Professional Documents
Culture Documents
Based on MPLS tutorial from Tim Griffin MPLS/VPN tutorial from Chris Chase
and
this
talk
about
MPLS is going to solve all of our problems a solution in search of a problem MPLS is MPLS is all about traffic engineeringis what I wish on all of my MPLS competitors is all about virtual private MPLS networks MPLS solves network operations problems MPLS creates network operations problems MPLS is all about lowering operational costs MPLS is going to cost more than its worth MPLS is the natural next step in Internet evolution is too complicated to survive in the MPLS Internet
To understand the broad technical without getting lost in issues the vast number of details gains the
the costs the tradeoffs
3
Outlin e
B
R R2 R R1 R4 R5 R3
Nxt
R 1 Direc t R3 R 1 R3 R 1
Nxt R 2 R 2 Direc t R5 R5 R 2
IP Process
1. Remove a packet from an input queue d
Forwarding
decrement TTL fiel 4. Place packet on correct output queue
IP Table
Forwarding
Router
6
R
The Fish
C
The next-hop forwarding paradigm allow router R to does not choose a route to A based on who originated B or the traffic, C.
RIP Process
RI P R ou ti n g tab l es
BGP Process
BG P R ou ti n g tab l es
BGP
OSPF Process
O SPF Ro u tin g ta bl es
RIP Domain
OS kernel
OSPF Domain
IP Table
Forwarding
Shortest Path Routing: Link weights to attract or repel all tend traffic
A B
11 2 1
A B
C
2 1 1 1
Overlay Networks
A
Layer 2 (virtual
circuits)
C B A
C
Layer 3
10
of
ATM and Frame Relay switches offer high reliability and low cost
Detailed per-circuit statistics Isolates layer 2 network management from the details of higher layer services
11
Problems Networks
with
Overlay
Often use proprietary protocols and management tools Often requires full meshing of statically provisioned virtual circuits ATM cell tax ---- about 20% of bandwidth If layer 3 is all IP, then the overlay model seems overly complicated and costly Advances in optical networking cast some doubt on the entire approach
Overlay model is just fine when layer 2 network provides diverse non IP services (e.g., IPv6, AppleTalk, IPX, )
12
what it?
is
13
The problems with IP forwarding and routing do not requir technologies like MPLS e
Many can be addressed with simple Like the solutions. design of simple networks! The problems are not show stoppers The MPLS cure will have side effectsmany applications, TCP/IP handles For congestion very well
Sanity Check?
Technologies like MPLS may be very valuable if they can enable new services and generate new revenue
14
Based on ATM-like notion of label swapping A simple way of labeling each network layer packet Independent of Link Layer Independent of Network Layer Used to set up Labelswitched paths (LSP), similar to ATM PVCs
Multiprotocol
Label
Switching 15
16
Generic Encapsulation
MPLS
Lay er 2 Header M PLS Label 1 M PLS Label 2 M PLS Label n Lay er 3 P acket
0 1 2 3 01234567890123456789012345678901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+ | Label | Exp |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+ Often shim (or header called a sham)
3032. Stack
417
data
288
data
Popping Labels
data
288
data
577
data
288
577
data
19
Pushing Labels
288
data
data
288
577
data
577
data
20
10
A Label (LSP)
POP! PUSH!
Switched
SWAP! SWAP!
Path
data
417 data
666 data
23 3
data data
21
Label Routers
Switched
IP out IP
IP Table
Forwarding
IP in
IP
77
dat a
23
dat a
The plane
data
22
11
Forwarding (FEC)
IP 2
Equivalence
Class
417
IP 2
666
IP 2
23 3
IP 2
IP 2
IP 1
417
IP 1
666
IP1 IP1
23 3
IP 1
Packets IP1 and IP2 are forwarded in the same way --- they are in the same FEC. Network layer headers are not inspected inside an MPLS LSP. This means that inside of the tunnel the LSRs do not need full IP forwarding table.
