh tuyn) v ca ATM (nh phng thc chuyn mch). thc s ph
hp vi mng a dch v th c hai cng ngh ATM v IP u phi c nhng thay i,
c th l a thm kh nng phi kt ni vo cng ngh ATM, v kh nng hng kt
ni vo cng ngh IP.
Nguyn Th Ti- D04VT1 13
n tt nghipLi ni u
1.3 Cc thnh phn v hot ng ca MPLS
Phng php chuyn mch nhn gip cc b nh tuyn ra quyt nh theo ni
dung nhn tt hn vic nh tuyn phc tp theo a ch IP ch. MPLS l mt cng
ngh kt hp c im tt nht gia nh tuyn lp ba v chuyn mch lp hai cho
php chuyn ti gi tin rt nhanh trong mng li (core) v nh tuyn tt mng bin
(edge) bng cch da vo nhn. MPLS l mt phng php ci tin vic chuyn tip
gi tin trn mng bng cc nhn c gn vi mi gi IP, t bo ATM, hoc frame lp
hai. MPLS cho php cc ISP cung cp nhiu dch v khc nhau m khng cn phi b
i nn tng c s h tng sn c. Cu trc MPLS c tnh mm do trong s phi hp
vi cc cng ngh hin ang s dng. MPLS h tr mi giao thc lp 2 v trin khai
hiu qu cc dch v IP trn mt mng chuyn mch IP. MPLS h tr vic to ra cc
tuyn khc nhau gia ngun v ch trn mt ng trc Internet, bng vic tch hp
MPLS vo kin trc mng. Cc ISP c th gim chi ph v tng li nhun, cung cp
nhiu dch v khc nhau v t c hiu qu cnh tranh cao. c im ca mng s
dng cng ngh MPLS l:
MPLS ch nm trn cc b nh tuyn.
Khng c thnh phn giao thc pha khch hng.
MPLS l mt giao thc c lp c th hot ng cng vi cc giao thc khc
IP, IPX, ATM, Frame Relay
MPLS lm n gin ha qu trnh nh tuyn v lm tng tnh linh ng ca
tng trung gian.
im khc bit quan trng gia MPLS v k thut WAN truyn thng l cch
gn nhn v kh nng gn mt chng nhn (stack of label) vo gi tin. Khi nim
chng nhn m ra nhng ng dng mi, nh qun l lu lng, mng ring o.
1.3.1 Nhn
Nhn l mt thc th c di ngn v khng c cu trc bn trong. Nhn
khng trc tip m ho thng tin ca mo u lp mng nh a ch lp mng. Nhn
c gn vo mt gi tin c th s i din cho FEC (Forwarding Equivalence Class-
lp chuyn tip tng ng) m gi tin c n nh.
Nguyn Th Ti- D04VT1 14
n tt nghipLi ni u
Dng ca nhn ph thuc vo phng thc truyn gi tin ca lp 2. V d cc
t bo ATM s dng gi tr VPI/VCI nh nhn, Frame Relay s dng DLCI lm nhn.
i vi cc phng tin gc khng c cu trc nhn, mt trng m c chm
thm vo s dng lm nhn. Khun dng trng m 4 byte c cu trc nh sau:
Hnh 1.6 nh dng nhn
ngha ca cc trng nh sau:
Label: c di 20 bit, cha gi tr nhn MPLS.
EXP: c di 3 bit, biu th nhm dch v, tc ng n thut ton xp
hng i v loi b vi gi tin.
S : c di 1 bit. MPLS cung cp kh nng s dng ngn xp nhn, c
ngha l nhiu nhn c gn vo mt gi tin. Khi mt nhn cha bit S c gi
tr 1 th n l nhn cui cng, nm y ca ngn xp nhn (tnh theo chiu t
mo u lp 2 n mo u lp 3). Thao tc nh tuyn c thc hin da trn
thng tin ca nhn nm trn nh ngn xp.
TTL: c di 8 bit, c chc nng ging trng TTL trong mo u gi IP,
n quyt nh s nt trn mng m gi tin c th i qua trc khi b loi b
nhm trnh s quay vng ca gi tin trn mng. i vi cc khung PPP hay
Ethernet gi tr nhn dng giao thc c chn thm vo u mo khung tng
ng thng bo khung l MPLS unicast hay multicast.
Nhn c gn thm vo gi tin IP khi gi i vo mng MPLS. Nhn c tch
ra khi gi ra khi mng MPLS. Nhn c chn vo gia tip u lp ba v tip u
lp 2. S dng nhn trong qu trnh gi gi sau khi thit lp ng i. MPLS tp
trung vo qu trnh hon i nhn. Mt trong nhng th mnh ca MPLS l t nh
ngha chng nhn.
Nguyn Th Ti- D04VT1 15
n tt nghipLi ni u
Chuyn tip gi tin trong MPLS hon ton tng phn vi mi trng mng v
hng ngy nay, ni m cc gi tin c phn tch theo tng chng (hop-by-hop), tip
u lp 3 c kim tra, v mt quyt nh chuyn tip c lp c to ra da trn
thng tin c trch ra t gii thut nh tuyn lp mng.
1.3.2 Mt phng d liu v iu khin IP
Trong mi trng mng IP, mt phng iu khin l tp hp phn mm v hoc
phn cng trong cc b nh tuyn, v thng c dng iu khin cc hot ng
ca mng nh nh tuyn, khi phc khi c li... Cng vic ca mt phng iu khin
l cung cp cc dch v cho mt phng d liu. y l mt phng chu trch nhim
truyn d liu qua b nh tuyn.
Hnh 1.7 Mt phng iu khin v mt phng d liu IP
Trn cc giao thc Internet, cc mt phng iu khin chnh l cc giao thc
nh tuyn (OSPF, IS-IS, BGP,...) cho php IP (trong mt phng d liu) c th c
chuyn tip ng. Cc bn tin iu khin c thay i gia cc router thc hin
mt lot cc cng vic khc nhau, bao gm:
Trao i cc bn tin gia cc nt thit lp mt s nht tr v cc tham
s nh tuyn (bao gm c s ng v bo mt).
Trao i cc bn tin mt cch tun hon bit chc l nt lng ging
ang hot ng hay khng.
Nguyn Th Ti- D04VT1 16
n tt nghipLi ni u
Trao i cc bn tin qung b a ch v nh tuyn xy dng cc
bng nh tuyn s dng cho mc ch chuyn tip IP.
Trong hnh 1.7 mi tn ch t mt phng iu khin n bng nh tuyn c
ngha rng con ng nh tuyn c tm ra bi cc giao thc nh tuyn c lu
tr trong bng nh tuyn. Mi tn hai chiu gia bng nh tuyn v mt phng d
liu c ngha IP qun l bng nh tuyn thc hin hot ng chuyn tip ca n.
1.3.3 Mt phng iu khin v mt phng d liu MPLS
Cu trc c chia ra thnh hai thnh phn ring bit: thnh phn chuyn tip -
forwarding (hay cn gi l mt phng d liu - data plane), v thnh phn iu khin -
control (hay cn gi l mt phng iu khin - control plane). Thnh phn chuyn tip
s dng c s d liu chuyn tip nhn (c duy tr bi mt switch nhn) thc
hin chuyn tip cc gi d liu da vo vic gn nhn cc gi tin. Thnh phn iu
khin chu trch nhim v vic to v duy tr thng tin chuyn tip nhn gia mt
nhm cc switch nhn lin kt vi nhau.
Nguyn Th Ti- D04VT1 17
n tt nghipLi ni u
Hnh 1.8 Mt phng iu khin v d liu MPLS
Hnh 1.8 biu din cu trc v chc nng c bn ca mt node MPLS thc hin
nh tuyn IP.
Mt phng iu khin: ti y cc giao thc nh tuyn lp 3 thit lp
cc ng i c s dng cho vic chuyn tip gi tin. Mt phng iu khin p
ng cho vic to ra v duy tr thng tin chuyn tip nhn gia cc router chy MPLS
(cn gi l binding ).
Mt phng d liu: s dng c s d liu chuyn tip nhn c duy tr
bi cc router chy MPLS thc hin vic chuyn tip cc gi tin da trn thng tin
nhn.
