Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/2/2d/MPLS.pdf · Multiprotocol Label Switching (MPLS) ... L2 VPN, L2 virtual P2P lines, Voice (->QoS, ... •

© 2005 Petr Grygarek, Advanced Computer Networks Technologies 1

Multiprotocol Label SwitchingMultiprotocol Label Switching(MPLS)(MPLS)

Petr GrygPetr Grygáárekrek

2© 2005 Petr Grygarek, Advanced Computer Networks Technologies

Why MPLS ?Why MPLS ?• integrates various traditional applications on single setvice provider platform

• Internet, L3 VPN, L2 VPN, L2 virtual P2P lines, Voice (->QoS, fast reconvergence), …

• Wide range of traffic-engineering and node/link protection options

• provides greater flexibility in the delivery of (new) transport services

• new routing services may be added without change to the forwarding paradigm

• Multiple VRF-based VPNs (with address overlap), traffic-engineering,…

• improves the scalability of the network layer

• eliminating huge IP routing tables by establishing forwarding hierarchy

• improves the price/performance of network layer routing

• MPLS switching algorithm might be simpler and faster than traditional IP routing (longest match)

• Processor-intensive packet analysis and classification happens only once at the ingress edge

• But MPLS should not be primarily considered a method to make routers much But MPLS should not be primarily considered a method to make routers much faster anymore todayfaster anymore today

• integrates IP routing with VC-based networks (like ATM)


Technology in BriefTechnology in Brief

• Inserts underlying label-based forwarding layer under traditional network layer routing

• label forwarding + label swapping similar to ATM/FR

• Forwarding tables (switching paths) may be constructed and uploaded by various mechanisms which gives enormous flexibility

• switching tables constructed using IP routing protocol(s) or some other mechanism

• Completely decouples data plane forwarding from path determination (control plane)

• Packet forwarding does not depends only on routing protocols that search for shortest path for particular L3 routed protocol based on particular IGP metric

• Any type of both L3 or L2 traffic can be forwarded

• Integrates advantages of traditional packet switching and circuit switching worlds


Frame Mode and Cell ModeFrame Mode and Cell Mode

• Frame modeFrame mode• frame switching, used today in service provider's and frame switching, used today in service provider's and

other core networksother core networks

• encapsulates IP or any other payloads (even L2 encapsulates IP or any other payloads (even L2 frames)frames)

• Cell modeCell mode• Used to integrate connectionless packet forwarding Used to integrate connectionless packet forwarding

applications with connection-oriented networks applications with connection-oriented networks (ATM)(ATM)

• Mostly historical, not used anymore todayMostly historical, not used anymore today


MPLS position in OSI RMMPLS position in OSI RMMPLS operates between link and network layerMPLS operates between link and network layer

• Can deals with L3 routing/addressing when Can deals with L3 routing/addressing when establishing virtual paths (LSPs)establishing virtual paths (LSPs)

• Uses L2 labels for fast switchingUses L2 labels for fast switching• Additional “shim” headers placed between L2 and Additional “shim” headers placed between L2 and

L3 headersL3 headers• it’s presence indicated in L2 headerit’s presence indicated in L2 header

• Ethernet EtherType, PPP Protocol field, Frame Relay NLPID, Ethernet EtherType, PPP Protocol field, Frame Relay NLPID, ……

• 8847 – unicast, 8848 multicast8847 – unicast, 8848 multicast

• Inherent labels of some L2 technologiesInherent labels of some L2 technologies• ATM VPI/VCI, Frame Relay DLCI, optical switching ATM VPI/VCI, Frame Relay DLCI, optical switching

lambdas, …lambdas, …


Label-based packet forwardingLabel-based packet forwarding• Packet marked with labels at ingress MPLS router (label imposition)Packet marked with labels at ingress MPLS router (label imposition)

• various rules can be used to impose labels • destination network prefix, QoS, policy routing (traffic engineering), VPNs, …• labels in general imply both routes (IP destination prefixes) and service attributes labels in general imply both routes (IP destination prefixes) and service attributes

(QoS, TE, VPN, …)(QoS, TE, VPN, …)

• Multiple labels can be imposed (label stack)Multiple labels can be imposed (label stack)• Utlized by lot of applications (MPLS/VPN, hierarchical MPLS forwarding over Utlized by lot of applications (MPLS/VPN, hierarchical MPLS forwarding over

multiple clouds, segment routing)multiple clouds, segment routing)

• Packet quickly forwarded according to labels through MPLS corePacket quickly forwarded according to labels through MPLS core• uses only label swapping, no IP routinguses only label swapping, no IP routing

• IP routing information may be used only to build forwarding tables, not for IP routing information may be used only to build forwarding tables, not for actual (potentially slow) IP routingactual (potentially slow) IP routing

• Label is removed at egress router and packet forwarded further Label is removed at egress router and packet forwarded further using standard L3 IP routing table lookupusing standard L3 IP routing table lookup

• In reality, penultimate hop removes topmost label to avoid In reality, penultimate hop removes topmost label to avoid double lookup on egress devicedouble lookup on egress device

• Inner label can imply destination VRF/VSIInner label can imply destination VRF/VSI


Components of MPLS architectureComponents of MPLS architecture

• Forwarding Component (data plane)• “brute force” forwarding using label forwarding information

base (LFIB)

• Control Component (control plane)

• Control plane implementation for MPLS-based IP routing using LDP:

• Creates and updates label bindings (LFIB)

• <IP_prefix, label>

• LSR has to participate in routing protocol (IGP or static routing) and/or some other LSR has to participate in routing protocol (IGP or static routing) and/or some other signalling mechanismsignalling mechanism

• including ATM switches in MPLS cell-modeincluding ATM switches in MPLS cell-mode

• Labels assignment is distributed to other MPLS peers

• using some sort of label distribution protocol (LDP)

Control and forwarding functions are separated


MPLS DevicesMPLS DevicesLabel-Switch Router (LSR)Label-Switch Router (LSR)

• Any router/switch participating on label assignment and Any router/switch participating on label assignment and distribution that supports label-based packet/cell switchingdistribution that supports label-based packet/cell switching

LSR ClassificationLSR Classification• Core LSR (P-Provider)Core LSR (P-Provider)

• Edge LSR (PE-Provider Edge)Edge LSR (PE-Provider Edge)(Often the same kind of device, but configured differently)(Often the same kind of device, but configured differently)

• Frame-mode LSRFrame-mode LSR• MPLS-capable router with Ethernet interfacesMPLS-capable router with Ethernet interfaces

• Cell-mode LSRCell-mode LSR• ATM switch with added functionality (control software)ATM switch with added functionality (control software)


Functions of Edge LSRFunctions of Edge LSR

• Any LSR on MPLS domain edge, i.e. with non-MPLS Any LSR on MPLS domain edge, i.e. with non-MPLS neighboring devicesneighboring devices

• Performs label imposition and dispositionPerforms label imposition and disposition• Packets classified and label imposedPackets classified and label imposed

• Classification based on routing and policy requirements Classification based on routing and policy requirements • Traffic engineering, policy routing, QoS-based routingTraffic engineering, policy routing, QoS-based routing

