Introduction to MPLS

Based on MPLS tutorial from Tim Griffin MPLS/VPN tutorial from Chris Chase
and

Whats all MPLS?

this

talk

about

MPLS is going to solve all of our problems a solution in search of a problem MPLS is MPLS is all about traffic engineeringis what I wish on all of my MPLS competitors is all about virtual private MPLS networks MPLS solves network operations problems MPLS creates network operations problems MPLS is all about lowering operational costs MPLS is going to cost more than its worth MPLS is the natural next step in Internet evolution is too complicated to survive in the MPLS Internet

But what is MPLS anyway?

2

Goals of this Tutorial

To understand MPLS from a purely technical point of view avoid the hype
avoid the cynicism

To understand the broad technical without getting lost in issues the vast number of details gains the
the costs the tradeoffs
3

Why MPLS? Problems with current IP routing and

forwarding Complexity of overlay model

Outlin e

What is MPLS? swapping Label

Label distribution Constraint based routing

What applications could exploit MPLS? Traffic Engineering

Virtual Private Networks
Both Layer 2 and Layer 3 VPNs
4

IP forwarding paths are implemented with destinationbased next hop tables

Default to upstream router

B
R R2 R R1 R4 R5 R3

Dest. Hop A B C D E defaul t R

Nxt

R 1 Direc t R3 R 1 R3 R 1

Dest. Hop A B C D E defaul t Nxt R 4 R3 R3 R 4 Direc t R 4

Nxt R 2 R 2 Direc t R5 R5 R 2

Dest. Hop A B C D E defaul t

IP Process
1. Remove a packet from an input queue d

Forwarding
decrement TTL fiel 4. Place packet on correct output queue

2. Check for sanity,

Forwarding ProcessMatch packets 3.

If queues get full, just drop packets! destination to table entry a

If queues get full, just drop packets!

IP Table

Forwarding
Router
6

IP routing protocols assume all forwarding is destinationbased

R
The Fish

C
The next-hop forwarding paradigm allow router R to does not choose a route to A based on who originated B or the traffic, C.

IP forwarding tables are maintained by dynamic routing protocols

RIP Process
RI P R ou ti n g tab l es

BGP Process
BG P R ou ti n g tab l es

BGP

OSPF Process
O SPF Ro u tin g ta bl es

RIP Domain

OS kernel

OSPF Domain

IP Table

Forwarding

Shortest Path Routing: Link weights to attract or repel all tend traffic

A B
11 2 1

A B

C
2 1 1 1

Overlay Networks
A

Layer 2 (virtual
circuits)

C B A
C

Layer 3

10

Advantages Overlay Network s

Virtual circuits can be reengineered without changing the layer 3 network Large degree of control over traffic

of

ATM and Frame Relay switches offer high reliability and low cost

Detailed per-circuit statistics Isolates layer 2 network management from the details of higher layer services

11

Problems Networks

with

Overlay

Often use proprietary protocols and management tools Often requires full meshing of statically provisioned virtual circuits ATM cell tax ---- about 20% of bandwidth If layer 3 is all IP, then the overlay model seems overly complicated and costly Advances in optical networking cast some doubt on the entire approach
Overlay model is just fine when layer 2 network provides diverse non IP services (e.g., IPv6, AppleTalk, IPX, )
12

Blur Layer 2 and 3?

router switch (ATM, Frame)

this is not a router this is not a switch

what it?

is
13

The problems with IP forwarding and routing do not requir technologies like MPLS e
Many can be addressed with simple Like the solutions. design of simple networks! The problems are not show stoppers The MPLS cure will have side effectsmany applications, TCP/IP handles For congestion very well

Sanity Check?

Technologies like MPLS may be very valuable if they can enable new services and generate new revenue

14

MPLS = MultiProtocol Label Switching

A Layer 2.5 tunneling protocol

Network MPLS Data Link Physica l

RFC 3031 Architecture :

Based on ATM-like notion of label swapping A simple way of labeling each network layer packet Independent of Link Layer Independent of Network Layer Used to set up Labelswitched paths (LSP), similar to ATM PVCs

Multiprotocol

Label

Switching 15

MPLS Data Plane

16

Generic Encapsulation

MPLS

Lay er 2 Header M PLS Label 1 M PLS Label 2 M PLS Label n Lay er 3 P acket

0 1 2 3 01234567890123456789012345678901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+ | Label | Exp |S| TTL | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+ Often shim (or header called a sham)

Label: bits Exp: bits S: bit TTL: bits

Label Value, 20 Experimental, 3 Bottom of Stack, 1 Time to Live, 8

17

RFC MPLS Label Encoding

3032. Stack

Forwarding via Label Swapping

417

data

288

data

Labels are short, fixed-length values.

18

Popping Labels

data

288

data

577

data

288

577

data

19

Pushing Labels

288

data

data

288

577

data

577

data

20

10

A Label (LSP)
POP! PUSH!

Switched
SWAP! SWAP!

Path

data

417 data

666 data

23 3

data data

A label switched path

tail end head end Often called an MPLS tunnel: payload headers are not Inspected inside of an LSP. Payload could be MPLS

21

Label Routers

Switched

IP out IP

IP Table

Forwarding

IP in

IP

77

dat a

Label Swapping Table MPLS out MPLS in

23

dat a

The plane

data

represents IP Lookup + label push represents label pop + IP lookup

22

11

Forwarding (FEC)
IP 2

Equivalence

Class

417

IP 2

666

IP 2

23 3

IP 2

IP 2

IP 1

417

IP 1

666

IP1 IP1

23 3

IP 1

Packets IP1 and IP2 are forwarded in the same way --- they are in the same FEC. Network layer headers are not inspected inside an MPLS LSP. This means that inside of the tunnel the LSRs do not need full IP forwarding table.

