Top Banner
Fundamentals Multiprotocol Label Switching MPLS III Rafael Sebastian Departament de tecnologies de la Informació i les Comunicaciones Universitat Pompeu Fabra Design of Telecommunication Infrastructures 2008-2009
85

FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Mar 12, 2021

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Fundamentals

Multiprotocol Label

Switching – MPLS III

Rafael SebastianDepartament de tecnologies de la Informació i les Comunicaciones

Universitat Pompeu Fabra

Design of Telecommunication

Infrastructures

2008-2009

Page 2: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

MPLS VPN

Basics AoTM

VPLS

Test Questions

2008/2009 2

Table of Contents

MPLS III– Rafael Sebastian

Page 3: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

The operation of MPLS VPN

What RDs and RTs are

The role of Multiprotocol BGP in MPLS

VPN networks

The packet forwarding through the MPLS

VPN network

The operation of PE-CE routing protocols

and their specifics for MPLS VPNs

2008/2009 3

Goals of the section

MPLS III– Rafael Sebastian

Page 4: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Architecture of MPLS VPN

BGP Review

Packet Forwarding

PE-CE Protocols

Topologies in MPLS VPNs

Review Questions

2008/2009 4

MPLS VPN

MPLS III– Rafael Sebastian

Page 5: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

VPN emulates a virtual private network over

a common infrastructure

They provide Layer 2 or 3 communications

All customer inside the VPN must have

connectivity

Connectivity to other VPN might be required

Connectivity to the Internet is desired

2008/2009 5

VPN FactsReview

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

Page 6: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 6

MPLS VPN TerminologyReview

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS IiI– Rafael Sebastian

PE1 PE2

P

P

Service Provider

MPLS-VPN

CE

Customer 1

Site B

VPN

C

C

CE

Customer 1

Site A

VPN

C

C

Page 7: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 7

MPLS VPNReview

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

If P would forward looking at IP address

Addresses in customers cannot be private (possible

overlap)

P and PE must have complete routing tables large

routing table for many customers

If that’s the case: Use of iBGP mandatory in all P-routers

If P have a separate routing table/Customer?

One routing process/VPN at each P (not scalable)

P cannot distinguish between VPN

SOLUTION P uses Labels

P completely unaware of VPNs

Page 8: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 8

MPLS VPN modelReview

VPN A

Site 1VPN A

Site 2

VRFVRFs MPLS Backbone

Data Labels

PE Router PE Router

MP

LS

VP

N –

Arc

hit

ectu

re

VPN B

Site 1

CE CE

CE

VPN B

Site 2

CE

MPLS III– Rafael Sebastian

Page 9: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 9

Virtual Routing Forwarding

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

A virtual routing/forwarding (VRF) is a VPN

routing and forwarding instance

A PE router has a VRF instance for each

attached VPN

PE Router

Global IP

Routing Table

VRF Routing

Table for VPN B

VRF Routing

Table for VPN A

Per customer

Routing table

VRF interface are

unambiguously identified

Page 10: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 10

Route Distinguisher - RD

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

VPN prefixes carried into MPLS by MP-BGP

Prefixes across ISP must be unique (no overlap)

In case same prefixes are in different customers

Use of RD Unique ID (64-bit field)

Now prefixes = IPv4 + RD = vpnv4

MP-BGP carries vpnv4 prefixes between PEs

RD (e.g. 1:1:10.100.1.0/24)

Option 1: ASN:nn (ASN = Autonomous system)

Option 2 IP-address:nn

Page 11: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 11

Route Targets - RT

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

What if I want to communicate two different VPNs?

RD will not match!! not sharing routes

RT routes that should be imported from MP-BGP into the VRF

Exporting an RT

Export vpnv4 routes with the RT on the PE from VRF

Import an RT

Received vpn4 route from MP-BGP imported by VRF

Page 12: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 12

Exporting and Importing RTs

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

PE

VPN A

Site 1

CE

VPN B

Site 1

CE

VRF Routing

Table for VPN B

PE PEPE

PE

PE

PEPE

VRF Routing

Table for VPN A

Import 1:1

Export 1:1

Export 1:200

VPNV4 Routes

RT : 1:1 1:200

VPNV4 Routes

RT : 1:1

VPNV4 Routes

RT : 1:2

VPNV4 Routes

RT : 1: 100 VPNV4 Routes

RT : 1:2

Page 13: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 13

Extranet Example with RTs

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

Cust-1

Site A

Cust 2

Site A

Cust-2

Site B

CE1

Cust 1

Site B

Import 1:2

Export 1:2Import 100:1Export 100:1

PE1

PE2

CE4

CE2CE3

PE4PE3

Import 1:1

Export 1:1Import 100:1Export 100:1

Import 1:1

Export 1:1

Import 1:2

Export 1:2

Page 14: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 14

VPNv4 Route Propagation

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

PE PE

MPLS VPN Network

CE

Site B

VPN 1

C

C

CE

Site A

VPN 1

C

C

IGP or eBGP

ExchangingIPv4 Routes

iBGP Exchanging VPNv4

Routes and Labels

IGP or eBGP

ExchangingIPv4 Routes

Prefixes are transported inside MPLS Network BGP

Page 15: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 15

VPNv4 Route PropagationIn detail

MP

LS

VP

N –

Arc

hit

ectu

re

MPLS III– Rafael Sebastian

PE PE

MPLS VPN Network

CE

Site B

VPN 1

C

C

CE

Site A

VPN 1

C

C

IGP or eBGP

advertisesIPv4 route.