• Information of L2/L3 (and above) headers inspected Information of L2/L3 (and above) headers inspected only once at edge of the MPLS domainonly once at edge of the MPLS domain


Forwarding Equivalence Class (FEC)

• Packets classified into FECs at MPLS domain Packets classified into FECs at MPLS domain edge LSRedge LSR• according unicast routing destinations, QoS class, according unicast routing destinations, QoS class,

VPN, multicast group, traffic-engineered traffic VPN, multicast group, traffic-engineered traffic class, L2 pseudowire traffic, …class, L2 pseudowire traffic, …

• FEC is a class of packets to be MPLS-switched FEC is a class of packets to be MPLS-switched the same waythe same way


Label switching path (LSP)Label switching path (LSP)

• Sequence of LSRs between ingress and egress Sequence of LSRs between ingress and egress (edge) LSRs(edge) LSRs• + sequence of assigned labels (local significance)+ sequence of assigned labels (local significance)

• Unidirectional (!)Unidirectional (!)• Reverse path can take completely different routeReverse path can take completely different route

• For every forward equivalence classFor every forward equivalence class

• May diverge from IGP shortest pathMay diverge from IGP shortest path• Path established by traffic engineering using explicit Path established by traffic engineering using explicit

routing and label switching paths tunnels routing and label switching paths tunnels


Upstream and downstream neighborsUpstream and downstream neighbors

• From perspective of some particular LSRFrom perspective of some particular LSR

• Related to particular destination (and FEC)Related to particular destination (and FEC)

• Infrastructure routing protocol’s Next-hop address Infrastructure routing protocol’s Next-hop address typically determines downstream neighbor for IP typically determines downstream neighbor for IP over MPLS applicationsover MPLS applications

Upstream neighbor is closer to data source whereas Upstream neighbor is closer to data source whereas downstream neighbor is closer to the destination downstream neighbor is closer to the destination networknetwork


Label and label stackLabel and label stack• Label format (and length) is dependent on Label format (and length) is dependent on

particular L2 technologyparticular L2 technology

• Labels have local-link significance, each LSR Labels have local-link significance, each LSR creates it’s own label mappingscreates it’s own label mappings• although not a rule, same label is often propagated although not a rule, same label is often propagated

from different links for the same destinationfrom different links for the same destination

• Multiple labels may be imposed, forming the Multiple labels may be imposed, forming the label stacklabel stack• Label bottom indicated by “s” bitLabel bottom indicated by “s” bit

• Label stacking allows special MPLS applications Label stacking allows special MPLS applications (VPNs, segment routing etc.)(VPNs, segment routing etc.)

• Packet switching is always based on the label on the Packet switching is always based on the label on the top of stacktop of stack


MPLS headerMPLS header

• Between L2 and L3 headerBetween L2 and L3 header• MPLS header presence indicated in EtherType/PPP MPLS header presence indicated in EtherType/PPP

Protocol ID/Frame Relay NLPIDProtocol ID/Frame Relay NLPID

• 4 octets (32b)4 octets (32b)• 20 bits – label value20 bits – label value

• 3 bits Exp (experimental) – used for QoS today3 bits Exp (experimental) – used for QoS today

• 8 bits MPLS TTL (Time to Live)8 bits MPLS TTL (Time to Live)

• 1 bit – “S bit” – indicates bottom of stack1 bit – “S bit” – indicates bottom of stack


MPLS Operation – basic IP routingMPLS Operation – basic IP routing

Control Plane:Control Plane:• Standard IP routing protocol used in MPLS routing domain Standard IP routing protocol used in MPLS routing domain

• (OSPF, IS-IS, …)(OSPF, IS-IS, …)• <IP prefix, label > mapping created by egress router<IP prefix, label > mapping created by egress router

• i.e. router at MPLS domain edge used as exit point for that IP prefixi.e. router at MPLS domain edge used as exit point for that IP prefix• Label distribution protocols used to distribute label bindings for IP Label distribution protocols used to distribute label bindings for IP

prefixes between adjacent neighbors in direction to potential sourcesprefixes between adjacent neighbors in direction to potential sources• label always has local significancelabel always has local significance

Data Plane:Data Plane:• Ingress LSR receives IP packetsIngress LSR receives IP packets

• Performs classification and imposes labelPerforms classification and imposes label• Forwards labeled packet to MPLS coreForwards labeled packet to MPLS core

• Core LSRs switch labeled packets based on label valueCore LSRs switch labeled packets based on label value• Egress router removes label before forwarding packet out of MPLS Egress router removes label before forwarding packet out of MPLS

domaindomain• Then performs normal L3 routing table lookupThen performs normal L3 routing table lookup


MPLS and IP routing interaction in LSRMPLS and IP routing interaction in LSR

IP routing tableIP routing table

IP routing processIP routing process

MPLS Signalling protocolMPLS Signalling protocol

Label forwarding tableLabel forwarding table

routing informationrouting information exchange exchange

(routing protocol)(routing protocol)

label bindingslabel bindingsexchangeexchange

Outgoing Outgoing labeledlabeled packets packets

IncomingIncominglabeledlabeledpacketspackets

IncomingIncomingunlabeledunlabeled

packetspackets OutgoingOutgoingunlabelledunlabelled packets packets

Control planeControl plane

Data planeData plane


Interaction of neighboring MPLS LSRsInteraction of neighboring MPLS LSRs

Routing informationRouting informationexchangeexchange


Labeled packetsLabeled packets


IP routingIP routingprocessprocess

MPLS SignallingMPLS SignallingProtocolProtocol

Label forwardingLabel forwardingtabletable


IP routingIP routingprocessprocess

MPLS SignallingMPLS SignallingProtocolProtocol

Label forwardingLabel forwardingtabletable


Operation of edge LSROperation of edge LSR


IP routing processIP routing process

MPLS Signalling protocolMPLS Signalling protocol

Label forwarding tableLabel forwarding table

routing informationrouting information

exchanexchangege


OutgoingOutgoinglabeledlabeledpacketspackets

IncomingIncomingunlabeledunlabeled

packetspackets

OutgoingOutgoingunlabeledunlabeledpacketspackets

IP forwarding tableIP forwarding table

Label dispositionLabel disposition and L3 lookup and L3 lookupIncomingIncoming

labeledlabeledpacketspackets

ResolvingResolvingof recursiveof recursiveroutesroutes


Penultimate hop behaviorPenultimate hop behavior

Label at the top of label stack is removed not by egress routes at MPLS domain edge (as Label at the top of label stack is removed not by egress routes at MPLS domain edge (as could be expected), but by it’s upstream neighbor (penultimate hop)could be expected), but by it’s upstream neighbor (penultimate hop)

• On egress router, packet could not be label-switched anywayOn egress router, packet could not be label-switched anyway

• Egress router has to perform L3 lookup to find more specific routeEgress router has to perform L3 lookup to find more specific route

• commonly, egress router advertises single label for summary routecommonly, egress router advertises single label for summary route

• Label-based lookup and disposition of label imposed by egress router’s upstream Label-based lookup and disposition of label imposed by egress router’s upstream neighbor would introduce unnecessary overheadneighbor would introduce unnecessary overhead

• For that reason, upstream neighbor of egress router always pops label and sends For that reason, upstream neighbor of egress router always pops label and sends packet to egress router unlabeledpacket to egress router unlabeled