Mi MPLS node chy mt hoc nhiu giao thc nh tuyn IP (hoc c th s
dng nh tuyn tnh) trao i thng tin nh tuyn vi MPLS node khc trong
mng. Trong MPLS, bng nh tuyn IP c s dng quyt nh vic trao i
nhn, ti cc node MPLS cn k trao i nhn vi nhau theo tng subnet ring bit
c trong bng nh tuyn. Vic trao i nhn ny c thc hin bng hai giao thc l
TDP v LDP. TDP l sn phm ca Cisco, LDP l phin bn ca TDP nhng do IETF
to nn. Tin trnh iu khin nh tuyn IP MPLS s dng vic trao i nhn vi cc
node MPLS xy dng thnh bng chuyn tip nhn, bng ny l c s d liu ca
mt phng d liu c s dng chuyn tip cc gi tin c gn nhn qua mng
MPLS.
Nh vy cng vic chnh ca mt phng iu khin l qung b nhn, a ch v
gn chng li vi nhau -c ngha l kt mt nhn n mt a ch. B nh tuyn
chuyn mch nhn (LSR) l mt router c cu hnh h tr MPLS. LSR s dng
thng tin trong bng chuyn tip nhn c bn (LFIB) x l mt gi MPLS n, nh
xc nh nt k tip m s nhn gi ny. LFIB i vi MPLS nh mt bng nh tuyn
i vi IP. Nhiu giao thc c th hot ng trn mt phng iu khin ca MPLS,
RSVP c m rng cho php s dng giao thc ny qung b, phn phi, v
kt nhn cho a ch IP. S m rng giao thc ny gi l RSVP-TE. Mt giao thc c
tn l giao thc phn phi nhn (LDP) l mt tu chn khc cho vic thc thi trn mt
phng MPLS. Chng ta c th m rng cc giao thc khc nh OSPF v BGP, chng
Nguyn Th Ti- D04VT1 18
n tt nghipLi ni u
cng hot ng trn mt phng iu khin l cc giao thc OSPF-E, BGP-E. Cc
bn tin iu khin c trao i gia cc LSR thc hin mt lot cc hot ng,
bao gm:
Trao i cc bn tin gia cc nt thit lp mi quan h (bao gm c bo
mt). Sau khi hot ng ny hon thnh, nt c gi l cc LSR ngang cp
(LSR peer).
Trao i cc bn tin mt cch tun hon (gi l bt tay) chc chn nt
lng ging c hot ng hay khng.
Trao i cc bn tin v nhn v a ch kt a ch vi nhn v xy dng
bng chuyn tip (LFIB), m c s dng bi mt phng d liu MPLS
chuyn tip cc lung lu lng.
Sau khi cc nt MPLS trao i cc nhn v a ch IP cho nhau, chng s kt
cc nhn v a ch vi nhau. Sau , mt phng d liu ca MPLS s chuyn tt c d
liu nhn c bng vic xem xt nhn c gn trong tiu ca gi. a ch IP
khng c xem xt cho n khi gi i ra khi mng, nhn sau b loi b, v a
ch IP li c s dng li trong mt phng d liu IP ti cc nt khng c ci t
hot ng MPLS n ngi dng cui cng.
Mi nt MPLS phi chy mt hay nhiu giao thc nh tuyn IP (hoc da vo
nh tuyn tnh) trao i thng tin nh tuyn IP vi cc node MPLS khc trong
mng. Trong trng hp ny, mi nt MPLS l mt router IP trn mt phng iu
khin.
Trong mt nt MPLS, bng nh tuyn IP c s dng xc nh nhn bt
buc trao i, ni m nt MPLS gn k trao i nhn cho tng subnet nm trong bng
nh tuyn IP. Nhn bt buc trao i cho vic nh tuyn IP da trn ch n xc
nh c thc hin s dng giao thc c quyn ca Cisco phn phi nhn (Tag
Distribution Protocol - TDP) hoc chun IETF l giao thc phn phi nhn (Label
Distribution Protocol - LDP).
Qu trnh iu khin nh tuyn IP MPLS s dng cc nhn trao i vi cc
node gn k xy dng bng chuyn tip nhn (Label Forwarding Table - LFT), l
Nguyn Th Ti- D04VT1 19
n tt nghipLi ni u
c s d liu mt phng chuyn tip c s dng chuyn tip cc gi tin c gn
nhn thng qua mng MPLS.
1.4 Cng ngh MPLS-VPN
C hai m hnh VPN chnh l:
VPN xp chng (overlay)
VPN ngang hng (peer-to-peer).
M hnh VPN overlay, c s dng ph bin nht trong mng ca nh cung
cp dch v, thit k v cung cp cc knh o phc v cho bt k lung lu lng no
thng qua mng xng sng. Trong trng hp ca mt mng IP, iu ny c ngha l
nu cng ngh c s l kt ni v hng (connectionless), n cng gn nh yu cu
mt dch v kt ni c hng (connection-oriented). Nhn t pha nh cung cp dch
v, tnh linh hot ca m hnh VPN overlay s b gim i ng k khi phi qun l v
cung cp mt s lng ln cc knh/ng hm gia cc thit b ca khch hng.
Nhn t pha khch hng, vic thit k giao thc cng vo pha trong (Interior
Gateway Protocol) l phc tp v cng rt kh qun l.
M hnh VPN peer-to-peer thiu s c lp gia cc khch hng v s cn thit
v khng gian a ch IP lin kt gia cc thit b ca h.
Vi vic a ra giao thc chuyn mch nhn a giao thc MPLS, c s kt hp
ca chuyn mch lp 2 vi nh tuyn v chuyn mch lp 3, n to ra kh nng xy
dng mt k thut kt hp nhng u im ca VPN overlay (nh l tnh bo mt v s
bit lp gia cc khch hng) v nhng u im nh tuyn n gin khi thc hin m
hnh VPN peer-to-peer em n. K thut mi c gi l MPLS-VPN, lm cho vic
nh tuyn ca khch hng n gin hn v kh nng cung cp ca nh cung cp dch
v cng n gin hn. MPLS cng b sung mt s nhng u im mi ca mt kt
ni gn nh c hng vo mu nh tuyn IP, thng qua vic thit lp cc ng
chuyn mch nhn (LSP-Label Switched Path).
Cu trc MPLS-VPN cung cp kh nng to ra mt mng ring thng qua mt
c s h tng chung. Tuy nhin cc phng php c dng cung cp dch v li
khc nhau.
Nguyn Th Ti- D04VT1 20
n tt nghipLi ni u
1.4.1 Cc thnh phn trong mng MPLS-VPN
V c bn cu trc t chc ca mt mng d liu ng dng cng ngh chuyn
mch nhn IP/MPLS c m t nh trong hnh 1.9.
MPLS Domain
CE router PE router CE routerPE router
E-LSR LSR LSR
P router 1 P router 2
C Network(Customer Control) P Network (Provider control)
C Network(Customer Control)
LDP
Hnh 1.9 Cc thnh phn trong mng MPLS-VPN
C nhiu thnh phn c nh ngha trong cu trc MPLS-VPN. Cc thnh
phn ny thc hin nhng chc nng khc nhau nhng kt hp vi nhau cu thnh
mng MPLS-VPN, bao gm:
Provider network (P-network): Mng nh cung cp, mng li MPLS/IP c
qun tr bi nh cung cp dch v.
Provider router (P-router): L router chy trong mng li ca nh cung cp,
cung cp vic vn chuyn dc mng backbone v khng mang cc route ca
khch hng.
Nguyn Th Ti- D04VT1 21
n tt nghipLi ni u
Provider edge router (PE-router): Router bin ca mng backbone, n cung
cp phn phi cc route ca khch hng v thc hin p ng cc dch v cho
khch hng t pha nh cung cp.
Autonomous system boundary router (ASBR-router) : Router bin trong mt
AS no , n thc hin vai tr kt ni vi mt AS khc. AS ny c th c cng
hoc khc nh iu hnh.
Customer network (C-network): y l phn c khch hng iu khin.
Customer edge router (CE-router): Router khch hng ng vai tr nh l
gateway gia mng C v mng P. Router CE c qun tr bi khch hng hoc
c th c nh cung cp dch v qun l. Cc phn lin tc ca mng C c
gi l site v c ni vi mng P thng qua router CE.
1.4.2 M hnh nh tuyn MPLS-VPN
MPLS-VPN ging nh m hnh mng ngang cp vi router dnh ring. T mt
router CE, ch cp nht IPv4, d liu c chuyn tip n router PE. CE khng cn
bt k mt cu hnh ring bit no cho php n tham gia vo min MPLS-VPN. Yu
cu duy nht trn CE l mt giao thc nh tuyn (hay tuyn tnh(static)/tuyn ngm
nh (default)) cho php n trao i thng tin nh tuyn IPv4 vi cc router PE.