23
LSP Merge
IP 2
417
IP 2
823
IP 2
912
IP 2
IP 2
IP 1
11 1
IP 1
666
IP1 IP1
23 3 912
IP 1
IP 2
417
IP 2
823
IP 2
IP 2
IP 2
IP 1
417
IP 1
666
IP1 IP1
LSP merge
23 3
IP 1
24
12
I P
417
I P
666
I P
23 3
IP IP
IP PUSH
Lookup
POP SWAP
I P
I P
666
I P
23 3
IP IP
25
via
Label
IP2
66
IP2
44 66
IP2
88 66
IP2
17 66 66
23
IP1
44 23
IP1
88 23
IP1
17 23
IP1
23
IP1
PO P
PUSH
IP1 26
13
27
. . .
generic encapsulation
14
LSP merge may not be supported bindings cannot flow from Label
destination to source, but must be requested at source
MPLS was initially designed to exploit the existence hardware and reduce the complexity of overlay of ATM networks. But IP/MPLS with native ATM labels results in a large number of problems complications. and 29
30
15
Label distribution protocols are needed to (1) create label FEC bindings (2) distribute bindings to neighbors, (3) maintain consistent label swapping tables
31
Guarantees consistency of IP forwarding tables and MPLS label swapping tables No new protocol required Allows only traditional destination-based, hopby-hop forwarding paths Some IP routing protocols are not suitable Need explicit binding of label to FEC state protocols (OSPF, ISIS) are implicit, Link and so are not good piggyback candidates Distance vector (RIP) and path vector (BGP) are good candidates. Example: BGP+
32
Bad Point s
16
Good Point s
Bad Point s
The Plane
Control
IP Routing Protocols + IP Routing Tables Label distribution protocols + Label Binding Tables IP out IP IP Table Forwarding
Routing messages
IP
77
dat a
23
34
dat a
17
Label BGP
Distribution
with
Carrying Label Information in BGP-4 draft-ietf-mpls-bgp4-05.txt (1/2001) Associates a label (or label stack) with the BGP next hop. Uses multiprotocol features of BGP: RFC 2283. Multiprotocol Extensions for BGP-4 So routes with labels are in a different address space than a vani lla routes (no labels)
35
I P AS 444
417
I P
AB
666
IP IP
23 3
I P
AS 888
Routers A and B do not need full routing tables. only need IGP routes (and label They bindings).
36
18
99
I P
417
99
I P
666
99
I P
23 3
99
I P
I P
AS 444
AS 888
37
19
Label (LDP)
Distribution
Protocol
Dynamic distribution of label binding information only vanilla IP hop-by-hop Supports paths discovery LSR Reliable transport with TCP Incremental maintenance of label swapping tables (only deltas are exchanged) Designed to be extensible with TypeLength- (TLV) coding of messages Value Modes of behavior that are negotiated during session initialization Label retention (liberal or conservative) LSP control (ordered or independent) Label assignment (unsolicited or on-demand)
39
20
network next-hop
10. 11. 12 . 0/24
network next-hop
10. 11. 12 . 0/24
network next-hop
10. 11. 12 . 0/24
LSP
10. 11. 12 . 0/24
LDP LDP
417 LDP
10. 11. 12 . 0/24
666 233
10. 11. 12 . 0/24 10. 11. 12 . 0/24
swap
B C D
I P
417
I P
666
IP IP
23 3
I P
41
42
21
IntraDomain
A Framework for Internet Traffic Engineering Draft-ietf-tewg-framework02.txt A major goal of Internet Traffic Engineering is to facilitate efficient and network operations while simultaneously reliable network resource utilization and performance. optimizing
IntraDomain
22
Hop-by-Hop
Distributed control LSP trees rooted at destination Destination based forwarding
45
RE Q U EST LSPI D 17
Explicit Setup
path
RE Q U EST LSPI D 17 RE Q U EST LSPI D 17 R equest pat h D -> C-> B -> A wi t h L SP ID 1 7
AB C D