• Egress LSR requests popping of label through label distribution protocolEgress LSR requests popping of label through label distribution protocol• advertises “implicit-null” label for particular FECadvertises “implicit-null” label for particular FEC

• In some cases, “helper” 2In some cases, “helper” 2ndnd level label is added if penultimate hop device level label is added if penultimate hop device cannot handle passenger loaod header type (e.g. 6PE)cannot handle passenger loaod header type (e.g. 6PE)


Label Bindings DistributionLabel Bindings Distribution


Label Distribution Protocol Label Distribution Protocol FunctionalityFunctionality

• Used to advertise Used to advertise <<IPIP__prefixprefix,, label label>> bindingbindingss

• Still not available for IPv6 on lot of platformsStill not available for IPv6 on lot of platforms

• Used to create Used to create LLabel abel Information Base (LIB)Information Base (LIB) and and Label Label FForwarding orwarding IInformation nformation BBase ase (LFIB)(LFIB)• LIB maintains ALL prefixes and labels advertised by individual LIB maintains ALL prefixes and labels advertised by individual

LDP neighborsLDP neighbors

• FIB (HW copy of routing table) may contain label to be imposed FIB (HW copy of routing table) may contain label to be imposed for particular destination networkfor particular destination network

• LFIB maintains only labels advertised by next hops for individual LFIB maintains only labels advertised by next hops for individual prefixesprefixes• i.e. those actually used for label switchingi.e. those actually used for label switching

• next-hop is typically determined by traditional IGP next-hop is typically determined by traditional IGP

LFIB is used for actual label switching, LIB maintains labels LFIB is used for actual label switching, LIB maintains labels which may be useful if IGP routes changewhich may be useful if IGP routes change


Label Retention ModesLabel Retention Modes• Liberal mode (mostly used in Frame mode)Liberal mode (mostly used in Frame mode)

• LSR retains labels for FEC from all neighborsLSR retains labels for FEC from all neighbors• Requires more memory and label spaceRequires more memory and label space

• Improves latency after IP routing paths changeImproves latency after IP routing paths change

• Conservative modeConservative mode• Only labels from next-hop for IP prefix are Only labels from next-hop for IP prefix are

maintainedmaintained• next-hop determined from IP routing protocolnext-hop determined from IP routing protocol

• Saves memory and label spaceSaves memory and label space


Label Distribution ModesLabel Distribution Modes

• Independent LSP controlIndependent LSP control• LSR binds labels to FECs and advertises them LSR binds labels to FECs and advertises them

whether or not the LSR itself has received a label whether or not the LSR itself has received a label from it’s next-hop for that FECfrom it’s next-hop for that FEC

• Most common in MPLS frame modeMost common in MPLS frame mode

• LDP is typical example of this approachLDP is typical example of this approach

• Ordered LSP controlOrdered LSP control• LSR only binds and advertises label for FEC ifLSR only binds and advertises label for FEC if

- it is the egress LSR for that FEC orit is the egress LSR for that FEC or

- it received a label binding from next-hop LSRit received a label binding from next-hop LSR

- RSVP-base signalling also falls to this categoryRSVP-base signalling also falls to this category


Label allocationLabel allocation

• Labels are unque per device / per interfaceLabels are unque per device / per interface

• For all or just for specified prefixesFor all or just for specified prefixes

• Label range may be explicitly specifiedLabel range may be explicitly specified• Even for different types of serviceEven for different types of service

• Separate label range per physical device may simplify Separate label range per physical device may simplify troubleshootingtroubleshooting


Protocols for Label DistributionProtocols for Label Distribution• Label Distribution Protocol (LDP) – IETFLabel Distribution Protocol (LDP) – IETF standard standard

• TCP port 646TCP port 646

• RSVP-TERSVP-TE• used for MPLS traffic engineering (or explicit control of transport paths)used for MPLS traffic engineering (or explicit control of transport paths)

• BGPBGP• Between PE routers of various types of MPLS VPNsBetween PE routers of various types of MPLS VPNs

• PIMPIM• enables MPLS-based multicastsenables MPLS-based multicasts

• Tag Distribution Protocol (TDP) – Cisco proprietary, obsoleteTag Distribution Protocol (TDP) – Cisco proprietary, obsolete

• LDP predecestorLDP predecestor• TCP port 711TCP port 711

Label bindings are exchanged Label bindings are exchanged between neighboring routersbetween neighboring routers• in special cases also between non-neighboring routers in special cases also between non-neighboring routers

• ““targeted LDP” session – e.g. MPLS-based pseudowire, Martini signallingtargeted LDP” session – e.g. MPLS-based pseudowire, Martini signalling


Label Distribution Protocol (LDP): Label Distribution Protocol (LDP): Message TypesMessage Types

• Discovery messages (hellos)Discovery messages (hellos)• UDP/646UDP/646

• Used to discover and continually check for presence of LDP peersUsed to discover and continually check for presence of LDP peers

• Once a neighbor is discovered, LDP session is established Once a neighbor is discovered, LDP session is established over TCP/646over TCP/646• messages to establish, maintain and terminate sessionmessages to establish, maintain and terminate session

• label mappings advertisement messages label mappings advertisement messages • create, modify, deletecreate, modify, delete

• error notification messageerror notification message

• LDP Neighbor IDLDP Neighbor ID

• Corresponding address must be reachable from LDP peerCorresponding address must be reachable from LDP peer

• i.e. visible in IGPi.e. visible in IGP


Frame-mode Label Distribution (LDP)Frame-mode Label Distribution (LDP)

• Unsolicited downstreamUnsolicited downstream• Labels distributed automatically to upstream neighborsLabels distributed automatically to upstream neighbors

• Downstream LSR advertises labels for particular FECs to Downstream LSR advertises labels for particular FECs to upstream neighborsupstream neighbors

• Independent control of label assignmentIndependent control of label assignment• Label assigned as soon as new IP prefix appears in IP routing table Label assigned as soon as new IP prefix appears in IP routing table

(may be limited by ACL)(may be limited by ACL)

• Mapping stored into LIBMapping stored into LIB

• LSR may send (switch) labeled packets to next hop even if next-LSR may send (switch) labeled packets to next hop even if next-hop itself does not have label for switching that FEC furtherhop itself does not have label for switching that FEC further

• In some cases it may forward packet further based on In some cases it may forward packet further based on traditional IP routing, but there is a problem if there are some traditional IP routing, but there is a problem if there are some inner MPLS labelsinner MPLS labels

• Liberal retention mode Liberal retention mode • All received label mappings are retainedAll received label mappings are retained


MPLS ApplicationsMPLS Applications

IP header and forwarding decision decoupling allows for IP header and forwarding decision decoupling allows for better flexibility and new applicationsbetter flexibility and new applications


Some Popular MPLS Some Popular MPLS ApplicationsApplications

• BGP-Free coreBGP-Free core

• 6PE6PE

• Carrier Supporting CarrierCarrier Supporting Carrier

• MPLS Traffic engineeringMPLS Traffic engineering

• L3 MPLS VPN (IPv4 & Ipv6)L3 MPLS VPN (IPv4 & Ipv6)

