Top Banner
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA. Presentation_ID.scr 1 1 Presentation_ID © 2001, Cisco Systems, Inc. Introducción a MPLS y MPLS VPN Introducci Introducció n a MPLS y n a MPLS y MPLS VPN MPLS VPN [email protected] Nelson Muñoz [email protected] Nelson Nelson Mu Muñ oz oz 2 Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com Agenda Agenda Agenda Introducción Que es una VPN ? IP+ATM Conceptos básicos de MPLS MPLS VPN QoS en MPLS Ventajas de las VPN MPLS
28

Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Apr 24, 2018

Download

Documents

truongxuyen
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 1

1Presentation_ID © 2001, Cisco Systems, Inc.

Introducción a MPLS y MPLS VPN

IntroducciIntroduccióón a MPLS y n a MPLS y MPLS VPNMPLS VPN

[email protected]

Nelson Muñ[email protected]

Nelson Nelson MuMuññozoz

2Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

AgendaAgendaAgenda

• Introducción

• Que es una VPN ?

• IP+ATM

• Conceptos básicos de MPLS

• MPLS VPN

• QoS en MPLS

• Ventajas de las VPN MPLS

Page 2: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 2

3Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Small /Medium & Large Sites

Small /Medium & Large Sites

VoiceVoice VideoVideoDataData

1001100110011001

Customers/Partners & PublicCustomers/Partners & Public

Telecommuters & Mobile Users

Telecommuters & Mobile Users

Universal AccessUniversal Access

Platform Independence

Platform Independence

Immediate UserCompetence

Immediate UserCompetence

Reduced Capital and Operational Costs

Reduced Capital and Operational Costs

Dominance of IP Protocol

Dominance of IP Protocol

Reduced ApplicationDevelopment Time

Reduced ApplicationDevelopment Time

JANFEB

MARAPR

MAYJUN

JUL

Market Drivers for IP-VPN’sMarket Drivers for IPMarket Drivers for IP--VPN’sVPN’s

4Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Customer communitiesdeployed on a shared infrastructure

with the same policies as a private network

Service ProviderShared Network

Virtual Private Network Services Definition

Virtual Private Network Virtual Private Network Services DefinitionServices Definition

• Access VPNEnterprise accessWholesale

• Intranet VPNBranch offices

• Extranet VPNBusiness-to-businessIndustry groups

VPNVPN

Internet, IP, IPsec FR, ATM, MPLS

Internet, IP, IPsec FR, ATM, MPLS

Page 3: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 3

5Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

EnterpriseWAN

EnterpriseAccess VPNEnterpriseEnterprise

Access VPNAccess VPN

Remote SitesRemote Sites

InternetInternetAccessAccess

WAN RouterVPN Concentrator

FirewallAppliance

IntranetIntranet

Core SiteCore Site

HFC

Internet

DialISDN

DSL

Cable

Wireless

6Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

EnterpriseIntranet/Extranet VPN

EnterpriseEnterpriseIntranet/Extranet VPNIntranet/Extranet VPN

InternetInternet

WAN RouterVPN Router

FirewallAppliance

IntranetIntranet

Company ACore Site

Company ACore Site

FirewallAppliance

VPNRouter

Extranet VPNExtranet VPN

Intranet VPNIntranet VPN

Internet

Company BCompany B

Company ARemote SiteCompany ARemote Site

Integrated VPN router w/ BB Access

VPN Access BroadbandAccess

Page 4: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 4

7Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

IP VPN TaxonomyIP VPN TaxonomyIP VPN Taxonomy

Client-Initiated

NAS-Initiated

IP Tunnel

VirtualCircuit

Network-Based VPNs

Network-Based VPNs

SecurityAppliance

Router FR ATM

IP VPNs

DIAL DEDICATED

RFC 2547RFC 2547 Virtual Router

8Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

New Applications for VPNNew Applications for VPNNew Applications for VPN

73%64%

27%

0%

20%

40%

60%

80%

IndividualRemote Access

Site-to-site Extranets

VPN Types Implemented by 2002

Source: Infonetics April 2000

Page 5: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 5

9Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Advantages to Outsourcing IP-VPNsAdvantages to Outsourcing IPAdvantages to Outsourcing IP--VPNsVPNs