LSP
reply
417
LS PI D 17
reply
666 233
LS PI D 17
reply
LS PI D 17
swap
I P
417
I P
666
IP IP
23 3
I P
46
23
Constraint Routing
Basic components
1. Specify path constraints topology database to 2. Extend include resource and constraint information that do not 3. Find paths violate constraints and optimize some metric 4. Signal to reserve resources along path 5. Set up LSP along path (with explicit route) 6. Map ingress appropriate LSP s traffic to the
Based
Problem here: OSPF areas hide information for scalability. So these extensions work best only within an area
Link (IS-IS,
RSVP
or
RSVPTE
CRLDP
++
RSV P LD P
Cons t raint -B ased LS P Set up us ing LDP draf t-iet f-mpls -cr -lpd-05.txt
R SV P-T E: Ext ens ions t o R SV P for LSP Tunnels draf t-iet f-mpls -r sv p-ls p-tunnel-08.t xt
48
24
The Revisited
Fish
B
LSP2
A C
LSP1
A B
LSP
2 1 2 1
Vanilla IP forwarding
50
25
51
Link Protection
Create backup LSP around link to Next Hop With or without reservation
Can also backup normal LDP LSP
2 D 2 D 3 A 3 C A C 1 B 1 B
pop
18 51 45
Protected LSP
52
26
Node Protection
Create backup tunnel LSP for two hops away (next-next hop) Backs up RSVP-TE tunnel
Learns labels from RESV recorded route of protected tunnel Backup tunnel. label 45 Pushes onto tunnel
2
pop
A
18 51 45
C B
Protected LSP
53
Path Protection
Create an end-to-end diverse backup tunnel Slower than local protection have to wait for headend to detect failure D 2
pop
Backup LSP
A
18 51 45
C B
Protected LSP
54
27
MPLS TE is probably most valuable when IP services require more than best effort
VPNs with SLAs? Supporting differentiated services?
55
VPNs MPLS
Traditional VPN overlay model: MPLS-based Layer 2 VPNs draft-kompella-mpls-l2vpn02.txt Whither Layer 2 VPNs? draft-kb-ppvpn-l2vpn-motiv00.txt New VPN peering model: RFC 2547. BGP/MPLS VPNs
with
56
28
Traditional VPNs
A
Overlay
B
C B
C
A
Customers Layer 2 VPN
57
Use
MPLS
B
C B
C
MPLS LSP
A
MPLS LSP
MPLS LSP
58
29
of
Provider needs only a single network infrastructure to support public IP, and VPN services, traffic engineered services, and differentiated services Additional routing burden on provider is bounded Clean separation of administrative responsibilities. Service provider does MPLS connectivity, customer does layer 3 connectivity Easy transition for customers currently using traditional Layer 2 VPNs
59
BGP/MPLS VPNs
RFC 2547 Is Peer Model of VPN (not Overlay) Also draft-rosen-rfc2547bis-02.txt Cisco configuration info : AT&Ts IPFR service is based on this RFC.
60
120newft/120t/120t5/vpn.ht http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/ m
30
RFC Model
VPN 2 VPN 1
2547
VPN 1
VPN 2
61
CEs PEs
and
Customer Site
CE = customer edge
31
Overlap Tables
Means Cant
Site 1 p1
VPRN 2
Provide r
VPRN 1
Site 3 p2
Dest. Hop p1 p2
Nxt ?? ??
Site 4 p2
63
VPN Overlap Means Vanilla forwarding tables Cant Vanilla Forwarding Tables are out Work
Site 1
Site 2 p2
VPRN 1 p1
VPRN 2
Provide r Violates isolation of Guarantee A VPN: site 1 can Exchange traffic with3! Site
64
Site 3 p 3
Dest. Hop p1 p2 p3
Nxt s 1 s 2 s3
32
Site 2 p2
VPRN 1 p1
Site 1
VPRN 2
Provide r Site 2 FT
Site 3 p 3
Dest. Hop p1 p3
Nxt s 1 s3
65
Tunnels backbone
Site 2 VPRN 1 p2
required
across
Site 1 p1
VPRN 2
VPRN 3
Site 3 p 3
Site 4 p 3
66
33
LSR2 LSR1
PER1
PER2
CR1
Network Z CR2
Site 1 CR1 at Site 1 has a packet addressed to a host in network Z at Site 2. How does it get there?