• L2 pseudowires and VPLSL2 pseudowires and VPLS

• Segment routingSegment routing

• Various SDN multitenant transport modelsVarious SDN multitenant transport models

• Including MPLS over GREIncluding MPLS over GRE

• Integration of IP and ATM – obsolete todayIntegration of IP and ATM – obsolete today

• or with other connection-oriented networkor with other connection-oriented network


BGP-Free CoreBGP-Free Core• Design of transit AS without BGP running on transit Design of transit AS without BGP running on transit

(internal) routers(internal) routers

• BGP sessions between PE routers onlyBGP sessions between PE routers only• full mesh or using route reflector(s)full mesh or using route reflector(s)

• P routers know only routes to networks inside coreP routers know only routes to networks inside core• including PE loopback interfacesincluding PE loopback interfaces

• LDP creates LSPs into individual networks in the core LDP creates LSPs into individual networks in the core (especially to PEs' loopbacks)(especially to PEs' loopbacks)• Explicit singalling of LSPs using RSVP can be also usedExplicit singalling of LSPs using RSVP can be also used

• PEs' loopbacks are used as next hops of BGP routes PEs' loopbacks are used as next hops of BGP routes passed between PE routerspassed between PE routers


6PE (1)6PE (1)• Interconnection of IPv6 islands over MPLS Interconnection of IPv6 islands over MPLS

non-IPv6-aware corenon-IPv6-aware core

• PE routers has to support both IPv6 and IPv4, but P routers do PE routers has to support both IPv6 and IPv4, but P routers do not need to be upgraded (can be MPLS + IPv4 only)not need to be upgraded (can be MPLS + IPv4 only)

• Outer label identifies destination PE router loopback (IPv4 BGP Outer label identifies destination PE router loopback (IPv4 BGP next hop), inner label identifies particular IPv6 routenext hop), inner label identifies particular IPv6 route

• Inner label serves as 'index' into egress PE's IPv6 routing tableInner label serves as 'index' into egress PE's IPv6 routing table

• IPv6 prefixes plus associated (inner) labels are passed between PE IPv6 prefixes plus associated (inner) labels are passed between PE routers through MP-BGP (using TCP/IPv4)routers through MP-BGP (using TCP/IPv4)

• Inner label needed because of PHP, even if egress PE needs to Inner label needed because of PHP, even if egress PE needs to do IPv6 route table lookup anywaydo IPv6 route table lookup anyway

• penultimate hop cannot handle now exposed IPv6 headerpenultimate hop cannot handle now exposed IPv6 header• Technical implementation: inner label not unique per-route, but one of 16 reserved labels Technical implementation: inner label not unique per-route, but one of 16 reserved labels

is chosen and L3 Ipv6 lookup is done on egress routeris chosen and L3 Ipv6 lookup is done on egress router

• single reserved value is not enough because of load balancingsingle reserved value is not enough because of load balancing


6PE (2)6PE (2)

• BGP Next Hop attribute is the IPv4-mapped IPv6 address of BGP Next Hop attribute is the IPv4-mapped IPv6 address of egress 6PE routeregress 6PE router

• Only LDP for IPv4 is requiredOnly LDP for IPv4 is required

• LDP for IPv6 not implemented yetLDP for IPv6 not implemented yet

• Does not support multicast trafficDoes not support multicast traffic

• Only proposed standard – RFC 4798 (Cisco, 2007), but Only proposed standard – RFC 4798 (Cisco, 2007), but implemented by multiple vendorsimplemented by multiple vendors

• See See http://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdfhttp://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdf for further details for further details

http://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdf


6VPE6VPE

• VRF-aware 6PEVRF-aware 6PE

• Allows to build MPLS IPv6 VPNs on IPv4-only Allows to build MPLS IPv6 VPNs on IPv4-only MPLS coreMPLS core

• See See http://sites.google.com/site/amitsciscozone/hohttp://sites.google.com/site/amitsciscozone/home/important-tips/mpls-wiki/6vpe-ipv6-over-me/important-tips/mpls-wiki/6vpe-ipv6-over-mpls-vpn for configuration example (Cisco)mpls-vpn for configuration example (Cisco)


Carrier Supporting Carrier (1)Carrier Supporting Carrier (1)

• Hierarchical application of label switching conceptHierarchical application of label switching concept

• A MPLS super-carrier provides connectivity between A MPLS super-carrier provides connectivity between regions (super-carrier's POPs) for others MPLS-regions (super-carrier's POPs) for others MPLS-based customer carriersbased customer carriers• Concept of MPLS VPN in super-carrier networksConcept of MPLS VPN in super-carrier networks

• CSC-P, CSC-PE, CSC-CECSC-P, CSC-PE, CSC-CE

• Enables “global” MPLS/VPN (over multiple MPLS-Enables “global” MPLS/VPN (over multiple MPLS-based service providers' networks)based service providers' networks)


Carrier Supporting Carrier (2)Carrier Supporting Carrier (2)

• Utilizes label stack with multiple labelsUtilizes label stack with multiple labels• sub-carrier's labels are untouched during transport sub-carrier's labels are untouched during transport

over super-carrierover super-carrier

• Customer carriers do not exchange their Customer carriers do not exchange their customer's routes with super-carrier, just customer's routes with super-carrier, just loopback interfaces of PE routersloopback interfaces of PE routers• Good scalabilityGood scalability


Segment routingSegment routing• Used for explicit routing path specification Used for explicit routing path specification

• including service insertionincluding service insertion

• Labels in MPLS label stack specify exact hops on the Labels in MPLS label stack specify exact hops on the path – inserted by source edge devicepath – inserted by source edge device• ““strict” or “loose” waystrict” or “loose” way

• service instance (like FW, IPS, …) can be inserted into the service instance (like FW, IPS, …) can be inserted into the path that waypath that way

• Labels are generated (by individual LSRs) for Labels are generated (by individual LSRs) for • Each individual linkEach individual link

• Each individual segment routing MPLS LSREach individual segment routing MPLS LSR• Segments between non-neighboring LSRs explicitly specified by Segments between non-neighboring LSRs explicitly specified by

device labels are traversed based on IGPdevice labels are traversed based on IGP


MPLS Traffic EngineeringMPLS Traffic Engineering


MPLS TE GoalsMPLS TE Goals

• Minimizes network congestion, improve Minimizes network congestion, improve network performancenetwork performance

• Spreads flows to multiple pathsSpreads flows to multiple paths• i.e. diverges them from “shortest” path calculated by i.e. diverges them from “shortest” path calculated by

IGPIGP

• More efficient usage of network resources More efficient usage of network resources (bandwidth on links on “suboptimal” paths)(bandwidth on links on “suboptimal” paths)

• Completely hidden from customers' IP routingCompletely hidden from customers' IP routing• in underlying infrastructurein underlying infrastructure


MPLS TE PrincipleMPLS TE Principle

• Originating LSR (headend) sets up a TE LSP to Originating LSR (headend) sets up a TE LSP to terminating LSR (tailend) through a explicitly terminating LSR (tailend) through a explicitly specified pathspecified path• defined by sequence of intermediate LSRsdefined by sequence of intermediate LSRs