39%

44%

47%

50%

53%

54%

59%

Want to decrease hardware expenditures

Want to reduce costs of training IT staff

Focus company on core competencies

Want to improve VPN performance

Want to increase employee productivity

Not enough staff or decrease expenses

Complexity of VPN technology

Percent of Outsourcing Respondents

Source: Infonetics April 2000

There are multiple reasons for enterprise customers to choose outsourcing over in-house IT solutions

10Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Enterprise Customer BenefitsEnterprise Customer BenefitsEnterprise Customer Benefits

• Reduced costs• Universal access to

IP-based services on global basis

• Adds, removes, and changes as needs evolve

• Access to expertise through outsourcing

• Focus on core competencies

Page 6: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 6

11Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

US VPN SpendingUS VPN SpendingUS VPN Spending

0

500

1000

1500

2000

2500

1997 1998 1999 2000 2001 20020

5000

10000

15000

20000

25000

30000

1999 2000 2001 2002 2003

VPN Products

VPN Services

Yankee Group Predictions for VPN Spending

($US Millions)

Infonetics VPN Spend Projections ($US Millions)

12Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Business PerspectiveBusiness PerspectiveBusiness Perspective

Businesses are building on IPBusinesses are building on IP Businesses need Businesses need privateprivateIP servicesIP services

CustomersSuppliersPartners

TelecommutersMobile Users

RemoteOffices

IP Intranet IP Extranet

Page 7: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 7

13Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Business IP: The Untapped MarketBusiness IP: The Untapped Market

8

8

PublicIP

BusinessBusinessIPIP

Con

nect

ivity

Privacy/QoS

ATM/FrameRelay

Flexibility of IP;Privacy and QoS ofFrame Relay

Flexibility of IP;Privacy and QoS ofFrame Relay

14Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

The BarriersThe BarriersThe Barriers

• Carriers’ customers need IP services:

–They need connectionless IP services

–They need more flexible IP quality of service guarantees

–But they need more privacy than the Internet provides

• Frame Relay and ATM services are available:

–They provide connection-oriented service

–They have inflexible point-to-point bandwidth guarantees

–But they have good privacy

Page 8: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 8

15Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

MPLS: The First Complete IP SolutionMPLS: The First Complete IP SolutionMPLS: The First Complete IP Solution

AnyAny--toto--Any ConnectivityAny Connectivity

Leased LinesLeased Lines

Frame Relay/Frame Relay/ATMATM

IPIP

MPLSMPLS

UserUserNN22

NN22

(logical)(logical)

NN

NN

NetworkNetworkNN22

NN22

(logical)(logical)

NN

NN

QoSQoS??

??

??

PrivacyPrivacy??

??

??

Low CostLow CostManagedManagedServicesServices

??

MPLS is the MPLS is the first first solution that delivers on solution that delivers on allall the requirementsthe requirementsfor new world private IP networks.for new world private IP networks.

16Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Three Key TechnologiesThree Key TechnologiesThree Key Technologies

1. Multiprotocol Label Switching (MPLS)MPLS allows carriers to offer carrier-class IP services on the same infrastructure as older, circuit & virtual circuit services

Page 9: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 9

17Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Three Key TechnologiesThree Key TechnologiesThree Key Technologies

2. Standard IP Routing ProtocolsMPLS still relies on standard IP routing protocols for finding routes for traffic:

– Open Shortest Path First (OSPFOSPF) or Interior System to Interior System (ISIS--ISIS) inside a carrier or ISP network

– Border Gateway Protocol (BGPBGP) between providers’ networks

18Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Three Key TechnologiesThree Key TechnologiesThree Key Technologies

=

3. Multiprotocol BGP and MPLS Virtual Private NetworksThe standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS to provide Virtual Private Networks (VPNs).This means that a carrier can provide many private IP networks on one carrier network.

Page 10: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 10

19Presentation_ID © 2001, Cisco Systems, Inc.