iBGP advertises VPNv4

route with MPLS labeland RTs

IPv4 route is inserted

into VRF routing table

IPv4 route is inserted

into VRF routing table

IGP or eBGP

advertisesIPv4 route.

IPv4 route is redistributed into MP-BGP. RD

is added to IPv4 route to make it a VPNv4 route. RTs are added.

RTs indicate to which VRF the route

is imported. RD is removed from VPNv4 route.

Page 16: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

How does the egress PE router know which

VRF the packet belongs to?

Not in IP Header or Label

SOLUTION

Use another Label associated to VRF

All packets in MPLS VPN have two labels

IGP Label (top) and VRF Label (bottom)

How egress PE signal ingress PE router the

label to use for a VRF prefix?

MP-BGP signals VPN labels

2008/2009 MPLS III– Rafael Sebastian 16

Packet forwarding

MP

LS

VP

N –

Arc

hit

ectu

re

Page 17: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

In Summary

VRF-to-VRF traffic has two labels in the MPLS VPN

Top label is the IGP label distributed by LDP or

RSVP for TE between all P and PE routers

P routers use the IGP label to forward the packet to the

correct egress PE router

Bottom label is the VPN label that is advertised by

MP-iBGP from PE to PE

Egress PE router uses the VPN label to forward the IP

packet to the correct CE router

2008/2009 MPLS III– Rafael Sebastian 17

Packet forwarding

MP

LS

VP

N –

Arc

hit

ectu

re

Page 18: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

BGPv4 is an established inter-domain

routing protocol

eBGP used to peer with other ISPs

iBGP run inside the ISP core

Enabled to enforce policies

iBGP is the best option to vpnv4 prefixes

between PE routers

2008/2009 MPLS III– Rafael Sebastian 18

BGP Review

MP

LS

VP

N –

BG

P

Page 19: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Original definition (RFC 1771) For carrying

IPv4 prefixes

Extended (RFC 2858) Multiprotocol Ext.

Negotiation: Routers capabilities exchanged

2008/2009 MPLS III– Rafael Sebastian 19

BGP Multiprotocol

MP

LS

VP

N –

BG

P

sydney-ce#show ip bgp neighbors

BGP neighbor is 10.10.4.1, remote AS 1, external link

BGP version 4, remote router ID 10.200.254.5

BGP state = Established, up for 00:00:37

Last read 00:00:30, hold time is 180, keepalive interval is 60 seconds

Neighbor capabilities:

Route refresh: advertised and received(new)

Address family IPv4 Unicast: advertised and received

ipv4 MPLS Label capability: advertised and received

Page 20: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

The extended community is a optional BGP

attribute (required for MPLS VPN)

Indicates to BGP speakers (PE routers) if the route should be imported into a VRF

2008/2009 MPLS III– Rafael Sebastian 20

BGP Extended Community RT

MP

LS

VP

N –

BG

P

london#show ip bgp vpnv4 all

BGP table version is 31, local router ID is 10.200.254.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf cust-one)

*> 10.10.2.0/24 0.0.0.0 0 32768 ?

*> 10.10.100.1/32 10.10.2.1 0 0 65001 i

*> 10.99.1.1/32 0.0.0.0 0 32768 ?

Route Distinguisher: 2:2 (default for vrf cust-two)

*> 10.140.1.1/32 0.0.0.0 0 32768 ?

Page 21: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

BGP advertises the vpnv4 prefixes in the MPLS

VPN network

PE Routers needs a new label to forward VPN

traffic to the correct CE router

The label is simply piggybacked along with the

vpnv4 prefix and advertised by BGP

2008/2009 MPLS III– Rafael Sebastian 21

BGP carrying the label

MP

LS

VP

N –

BG

P

Page 22: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 22

BGP label advertisement

MP

LS

VP

N –

BG

P

sydney#show ip bgp vpnv4 rd 1:1 labels

Network Next Hop In label/Out label

Route Distinguisher: 1:1 (cust-one)