• either strict or loose explicit routeeither strict or loose explicit route

• dynamic (IGP-based path is also an option)dynamic (IGP-based path is also an option)

• LSP is calculated automatically using constraint-LSP is calculated automatically using constraint-based routing based routing • or manually using some sort of central management or manually using some sort of central management

tool in large networkstool in large networks


MPLS-TE MechanismsMPLS-TE Mechanisms• Link information distributionLink information distribution

• Path computation (constrained SPF)Path computation (constrained SPF)• or manual specification – list of hopsor manual specification – list of hops

• LSP signallingLSP signalling• RSVPRSVP-TE accomplishes-TE accomplishes label assignment during MPLS label assignment during MPLS

tunnel creationtunnel creation

• signalling needed even if path calculation is performed signalling needed even if path calculation is performed manuallymanually

• Selection of traffic that will take the TE-LSPSelection of traffic that will take the TE-LSP• by QoS class or another policy routing criteriaby QoS class or another policy routing criteria

• static routes, policy routing, autoroute, forwarding static routes, policy routing, autoroute, forwarding adjacency (OSPF), ...adjacency (OSPF), ...


Link Information DistributionLink Information Distribution

• Utilizes extensions of OSPF or IS-IS to distribute links’ current Utilizes extensions of OSPF or IS-IS to distribute links’ current states and attributesstates and attributes• OSPF LSA type 10 (opaque)OSPF LSA type 10 (opaque)

• Maximum bandwidth, reservable bandwidth, available bandwidth, flags Maximum bandwidth, reservable bandwidth, available bandwidth, flags (aka attributes or colors), TE metric(aka attributes or colors), TE metric

• Constraint-based routingConstraint-based routing• Takes into account links’ current states and attributes when calculating Takes into account links’ current states and attributes when calculating

routesroutes

• ““Constraint-based SPF” calculation first excludes links that do not Constraint-based SPF” calculation first excludes links that do not comply with required LSP parameterscomply with required LSP parameters

• bandwidth, affinity bits (link “colors”), …bandwidth, affinity bits (link “colors”), …

• Uses TE-metric instead of IGP metric (if defined on individual links)Uses TE-metric instead of IGP metric (if defined on individual links)


RSVP SignallingRSVP Signalling

• Resource reSerVation Protocol (RFC 2205) was Resource reSerVation Protocol (RFC 2205) was originally developed in connection with IntServ, originally developed in connection with IntServ, but should be understood as completely but should be understood as completely independent signalling protocolindependent signalling protocol

• Reserves resources for unidirectional Reserves resources for unidirectional (unicast/multicast) L4 flows(unicast/multicast) L4 flows• soft-state – must be refreshed periodicallysoft-state – must be refreshed periodically

• May be used with MPLS/TE to signal DiffServ May be used with MPLS/TE to signal DiffServ QoS PHB over the pathQoS PHB over the path


RSVP MessagesRSVP Messages

• Message Header (message type)Message Header (message type)• Resv, Path, ResvConfirm, ResvTeardown Resv, Path, ResvConfirm, ResvTeardown

PathTeardown, PathErr,ResvErrPathTeardown, PathErr,ResvErr

• Variable number of objects of various classesVariable number of objects of various classes• TLVsTLVs

• including sub-objectsincluding sub-objects

• Support for message authentication and integrity Support for message authentication and integrity checkcheck


Basic RSVP OperationBasic RSVP Operation• PATH message travels from sender to receiver(s) PATH message travels from sender to receiver(s)

• from TE tunnel headend to tailend in our casefrom TE tunnel headend to tailend in our case

• allows intermediate nodes to build soft-state information allows intermediate nodes to build soft-state information regarding particular sessionregarding particular session

• includes flow characteristics (flowspec)includes flow characteristics (flowspec)

• RESV message travels from receiver interested in RESV message travels from receiver interested in resource reservation towards the senderresource reservation towards the sender• from TE tunnel tailend back to headendfrom TE tunnel tailend back to headend

• actually causes reservation of intermediate nodes' resourcesactually causes reservation of intermediate nodes' resources

• provides labels to upstream routersprovides labels to upstream routers

• Soft state has to be periodically renewedSoft state has to be periodically renewed


LSP PreemptionLSP Preemption

• Support for creation of LSPs of different priorities with Support for creation of LSPs of different priorities with preemption optionpreemption option• setup and holding prioritysetup and holding priority

• setup priority is compared with holding priority of existing LSPssetup priority is compared with holding priority of existing LSPs

• 0 (best) – 7 (worst)0 (best) – 7 (worst)

• Preemption modesPreemption modes• Hard – just tears preempted LSP downHard – just tears preempted LSP down

• Soft – signalls pending preemption to the headend Soft – signalls pending preemption to the headend (PathTear/ResvTear) of existing LSP to give it an (PathTear/ResvTear) of existing LSP to give it an opportunity to reroute trafficopportunity to reroute traffic


LSP Path Calculation in Multiarea LSP Path Calculation in Multiarea EnvironmentEnvironment

• Splitting network into multiple areas limits state Splitting network into multiple areas limits state information floodinginformation flooding

• Headend specifies path to route LSP setup Headend specifies path to route LSP setup requests using list of ABRsrequests using list of ABRs• loose routingloose routing

• Each ABR calculates and reserves path over Each ABR calculates and reserves path over connected area and requests another ABR on connected area and requests another ABR on the path to take care of next sectionthe path to take care of next section

• In practise, service providers prefer flat core In practise, service providers prefer flat core network (OSPF area0 / L2-only IS-IS)network (OSPF area0 / L2-only IS-IS)


Dynamic routing & TE tunnelsDynamic routing & TE tunnels

• Autoroute – all destinations located behind TE Autoroute – all destinations located behind TE tunnel endopoint are directed to TE tunnel tunnel endopoint are directed to TE tunnel interface (unidirectional)interface (unidirectional)• tunnel's metric normally corresponds to IGP metric tunnel's metric normally corresponds to IGP metric

between headend and tailend between headend and tailend • shortest path, regardless of actual tunnel pathshortest path, regardless of actual tunnel path

• Logic local to tunnel headend routerLogic local to tunnel headend router

• Forwarding adjacencyForwarding adjacency• Headend-tailend link (TE tunnel) is propagated into Headend-tailend link (TE tunnel) is propagated into

OSPF/IS-IS databaseOSPF/IS-IS database

• Needs to be configured both on headend and tailendNeeds to be configured both on headend and tailend


MPLS Fast RerouteMPLS Fast Reroute

• In case of node or link failure, backup LSP may In case of node or link failure, backup LSP may be automatically initiated (in tens of be automatically initiated (in tens of milliseconds)milliseconds)• 50 ms failover is a goal (compare to SDH)50 ms failover is a goal (compare to SDH)

• Fast Reroute option must be requested during Fast Reroute option must be requested during LSP setupLSP setup

• Global or Local restorationGlobal or Local restoration

• (Similar functionality exists in IP-only (Similar functionality exists in IP-only environment (IP Fast Reroute))environment (IP Fast Reroute))


Fast Reroute - Global restorationFast Reroute - Global restoration

• New LSP is set up by headendNew LSP is set up by headend• LSP failure is signalled to the headend by PathErr LSP failure is signalled to the headend by PathErr