Trong m hnh MPLS-VPN, router PE thc hin rt nhiu chc nng. Trc tin n
phi phn tch lu lng khch hng nu c nhiu hn mt khch hng kt ni ti n.
Nguyn Th Ti- D04VT1 22
n tt nghipLi ni u
Hnh 1.10 Chc nng router PEMi khch hng c gn vi mt bng nh tuyn c lp. nh tuyn qua
backbone thc hin bng mt tin trnh nh tuyn trong bng nh tuyn ton cc.
Router P cung cp chuyn mch nhn gia cc router bin ca nh cung cp v khng
bit n cc tuyn VPN. Cc router CE trong mng khch hng khng nhn bit c
cc router P v do cu trc mng ni b ca mng nha cung cp trong sut i vi
khch hng.
1.4.3 Bng nh tuyn v chuyn tip o
Mi VPN c kt hp vi mt bng nh tuyn - chuyn tip o (VRF- Virtual
Routing and Forwarding tables) ring bit. VRF cung cp cc thng tin v mi quan
h trong VPN ca mt site khch hng khi c ni vi PE router. Bng VRF bao
gm thng tin bng nh tuyn IP (IP routing table), bng CEF (Cisco Express
Forwarding), cc giao din ca forwarding table; cc quy tc, cc tham s ca giao
thc nh tuyn... Mi site ch c th kt hp vi mt v ch mt VRF. Cc VRF ca
site khch hng mang ton b thng tin v cc tuyn c sn t site ti VPN m n l
thnh vin.
i vi mi VRF, thng tin s dng chuyn tip cc gi tin c lu trong
cc IP routing table v CEF table. Cc bng ny c duy tr ring r cho tng VRF
nn n ngn chn c hin tng thng tin b chuyn tip ra ngoi mng VPN cng
nh ngn chn cc gi tin bn ngoi mng VPN chuyn tip vo cc router bn trong
mng VPN.
VRF cha mt bng nh tuyn IP tng ng vi bng nh tuyn IP ton cc,
mt bng CEF, lit k cc giao tip tham gia vo VRF, v mt tp hp cc nguyn tc
xc nh giao thc nh tuyn trao i vi cc router CE. VRF cn cha cc nh danh
VPN (VPN identifier) nh thng tin thnh vin VPN.
1.5 Kt lun chng
Trong nhng nm gn y, cng ngh MPLS- VPN ginh c rt nhiu s
quan tm ca cc nh khai thc cng ngh mng nhm hng ti mt mng tc cao
v bo mt. Thng thng, mi cng ngh u c nhng u nhc im ring. Cng
Nguyn Th Ti- D04VT1 23
n tt nghipLi ni u
ngh MPLS- VPN ra i l s kt hp cc c im ca VPN v MPLS. VPN c
nh ngha nh l mng kt ni cc site khch hng m bo an ninh trn c s h
tng mng chung cng vi cc chnh sch iu khin truy nhp v bo mt nh mt
mng ring. Tuy c xy dng trn c s h tng sn c ca mng cng cng nhng
VPN li c c cc tnh cht ca mt mng cc b nh khi s dng cc ng thu
ring. N cho php ni lin cc chi nhnh ca mt cng ty cng nh l vi cc i tc,
cung cp kh nng iu khin quyn truy nhp ca khch hng, cc nh cung cp dch
v hoc cc i tng bn ngoi khc. Do vy, kh nng ng dng ca VPN l rt ln.
MPLS- chuyn mch nhn a giao thc nh tn gi ca n ni ln y
c im ca cng ngh ny. Cm t chuyn mch nhn ngha l vic hon i nhn
c s dng nh mt k thut chuyn tip nm lp di, cn cm t a giao
thc ngha l n c th h tr nhiu loi giao thc lp mng khc nhau ch khng ch
ring IP. ng thi, cc nh cung cp mng cng c th cu hnh chy MPLS trn
nhiu cng ngh lp 2 khc nhau nh PPP, Ethernet, Frame Relay, hay ATM,
Trong chng ny nu ln cc u im ca cng ngh MPLS- VPN v l
l do v sao nn la chn s dng MPLS- VPN. Bn cnh , gii thiu chung v VPN
v MPLS, cc thnh phn v hot ng ca MPLS; cc thnh phn v m hnh nh
tuyn trong mng MPLS- VPN, bng nh tuyn v chuyn tip o. l nhng c
im c bn lm nn tng a ra cc gii php trin khai MPLS- VPN chng
sau.
Nguyn Th Ti- D04VT1 24
n tt nghip Chng II: Gii php trin khai MPLS-VPN
CHNG II
GII PHP TRIN KHAI MPLS-VPN
2.1 So snh MPLS-VPN v cc k thut VPN truyn thng
Cc mng VPN truyn thng s dng cc chc nng bo mt nh: to ng
hm (Tunneling), m ho d liu (Encryption), chng thc (Authentication) vi mc
ch t c kh nng bo mt khi truyn d liu gia hai u cui. C rt nhiu cc
giao thc khc nhau c s dng cho cc mng VPN ny nh: GRE, PPTP, L2TP, v
IPSec. Chng u da trn hot ng to ng truyn ring v s dng cc thut ton
m ha d liu. Xt mt v d Site A ni vi site B thng qua mng Internet cng cng
s dng giao thc IPSec vi m ha 3DES.
Hnh 2.1 Kt ni trong mng VPN truyn thng
Hn ch u tin v cng l d nhn thy nht IPSec l lm gim hiu
nng ca mng. Khi xt ng i ca mt gi tin c gi t my tnh A trong mng
A n my tnh B trong mng B. Gi tin t my tnh A s c gi n CPE-A. CPE-
A s kim tra gi tin xem liu n c cn thit phi chuyn n CPE-B hay khng.
Trong mt mi trng mng khng c VPN th gi tin s c truyn ngay n CPE-
B. Tuy nhin, vi giao thc IPSec, CPE-A phi thc hin mt s thao tc trc khi gi
n tt nghip Chng II: Gii php trin khai MPLS-VPN
gi tin i. u tin, gi tin c m ha, sau ng gi vo cc gi IP, hot ng
ny tiu tn thi gian v gy tr cho gi tin. Tip theo gi tin s c a vo trong
mng ca nh cung cp dch v. Lc ny, nu gi tin mi c to thnh c kch
thc ln hn kch thc ti a cho php truyn (MTU-Maximum Transmission Unit)
trn bt c mt lin kt no gia CPE-A v CPE-B th gi tin s cn phi c phn
mnh thnh hai hay nhiu gi tin nh hn. iu ny ch xy ra trong trng hp bit
DF (Don't Fragment) khng c thit lp, cn trong trng hp bit DF c thit lp
th gi tin s b mt v mt bn tin ICMP (Internet Control Message Protocol) s c
gi li pha pht. Khi gi tin n c CPE-B, n s c m gi v gii m, hai hot
ng ny tip tc lm tr gi tin trong mng. Cui cng, CPE-B s chuyn tip gi tin
n my tnh B.
Thi gian tr trong mng s ph thuc vo phc tp v tc x l ca cc
CPE. Cc thit b CPE cht lng thp thng phi thc hin hu ht cc chc nng
IPSec bng phn mm khin tr trong mng ln. Cc thit b CPE vi kh nng thc
hin cc chc nng IPSec bng phn cng c th tng tc x l gi tin ln rt nhiu
nhng chi ph cho cc thit b ny l rt t. iu ny dn n chi ph trin khai mt
mng IPSec VPN l rt tn km.
T v d trn, ta d dng nhn thy cc mng IPSec VPN l mng lp trn ca
mng IP v s trao i thng tin trong mng c thc hin bng cch thit lp cc
ng hm gia cc site. iu ny s to nn nhng cu hnh mng khng ti u.
r hn v vn ny, ta s xt hai cu hnh mng, cu hnh hnh sao v cu hnh mng
li.
Cu hnh mng hnh sao bao gm mt site trung tm (hub) c ni vi rt cc
site xa (spoke) khc. Trong cu hnh ny, CPE ca site trung tm thng l mt thit
b rt t tin v ph thuc vo s lng spoke cn kt ni n. V mi mt spoke ny
s thit lp mt ng hm IPSec n site trung tm. Cu hnh mng ny khng ph
hp cho truyn thng gia cc site nhnh (spoke) vi nhau v gi tin t spoke ny n
spoke kia phi i qua site trung tm v ti site trung tm ny s lp li cc tc v nh
ng m gi tin, xc nh ng chuyn tip, m ha v gii m i vi mi gi tin i
qua n. C ngha l mi gi tin s phi i qua hai ng hm IPSec dn n tr x l
n tt nghip Chng II: Gii php trin khai MPLS-VPN
cho mi gi tin s tng gp i so vi trng hp hai spoke c th trao i thng tin
trc tip vi nhau.