10.10.2.0/24 10.200.254.2 29/36

10.10.4.0/24 0.0.0.0 26/nolabel

10.10.4.2/32 0.0.0.0 37/nolabel

10.10.100.1/32 10.200.254.2 32/35

10.10.100.3/32 10.10.4.2 38/exp-null

10.88.1.1/32 10.200.254.2 34/34

10.99.1.1/32 10.200.254.2 28/33

10.99.1.2/32 0.0.0.0 27/nolabel

10.200.200.1/32 10.200.254.2 30/32

NOTE: Each vpnv4 prefix is assigned a

unique MPLS label

Page 23: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

An RR is a BGP speaker that reflects routes

from other BGP speakers

iBGP requires a full-mesh topology

RR reflects BGP routes but not forward traffic

2008/2009 MPLS III– Rafael Sebastian 23

Route Reflectors – RRsReview Note

MP

LS

VP

N –

BG

P

RR2

PE1 PE2

RR1

iBGP

MPLS VPN

AS 1

RR1 Is RR for Odd VRFs

Allows RT 1:1 1:3 1:5 …Denies RT 1:2 1:4 …

RR2 Is RR for Even VRFs

Allows RT 1:2 1:4 …Denies RT 1:1 1:3 1:5 …

VRF 1 (RT 1:1)

VRF 2 (RT 1:1)

VRF 3 (RT 1:3)

VRF 4 (RT 1:4)

VRF 5 (RT 1:5)

VRF 1 (RT 1:1)

VRF 2 (RT 1:1)

VRF 3 (RT 1:3)

VRF 4 (RT 1:4)

VRF 5 (RT 1:5)

Page 24: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

CE

VRF cust-one

2008/2009 MPLS III– Rafael Sebastian 24

Packet Forwarding

MP

LS

VP

N –

Packet

Fo

rward

ing

Egress

PE

P

MPLS-VPN

CE

10.10.100.1/32

VRF cust-one

Ingress

PE

P

VRF VRF

VRF cust-one

RD 1:1

Loopback 0

10.200.254.2/32

LDP Label Binding:

Label Implicit-null

10.200.254.2/32

LDP Label Binding

Label 33

10.200.254.2/32

LDP Label Binding

Label 16

10.200.254.2/32

Route Update

10.10.100.1/32

Route Update

10.200.254.2/32

Route Update

10.200.254.2/32

Route Update

10.200.254.1/32

Route Update

10.10.100.1/32

MP-iBGP Update

VPNv4 Route 1:1:10.10.100.1/32Label 30

MP-iBGP

LDP

IGP

Page 25: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

CE

VRF cust-one

2008/2009 MPLS III– Rafael Sebastian 25

Packet Forwarding

MP

LS

VP

N –

Packet

Fo

rward

ing

Egress

PE

P

MPLS-VPN

CE

10.10.100.1/32

VRF cust-one

Ingress

PE

P

VRF VRF

MP-iBGP

LDP

IGP

30

IPv4IPv4

30

IPv4

33

30

IPv4

16

IPv4

Page 26: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Routing is necessary between the PE and CE

Static routing

OSPF

EIGRP

IS-IS

eBGP

2008/2009 MPLS III– Rafael Sebastian 26

PE-CE Routing Protocols

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

Page 27: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

It is the simplest but it is tedious

Redistribution of static routes (as vpnv4) into

BGP All PE learn them

2008/2009 MPLS III– Rafael Sebastian 27

Static Routing PE-CE

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

PE PE

MPLS VPN Network

CE

VPN 1

C

C

Static

IPv4 Routes

iBGP Exchanging VPNv4

Routes and Labels

Page 28: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Used in environments where a customer site

has a single connection to P-network and uses

a single IP prefix

Recommended in environments where the

Service Provider needs tight control (some

Central Services)

Use default routes on CE routers in

combination with static routes on PE routers

Note: static routes increase the management

burden on Service Provider

2008/2009 MPLS III– Rafael Sebastian 28

Static Routing PE-CE

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

Page 29: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Customer routes from PE to PE

OSPF is redistributed into iBGP and vice versa on the PE routers

Use in cases where every CE router needs

to know all of the routes

2008/2009 MPLS III– Rafael Sebastian 29

Dynamic Routing PE-CE OSPF

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

PE PE

MPLS VPN Network

CE

VPN 1

C

OSPF

RoutesiBGP Exchanging VPNv4

Routes and Labels

CE

VPN 1

OSPF

External Routes

Page 30: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

SOLUTION

BUT from PE to customer OSPF routes are

marked as “External” worse metric!!