Site 2
67
CR1 CR2
Li - labels requested via LDP from next hop neighbor for each routing table entry LSP for the OSPF route to reach PER2
68
34
NOT packets
A stack of two labels is used to forward the packet on the interior LSP and then external interface
69
VPN extensions
Route Target (RT) BGP 64 bit extended comm unity value
First 16bit identify as RT type. Other 48 bit is variable
Conventional format ASN:X, i.e., 16b:32b
35
LSR2 LSR1
PER1
PER2 Network Z
Li -labels LS P
LSR2 LSR1
PER1
CR1
Li -labels LS P
72
36
LSR2
PER2 Network Z
Li -labels LS P
RD1 73
Rt Z L4,CR2,LNK2
CR1 learns RT Z
Q: How does CR1 learn Rt Z? A: Eithe via BGP or r statically configured MPLS VPN Clou d LSR3
LNK1 data: vrf1 vrf1: RT1, RD2 table: Rt Z L4, PER2 PER2 L1, LSR1 PER1 LSR1
LSR2
PER2 Network Z
CR1 table: Rt Z PER1,LNK1 LNK2 data: vrf1 vrf1: RT1, RD1 table: Rt Z L4,CR2,LNK2 74 CR2
Li -labels LS P
37
LNK1 data: vrf1 vrf1: RT1, RD1 table: Rt Z L4, PER2 L1, LSR1 PER2 PER1 LSR1
LSR2
PER2 Route Z
Z| packet CR1 table: Rt Z PER1,LNK1 LNK2 data: vrf1 vrf1: RT1, RD1 table: Rt Z L4,CR2,LNK2
CR2
Li -labels LS P
75
Li -labels LS P
38
LSR2 LSR1
PER1
Li -labels LS P
LSR2 LSR1
PER1
Li -labels LS P
39
79
80
40
RFC Summary
2547
Piggyback VPN information on BGP New address family New attributes for membership New Per-site forwarding tables (VRFs) MPLS Tunnels between Use PEs No need for VPN routes onbackbone LSRs, only on PEs
81
MPLS Security
VPN
Private routing table for each VPN (vrf) VPN membership identity associated with each access connection
VPN membership is not determined by IP header, only by interface (e.g., DLCI, VPI/VCI, PPP, VLAN tag). and RT for VPN attached to routes Label for interface. advertised Route and its matching label are only imported by routing tables that match the VPN RT. Impossible for a packet on a PVC in one vrf to spoof its way or jump into another vrf
82
41
Layer VPNs
vs. VPNs
BGP/MPLS
Customer routing stays with customer May allow an easier transition for customers currently using Frame/ATM circuits Familiar paradigm Easier to extend to multiple providers
Customer routing is outsourced to provider Transition may be complicated if customer has many extranets or multiple providers New peering paradigm Not clear how provider will multiple (IMHO work )
83
Summar y
MPLS is an interesting and potentially valuable because it technology
provides an efficient and scalable tunneling mechanism provides an efficient and scalable mechanism for extending IP routing with explicit routes
84
42
charter.html
list
http://cell.onecall.net/cellrelay/archives/mpls/mpls.index.html
Resource
http://www.mplsrc.com
Ashwood-Smiths
NANOG
http://www.nanog.org/mtg-
9910/mpls.html
MPLS: Technology and Applications. By Bruce Davie and Yakov Rekhter. Morgan Kaufmann. 2000. MPLS: Is it all it's cracked up to be? Talk by Pravin K. Johri
http://buckaroo.mt.att.com/~pravin/docs/mpls.pdf 85
86
43
PPVPN Archive
http://nbvpn.francetelecom.com
MPLS and VPN Architectures. By Ivan Pepelnjak and Jim Guichard. Cisco Press. 2001
87
44