Primera version: IP+ATM

PrimeraPrimera version: version: IP+ATMIP+ATM

20Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Traditional IP over ATMTraditional IP over ATM

• Put routers around the edge of an ATM network

• Connect routers using Permanent Virtual Circuits

• This does not provide optimal integration of IP and ATM

Page 11: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 11

21Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

ATM MPLS ATM MPLS

• MPLS adds IP Routing Control to an ATM Switch

• MPLS enables ATM switches to also act like routers

- Fully support IP, along with Frame Relay and ATM, on shared ATM backbone

- Provides optimal IP forwarding capability on an ATM network

22Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

IP over ATM IntegrationIP over ATM IntegrationMPLS: ScalabilityMPLS: Scalability

• MPLS gives routing scalability

- Limited peerings between routers

• MPLS gives Internet routing scalability

- Full BGP4 support, with all the extras

Page 12: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 12

23Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

IP over ATM IntegrationIP over ATM IntegrationMPLS: IP FundamentalsMPLS: IP Fundamentals

• MPLS puts IP services directly on ATM switches

- ATM switches support IP protocols directly

- Avoids complex translations which occur with MPOA

• Full support for IP CoS, RSVP, IP multicast, future IP services IP Multicast

IP CoS

RSVP

24Presentation_ID © 2001, Cisco Systems, Inc.

Aspectos Tecnicos de MPLS

Aspectos Tecnicos Aspectos Tecnicos de de MPLSMPLS

Page 13: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 13

25Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

MPLS ConceptMPLS ConceptMPLS Concept

• Enable ATM switches to act as routers

• Create new IP capabilities via flexible classification

• In Core:Forward using labels (as opposed to IP addr)Label indicates service class and destination

Label Switch Router (LSR)

RouterATM switch + Tag Switch ControllerLabel Distribution

Protocol (LDP)

Edge Label Switch Router(ATM Switch or Router)

• At Edge:Classify packetsLabel them

26Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

MPLS OperationMPLS OperationMPLS Operation1a. Existing routing protocols (e.g. OSPF, IS-IS) establish reachability to destination networks

1b. Label Distribution Protocol (LDP) establishes label to destination network mappings

2. Ingress Edge LSR receives packet, performs Layer 3 value-added services, and “labels” packets

3. LSR switches packets using label swapping

4. Edge LSR at egress removes label and delivers packet

Page 14: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 14

27Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

NonNon--ATM MPLS Example:ATM MPLS Example:Routing InformationRouting Information

128.89

171.69

1

01

0

You can reach 171.69 through me

You can reach 128.89 and 171.69 through me

(Example shows RIP updates for simplicity: OSPF or IS-IS are more likely. Routing tables for this network will be identical in any case.)

You can reach 128.89 through me

In In LblLbl

Address Address PrefixPrefix

128.89128.89

171.69171.69

......

OutOutI’faceI’face

00

11

......

Out Out LblLbl

In In LblLbl

Address Address PrefixPrefix

128.89128.89

171.69171.69

......

OutOutI’faceI’face

11

11

......

Out Out LblLbl

In In LblLbl

Address Address PrefixPrefix

128.89128.89

......

OutOutI’faceI’face

00

......

Out Out LblLbl

28Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

NonNon--ATM MPLS Example:ATM MPLS Example:Assigning LabelsAssigning Labels

1

01

0

Use label 7 for 171.69

Use label 4 for 128.89 andUse label 5 for 171.69

Label Distribution Protocol (LDP)(Downstream Allocation)

Use label 9 for 128.89

128.89

171.69

In In LblLbl

Address Address PrefixPrefix

128.89128.89

171.69171.69

......

OutOutI’faceI’face

00

11

......

Out Out LblLbl

In In LblLbl

Address Address PrefixPrefix

128.89128.89

171.69171.69

......

OutOutI’faceI’face

11

11

......

Out Out LblLbl

In In LblLbl

Address Address PrefixPrefix

128.89128.89

......

OutOutI’faceI’face

00

......

Out Out LblLbl

--

--

44

55

44

55

99

77

99 --

Page 15: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 15

29Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

NonNon--ATM MPLS Example:ATM MPLS Example:Forwarding PacketsForwarding Packets

128.89

171.69

1

01

128.89.25.4 Data4128.89.25.4 Data

128.89.25.4 Data

128.89.25.4 Data9

0

Label Switch Forwards Based on Label

In In LblLbl

Address Address PrefixPrefix

128.89128.89

171.69171.69

......

OutOutI’faceI’face

00

11

......

Out Out LblLbl

In In LblLbl

Address Address PrefixPrefix

171.69171.69

......

OutOutI’faceI’face

11

11

......

Out Out LblLbl

In In LblLbl

Address Address PrefixPrefix

128.89128.89

......

OutOutI’faceI’face

00

......