Gii php duy nht khc phc hin tng trn l thit lp mt mng mt
li. Tuy nhin, cu hnh ny c rt nhiu hn ch, v im hn ch ln nht l kh
nng m rng mng. S lng cc tunnel cn thit h tr mt mng mt li IPSec
v phng din hnh hc s tng cng vi s lng site.
Mt im chng ta cn phi cn nhc khi trin khai cc mng VPN l cc
thit b CPE. Mi nh cung cp cn phi chc chn rng tt c cc CPE s hot ng
tng thch vi nhau. Gii php n gin v v hiu qu nht l s dng cng mt loi
CPE trong mi vng, tuy nhin, iu ny khng phi bao gi cng thc hin c do
nhiu yu t khc nhau. Tuy ngy nay s tng thch khng phi l mt vn ln
nhng n vn cn phi c quan tm khi hoch nh mt gii php mng IPSec VPN.
Mi mt CPE phi ng vai tr nh l mt router v c kh nng h tr
tunneling. Nhng CPE vi chc nng b sung ny i c gi thnh rt cao nn cch
duy nht trin khai IPSec trong mt mch cu l ti cc phn mm IPSec client vo
tt c cc PC pha sau cu. Gii php ny i hi s h tr khch hng cao dn n
nhng kh khn trong qun l mng.
Khai thc v bo dng cng l mt vn na ca cc mng IPSec VPN v
mi mt ng hm IPSec u phi c thit lp bng tay. Cu hnh cho mt ng
hm IPSec n l khng phi l vn th nhng thi gian thit lp v duy tr mt
mng VPN vi nhiu site s tng ln ng k khi kch thc mng c m rng. c
bit l vi mng VPN c cu hnh full mesh th cc nh cung cp dch v s gp
nhiu kh khn trong h tr v x l s c k thut.
Vn bo mt cng cn c quan tm trong cc mng VPN. Mi CPE c th
truy nhp vo mng Internet cng cng nhng tin tc vn cn c bo mt trong qu
trnh truyn gia cc site. V vy, mi thit b CPE phi c bin php bo mt nht
nh (nh Firewall). V s qun l cc firewall ny s tr nn rt kh khn nht l khi
kch thc ca mng rt ln. Vi mt mng VPN khong 100 nt mng, s cn 100
firewall v mi khi cn mt s thay i nh trong chnh sch (policy) ca firewall,
n tt nghip Chng II: Gii php trin khai MPLS-VPN
chng ta phi tip cn c 100 firewall ny trong mng. R rng y l mt im hn
ch ln ca cc mng IPSec VPN v kha cnh bo mt.
Di y, ta c bng so snh IP Sec-VPN v MPLS-VPN :
Bng 2.1. So snh IP Sec-VPN v MPLS-VPN
c im MPLS-VPN IP Sec-VPN
Cu hnh im ti im, Hub-and-Spoke,
cu hnh y .
im ti im, Hub-and-Spoke, cu
hnh y .
Bo mt/
Xc thc
phin
Thit lp cc thnh vin VPN
trong qu trnh cung cp dch
v, nh ngha truy nhp ti
nhm dch v trong khi cu
hnh, t chi cc truy nhp
khng hp php.
Xc thc qua chng thc s hoc
kha xc nh trc.
Loi b gi khng ph hp vi
chnh sch bo mt.
Tnh ring
t
Tch lu lng thnh nhng
lung ring bit.
S dng m ha v k thut ng
hm thch hp ti lp a ch mng.
QoS v
SLA
Cho php lp cc SLA vi
nhiu mc, c cc k thut m
bo QoS v k thut lu lng.
Khng ch ra cc QoS v SLA trc
tip.
Kh nng
m rng
C kh nng m rng cao v
khng yu cu cu hnh y
hoc ngang hng.
Chp nhn cc m rng theo kiu
Hub-and-Spoke. Kh nng m rng
ko theo hng lot cc thch thc v
k hoch, phn phi cc kha, qun
l kha v cu hnh cc thit b
ngang hng.
H tr
im
im
C. C.
H tr
truy nhp
C nu c kt ni vi IP Sec. C.
n tt nghip Chng II: Gii php trin khai MPLS-VPN
t xa
Cung cp
dch v
Cn mt ln cung cp cc thit
b khch hng v thit b lin
mng nh cung cp.
Gim cc chi ph iu hnh mng
qua phng php cung cp tp
trung.
Trin khai
dch v
Yu cu cc phn t mng
MPLS m dch v ti cc thit
b li v bin ca mng nh
cung cp.
C th trin khai trn bt k h tng
mng IP c sn.
Phn mm
Client
VPN
Khng yu cu, ngi s dng
khng cn phn mm tng tc
vi mng.
Cn phi c khi to cc phn
mm chc nng.
2.2 Bo mt trong mng MPLS-VPN
Khng ging nh cc mng VPN truyn thng, cc mng MPLS-VPN khng
s dng hot ng ng gi v m ha gi tin t c mc bo mt cao.
MPLS-VPN s dng bng chuyn tip v cc nhn tags to nn tnh bo mt cho
mng VPN. Kin trc mng loi ny s dng cc tuyn mng xc nh phn phi
cc dch v VPN, v cc c ch x l thng minh ca MPLS-VPN lc ny nm hon
ton trong phn li ca mng. Trong lnh vc bo mt, mc tiu ca m hnh mng
MPLS-VPN lp 3 l t c s bo mt c th so snh vi s bo mt trong m hnh
mng overlay VPN nh ATM hay Frame Relay mang li.
Bo mt cho VPN phi m bo c s cch ly v thng tin nh tuyn, v
khng gian a ch ca mi VPN. Ngha l vic cp a ch ca mi VPN l hon ton
c lp nhau. Thng tin nh tuyn t VPN ny khng c chy vo VPN khc v
ngc li. Th hai bo mt phi m bo c cu trc mng li hon ton trong sut
vi khch hng s dng dch v. Th ba, bo mt phi m bo c vic trnh lm
gi nhn nh vic lm gi a ch IP v chng cc cuc tn cng t chi dch v cng
nh tn cng truy cp dch v (instrusion).
m bo c iu ny, mng MPLS-VPN s dng c ch sau:
n tt nghip Chng II: Gii php trin khai MPLS-VPN
Trong mng MPLS-VPN cho php s dng cng khng gian gia cc VPN
nhng vn to c tnh duy nht l nh vo gi tr 64 bit Route Distinguisher.
Do , khch hng s dng dch v MPLS-VPN khng cn phi thay i a
ch hin ti ca mnh.
Mi router PE duy tr mt bng VRF ring cho mi VPN, v VRF ny ch
ph bin cc route thuc v VPN . Do m bo c s cch ly thng tin
nh tuyn gia cc VPN vi nhau.
MPLS l k thut chuyn mch nhn, v th s chuyn gi d liu i trong
mng khng da vo a ch IP trn mo u gi tin. Hn na, tt c cc LSP
u kt thc ti cc router bin PE ch khng phi kt thc ti cc router P
trong mng. Do mng li bn trong hon ton trong sut i vi khch
hng.
Trong mng MPLS-VPN, kh c th tn cng trc tip vo VPN. Ch c th
tn cng vo mng li MPLS, ri t tn cng vo VPN. Mng li c th tn
cng theo hai cch:
Bng cch tn cng trc tip vo router PE.
Bng cch tn cng vo cc c ch bo hiu MPLS.
tn cng vo mng, trc ht cn phi bit a ch IP. Nhng mng li
MPLS hon ton trong sut so vi bn ngoi, do k tn cng khng bit a ch IP
ca bt k router no trong mng li. H c th on a ch v gi gi tin n nhng
a ch ny. Tuy nhin, trong mng MPLS, mi gi tin i vo u c xem nh thuc
v khng gian a ch no ca khch hng. Do , kh c th tm c cc router
bn trong, k c trong trng hp khi on c a ch. C th vic trao i thng tin
nh tuyn gia router PE v CE s l im yu trong mng MPLS-VPN nhng trn
router PE c th dng ACL, cc phng php xc thc ca giao thc nh tuyn dng
trn kt ni s m bo c vn bo mt.