Routes are advertised as “Summary routes”

(LSA Type 3). i.e inter-area routes

This is not the normal way of working

2008/2009 MPLS III– Rafael Sebastian 30

Dynamic Routing PE-CE OSPF redistribution

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

Page 31: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 31

Dynamic Routing PE-CE OSPF redistribution

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

Area 3Area 4

Vpnv4 Route

Network X

LSA Type 1, 2 or 3

Area 0

MPLS VPN Super Backbone

Network X

LSA Type 3

Area 0

Network X

LSA Type 3

Area 0

VPN Red

VPN Red

VPN Red

PEPE PE

Page 32: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

OSPF Metric Propagation

Redistribution from OSPF MP-BGP on the PE

OSPF Metric used to set BGP MED (external metric)

BGP MED also use to redistribute MP-BGPOSPF

BGP Extended Communities for OSPF

Router type, Area number, OSPF Router ID

Domain ID,

2008/2009 MPLS III– Rafael Sebastian 32

Dynamic Routing PE-CE OSPF

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

Page 33: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

RIPv2, OSPF and Exterior BGP are supported

Use RIP for stub sites and when convergence

is not an issue

Use OSPF only as an exception

Very large customer network

Migrating existing large OSPF customer

Use eBGP in complex PE-CE routing scenarios

Many routes exchanged between PE and CE

Multi-homed sites

No redistribution involved2008/2009 MPLS III– Rafael Sebastian 33

Dynamic Routing PE-CE Recommendations

MP

LS

VP

N –

PE

-CE

Pro

toco

ls

Page 34: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Overlapping

Central Site

Hub-and-Spoke

2008/2009 MPLS III– Rafael Sebastian 34

MPLS VPN Topologies

MP

LS

VP

N –

To

po

log

ies

Page 35: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Overlapping scenario

Can be chosen for security reason

Companies where central sites participate in

corporate network and in an extranet

Company with several security conscious

departments that exchange data between

their servers

2008/2009 MPLS III– Rafael Sebastian 35

MPLS VPN Topologies

MP

LS

VP

N –

To

po

log

ies

Page 36: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 36

MPLS VPN TopologiesOverlapping scenario

MP

LS

VP

N –

To

po

log

ies

PE1

PE3

AS 1

CE3

Site-A

CE1

Site-B

CE2

PE2

RD 1:3

RD 1:1

RD 1:2

PE1

Export with RT 100:101

Import with RT 100:101

Site AB

PE3

Import with RT 100:101 100:102

PE2

Export with RT 100:102

Import with RT 100:102

PE3

Export with RT 100:101 100:102

Page 37: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Central Site

Clients need access to central servers

Servers can communicate with each other

Clients can communicate with all servers,

but not with each other

Companies where central sites participate in

corporate network and in an extranet

Company with several security conscious

departments that exchange data between

their servers2008/2009 MPLS III– Rafael Sebastian 37

MPLS VPN Topologies

MP

LS

VP

N –

To

po

log

ies

Page 38: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 38

MPLS VPN TopologiesCentral Site

MP

LS

VP

N –

To

po

log

ies

PE1

PE3

AS 1

CE3

Cust-1

CE1

Cust-2

CE2

PE2

RD 100:103

RD 100:101

RD 100:102

PE1

Export with RT 100:101 100:303

Import with RT 100:101 100:203

Server

Central Site

PE3

Import with RT 100:303

PE2

Export with RT 100:102 100:303

Import with RT 100:102 100:203

PE3

Export with RT 100:203

Page 39: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Hub-and-Spoke scenario

One central site has full routing knowledge

of all other sites of the same VPN

Hub-Site

Other sites will send traffic to the Hub-Site

for any destination

Spoke-Sites

The Hub-Site is the central transit point

between Spoke-Sites

2008/2009 MPLS III– Rafael Sebastian 39

MPLS VPN Topologies

MP

LS

VP

N –

To

po

log

ies

Page 40: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 40

MPLS VPN TopologiesHub-and-Spoke

MP

LS

VP

N –

To

po

log

ies

PE1

PE3

AS 1

CE3-S

CE3-H

Cust-1

AS65001

CE1

Cust-1

AS 65002

CE2

PE2

PE1

Export with RT 100:100

Import with RT 100:101

Cust-1

AS65003

Hub Site

Spoke-to-hub RT: 100:100

Hub-to-spoke RT: 100:101

PE3

Import with RT 100:100

PE2

Export with RT 100:100

Import with RT 100:101PE3

Export with RT 100:101

Hub

Spoke

Page 41: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Internet routing done via BGP table of the ISP

Global routing tables used for Internet routes

By default VRF and global routing separated

Internet in a VPN

All Internet routes in VRFs

Bad decision Huge number of routes

If all customers access same Internet VRF Risk

2008/2009 MPLS III– Rafael Sebastian 41

MPLS VPN - Internet

Access

MP

LS

VP

N –

To

po

log

ies

Page 42: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Internet access through Global Routing

PE-CE link for VPN traffic using VRF

PE-CE link for Internet using global routing

To avoid using two links

Sub-interfaces

GRE tunnel for the Internet link default route

2008/2009 MPLS III– Rafael Sebastian 42

MPLS VPN - Internet

Access

MP

LS

VP

N –

To

po

log

ies

Page 43: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Internet access through Static Routing

Forwarding Internet traffic to ISP gateway

Gateway known by all P routers through

global routing tables

PE router use iBGP to peer ISP gateway

2008/2009 MPLS III– Rafael Sebastian 43

MPLS VPN - Internet

Access

MP

LS

VP

N –

To

po

log

ies

Page 44: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

1. What is a route distinguisher?

2. How is a packet that is coming from the CE router identified as

to which VRF it belongs?