--

--

44

55 55

99

77

--4 9128.89

Out Out LblLbl

30Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

EncapsulationsEncapsulations

Label HeaderLabel HeaderPPP HeaderPPP Header Layer 3 HeaderLayer 3 HeaderPPP Header

(Packet over SONET/SDH)

ATM Cell Header HECHEC

LabelLabel

DATADATACLPCLPPTIPTIVCIVCIGFCGFC VPIVPI

Label HeaderLabel HeaderMAC HeaderMAC Header Layer 3 HeaderLayer 3 HeaderLAN MAC Label Header

Page 16: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 16

31Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Provider MPLS NetworkProvider MPLS NetworkProvider MPLS Network

ATM SwitchIP Router

Service Class (QoS)Privacy (VPN)Traffic Engineering

Label Data

MPLS LabelsDestination and Service Attributes

MPLS LabelsMPLS LabelsDestination Destination andand Service AttributesService Attributes

• Forwarding based on Labels

• Labels are applied at the edge of the Network

• Interoperability of ATM switches and IP routers

• Labels Indicates Service attributes withoutper-hop decisions:

32Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Key MPLS CapabilitiesKey MPLS Capabilities

IP/ATM Integration Traffic Engineering

VPN’s

IP Multicast IP CoS

RSVP

Page 17: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 17

33Presentation_ID © 2001, Cisco Systems, Inc.

Provider Provisioned VPNs

Provider Provisioned Provider Provisioned VPNsVPNs

34Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

VPN A

VPN B

VPN CVPN A VPN B

VPN C

VPN A

VPN BVPN CVPN A

VPN C VPN BHosting

Multicast

VoIP

Intranet

Extranet

Service Provider Benefitsof MPLS-Based VPNs

Service Provider BenefitsService Provider Benefitsof MPLSof MPLS--Based VPNsBased VPNs

• Overlay VPN

Pushes content outside the network

Costs scale exponentially

Transport dependent

Groups endpoints, not groups

Complex overlay with QoS, tunnels, IP

• MPLS-based VPNs

Enables content hosting insidethe network

“Flat” cost curve

Transport independent

Easy grouping of users and services

Enables QoS inside the VPNs

Page 18: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 18

35Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Managed IP Services Scale to Large and Small Customers

Managed IP Services Scale to Managed IP Services Scale to Large and Small CustomersLarge and Small Customers

Single carrier networkSingle carrier networksupporting multiple supporting multiple customer IP VPNscustomer IP VPNs

Separately engineeredSeparately engineeredcustomer private IP networks

BGP/MPLSVPN Network

Vs.

36Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Single carrier networkSingle carrier networksupporting multiple supporting multiple customer IP VPNscustomer IP VPNs

Separately engineeredSeparately engineeredcustomer private IP networks

BGP+ MPLSNetwork

Vs.

Build once,Sell onceBuild once,Sell once

Build once,Sell manyBuild once,Sell many

Virtual Private NetworksVirtual Private NetworksVirtual Private Networks

Page 19: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 19

37Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

BGP/MPLS VPNs: Overview 1BGP/MPLS VPNs: Overview 1BGP/MPLS VPNs: Overview 1

• Customer sites are in many different Virtual Private Networks.

• They run ordinary IP, not MPLS or any special VPN functions.

• Customer sites run RIP, OSPF, BGP or static routing

• Customer sites are connected by Frame Relay, ATM, serial, PPP, ethernet, xDSL, etc.

38Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

BGP/MPLS VPNs: Overview 2BGP/MPLS VPNs: Overview 2BGP/MPLS VPNs: Overview 2

• Network core runs ordinary MPLS

• Network core requires no knowledge or state for VPNs: highly scaleable

• Network core can be an ATM MPLS or router-based MPLS

Page 20: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 20

39Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

BGP/MPLS VPNs: Overview 3BGP/MPLS VPNs: Overview 3BGP/MPLS VPNs: Overview 3

• Edge LSRs have an extra function, ‘Provider Edge’ function, which deals with VPNs

• Provider Edge function is based on MPLS plus BGP v4 with Multiprotocol Extensions

• Multiprotocol BGP is a standards-track document from the IETF, RFC 2283.

40Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

MPLS VPNMPLS VPNRouting ArchitectureRouting Architecture

• P router = Provider Router (Core LSR )

• PE router = Provider Edge router (Edge LSR) knows which VPN each CE belongs to (by sub-interface)

• CE router = Customer Edge router

• RD (Route Distinguisher) = uniquely identify a VPN (AS#,VPN_ID)

• IPv4 Addresses are unique within VPN

• IPv4 Addresses might overlap across VPN’s

VPN_A

VPN_A

VPN_B

10.3.0.0

10.1.0.0

11.5.0.0

P P

PP PE

PE CE

CE

CE

VPN_A

VPN_B

VPN_B

10.1.0.0

10.2.0.0

11.6.0.0

CEPE

PECE

CE

VPN_A

10.2.0.0

CE

Service ProviderVPN Aware Network

ConnectionlessIP VPNs

ConnectionlessConnectionlessIP VPNsIP VPNs

Privacy withouttunnels

Privacy withoutPrivacy withouttunnelstunnels

Page 21: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 21

41Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

MPLS-Based IP-VPN SecurityMPLSMPLS--Based IPBased IP--VPN SecurityVPN Security

“Cisco MPLS-Based VPNs: Equivalent to the Security of Frame Relay

and ATM.”Security

http://www.mier.com/reports/cisco/MPLS-VPNs.pdfMiercom, March 30, 2001

42Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Validating Cisco MPLS-Based IP-VPN as a Secure Network

Validating Cisco MPLSValidating Cisco MPLS--Based Based IPIP--VPN as a Secure NetworkVPN as a Secure Network

• Customers network topology is not revealed to the outside world

• Customers can maintain own addressing plans and the freedom to use either public or private address space

• Attackers cannot gain access into VPNs or service provider’s network

• Impossible for attacker to insert “spoofed” label into a Cisco MPLS network and thus gain access to a VPN or the MPLS core

RED-Glascow2611

100.200.200.104

3.4.4.4

10.4.4.4

SER 5/0:0100.200.104.1

POS 1/0100.200.106.2

T1 FRdlci 102

eBGP AS72 T1 FRdlci 104RIP v2

Ser 3/0100.200.102.1

SiSi

SiSi

SER 1/0:0100.200.104.2

ATM2/0/0100.200.111.1

SER 1/0/1:0100.200.110.1

POS 2/1/0100.200.112.2

3.5.5.5

RED-Dover1750

100.200.200.10910.3.3.3

T1 FRdlci 109RIP v2T1 FR

dlci 110Static

10.3.3.3

DOVER7505

100.200.200.112

ATM1/0100.200.111.2

Ser 0100.200.109.2

BLUE-Dover2611

100.200.200.110 YELLOW-Dover3640

100.200.200.111

Ser 1/0100.200.110.2

Ser 5/0:0100.200.101.1

BLUE-Oxford1750

100.200.200.101

Ser 0100.200.101.2

T1 FRdlci 101

OSPF

10.4.4.4

pvc 0/11eBGP AS71

BLUE-Glascow3640

100.200.200.105

SER 1/0/0:0100.200.109.1

ATM1/0100.200.105.2

10.5.5.5

ATM 1/0100.200.105.1

pvc 1/1OS PF

OC3 POS

GLASCOW7206

100.200.200.106

OXFORD7206

100.200.200.103

LONDONGSR12008

100.200.200.107

POS 1/0100.200.103.1POS 1/1

100.200.106.1

POS 1/0100.200.112.1

POS 2/0100.200.110.1

OC3 POSOC3 POS

YELLOW-Oxford3640

100.200.200.102

Ser 0/0100.200.102.2

SiSi

POS 2/0100.200.103.2

Test Network Topology

Miercom Independent Testing Confirmed Cisco MPLS VPN Is SecureMiercom Independent Testing Confirmed Cisco MPLS VPN Is Secure

Security

Page 22: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 22

43Presentation_ID © 2001, Cisco Systems, Inc.

QoS en MPLS VPNQoS QoS en MPLS VPNen MPLS VPN

44Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Differentiated IP Services

BronzeBronze

Silver

GoldGoldGuaranteed: Latency and Delivery

Best-Effort Delivery

Guaranteed DeliveryTrafficClassification

TrafficClassification

Application-Level QoS and Bandwidth Management

ApplicationApplication--Level Level QoSQoS and and Bandwidth ManagementBandwidth Management

Quality of Service

Real-time Applications

Mission Critical,Interactive, Data Applications

Best effort Data Applications

Page 23: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 23

45Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Motivation Behind QoSMotivation Behind QoSMotivation Behind QoS

• Applications are sensitive to delay, jitter and packet loss

• There are non-adjustable components (e.g. propagation delay, switching delay, CRC errors)

• There are adjustable components associated with link congestion (buffering delay andpacket loss)

• Some Congestion is likely in most networks

• Service provider can manage situation and offer value-added service

46Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Classification

Identifyand split

traffic intodifferent classes

Prioritize, protect

andisolate traffic

Mark traffic if

necessary

PolicingMarking

Queuing &Dropping

Shaping

Discard misbehaving

traffic tomaintain network integrity

Control bursts and

conform traffic

How does a router implement different qualities of service?