Vic lm gi nhn cng kh c th xy ra ti v router PE ch chp nhn nhng
gi tin t router CE gi n l gi tin khng c nhn, nu gi tin l c nhn th nhn
l do PE kim sot v qun l.
n tt nghip Chng II: Gii php trin khai MPLS-VPN
Vn bo mt trong cc mng MPLS-VPN c m bo v mt VPN khp
kn bn thn n t c s an ton thng tin do khng c kt ni vi mng
Internet ccng cng. Nu c nhu cu truy nhp Internet, mt tuyn s c thit lp
cung cp kh nng truy nhp. Lc ny, mt firewall s c s dng trn tuyn ny
m bo mt kt ni bo mt cho ton b mng VPN. C ch hot ng ny d dng
hn nhiu cho hot ng qun l mng v ch cn duy tr cc chnh sch bo mt cho
mt firewall duy nht m vn m bo an ton cho ton b VPN.
T nhng vn nu trn, ta thy vic bo mt trong mng MPLS-VPN hon
ton c th so snh ngang bng vi vic bo mt trong mng ATM hay Frame Relay.
2.3 Cht lng dch v trong mng MPLS-VPN
QoS l mt khi nim dng cp n tt c cc kha cnh lin quan n
hiu qu hot ng ca mng. QoS bao gm hai thnh phn chnh:
Tm ng qua mng nhm cung cp cho dch v c yu cu.
Duy tr hiu lc hot ng ca dch v.
Hai m hnh cung cp cht lng dch v c s dng ph bin ngy nay l:
M hnh dch v tch hp IntServ (Intergrated Services).
M hnh dch v phn bit DiffServ (Differentiated Services).
C nhiu nguyn nhn gii thch ti sao m hnh IntServ khng c s dng
theo kp mc pht trin ca Internet. Thay vo , IntServ ch c s dng ph
bin trong cc m hnh mng vi quy m nh v trung bnh. Trong khi , DiffServ li
l m hnh cung cp cht lng dch v c kh nng m rng. C ch hot ng ca
m hnh ny bao gm qu trnh phn loi lu lng v ti thnh phn bin mng, qu
trnh xp hng ti mi nt mng v x l hu gi trong li mng. Trong , phn ln
cc qun l x l c thc hin ti thnh phn bin mng m khng cn phi lu gi
trng thi ca cc lung lu lng trong li mng.
Khi cung cp dch v MPLS-VPN cho khch hng, yu cu t ra l kh nng
cung cp cht lng dch v p ng c mt s lng ln cc khch hng VPN vi
nhng yu cu a dng ca h. V d, mt nh cung cp dch v c th cung cp nhiu
lp cht lng dch v cho mt VPN v nhng ng dng khc nhau trong VPN s
n tt nghip Chng II: Gii php trin khai MPLS-VPN
thuc v nhng phn lp dch v khc nhau. Vi cch thc ny, dch v mail s thuc
v mt lp dch v CoS (Class of Service) no trong khi nhng ng dng thi gian
thc c th thuc v mt lp dch v khc. Hn na lp dch v CoS ca mt ng
dng thuc v mt VPN no c th khc vi lp dch v ca cng ng dng
nhng li thuc v VPN khc. C ngha l mi VPN c lp trong vic n nh lp
dch v. V tu mng, tu nh cung cp dch v m ta li xt cht lng dch v cho
tng VPN khc nhau.
Hai m hinh c s dung m ta QoS trong MPLS-VPN la :
M hinh ng
M hnh vi
Trong m hinh ng mt nha cung cp dich vu VPN cung cp cho mt khach
hang VPN mt QoS c inh am bao cho d liu i t mt b inh tuyn CE cua
khach hang ti cac b inh tuyn CE khac. V mt y nghia nao o thi ta co th hinh
dung m hinh nay nh mt ng ng ma no kt ni hai b inh tuyn vi nhau, va
lu lng gia hai b inh tuyn trong ng ng nay co nhng gia tri QoS xac inh.
Vi du v mt loai QoS co th c cung cp trong m hinh ng la gia tri bng thng
nho nht gia hai vung.
Ta co th cai tin m hinh ng bng vic tao mt tp con cua tt ca cac lu
lng t mt CE ti cac CE khac co th s dung ng ng. Quyt inh cui cung ln
lu lng nao co th s dung ng ng mang y nghia cuc b i vi b inh tuyn
PE tai u ng.
Chu y la m hinh ng kha ging vi m hinh QoS ma cac khac hang VPN co
c hin nay vi cac giai phap da trn FrameRelay hoc ATM. S khac nhau cn
ban la vi ATM hay FrameRelay la kt ni theo hai hng trong khi trong m hinh
ng cung cp kt ni theo mt hng. Trn thc t ng ng la n hng khng i
xng tng ng vi kiu lu lng, do o tng lu lng t mt vung ti vung khac
co th khac vi tng lu lng theo hng ngc lai.
Xem xet vi du biu din trn hinh 2.2, y nha cung cp dich vu cung cp cho
VPN A mt ng ng am bao bng thng 7Mb/s cho lu lng t vung 3 n vung
1 va mt ng ng khac am bao bng thng 10Mb/s cho lu lng t vung 3
n tt nghip Chng II: Gii php trin khai MPLS-VPN
nvung 2. Cung nh vy, co th co hn mt ng kt thuc tai vung cho trc.
Hnh 2.2 M hinh ng QoS trong MPLS-VPN
Mt u im cua m hinh ng la no ging vi mt hinh QoS ang c cac
khach hang VPN s dung vi FrameRelay hay ATM. Do o, no co th la d hiu i
vi cac khach hang. Tuy nhin, m hinh ng cung co mt vai nhc im. Th nht,
no oi hoi mt khach hang VPN phai bit toan b ma trn lu lng cua no. Tc la,
cho tt ca cac vung, khach hang phai bit tng lu lng i t mt vung n cac vung
khac. Thng thi thng tin nay khng co sn, thm chi la nu co thi cung bi li thi.
Trong m hinh voi, nha cung cp dich vu VPN cung cp cho khach hang mt
am bao chc chn cho lu lng ma b inh tuyn CE cua khach hang gi i va nhn
v t cac b inh tuyn CE khac trong cung mt VPN. Trong trng hp khac khach
hang phai chi inh bng cach nao lu lng nay c phn phi trong cac b inh
n tt nghip Chng II: Gii php trin khai MPLS-VPN
tuyn CE. Kt qua la ngc vi m hinh ng, m hinh voi khng oi hoi khach hang
bit ma trn lu lng ma iu nay la ganh nng vi cac khach hang mun s dung
dich vu VPN.
Hnh 2.3 M hinh voi QoS trong MPLS-VPN
M hinh voi s dung hai tham s, tc cam kt li vao ICR va tc cam kt
li ra ECR. ICR la tng lu lng ma mt CE co th gi ti cac CE khac trong khi
ECR la tng lu lng ma mt CE co th nhn t cac CE khac. Noi cach khac, ICR
ai din cho tng lu lng t mt CE cu th, trong khi ECR ai din cho tng lu
lng ti mt CE cu th. Chu y la vi mt CE cho trc, khng oi hoi ICR cn bng
vi ECR.
minh hoa m hinh voi, xem xet vi du biu din trn hinh 2.3, y nha
cung cp dich vu cung cp cho VPN B mt am bao chc chn vi bng thng 15Mb/s
cho lu lng t vung 2 ti cac vung khac (ICR=15Mbps) ma khng chu y n liu
lu lng nay i ti vung 1 hay vung 3 hay c phn phi gia vung 1 va vung 3.
Cung nh vy nha cung cp dich vu cung cp cho VPN B mt am bao chc chn vi
bng thng 7Mbps cho lu lng t vung 3 gi ti cac vung khac trong cung VPN
(ICR=7Mbps), khng chu y n liu lu lng ti vung 1 hay vung 2 hay c phn
phi trong vung 1 va 2. Tng t nh vy nha cung cp dich vu cung cp cho VPN B
n tt nghip Chng II: Gii php trin khai MPLS-VPN
s am bao vi bng thng 15Mbps cho lu lng gi ti vung 2 (ECR=15Mpbs) ma
khng chu y ti liu lu lng xut phat t vung 1 hay vung 3 hay c phn phi
gia vung 1 va vung 3.
M hinh voi h tr nhiu CoS vi cac dich vu khac nhau t mt trong s cac
c tinh cht lng lin quan. Vi du, mt dich vu co th co kha nng mt mat goi tin it
hn dich vu khac. Vi cac dich vu oi hoi phai co s am bao ln (nh am bao v
bng thng), thi m hinh ng phu hp hn.