3. What is the purpose of RTs? What is an RR group?

4. When would you use different route distinguishers for routes of

the same VPN?

5. Why do MPLS VPN packets have two MPLS labels?

2008/2009 44

Review Questions

MP

LS

VP

N –

Revie

w Q

uesti

on

s

MPLS III– Rafael Sebastian

Page 45: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

1. How many bits long is a route distinguisher?A. 16

B. 32

C. 48

D. 64

2. Which of the following protocols is used to propagate VPN

labels between edge routers?A. TDP

B. LDP

C. Standard BGP with extended communities

D. MP-BGP

3. To have a single router appear as many routers, which of

the following mechanisms is used?A. RD

B. VPNv4

C. VPN

D. VRF

2008/2009 45

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 46: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

4. In Multi-Protocol BGP (MP-BGP), neighbors need to be

___________.A. Configured

B. Activated

C. Sent standard communities

D. Configured with VDP

5. Which of the following mechanisms keeps overlapping

addresses from doing so in MP-BGP?A. RD

B. VPNv4

C. VPN

D. VRF

6. Which of the following is not a component of a VRF?A. VRF-specific routes

B. CEF

C. Global routing table

D. None of the above

2008/2009 46

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 47: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

7. MPLS VPNs offer ___________ security as traditional

overlay VPNs.A. The same

B. Worse

C. Better

D. None of the above

8. P routers ___________ knowledge of a customer’s VPN

routes.A. Do have

B. Do not have

9. A(n) ___________ imposes the VPN label.A. LSR

B. LSP

C. Edge-LSR

D. None of the above

2008/2009 47

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 48: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

10. What types of routes are in the PE router’s global routing

table?A. Customer routes

B. Service provider routes

C. Customer and service provider routes

D. None of the above

11. What types of routes are in the PE router’s VRF for a

particular customer?A. Customer routes

B. Service provider routes

C. Customer and service provider routes

D. None of the above

12. MP-BGP within an AS is called ___________.A. MP-BGP

B. MP-IBGP

C. MP-EBGP

D. MP-MBGP

2008/2009 48

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 49: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

MPLS VPN

Basics AToM

VPLS

Test Questions

2008/2009 49

Table of Contents

MPLS III– Rafael Sebastian

Page 50: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

The purpose and architecture of AToM

The Layer 2 encapsulation types that can

be carried across the MPLS backbone

How to implement Ethernet over MPLS

2008/2009 50

Goals of the section

MPLS III– Rafael Sebastian

Page 51: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Understanding the need for AToM

Transporting Layer 2 Frames

AToM Architecture

Transported Layer 2 Protocol

Review Questions

2008/2009 51

AToM

MPLS III– Rafael Sebastian

Page 52: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

MPLS VPN work over shared MPLS services

Legacy leased lines, ATM and F/R still in use

AToM

Limited to Layer 2 point-to-point services: Virtual

Private Wire Service (VPWS)

Intelligence limited to the PE (edge technology)

Core MPLS P routers do not need extra conf.

Allows MPLS VPN (L3VPN) with legacy

technologies (L2VPN) using the same

infrastructure

Customers have full control of their network2008/2009 52

Motivation

MPLS III– Rafael Sebastian

AT

oM

–N

eed

fo

r A

To

M

Page 53: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Transporting L2 frames by:

Carry traffic across MPLS backbone (AToM)

Carry traffic across IP backbone (L2TPv3)

AToM based on pseudowires

Connection PE-PE emulating a wire

Use tunneling

2008/2009 53

Transporting Layer 2 Frames

MPLS III– Rafael Sebastian

AT

oM

–T

ran

sp

ort

ing

L2 F

ram

es

PE P P PECE

Emulated Tunnel

CE

pseudowires

Page 54: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Core (PE-PE): Common MPLS infrastructure

with LDP or RSVP

Border (PE-CE): Attachment circuits (AC)

AC can be F/R, ATM, HDLC, PPP, Ethernet

LSPs: Defined for each direction Tunnels

Inside each tunnel Several pseudowires

Use of additional labels to identify pseudowires

Several pseudowires multiplexed in a tunnel

Labels: 1 for tunnel + 1 for pseudowire

2008/2009 MPLS III– Rafael Sebastian 54

AToM Architecture

AT

oM

–A

rch

itectu

re

Page 55: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 55

Data Plane of AToM

AT

oM

–A

rch

itectu

re

PE1 P P PE2

CE1

Emulated Tunnel

CE2

Label 33

L2 Frame

Label 121

Label 33

L2 Frame

Label 88

Label 33

L2 FrameL2 Frame L2 Frame

Attachment

Circuit (AC)

Attachment

Circuit (AC)