RSVP messageRSVP message• failure detection using RSVP Hellosfailure detection using RSVP Hellos

• Headend has the most complete routing constraints Headend has the most complete routing constraints information to establish a new LSPinformation to establish a new LSP

• Backup tunnel can be pre-signalled or signalled Backup tunnel can be pre-signalled or signalled when primary tunnel goes downwhen primary tunnel goes down• latter option incurs tunnel break detection and latter option incurs tunnel break detection and

signalling delayssignalling delays


Fast Reroute - Local restorationFast Reroute - Local restoration• ““Detour” LSP around failed link/nodeDetour” LSP around failed link/node

• LSR that detected the failure (called Point of Local Repair) start LSR that detected the failure (called Point of Local Repair) start to use alternative LSPto use alternative LSP• Detour LSPs are manually preconfigured or precalculated dynamically by Detour LSPs are manually preconfigured or precalculated dynamically by

Point of Local Repair and pre-signalledPoint of Local Repair and pre-signalled

• ““Detour” joins back the original LSP at the Merge PointDetour” joins back the original LSP at the Merge Point• i.e. at Next hop for link protection, Next Next hop for Node protection i.e. at Next hop for link protection, Next Next hop for Node protection

• Facility Backup (commonly used) - double labeling is used on detour pathFacility Backup (commonly used) - double labeling is used on detour path• external tag is dropped before packet enters Merge Pointexternal tag is dropped before packet enters Merge Point

• packets arrive to the Merge Point with the same label as they would if they packets arrive to the Merge Point with the same label as they would if they came along original LSP (just from different interface)came along original LSP (just from different interface)

• Different input interface on merge point is not an issue as labels are Different input interface on merge point is not an issue as labels are allocated per-platform, not per-interfaceallocated per-platform, not per-interface

• One-to-One backup One-to-One backup • does not use label stackingdoes not use label stacking• Each LSP has it’s own backup pathEach LSP has it’s own backup path


MPLS QoSMPLS QoS


MPLS and DiffservMPLS and Diffserv• LSR uses the same mechanism as traditional router to LSR uses the same mechanism as traditional router to

implement different Per-Hop Behaviors (PHBs)implement different Per-Hop Behaviors (PHBs)

• 2 types of LSPs (may coexist on single network):2 types of LSPs (may coexist on single network):• EXP-inferred LSPs (mostly used)EXP-inferred LSPs (mostly used)

• one LSP can transport multiple traffic classes simultaneouslyone LSP can transport multiple traffic classes simultaneously

• EXP bits in MPLS header used to hold DSCP valueEXP bits in MPLS header used to hold DSCP value

• Map between EXP and PHB signaled during LSP setupMap between EXP and PHB signaled during LSP setup• extension of LDP and RSVP (new TLV defined)extension of LDP and RSVP (new TLV defined)

• Label-inferred LSPsLabel-inferred LSPs• LSP can transport just one traffic classLSP can transport just one traffic class

• Fixed mapping of <DSCP, EXP> to PHB standardizedFixed mapping of <DSCP, EXP> to PHB standardized


Diffserv Tunneling over MPLSDiffserv Tunneling over MPLS

There are two markings of the packet (EXP, There are two markings of the packet (EXP, DSCP). There are different models to handle DSCP). There are different models to handle interaction between multiple markings.interaction between multiple markings.

• Pipe model Pipe model • transfers IP DSCP marking untouched transfers IP DSCP marking untouched

• useful for interconnection of two Diffserv domains useful for interconnection of two Diffserv domains using MPLSusing MPLS

• Uniform ModelUniform Model• Uniform customer and provider QoS modelsUniform customer and provider QoS models

• makes LSP an extension of DiffServ domainmakes LSP an extension of DiffServ domain


MPLS VPNsMPLS VPNs


VPNVPN Implementation: Options in General Implementation: Options in GeneralSolution to implement potentiallySolution to implement potentially overlapping address spaces overlapping address spaces of of

independent customers:independent customers:

• Overlay modelOverlay model• Infrastructure provides tunells between Infrastructure provides tunells between CPE CPE routersrouters

• FRFR/ATM virtual circuits, IP tunnels (GRE, IPSec, …)/ATM virtual circuits, IP tunnels (GRE, IPSec, …)

• Peer-to-peer modelPeer-to-peer model• Provider edge router exchange routing information with customer Provider edge router exchange routing information with customer

edge routeredge router• Customer routes present in service provider’s routing protocolCustomer routes present in service provider’s routing protocol

• Need to solve VPN separation and overlapping customer addressingNeed to solve VPN separation and overlapping customer addressing• traditionally by complicated filteringtraditionally by complicated filtering

• Optimal routing between customer sites through shared Optimal routing between customer sites through shared infrastructureinfrastructure• data don’t need to follow tunnel tospologydata don’t need to follow tunnel tospology


MPLS/VPN Basic PrinciplesMPLS/VPN Basic Principles

• MPLS helps to separate traffic from different VPNs without usage of MPLS helps to separate traffic from different VPNs without usage of overlay model tunneling techniques overlay model tunneling techniques

• Routes from different VPNs kept separated, multiple routing tables Routes from different VPNs kept separated, multiple routing tables (VRFs) implemented at edge routers (one for each VPN)(VRFs) implemented at edge routers (one for each VPN)

• Uses MPLS label stack: outer label identifies egress edge router, inner Uses MPLS label stack: outer label identifies egress edge router, inner label identifies VPN, resp. single route in particular VPNlabel identifies VPN, resp. single route in particular VPN

• P routers in MPLS core can never see customers' addressingP routers in MPLS core can never see customers' addressing

• To allow propagation of IP prefixes from all VPNs to core (BGP), To allow propagation of IP prefixes from all VPNs to core (BGP), potentially overlapping addresses of separated VPNs is made unique potentially overlapping addresses of separated VPNs is made unique with Route Distinguisher (different for every VPN)with Route Distinguisher (different for every VPN)• Those “IP-VPN” (VPNv4) addresses are propagated between PE routers as a Those “IP-VPN” (VPNv4) addresses are propagated between PE routers as a

new address family using Multiprotocol BGPnew address family using Multiprotocol BGP

• VPNv4 AF address = RD + IPv4 address, similarilly for IPv6VPNv4 AF address = RD + IPv4 address, similarilly for IPv6

• With each route, MP-BGP distributes (inner) labels identifying particular route in With each route, MP-BGP distributes (inner) labels identifying particular route in target VRF at egress edge router (using BGP attributes)target VRF at egress edge router (using BGP attributes)

• MP-BGP runs only between PEs, Ps are not involved at all MP-BGP runs only between PEs, Ps are not involved at all

• Ps only tunnel data traffic between PE's loopbacks based on MPLS labelsPs only tunnel data traffic between PE's loopbacks based on MPLS labels


MPLS VPN advantagesMPLS VPN advantages

• Integrates advantages of overlay and peer-to-Integrates advantages of overlay and peer-to-peer modelpeer model• Overlay model advantages:Overlay model advantages:

• security and customer address space isolationsecurity and customer address space isolation

• Peer-to-peer model advantages:Peer-to-peer model advantages:• routing optimalityrouting optimality