M hinh ng va voi khng phai la cac m hinh i ngc nhau. Nghia la, nha
cung cp dich vu co th cung cp cho khach hang VPN mt kt hp gia cac m hinh
ng va voi, va co th giup cho khach hang quyt inh loai dich vu nao cn mua va loai
lu lng nao nn co gi tri CoS nao.
h tr m hinh ng chung ta s dung cac LSP bng thng bao am. Nhng
LSP nay bt u va kt thuc tai cac b inh tuyn PE va c s dung cung cp
bng thng am bao cho tt ca cac ng t mt PE n cac PE khac. Tc la vi mt cp
b inh tuyn PE, y co th co nhiu b inh tuyn CE gn lin vi cp b inh
tuyn PE nay ma chung a co cac ng ng gia chung va hn la s dung mt LSP
bng thng am bao cho mi ng nh vy, chung ta s dung mt LSP cho tt ca.
Vi du trong hnh 2.2 co th co mt ng cho VPN A t CEA3 ti CEA1 va mt ng
khac cho VPN B t CEB3 ti CE2B1. h tr hai ng nay, chung ta thit lp mt LSP
t PE3 ti PE1 va d tr trong LSP bng thng co ln bng tng bng thng cua hai
ng. Khi PE3 nhn goi tin t CEA3 va goi tin co ich la mt host vung 1 cua VPN A,
PE3 quyt inh di s iu khin cua cu hinh cuc b cua no xem liu goi tin nhn
CoS nao. Nu nh vy, sau o PE3 gi chuyn tip goi tin doc theo LSP t PE3 ti PE1.
S dung mt LSP bng thng c inh tai nhiu ng gia mt cp b inh
tuyn PE cai thin tinh m rng cua giai phap do s LSP ma nha cung cp dich vu phai
thit lp va duy tri phu thuc vao s cp b inh tuyn PE cua nha cung cp dich vu
hn la phu thuc vao s ng ng cua cac khac hang VPN ma nha cung cp co th
co.
h tr CoS trong m hinh voi, nha cung cp dich vu s dung cac dich vu
khac nhau vi MPLS. Nha cung cp dich vu cung ap dung ky thut lu lng cai
n tt nghip Chng II: Gii php trin khai MPLS-VPN
thin kha nng s dung mang trong khi at c nhng muc tiu v cht lng mong
mun.
Cac thu tuc b inh tuyn PE li vao quyt inh loai lu lng nao nhn c
CoS nao ri vao m hinh voi hay ng la hoan toan mang tinh cuc b i vi b inh
tuyn PE o. Nhng thu tuc nay co th xem xet cac yu t nh giao din li vao, ia
chi IP ngun, ich, quyn u tin IP, s cng TCP, hoc s kt hp cua nhng yu t
trn. iu nay mang lai cho nha cung cp dich vu s mm deo vi khia canh iu
khin xem loai lu lng nao nhn CoS nao.
Mc du cac khach hang ky kt hp ng vi nha cung cp dich vu cho s lu
lng cu th trong CoS cu th, khach hang co th gi lu lng vt qua lng o.
quyt inh liu lu lng co nm trong hp ng ky kt, nha cung cp dich vu s
dung cac chinh sach tai b inh tuyn PE li vao. Vi lu lng vt khoi giao c,
nha cung cp co hai kha nng la chon: hoc la loai bo lu lng nay ngay lp tc tai
b inh tuyn li vao hoc gi lu lng i nhng anh du no khac vi cac lu lng
nm trong hp ng. Vi s la chon th hai, giam phn phi khng ung thu tuc,
ca lu lng nm trong hoc vt khoi hp ng u c gi theo cung mt LSP.
Lu lng vt hp ng se c anh du khac va cach anh du nay anh hng n
kha nng loai bo trong trng hp co tc nghen.
2.4 Kh nng m rng v cc m hnh MPLS- VPN nng cao
Trong phn ny s phn tch kh nng m rng ca m hnh MPLS- VPN khi
so snh vi m hnh VPN truyn thng v kh nng cung cp dch v.
cung cp dch v mng ring o da trn khi kin trc MPLS, MPLS phi
p ng c yu cu cung cp dch v cho khch hng nhiu ni khc nhau. N
phi c kh nng truyn thng tin nh tuyn t khch hng ny dc mng backbone
qung b cho site khch hng khc cng thuc v cng mt VPN. t c iu
ny th phin MP-iBGP phi c thit lp gia cc router PE. R rng y l m hnh
full-mesh gia cc phin MP-iBGP. Trong VPN chng ln cng tng t nh vy.
Nhng m hnh full-mesh hon ton khng c kh nng m rng v s lng phin
MP-iBGP l rt ln, v cng tng ln khi s lng khch hng VPN tng ln. V khi
c mt router mi c thm vo mng backbone ca nh cung cp th lng ging
n tt nghip Chng II: Gii php trin khai MPLS-VPN
BGP mi ny phi thm vo cu hnh BGP li trn tt c cc router chy BGP tn
ti trc duy tr m hnh full-mesh. i vi mng c n router th kt ni trong
mng l n(n-1)/2 kt ni. S lng phin BGP ph thuc vo nhiu nhn t, m nhn
t chnh l b nh trong router v tc ca CPU. M hnh full-mesh c th vn c
trin khai (thm ch l rt thch hp) trong nhng mng c kch thc kh nh v b
nh v CPU ca router c th p ng c s lng phin MP-iBGP. Nhng khi
quan tm n vn m rng mng th ta khng nn s dng m hnh full-mesh.
Trong MPLS-VPN s dng cc k thut c sn trong BGP-4 trin khai m
hnh mng ring o m bo c kh nng m rng l s dng route reflector v
confederation. Nh vo hai kh nng trn m nh cung cp c th trin khai nhiu m
hnh MPLS-VPN phc tp.
M hnh mng MPLS-VPN thng thng ch dnh cho cc site VPN khch
hng kt ni n cng mt nh cung cp dch v dc kt ni gia PE v CE, vic trao
i thng tin nh tuyn dc nhng lin kt ny khng cn c s tham gia ca MPLS,
cng nh khng c s trao i trc tip no gia cc site khch hng. Trong trng
hp ny, router PE duy tr ton b qu trnh iu khin gia cc site vi nhau thng
qua s cch ly gia cc VPN. Cc m hnh MPLS-VPN cho php trao i thng tin
nhn v cc gi tin c gn nhn n t cc thit b nm ngoi s iu khin ca nh
cung cp dch v bao gm:
MPLS-VPN Inter-AS
Carriers Carrier
2.4.1 M hnh MPLS-VPN Inter-AS
H thng t tr (AS) l mt mng hoc mt nhm nhiu mng chia s cng mt
chnh sch (v d nh cng mt giao thc nh tuyn) v hot ng trong mt min
nht nh (domain). AS c iu khin bi nh qun tr h thng (hay mt nhm
qun tr chung).
u im ca MPLS-VPN inter-AS:
Cho php mt VPN i qua nhiu mng backbone ca nhiu nh cung cp
dch v.
n tt nghip Chng II: Gii php trin khai MPLS-VPN
Mi nh cung cp dch v, qun tr mi AS khc nhau, c th p ng dch
v MPLS-VPN cho cng mt khch hng u cui. Mt VPN c th bt u
mt site khch hng v di duyn qua nhiu mng backbone ca nh cung cp
dch v khc nhau trc khi n site khc ca cng khch hng . c im
ny cho php nhiu AS thnh lp mt mng lin tc gia cc site khch hng
vi ca mt nh cung cp.
Cho php mt VPN tn ti trong nhiu vng khc nhau.
Mt nh cung cp dch v c th to ra VPN trong nhiu vng a l khc
nhau. V vic c tt c lu lng VPN chy qua mt im (gia cc vng) cho
php iu khin tc lu lng mng tt hn gia cc vng .
M hnh inter-AS c chia ra thnh 2 kt ni nh sau:
Kt ni gia cc nh cung cp vi nhau (inter-provider connectivity).
Kt ni gia cc AS vi nhau (BGP confederation).
2.4.1.1 Kt ni gia cc nh cung cp vi nhau
y l m hnh bao gm nhiu hn hai AS kt ni vi nhau bng cc router
bin. Cc AS trao i route s dng EBGP. Khng c IGP hoc thng tin nh tuyn
no c trao i gia cc AS ny.
n tt nghip Chng II: Gii php trin khai MPLS-VPN
Hnh 2.4 M hnh kt ni back-to-back VRF
Trong gii php ny, mi AS c cch ly vi AS khc, cung cp iu khin tt
hn qua vic trao i thng tin nh tuyn v bo mt gia hai mng. Tuy nhin,
nhc im ca n l khng c kh nng m rng v ASBR cn duy tr mt VRF trn
mt VPN, v VRF phi duy tr tt c cc route cho VPN . Nu mt VRF c qu
nhiu route th s nh hng n b nh. Do gii php ny nn trin khai khi m
nh cung cp dch v m bo c ASBR s p ng c yu cu m rng mng.