Tunnel Label

VC Label

Page 56: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 56

Signaling the pseudowires

AT

oM

–A

rch

itectu

re

PE1 P P PE2

CE1

LSP

CE2

Attachment

Circuit (AC)

Attachment

Circuit (AC)

LDP LDP LDP

LSP

Label 121 Label 88 Label 3

VC ID 100 VC ID 100

Label 33

(Targeted LDP)

PW ID FEC TLV

Page 57: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

AToM solution for Ethernet is strictly point-to-

point

Equivalent to LAN-to-LAN bridging over point-

to-point WANs

VLAN header can be carried over the MPLS

network transparently

LAN-like solution over MPLS VPLS

Two modes can be signaled:

Port mode

VLAN mode2008/2009 MPLS III– Rafael Sebastian 57

Ethernet over MPLSEoMPLS

AT

oM

–T

rasp

ort

ed

L2 P

roto

co

ls

Page 58: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 58

Scenarios – Simple EthernetEoMPLS

AT

oM

–T

rasp

ort

ed

L2 P

roto

co

ls

PE1 P P PE2

CE1 CE2

LDP LDP LDP

FastEth 9/0/0

VCID 2000

FastEth 4/1/0

VCID 2000

PE1#show mpls l2transport vc 2000 detail

Local interface: Fa9/0/0 up, line protocol up, Ethernet upDestination address: 10.200.254.4, VC ID: 2000, VC status: up

Preferred path: not configured

Default path: activeTunnel label: 23, next hop 10.200.200.2

Output interface: Et0/0/0, imposed label stack {23 35}Create time: 00:02:26, last status change time: 00:02:26Signaling protocol: LDP, peer 10.200.254.4:0 up

MPLS VC labels: local 25, remote 35Group ID: local 0, remote 0

MTU: local 1500, remote 1500

Loopback 0

10.200.254.1/32Loopback 0

10.200.254.4/32

Loopback 0

10.200.200.2/32

Label 35

L2 Frame

Label 23

Label 25

L2 Frame

Label ?

Port or Trunk

Page 59: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 59

Scenarios – VLAN EthernetEoMPLS

AT

oM

–T

rasp

ort

ed

L2 P

roto

co

ls

PE1 P P PE2

CE1 CE2

LDP LDP LDP

FastEth 9/0/0.1

VCID 2000

FastEth 4/1/0.1

VCID 2000

Loopback 0

10.200.254.1/32

Loopback 0

10.200.254.4/32

Loopback 0

10.200.200.2/32

FastEth 9/0/0.2

VCID 2001

FastEth 4/1/0.2

VCID 2001

PE1#show mpls l2transport vc

Local intf Local circuit Dest address VC ID Status

------------- ----------------------- ------------------ ---------- ----------

Fa9/0/0.1 Eth VLAN 100 10.200.254.4 2000 UP

Fa9/0/0.2 Eth VLAN 200 10.200.254.4 2001 UP

802.1Q Port

Page 60: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Double tagging (QinQ) VLAN in VLAN

Many VLANs customer on 1 VLAN provider

2008/2009 MPLS III– Rafael Sebastian 60

Dot1q Tunneling over AToM

QinQ

AT

oM

–T

rasp

ort

ed

L2 P

roto

co

ls

PE1 PE2

CE1

Trunk Port

Customer VLANs 1 - 50

802.1Q Tunnel

PortVLAN 800

VLAN 1-50

L2 Eth

VLAN 800

Control Word

VC Label

Tunnel Label

Page 61: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

MPLS VPN

Basics AoTM

VPLS

Test Questions

2008/2009 MPLS III– Rafael Sebastian 61

Table of Contents

Page 62: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Explain what VPLS stands for

Explain how VPLS emulates an Ethernet

switched network over MPLS

2008/2009 62

Goals of the section

MPLS III– Rafael Sebastian

Page 63: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Need for VPLS

VPLS Architecture

VPLS Forwarding

H-VPLS

Review Questions

2008/2009 63

VPLS

MPLS III– Rafael Sebastian

Page 64: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

VPLS emulates LAN segment across MPLS

backbone using PW

Each LAN is completely separated

Spanning Tree Protocol (STP)

Option 1: end at PE

Option 2: crosses MPLS Backbone (virtual

switch)

Topology point-to-multipoint

Ethernet features:

MAC Address learning, broadcast, multicast2008/2009 64

Introduction to VPLS

MPLS III– Rafael Sebastian

AT

oM

–N

eed

fo

r V

PL

S

Page 65: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 65

Why deploy VPLS?