QoS Building BlocksQoS Building BlocksQoS Building Blocks

Page 24: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 24

47Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Using the EXP Bits – Diffserv Support

Using the EXP Bits Using the EXP Bits –– Diffserv Diffserv SupportSupport

• Copy of precedence into EXP

• Mapping of DSCP into EXP

MPLS EXP: xyz

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Label | EXP |S| TTL |

IPv4 PacketIPv4 Packet MPLSMPLS

Prec: xyz Prec: xyz

Non-MPLS Domain

Non-MPLS Domain

MPLS DomainMPLS Domain

HdrHdr

48Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

IPv4 PacketIPv4 Packet

0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Label | EXP |S| TTL |

Label-Inferred CoS – Diffserv Support

LabelLabel--Inferred Inferred CoS CoS –– Diffserv Diffserv SupportSupport

• DSCP/precedence to label mapping

Prec: xyz

DestDest--CoS CoS Label Label P/p CoS1P/p CoS1 17 17

P/p CoS2P/p CoS2 2222

P/p CoS3P/p CoS3 25 25

P/p CoS4P/p CoS4 1212

Page 25: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 25

49Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

MPLSPE

PE

PE

PE

P

P

P

P

DiffServ

CE

CEDiffServ

MPLS Traffic Engineering with QoS

MPLS Traffic Engineering with MPLS Traffic Engineering with QoSQoS

• Traffic is routed using explicit and constrain-based routing

• Aggregate admission control against a particular bandwidth pool

• Packets are scheduled at every hop according to EXP marking regardless of LSP

50Presentation_ID © 2001, Cisco Systems, Inc.

Ventajas de lasMPLS VPN

VentajasVentajas de de laslasMPLS VPNMPLS VPN

Page 26: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 26

51Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Key FeaturesKey FeaturesKey Features

• No constraints on addressing plans used by VPNs—A VPN customer may:

Use globally unique and routable/non-routable addresses

Use private addresses (RFC1918)

• Security:

Basic security is comparable to that provided by FR/ATM-based VPNs without requiring data encryption

VPN customer may use IPSec-based mechanisms

E.g., CE— CE IPSec-based encryption

52Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Key Features (Cont.)Key Features (Cont.)Key Features (Cont.)

• Quality of Service:

Flexible and scaleable support for a CoS-based networks

• Scalability:

Total capacity of the system isn’t bounded by the capacity of an individual component

Scale to virtually unlimited number of VPNs per VPN Service Provider and scale to thousands of sites per VPN

Page 27: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 27

53Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

Key Features (Cont.)Key Features (Cont.)Key Features (Cont.)

• Connectivity to the Internet:

VPN service providers may also provide connectivity to the Internet to its VPN customers

Common infrastructure is used for both VPN and the Internet connectivity services

• Simplifies operations and management for VPN service providers:

No need for VPN service providers to set up and manage a separate backbone or “virtual backbone” for each VPN

54Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

BGP/MPLS VPN— SummaryBGP/MPLS VPNBGP/MPLS VPN—— SummarySummary

• Supports large scale VPN service

• Increases value add by the VPN service provider

• Decreases service provider cost of providing VPN services

• Mechanisms are general enough to enable VPN service provider to support a wide range of VPN customers

Page 28: Introducción a MPLS y MPLS VPN - sp WAN IP-ATM/Intro... · Multiprotocol BGP and MPLS Virtual Private Networks The standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS

Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 28

55Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com

MPLS as a Foundation for Value-Added Services

MPLS as a Foundation MPLS as a Foundation for Valuefor Value--Added ServicesAdded Services

Traffic Engineering

Traffic Engineering

Provider Provisioned

VPNs

Provider Provisioned

VPNsIP+ATMIP+ATM IP+Optical

GMPLSIP+Optical

GMPLS

Any Transport over MPLS

Any Transport over MPLS

MPLSMPLS

Network InfrastructureNetwork Infrastructure

56© 2001, Cisco Systems, Inc.