Phn phi route dc link gia hai ASBR s dng external MP-BGP. Gii php
ny cho php cc router ASBR s dng external MP-BGP (phin MP-BGP c thc
hin gia hai router khng thuc v cng mt AS, n ging nh EBGP) qung b
route VPNv4 gia cc AS, sau router ASBR nhn s phn phi route VPNv4 vo
AS ca mnh. Nh hnh v 2.5:
Hnh 2.5 Phn phi route gia hai ASBR s dng giao thc external MP-BGP
Gii php ny cho php ASBR s dng external MP-BGP qung b route
VPNv4 gia hai AS. Gi router ASBR gi qung b l router S, router ASBR nhn
qung b l router R. Router R sau s phn phi route VPNv4 vo local AS ca n.
External MP-BGP cung cp chc nng qung b thng tin prefix/nhn VPNv4 dc
bin mng nh cung cp. Router S s thay th chng nhn (chng nhn ny n s dng
n tt nghip Chng II: Gii php trin khai MPLS-VPN
tm router PE khi to route v a ch VPN ch trong AS ca n) bng nhn
c ch nh trc khi qung b route VPNv4. ASBR s dng a ch IPv4 ca n
lm BGP next-hop (v qung b route gia hai AS khc nhau theo tnh cht ca thuc
tnh next-hop). Do router ASBR tr thnh im kt cui ca LSP cho cc route
c qung b. bo v ng chuyn mch nhn gia ingress v egress router PE,
router ASBR phi to ra mt nhn mang tnh cc b, gi nhn ny l L. Nhn L c
s dng nhn din chng nhn ca route trong mng VPN. Thng qua phin
external MP-BGP gia hai router ASBR, router S to ra nhn L v truyn i trong cp
nht n cho router R. Sau , router R s dng nhn L ny nh l nhn VPN trong
chng nhn m cc gi tin phi mang trong mng ca router R. Khi router R gi
ngc li route cho router S, router s nhn vo nhn L nhn bit route VPN.
M hnh ny p ng c yu cu v kh nng m rng, nhng li c hn ch
v mt bo mt v cht lng dch v.
Trong mi mng backbone ca nh cung cp dch v, mi router PE c phin
lm vic MP-BGP vi route- reflector ni b. Router PE trao i tt c cc route VPN
ca n vi route- reflector. Trao i route VPNv4 gia cc route- reflector. a ch
next-hop ca router PE cho route VPNv4 c trao i gia cc router ASBR.
Hnh 2.6 Trao i route gia hai AS s dng route reflector
n tt nghip Chng II: Gii php trin khai MPLS-VPN
2.4.1.2 Kt ni gia cc AS vi nhau s dng BGP
MPLS-VPN c th chia mt AS ra thnh nhiu AS nh hn. Mng bn ngoi
nhn vo Confederation nh l mt AS duy nht. Cc router ngang cp trong cc AS
lin lc vi nhau thng qua phin EBGP. Tuy nhin, chng li trao i thng tin nh
tuyn nh l IBGP ngang cp.
Trong hnh 2.7, AS 100 chia thnh hai AS con l AS65002 v AS 65001. Trong
mng ConfedCom, router PE1 nhn cp nht cho route 195.12.2.0/24 t VPN CusNet
ca khch hng. Cp nht ny c a vo bn VRF CusNet v c qung b bng
cch s dng MP-iBGP n router ASBR1 vi a ch next-hop l 194.17.1.2/32 v
nhn VRF l 11. Route ny sau li c qung b dc bin gia cc AS con n
router ASBR2, vi next-hop v nhn khng thay i. Router ASBR2 ny li qung b
route n router PE2, router PE2 thm route vo bng VRF ca n.
Hnh 2.7 Qu trnh truyn route trong gii php BGP Confederation
2.4.2 M hnh Carrier h tr Carrier - CSC
T nhng u im ca cng ngh MPLS-VPN cng vi s pht trin v m
rng mng ra nhiu vng a l khc nhau, nhiu doanh nghip ln, doanh nghip
trung bnh, nhiu nh cung cp dch v MPLS-VPN nh hn, v nhiu nh cung cp
n tt nghip Chng II: Gii php trin khai MPLS-VPN
dch v Internet (ISP) nhn thy rng khi kt ni vo mng backbone MPLS-VPN
h c th trnh c vic phi xy dng c s h tng lp 2 cho mng ca mnh. Thay
vo s dng mng backbone ca nh cung cp MPLS-VPN kt ni cc site li
vi nhau. Ngoi vn gim thiu c chi ph th mi site c th kt ni n ton b
cc site ngang cp vi n, tc l full-mesh. Do s cung cp c nh tuyn ti u
nht. iu ny c ngha l cho php tt c cc khch hng nh vy truy cp vo
mng MPLS-VPN backbone th mng backbone phi c kh nng mang mt s lng
cc k ln thng tin nh tuyn cho mi c nhn khch hng. V d nh ISP, nh cung
cp dch v Internet, hu nh cn phi trao i mt phn, nu khng ni l ton b,
bng nh tuyn Internet gia cc site ca h khch hng ca h c th truy cp
c Internet.
Vic truy cp n nhng khch hng ny gy ra vn kh khn khi m rng,
v mi router PE phi duy tr tt c thng tin nh tuyn local trong mt VRF. Thng
tin nh tuyn ny sau c phn phi n tt c cc router PE c lin quan, lc
router CE hon ton c th t c thng tin nh tuyn thch hp. gii quyt vn
m rng trong trng hp trn (tc l vn nh tuyn khi nh cung cp dch v
ny li l khch hng ca nh cung cp dch v khc) mt gii php mi c m rng
ra t MPLS-VPN chun, gi l Carrier h tr Carrier (Carrier supporting Carrier, vit
tt l Carriers Carrier- CSC).
Carriers Carrier l thut ng c s dng m t mt tnh hung khi mt
nh cung cp dch v cho php nh cung cp dch v khc s dng mt phn trong
mng backbone ca h. Nh cung cp dch v cung cp mt phn trong mng
backbone cho nh cung cp dch v khc c gi l Carrier backbone. Nh cung cp
dch v m s dng mt phn trong mng backbone c gi l Customer Carrier
(Carrier khch hng).
Cc loi route Carrier's Carrier
hiu c gii php Carrier's Carrier c th thc hin kh nng m rng
cng nh s cch ly mng Carrier backbone nh th no, ta cn phi bit c cc loi
route no s c s dng dnh cho kt ni bn trong (internal) ca mt VPN no ,
v loi route no thuc v khch hng bn ngoi (external) ca VPN .
Gi s ISP l khch hng VPN ca mng backbone MPLS-VPN, tt c cc lin
n tt nghip Chng II: Gii php trin khai MPLS-VPN
kt bn trong ISP, cc dch v bn trong cung cp n cho khch hng ca h nh
web, DHCP, cc interface loopback (interface loopback c dng qun l
mng, BGP peering) c xp vo loi internal route. Cn tt c cc route t internet
v t khch hng bn ngoi ca ISP c gi l external route (cc route bn ngoi).
u im ca vic trin khai MPLS- VPN CSC
Mng MPLS-VPN CSC cung cp nhiu u im cho nh cung cp dch v, k
c Carrier backbone v Carrier khch hng.
u im i vi Carrier backbone:
Carrier backbone c th cung cp cho nhiu Carrier khch hng v cho php h
truy cp vo mng backbone. Carrier backbone khng cn phi to v duy tr mi
backbone ring cho mi Carrier khch hng. S dng mt mng backbone h tr
nhiu Carrier khch hng ch n gin thng qua hot ng VPN ca Carrier
backbone. Carrier backbone ch cn s dng mt phng php c nh qun l v
duy tr mng backbone. iu ny c ngha l tit kim c chi ph v hiu qu hn so
vi vic phi duy tr ring tng backbone.
c im MPLS-VPN CSC c kh nng m rng, n c th thay i VPN
p ng nhu cu bng thng v kt ni. N c th h tr n mi ngn VPN qua
cng mt mng, v cho php nh cung cp dch v c th va p ng dch v VPN
va p ng c dch v Internet.