MPLS III– Rafael Sebastian

AT

oM

–N

eed

fo

r V

PL

S

Feature Benefits

Point-to-multipoint multiprotocol

services

MPLS is only focused in IP. AToM can carry L2

frames (EoMPLS) but only delivers point-to-pointservices

MPLS core network

emulates a flat LAN segment

Overcomes distance limitations of Ethernet-

switched networksOffer Virtual Private LAN ServicesFormerly called Transparent LAN

Services (TLS)

Extends Ethernet broadcast

capability across WAN

Point to Multipoint Connectivity

Connects each customer site to many

or all other customer sites– A single CE-PE link transmits Ethernetpackets to multiple remote CE routers

– Fewer connections required to get fullconnectivity among customer sites

Multipoint plug-and-play

Provisioning

Adding, removing or relocating a CE router requires

configuring only the directly attached PE router

Page 66: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 66

VPLS: Logical Bridge

MPLS III– Rafael Sebastian

AT

oM

–A

rch

itectu

re

CE

Paris Metro Site

PE

PE

PEBarcelona

Metro Site

Rome Metro Site

VPLSPseudowire

Page 67: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Forwarding of Ethernet frames

Forwarding of unicast frames with an

unknown destination MAC address

Replication of broadcast and multicast

frames to more than one port

Loop prevention (split horizon)

Dynamic learning of MAC addresses

MAC address aging

2008/2009 MPLS III– Rafael Sebastian 67

VPLS Characteristics

AT

oM

–A

rch

itectu

re

Page 68: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Flooding / Forwarding:

MAC table instances per customer and per customer

VLAN (similar to L3-VRF) for each PE

Address Learning / Aging:

Self Learn Source MAC to port associations

Refresh MAC timers with incoming frames

Loop Prevention:

Create partial or full-mesh of EoMPLS VCs per VPLS

Use “split horizon” concepts to prevent loops

Announce EoMPLS VPLS VC tunnels

2008/2009 MPLS III– Rafael Sebastian 68

VPLS Characteristics

AT

oM

–A

rch

itectu

re

Page 69: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 69

Split horizonReview

AT

oM

–A

rch

itectu

re

Page 70: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

Full-mesh of pseudowires between PE’s for

each VPLS instance

PE neighbors must be defined

Targeted sessions established VC & PW

If VPLS assigned to VLAN on PE

Local VC ID assigned to VPLS instance

2008/2009 MPLS III– Rafael Sebastian 70

VPLS Signaling

AT

oM

–F

orw

ard

ing

Page 71: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 71

Example VPLS Signaling

AT

oM

–F

orw

ard

ing

CE1

Paris Metro Site

VPLS-PE-1

VPLS-PE-2

VPLS-PE-3Barcelona

Metro SitePseudowire

CE2

CE3

Loop back 0

10.100.100.2/32

Loop back 0

10.100.100.3/32

Loop back 0

10.100.100.1/32

cust-one

cust-onecust-one

12 vfi cust-one manual

vpn id 1

neighbor 10.100.100.1 encapsulation mpls

neighbor 10.100.100.3 encapsulation mpls

interface Vlan111

xconnect vfi cust-one

12 vfi cust-one manual

vpn id 1neighbor 10.100.100.1 encapsulation mplsneighbor 10.100.100.2 encapsulation mpls

interface Vlan111xconnect vfi cust-one

Page 72: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 72

Example VPLS Signaling

AT

oM

–F

orw

ard

ing

VPLS-PE-1

VPLS-PE-2

VPLS-PE-3

Loop back 0

10.100.100.2/32

Loop back 0

10.100.100.3/32

Loop back 0

10.100.100.1/32

VPLS-PE-1#show mpls l2transport vc 1 detail

Local interface: VFI cust-one upDestination address: 10.100.100.2, VC ID: 1, VC status: up

Tunnel label: 17, next hop point2point

Output interface: PO5/1, imposed label stack {17 18}Signaling protocol: LDP, peer 10.100.100.2:0 up

MPLS VC labels: local 16, remote 18

Local interface: VFI cust-one up

Destination address: 10.100.100.3, VC ID: 1, VC status: upTunnel label: 18, next hop point2point

Output interface: PO5/1, imposed label stack {18 16}Signaling protocol: LDP, peer 10.100.100.3:0 up

MPLS VC labels: local 17, remote 16

Page 73: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

It is possible to tunnel L2 protocols

Protocols transparently tunnel without PE

participating (e.g. STP, VTP, CDP)

2008/2009 MPLS III– Rafael Sebastian 73

Tunneling L2 Protocols

AT

oM

–F

orw

ard

ing

CE1VPLS-PE-1

CE1 CE3

CE2

CE1#show cdp neighbors

Device ID Local Intrfce Holdtme Capability Platform Port IDVPLS-PE-1 Fas 2/2 175 R S I WS-C6506 Fas 4/2

CE1#show cdp neighbors

Device ID Local Intrfce Holdtme Capability Platform Port IDCE3 Fas 2/2 146 S I C2950-2 Fas 0/9CE2 Fas 2/2 150 R C10720 Fas 2/6