• simplicity of new CPEs addition (shared PEs)simplicity of new CPEs addition (shared PEs)

• In very huge implementations, SP's route In very huge implementations, SP's route reflector capacity and MPLS label space still can reflector capacity and MPLS label space still can be a limitationbe a limitation


MPLS VPN ImplementationMPLS VPN Implementation• VPN defined as set of sites sharing the same routing informationVPN defined as set of sites sharing the same routing information

• Site may belong to multiple VPNsSite may belong to multiple VPNs

• Multiple sites (from different VPNs) may be connected to the Multiple sites (from different VPNs) may be connected to the same PE routersame PE router

• PE routers maintains only routes for connected VPNs and PE routers maintains only routes for connected VPNs and backbone routes needed to reach other PEsbackbone routes needed to reach other PEs• Increases scalabilityIncreases scalability• Decreases capacity requirements on PE routerDecreases capacity requirements on PE router

• PE router uses IP at customer network facing interface(s) and PE router uses IP at customer network facing interface(s) and MPLS at backbone-facing interfacesMPLS at backbone-facing interfaces

• Backbone (P routers) uses only label switchingBackbone (P routers) uses only label switching• IGP routing protocol used only to establish optimal label switch paths IGP routing protocol used only to establish optimal label switch paths

between PE loopbacks (with LDP/RSVP)between PE loopbacks (with LDP/RSVP)

• Utilizes MPLS label stackUtilizes MPLS label stack• Inner (VPN) label identifies VRF (or particular route in destination VRF)Inner (VPN) label identifies VRF (or particular route in destination VRF)• Outer (transport) label identifies egress LSROuter (transport) label identifies egress LSR


Routing information exchangeRouting information exchange

• P-P and P-PE routers P-P and P-PE routers • Using IGPUsing IGP

• Needed to determine paths between PEs over MPLS Needed to determine paths between PEs over MPLS backbonebackbone

• PE-PE routers (non-adjacent)PE-PE routers (non-adjacent)• Using MP-IBGP sessionsUsing MP-IBGP sessions

• Needed to exchange routing information between Needed to exchange routing information between routing tables (VRFs) for particular VPNrouting tables (VRFs) for particular VPN


Routing information in PE routersRouting information in PE routers

PE routers maintain multiple separated routing tablesPE routers maintain multiple separated routing tables

• Global routing table – filled in with backbone routes Global routing table – filled in with backbone routes (from core IGP)(from core IGP)• allows to reach other PE routersallows to reach other PE routers

• VRF (VPN routing & forwarding) instancesVRF (VPN routing & forwarding) instances• Separate routing tables for individual VPNsSeparate routing tables for individual VPNs

• Every CE-facing router interface assigned to a single VRFEvery CE-facing router interface assigned to a single VRF

• VRF instance can be seen as virtual routerVRF instance can be seen as virtual router


VPN routing and forwardingVPN routing and forwarding

VRF = virtual routerVRF = virtual router

PEPE PP

VPN A CEVPN A CE

VPN A CEVPN A CE

VPN B CEVPN B CE

VRF AVRF A

VRF BVRF B

VPN B CEVPN B CE

VRF for VPN BVRF for VPN B

VRF for VPN AVRF for VPN A

MPLS domainMPLS domain


VRF usageVRF usage

CECE

CECE PEPE

CECE

PP

VPN AVPN A

VPN AVPN A

VPN BVPN B

VRF AVRF A

VRF BVRF B

VPN BVPN B

PEPE

CECE

CECE

VPN AVPN A

VPN BVPN BCECE

CECE

VPN AVPN A

PEPE

packetpacket


MPLS VPN exampleMPLS VPN example

10.0.0.1/24

S0I-PE

Customer A

G-P

S0S1/0 S1/1e0 e0

e1 e1

10.0.0.1/24

Customer A Customer B

Customer B

J-PE

10.0.1.1/24

10.0.2.1/24

1.0.0.0/24 2.0.0.0/24

.1.1 .2 .2

OSTRAVA TACHOV

MPLS Core


VPN Route Distinguishing and VPN Route Distinguishing and Exchange Between PEsExchange Between PEs

10.0.0.1/24

S0I-PE

Customer A

G-P

S0S1/0 S1/1e0 e0

e1 e1

10.0.0.1/24


Customer B

J-PE

10.0.1.1/24

10.0.2.1/24

1.0.0.0/24 2.0.0.0/24

.1.1 .2 .2lo0 lo0

3.0.0.1/32 3.0.0.2/32

VRFCustomerA-I

VRFCustomerA-JVRF

CustomerB-I

VRFCustomerB-J

RD 100:2RT 100:20

RD 100:2RT 100:20

RD 100:1RT 100:10

RD 100:1RT 100:10

OSTRAVA TACHOV

MPLS CoreIGP (OSPF, IS-IS, …)

MP-BGP


PEPE--toto--PE PE VPN Route PropagationVPN Route Propagation• PE router exports information from VRF to MP-BGPPE router exports information from VRF to MP-BGP

• prefix uniqueness ensured using Route Distinguisher (64bit ID)prefix uniqueness ensured using Route Distinguisher (64bit ID)

• Unique for the same VRF on all routers or unique per VRF+per Unique for the same VRF on all routers or unique per VRF+per routerrouter

• VPN-V4 prefix = RD VPN-V4 prefix = RD + IPv4 prefix+ IPv4 prefix

• Route exported with a set of route target(s) specifying which target VRF Route exported with a set of route target(s) specifying which target VRF should import the routeshould import the route

• MMultiprotocol (Multiprotocol (MPP) i) iBGP session between PE routersBGP session between PE routers over over MPLS backbone (P routers)MPLS backbone (P routers)• Full mesh (route reflectors often used)Full mesh (route reflectors often used)

• Propagates VPNv4 routesPropagates VPNv4 routes

• BGP attributes identify site-of-origin and route target(s)BGP attributes identify site-of-origin and route target(s)

• Opposite Opposite PE router imports information from MP-BGP into PE router imports information from MP-BGP into VRF(s) based on import Route Targets precofigured for each VRF(s) based on import Route Targets precofigured for each VRFVRF


MPLS VPN BGP attributesMPLS VPN BGP attributes

• Site of Origin (SOO)Site of Origin (SOO)• Identifies site where the route originated fromIdentifies site where the route originated from

• avoids loopsavoids loops

• Route TargetRoute Target• Each VRF may configure which RT(s) it import and Each VRF may configure which RT(s) it import and

which ones it exportswhich ones it exports

Technically, listed attributes are represented using Technically, listed attributes are represented using well-known extended communitieswell-known extended communities

• Extcommunity propagation has to be allowed Extcommunity propagation has to be allowed between respective BGP neighborsbetween respective BGP neighbors


Customer route advertisement from PE Customer route advertisement from PE router (MP-BGP)router (MP-BGP)

• PE router assigns RT, RD based on source VRF and PE router assigns RT, RD based on source VRF and SOOSOO

• PE router assigns VPN (MPLS) label PE router assigns VPN (MPLS) label – per VRF/per route– per VRF/per route

• Identifies particular VPN route (in VPN site’s routing Identifies particular VPN route (in VPN site’s routing table, i.e. in VRF)table, i.e. in VRF)

• Used as second label in the label stackUsed as second label in the label stack• Top-of-stack label identify egress PE routerTop-of-stack label identify egress PE router

• Next-hop of propagated route is rewritten to Next-hop of propagated route is rewritten to advertising PE router loopback interfaceadvertising PE router loopback interface

• MP-IBGP update is sent to other PE routersMP-IBGP update is sent to other PE routers• most probably via route reflectormost probably via route reflector


Overlapping of VPNsOverlapping of VPNs

Site (VRF) may belong Site (VRF) may belong to multiple to multiple VPNs provided VPNs provided that there is no addresses overlapthat there is no addresses overlap• Useful for shared services, extranets, Internet, hub VRFs Useful for shared services, extranets, Internet, hub VRFs

etc.etc.