MPLS- VPN CSC l mt gii php linh ng. Carrier backbone c th h tr
nhiu loi Carrier khch hng. Carrier backbone c th chp nhn cc Carrier khch
hng l ISP hoc l nh cung cp dch v VPN, hoc c hai. N c th h tr Carrier
khch hng yu cu bo mt v nhiu loi bng thng.
u im ca Carrier khch hng:
MPLS- VPN CSC gip cho Carrier khch hng loi b vic phi cu hnh, hot
ng v duy tr mng backbone ca ring h. Carrier khch hng s dng mng
backbone ca Carrier backbone.
Carrier khch hng s dng dch v VPN ca Carrier backbone nhn cng mc
bo mt nh cc VPN lp 2 nh Frame Relay, ATM. Carrier khch hng cng c
n tt nghip Chng II: Gii php trin khai MPLS-VPN
th s dng IPsec trong VPN ca h bo mt mc cao hn, vic ny hon ton
trong sut i vi Carrier backbone.
Carrier khch hng c th s dng bt k m hnh a ch no v vn c h
tr bi Carrier backbone. Khng gian a ch khch hng v thng tin nh tuyn ca
mt Carrier khch hng c lp vi Carrier khch hng khc, v c lp vi Carrier
backbone.
2.5 Cc gii php trin khai MPLS-VPN
C rt nhiu cch kt hp c th trong vic s dng cu trc h tng mng d
liu Internet ng dng cng ngh MPLS cung cp cc dch v MPLS-VPN, ty
thuc vo vic lm th no nh cung cp dch v c th kt hp gia cc lu lng
MPLS-VPN v lu lng Internet. Cc m hnh cu trc h tng nh vy gm c:
Kt ni Internet v MPLS-VPN chia s (Shared MPLS-VPN v Internet
Connectivity);
Kt ni Internet v MPLS-VPN chia s mt phn (Partially Shared);
Kt ni Internet v MPLS-VPN tch bit hon ton (Full Separation).
Khch hng ca nh cung cp dch v c th lun chn hoc a dch v hoc l
khch hng dnh ring, bt k cu trc h tng mng nh cung cp dch v thc hin.
Ngoi ra, cu trc hnh hub/spoke hoc fully-meshed ti cc mng ca khch hng
cng c th c thc hin trn bt k cu trc no trn.
2.5.1 Kt ni Internet v MPLS-VPN chia s
Trong m hnh kt ni th hin trn hnh 2.8, c router P v PE h tr lu lng
Internet v VPN. Mt router PE c th kt ni c Internet v c khch hng VPN.
Router PE c th c hoc khng c bng nh tuyn Internet y . PE v Internet
GW trong cng vng IBGP.
u im ca m hnh kt ni ny:
Mt mng trc;
Mt router bin cho kt ni khch hng;
Qun l d hn;
n tt nghip Chng II: Gii php trin khai MPLS-VPN
C th cung cp cc dch v tp trung.
Nhc im ca m hnh ny nm kha cnh an ninh v nng lc hot ng
ca router do PE phi thc hin c kt ni Internet v khch hng VPN.
Hnh 2.8 Kt ni MPLS-VPN chia s
2.5.2 Kt ni Internet v MPLS-VPN chia s mt phn
Hnh 2.9 m t cu trc kt ni Internet v MPLS-VPN chia s mt phn, trong
router P c chia s, s dng cc router PE khc nhau cho lu lng Internet v
VPN. Hai giao din s phi c trn thit b router ca khch hng kt ni n hai
PE khc nhau.
n tt nghip Chng II: Gii php trin khai MPLS-VPN
Hnh 2.9 Kt ni Internet v MPLS-VPN chia s mt phn
2.5.3 Kt ni Internet v MPLS-VPN tch bit hon ton
u im ca m hnh kt ni Internet v MPLS-VPN tch bit hon ton l
tch bit vt l gia Intranet/Extranet v Internet; phn tch gia IGP v EGP.
Nhc im ca m hnh ny l cn phi c hai mng ring. Do vy y khng
phi l gii php kinh t.
n tt nghip Chng II: Gii php trin khai MPLS-VPN
Hnh 2.10 Kt ni Internet v MPLS-VPN tch bit hon ton.
2.6 Kt lun chng
Trong nhng nm gn y, cng ngh chuyn mch nhn a giao thc MPLS
c rt nhiu quc gia la chn xy dng v pht trin h thng mng vin
thng ca mnh. Mt trong nhng ng dng in hnh ca MPLS l dch v mng
ring o MPLS VPN. Dch v ny gp phn rt ln vo s pht trin nhanh chng
ca MPLS v m ra nhiu kh nng ng dng mi.
Trong chng ny so snh MPLS- VPN vi k thut VPN truyn thng,
cp n vn bo mt v QoS trong MPLS- VPN. Cui chng c a ra cc m
hnh MPLS- VPN nng cao v gii php trin khai MPLS- VPN.
C th ni, vic trin khai cng ngh VPN trn nn MPLS ha hn nhiu thun
li mi v chc chn s l gii php l tng cho mng ring o trong tng lai.
n tt nghip Chng II: Gii php trin khai MPLS-VPN
n tt nghip Chng III:Trin khai MPLS-VPN trn h thng Router
CHNG III
TRIN KHAI MPLS-VPN TRN H THNG ROUTER
CA CISCO
3.1 Cc bc thc hin cu hnh MPLS- VPN
Hnh 3.1 Cc bc cu hnh MPLS- VPN
Hnh 3.2 Cu hnh chuyn tip MPLS
n tt nghip Chng III:Trin khai MPLS-VPN trn h thng Router
Hnh 3.3 Cu hnh giao thc nh tuyn BGP trn cc router PE
Hnh 3.4 nh ngha VPN VRF v cc thuc tnh ca n
n tt nghip Chng III:Trin khai MPLS-VPN trn h thng Router
3.2 Bi ton t ra v cch gii quyt
V d trn hnh 3.5 din t cch to MPLS- VPN t CE1 n CE2:
Hnh 3.5 To MPLS-VPN t CE1 n CE2
Bc1: MPLS chy trn li. Mi router PE qung co a ch loopback ca
n: PE1 qung co 1.1.1.1/32 v PE2 qung co 2.2.2.2/32. TDP hay LDP dng
phn phi thng tin gn nhn gia cc router chy MPLS. Trn mi router PE, LFIB
cha mt nhn gn vi a ch loopback 33bit ca router PE khc. Khi PE1 chuyn
tip gi t 2.2.2.2 trn PE2, n s gn thm nhn {20} cho gi v khi PE2 chuyn tip
mt gi t 1.1.1.1, n s t nhn {10} cho gi.
Bc 2: nh tuyn v chuyn tip VPN c to trn PE1 v PE2, gi l
VPNA.
Bc 3: PE1 dng giao tip S0/0 trong VPN ny v PE2 dng giao tip
S0/1.
Bc 4: OSPF chy gia cc PE1v CE1; PE2 v CE2.
Bc 5: Khi PE1 nhn tuyn ng ti mng 10.1.1.0 t CE1, router t n
trong bng nh tuyn ca VPNA. Lc ny, n gn nhn {5} cho tin t. Khi PE2 nhn
tuyn ng ti mng 10.1.2.0 t CE2, n t vo bng nh tuyn ca VPNA. Lc
ny nhn {6} c gn cho tin t (xem hnh 3.6).
n tt nghip Chng III:Trin khai MPLS-VPN trn h thng Router
Hnh 3.6 Qu trnh nh tuyn v gn nhn
Bc 6: PE1 sau gi cp nht MP-iBGP a giao thc ti PE2 qung co
mng 10.1.1.0. Cp nht cng cha nhn {5} m PE1 gn cho tin t 10.1.1.0, v PE2
gn thm vo bt k gi no ti mng 10.1.1.0 trc khi n chuyn tip gi. Khi PE1
qung co tuyn, n t a ch BGP chng k l 1.1.1.1/32, l a ch loopback ca
n.
Bc 7: PE2 sau gi cp nht iBGP a giao thc cho PE1 qung co
mng 10.1.2.0. Cp nht cng cha nhn {6}, m PE2 gn cho tin t 10.1.2.0 v PE1
phi gn thm vo cc gi ti mng 10.1.2.0 trc khi chuyn tip n. Khi PE2 qung
co tuyn ng, n t a ch BGP chng k l 2.2.2.2/32 l a ch loopback ca n.
Bc 8: PE1 a tin t 10.1.2.0 vo bng nh tuyn ca VPNA v PE2
a tin t 10.1.1.0 vo bng nh tuyn ca VPNA.
Bc 9: Lc ny, nu xem bng nh tuyn ca VPNA trn r
top related