TUNNELED CONFIGURATION ON

CDP = Cisco Discovery Protocol

Page 74: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

The PE routers are no longer directly attached

to the customer equipment

Hierarchy introduced by adding another layer in

the access layer toward the CE

H-VPLS types

H-VPLS with dot1q tunneling in the access layer

H-VPLS with MPLS in the access layer

2008/2009 MPLS III– Rafael Sebastian 74

Hierarchical VPLSH-VPLS

AT

oM

–H

-VP

LS

Page 75: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 75

Hierarchical VPLSH-VPLS

AT

oM

–H

-VP

LS

Page 76: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 76

H-VPLS with dot1qH-VPLS

AT

oM

–H

-VP

LS

CE1

Paris Metro Site

VPLS-PE-1

VPLS-PE-2

VPLS-PE-3Barcelona

Metro Site

CE2

CE3

Loop back 0

10.100.100.2/32

Loop back 0

10.100.100.3/32

Loop back 0

10.100.100.1/32

cust-one

cust-onecust-one

VLANs

200-250

VLAN 111

dot1qtunnel

Page 77: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III– Rafael Sebastian 77

H-VPLS with MPLSH-VPLS

AT

oM

–H

-VP

LS

Page 78: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

1. How many labels are used to forward VPLS traffic, and what is

the use of each of those labels?

2. Which Layer 2 control protocols can be tunneled across the

VPLS network? (name at least 2)

3. Why do the PE routers need to be in a full mesh of

pseudowires in VPLS?

4. Name the six functions that VPLS performs in emulating an

Ethernet switch.

5. In which two ways can H-VPLS be implemented?

6. Are there any differences in the encapsulation of Ethernet

frames across the packet network between VPLS and Any

Transport over MPLS (AToM)?

2008/2009 78

Review Questions

VP

LS

–R

evie

w Q

uesti

on

s

MPLS III– Rafael Sebastian

Page 79: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

2008/2009 MPLS III – Rafael Sebastian 79

Page 80: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

1. What is a route distinguisher?

2. How is a packet that is coming from the CE router identified as

to which VRF it belongs?

3. What is the purpose of RTs? What is an RR group?

4. When would you use different route distinguishers for routes of

the same VPN?

5. Why do MPLS VPN packets have two MPLS labels?

2008/2009 80

Review Questions

MP

LS

VP

N –

Revie

w Q

uesti

on

s

MPLS III– Rafael Sebastian

Page 81: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

1. How many bits long is a route distinguisher?A. 16

B. 32

C. 48

D. 64

2. Which of the following protocols is used to propagate VPN

labels between edge routers?A. TDP

B. LDP

C. Standard BGP with extended communities

D. MP-BGP

3. To have a single router appear as many routers, which of

the following mechanisms is used?A. RD

B. VPNv4

C. VPN

D. VRF

2008/2009 81

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 82: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

4. In Multi-Protocol BGP (MP-BGP), neighbors need to be

___________.A. Configured

B. Activated

C. Sent standard communities

D. Configured with VDP

5. Which of the following mechanisms keeps overlapping

addresses from doing so in MP-BGP?A. RD

B. VPNv4

C. VPN

D. VRF

6. Which of the following is not a component of a VRF?A. VRF-specific routes

B. CEF

C. Global routing table

D. None of the above

2008/2009 82

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 83: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

7. MPLS VPNs offer ___________ security as traditional

overlay VPNs.A. The same

B. Worse

C. Better

D. None of the above

8. P routers ___________ knowledge of a customer’s VPN

routes.A. Do have

B. Do not have

9. A(n) ___________ imposes the VPN label.A. LSR

B. LSP

C. Edge-LSR

D. None of the above

2008/2009 83

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 84: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

10. What types of routes are in the PE router’s global routing

table?A. Customer routes

B. Service provider routes

C. Customer and service provider routes

D. None of the above

11. What types of routes are in the PE router’s VRF for a

particular customer?A. Customer routes

B. Service provider routes

C. Customer and service provider routes

D. None of the above

12. MP-BGP within an AS is called ___________.A. MP-BGP

B. MP-IBGP

C. MP-EBGP

D. MP-MBGP

2008/2009 84

Test Questions

MP

LS

VP

N –

Revie

w T

est

MPLS III– Rafael Sebastian

Page 85: FundamentalsMPLS VPN Basics AoTM VPLS Test Questions 2008/2009 2 Table of Contents MPLS III–Rafael Sebastian The operation of MPLS VPN What RDs and RTs are The role of Multiprotocol

1. How many labels are used to forward VPLS traffic, and what is

the use of each of those labels?

2. Which Layer 2 control protocols can be tunneled across the

VPLS network? (name at least 2)

3. Why do the PE routers need to be in a full mesh of

pseudowires in VPLS?

4. Name the six functions that VPLS performs in emulating an

Ethernet switch.

5. In which two ways can H-VPLS be implemented?

6. Are there any differences in the encapsulation of Ethernet

frames across the packet network between VPLS and Any

Transport over MPLS (AToM)?

2008/2009 85

Review Questions

VP

LS

–R

evie

w Q

uesti

on

s

MPLS III– Rafael Sebastian