Professional Documents
Culture Documents
Agenda
Virtual Private Network IP MPLS Virtual Private Network
VPN
What is a VPN ?.
Virtual Private Network (VPN) is a network where customer connectivity among multiple sites are deployed on a public infrastructure with high security.
VPN Models
Overlay Model
The service provider provides customers with a set of emulated leased lines between customer sites.
Frame relay circuits PVCs Point to Point leased circuits
CE Office5
CE Office 3
CE Office5
Network Cost Less than LL Option Security - High CE Office 4 Scalability - Low
PVC
VPN Models
Peer to Peer Model
Service provider provides the Provider edge device that directly exchanges the routing information with the customer premises equipment.
Customers Network
Traditional IP Forwarding
D est 4 7 .1 4 7 .2 4 7 .3 O ut 1 2 3
D est 4 7 .1 4 7 .2 4 7 .3 O ut 1 2 3
D est 4 7 .1 4 7 .2 4 7 .3
O ut 1 2 3
3 IP 47.1.1.1 1
1 2
IP 47.1.1.1 2
IP 47.1.1.1
D est 4 7 .1 4 7 .2 4 7 .3 O ut 1 2 3
2 IP 47.2.1.1 1
D est 4 7 .1 4 7 .2 4 7 .3
O ut 1 2 3
D est 4 7 .1 4 7 .2 4 7 .3
O ut 1 2 3
IP 47.2.1.1
2 47.2.1.1 IP 3
Leased Line Model Network Cost Network Security Network Scalability High High Low
With the combination of layer 2 switching with layer 3 routing and switching, it is possible to construct a The New that combinesis called of technology a benefit technology MPLS IP VPNbenefit of overlay VPN with the simplified routing that peer to peer VPN implementation brings.
MPLS
SITE-1
SITE-3
MP-iBGP
P Router
IP MPLS Backbone
SITE-2
VPN A
SITE-4
VPN A
VPN Models
CE Office 1 CE Office 2 CE Office5 CE Office5 CE Office 1 CE Office 2
MPLS Network
CE Office 3 CE Office 4
Full meshed by default LSP
CE Office 4
Point to Point by default Can be converted into full meshed network
LER
171.68.10/24
R-A
In I/F In Lab Address Prefix Out I/F Out Lab
R-B
In I/F In Lab Address Prefix Out I/F Out Lab In I/F In Lab
171.68.10
... ...
30 171.68.10
... ...
40 171.68.10
... ...
IGP derived routes
...
LSRs distribute labels to the upstream neighbours Labels are used to designate LSPs
Kandy
149.27.2.0/24
Colombo
Ingress PE receives IP data packets PE router performs IP Best Match from VPN LFIB, finds iBGP next-hop and imposes a stack of labels <IGP, VPN>
PE-1
149.27.2.27
Kandy
149.27.2.0/24
Colombo
Egress PE router uses the VPN label to select which VPN/CE to forward the packet to VPN label is removed and the packet is routed toward the VPN site
Customer A Boston
10.151/16
Extranet
Internet
Customer A NYC
MPLS
10.150.5/24 VPN A
VR
Customer B NYC
10.152/16
Customer A Wash. DC
MPLS Operation
IP Forwarding LABEL SWITCHING IP Forwarding Standard Routing protocols Labels are exchanged . Egress
Ingress
LER Ingress LER receives IP packets, performs packet classification (into FECs), assigns a label, & forwards the labeled packet
LSR
LSR
LER
Egress LER LSRs forward removes label before packets based on forwarding IP packets the label (no outside MPLS packet classification network in the core)
Terminology
Provider network (P network) Provider edge router (PE/LER router) - physical connection to CE router and to core of P network Provider router (P/LSR router) - internal to P network and oblivious to existence of VPNs Customer edge router (CE router) - physically connected to PE router Customer router (C router) - internal to C network and invisible to PE router PE-CE link
IP Forwarding
LER Functions MPLS Forwarding 1. Map IP Packets to labels 2. Push Labels on IP packets IP Domain LSR LER 3. Apply QoS Functions LSR 4. Initiate LSP setup process 5. Traffic IP Forwarding Engineering MPLS LER Domain LER LSR IP Domain
IP Domain
IP Forwarding
LER
IP Domain
IP Domain
LER
T w o le ve l Labe ls: T op lab el : L D P lab el forw ard ing th rough th e core, PE -PE Inner lab el : V PN lab el id entify th e d estination V PN , forw ard ing to C E
V PN R e d X1 V PN G re e n X1 V PN R e d X2
CE1
V PN
G re e n Y1
CE2 V PN R e d
CE3 PE 3
P1 P3
P4 PE 4
CE4 V PN G re e n
Y1
CE5
Y2 CE6
Traffic Classification
MPLS Network
Colombo Kandy
Types of Traffic 1 Voice Data 2 Business Critical Data 3 Best Effort Traffic
Internet
Traffic Classification
MPLS Network
Voice Traffic Queue BCD Traffic Queue Best Kandy Traffic Queue Effort
Colombo
Voice (Highest Priority) Business Critical Data (Second Priority) Best Effort Traffic (Lowest Priority)
Internet
Voice
Gold
Application Traffic Critical Application Data Voice
Guaranteed Delivery
Traffic Policing
Scheduling Policy
MPLS Network
Colombo Kandy
Drop Policy
Internet
IP Precedence
Unused Bits
MPLS Label
Data In
Data Out
Buffer
Highest Priority packets stream go first (Precedence = 5). DSCP Bits also can be used.
MPLS QoS
SP Customer
2) Match IP Precedence/DSCP Set MPLS EXP. Rate-limit/Police and apply drop policy
MPLS
Core
3) Invoke QoS Policy Action Based on Edge Classification (based on MPLS EXP) e.g. LLQ, CBWFQ, Drop Policy Low Priority via WRED if rate limit exceeded
END
Thank You