• Multiple RT imports and exports may be configured for Multiple RT imports and exports may be configured for each particular VRFeach particular VRF

Typical usages both in SP networks and in DC cores Typical usages both in SP networks and in DC cores

Keep in mind that i/e routing exchange between Keep in mind that i/e routing exchange between VRFs is VRFs is non-transitivenon-transitive..


Overlapping VPNs exampleOverlapping VPNs example

10.0.0.1/24

S0I-PE

Customer A

G-P

S0S1/0 S1/1e0 e0

e1 e1

10.0.0.1/24


Customer B

J-PE

10.0.1.1/24

10.0.2.1/24

1.0.0.0/24 2.0.0.0/24

.1.1 .2 .2lo0 lo0

3.0.0.1/32 3.0.0.2/32

VRFCustomerA-I

VRFCustomerA-JVRF

CustomerB-I

VRFCustomerB-J

RD 100:2RT 100:21

RD 100:2RT 100:22

RD 100:1RT 100:11

RD 100:1RT 100::12

OSTRAVA TACHOV


CECE to to PEPE routing information exchangerouting information exchange

• CE router always exchanges routes with VRF CE router always exchanges routes with VRF assigned to interface connecting to that CE routerassigned to interface connecting to that CE router• Static routing or directStatic routing or directlly connected networksy connected networks

• External BGPExternal BGP

• IGP (RIPv2,OSPF,EIGRP)IGP (RIPv2,OSPF,EIGRP)

• Multiple Multiple instances of instances of routing process routing process ((for every VRFfor every VRF) ) are running on PE routerare running on PE router• or separated routing contexts in single or separated routing contexts in single routing routing processprocess


PE-CE protocol specificsPE-CE protocol specifics• OSPF:OSPF:

• Superarea concept Superarea concept • MPLS backbone replaces area 0MPLS backbone replaces area 0

• or area 0 parts connected via superbackboneor area 0 parts connected via superbackbone

• Routes seen as E1/2 or IA Routes seen as E1/2 or IA • based on OSPF process ID match “domain ID”based on OSPF process ID match “domain ID”

• ““Down” bit protects again information looping via backdoor linksDown” bit protects again information looping via backdoor links

• EIGRP/RIPEIGRP/RIP• Metric transferred using MED atributeMetric transferred using MED atribute

• BGP BGP • most easy and most scalablemost easy and most scalable

• It might be needed to manipulate BGP anti-looping rules if same customer It might be needed to manipulate BGP anti-looping rules if same customer AS# is reused for multiple PE-CE routing sessions AS# is reused for multiple PE-CE routing sessions

• AS override / ignore ASPath checkAS override / ignore ASPath check

• SOO may be used as additional protection against routing loopsSOO may be used as additional protection against routing loops


Inter-AS MPLS VPN Options Inter-AS MPLS VPN Options (RFC 2547bis)(RFC 2547bis)

• Separate IBGP/RR structures in different SP's Separate IBGP/RR structures in different SP's ASesASes

• EBGP needed to distribute vpnv4 addressesEBGP needed to distribute vpnv4 addresses

• Option 10A – Back to Back VRFs between ASBRsOption 10A – Back to Back VRFs between ASBRs

• Option 10B – VPNv4 eBGP between ASBRsOption 10B – VPNv4 eBGP between ASBRs

• Option 10C – VPNv4 between RRs or PEs using Option 10C – VPNv4 between RRs or PEs using multihop eBGPmultihop eBGP


Option 10A – Back to Back VRFs Option 10A – Back to Back VRFs between ASBRsbetween ASBRs

• PE AS1 – PE AS2 • multiple subinterfaces/VRFs/IPv4 AF EBGP sessions • No MPLS labels• Each PE treats other PE as CE• Easy, but not very scalable (4k VLAN tags per physical port)


Option 10B – VPNv4 eBGP between ASBRsOption 10B – VPNv4 eBGP between ASBRs• On trusted private peering onlyOn trusted private peering only

• Labeled vpnv4 addresses distributed from PE to RR, Labeled vpnv4 addresses distributed from PE to RR, ASBR PE also peers with RRASBR PE also peers with RR• multiple ASBR PEs may be implementedmultiple ASBR PEs may be implemented

• EBGP redistribution of labeled VPN-IPv4 routes EBGP redistribution of labeled VPN-IPv4 routes from AS1 to neighboring AS2 (and to AS2 RR)from AS1 to neighboring AS2 (and to AS2 RR)• top label of incoming data packets should be checked top label of incoming data packets should be checked

against locally generated label tableagainst locally generated label table

• LSP from ingress PE1/AS1 to egress PE2/AS2 LSP from ingress PE1/AS1 to egress PE2/AS2 • LSP can span more than 2 AsesLSP can span more than 2 Ases

• Route targets needs to be agreed between cooperating Route targets needs to be agreed between cooperating service providersservice providers


Option 10C – VPNv4 between Option 10C – VPNv4 between RRs RRs (or PEs)(or PEs) using multihop eBGP using multihop eBGP

• ASBRs does not maintain nor distribute customer's vpnv4 routesASBRs does not maintain nor distribute customer's vpnv4 routes• Only /32 labeled routes to PE loopbacks Only /32 labeled routes to PE loopbacks

• EBGP used to redistribute labeled PE loopback routes to neighboring AS ASBREBGP used to redistribute labeled PE loopback routes to neighboring AS ASBR

• LSPs between PEs in different ASesLSPs between PEs in different ASes

• EBGP multihop session between RRs in neighboring ASes for EBGP multihop session between RRs in neighboring ASes for (labeled) vpnv4 AF (customer routes)(labeled) vpnv4 AF (customer routes)

• If PE loopback /32 routes are not distributed to P routers of all If PE loopback /32 routes are not distributed to P routers of all ASes, 3 labels are neededASes, 3 labels are needed• Inner-most: assigned by egress PE, identifies output VRF/routeInner-most: assigned by egress PE, identifies output VRF/route

• Middle: assigned by ASBR - for egress PE loopbackMiddle: assigned by ASBR - for egress PE loopback

• Topmost: assigned by ingress PE downstream router – LSP to ASBRTopmost: assigned by ingress PE downstream router – LSP to ASBR

• Similar to CsCSimilar to CsC

Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/2/2d/MPLS.pdf · Multiprotocol Label Switching (MPLS) ... L2 VPN, L2 virtual P2P lines, Voice (->QoS, ... •

Documents