23

LSP Merge
IP 2

417

IP 2

823

IP 2

912

IP 2

IP 2

IP 1

11 1

IP 1

666

IP1 IP1

23 3 912

IP 1

IP 2

417

IP 2

823

IP 2

IP 2

IP 2

IP 1

417

IP 1

666

IP1 IP1

LSP merge

23 3

IP 1

24

12

Penultimate Hop Popping

PO P + IP PUSH Lookup SWAP SWAP

I P

417

I P

666

I P

23 3

IP IP

IP PUSH

Lookup

POP SWAP

I P

I P

666

I P

23 3

IP IP
25

LSP Hierarchy Stacking

IP2 PO P

via

Label
IP2

PUSH IP2 IP2

66

IP2

44 66

IP2

88 66

IP2

17 66 66

23

IP1

44 23

IP1

88 23

IP1

17 23

IP1

23

IP1

PO P

PUSH

IP1 Did I get carried away on this slide?

IP1 26

13

MPLS Tunnels come at a cost

ICMP messages may be generated in the middle of a tunnel, but the source of the bad packet may not address be the IP forwarding table of the in LSR! expired: TTL traceroute depends on this!
MTU exceeded: Path MTU Discovery (RFC1191) depends on this!

None of the proposed solutions are without their own problems

27

MPLS also supports native encapsulation Layer 2 MPLS

PPP Ethernet Frame

generic encapsulation

ATM VPI/VCI DLCI . . . . . .

rest of label stack

. . .

generic encapsulation

generic encapsulation IP datagram

28

14

But Native Labels May Cause Big Headaches

No TTL!Loop detection?
Loop prevention?

LSP merge may not be supported bindings cannot flow from Label
destination to source, but must be requested at source
MPLS was initially designed to exploit the existence hardware and reduce the complexity of overlay of ATM networks. But IP/MPLS with native ATM labels results in a large number of problems complications. and 29

MPLS Control Plane

30

15

Basic MPLS Control Plane

MPLS control plane = IP control plane + label distribution

Label distribution protocols are needed to (1) create label FEC bindings (2) distribute bindings to neighbors, (3) maintain consistent label swapping tables
31

Label Distribution: Option I

Piggyback label information on top of existing IP routing protocol
Good Point s

Guarantees consistency of IP forwarding tables and MPLS label swapping tables No new protocol required Allows only traditional destination-based, hopby-hop forwarding paths Some IP routing protocols are not suitable Need explicit binding of label to FEC state protocols (OSPF, ISIS) are implicit, Link and so are not good piggyback candidates Distance vector (RIP) and path vector (BGP) are good candidates. Example: BGP+
32

Bad Point s

16

Label Distribution: Option II

Create new label distribution protocol(s)
Compatible with Link State routing protocols Not limited to destination-based, hop-byhop forwarding paths Additional complexity of new protocol and interactions with existing protocols Transient inconsistencies between IP forwarding tables and MPLS label swapping tables Examples: LDP proprietary) (IETF) and TDP (Cisco
33

Good Point s

Bad Point s

The Plane

Control

IP Routing Protocols + IP Routing Tables Label distribution protocols + Label Binding Tables IP out IP IP Table Forwarding

Routing messages

Label distribution messages IP in

IP

77

dat a

Label Swapping Table MPLS out MPLS in

23
34

dat a

17

Label BGP

Distribution

with

Carrying Label Information in BGP-4 draft-ietf-mpls-bgp4-05.txt (1/2001) Associates a label (or label stack) with the BGP next hop. Uses multiprotocol features of BGP: RFC 2283. Multiprotocol Extensions for BGP-4 So routes with labels are in a different address space than a vani lla routes (no labels)
35

BGP piggyback not required for simple iBGP optimization

Map traffic to the LSP that terminates at the egress router chosen by BGP
BGP BGP route Internal

I P AS 444

417

I P

AB

666

IP IP

23 3

I P

AS 888
Routers A and B do not need full routing tables. only need IGP routes (and label They bindings).

36

18

BGP piggyback allows Interdomain LSPs

Use top of stack to get to egress router, bottom of stack for LSP in AS 444.
BGP route With label 99 Internal BGP with label 99

99

I P

417

99

I P

666

99

I P

23 3

99

I P

I P

AS 444

AS 888

37

MPLS tunnels can decrease size of core routing state

Core routers need only IGP routes and LSPs for IGP routes Implies less route oscillation memory Implies less Implies less CPU usage BUT: still need route reflectors to avoid full mesh to reduce BGP table size at border routers and/or BUT: since your core routers do not have full tables you now have all of the MPLS problems associated with source unknown (TTL, MTU, traceroute ) ICMP
38

Are these really problems ?

19

Label (LDP)

Distribution

Protocol

RFC 3036. LDP Specification. (1/2001)

Dynamic distribution of label binding information only vanilla IP hop-by-hop Supports paths discovery LSR Reliable transport with TCP Incremental maintenance of label swapping tables (only deltas are exchanged) Designed to be extensible with TypeLength- (TLV) coding of messages Value Modes of behavior that are negotiated during session initialization Label retention (liberal or conservative) LSP control (ordered or independent) Label assignment (unsolicited or on-demand)
39

LDP Message Categories

Discovery messages : used to announce and maintain the presence of an LSR in a network. Session messages : used to establish, maintain, and terminate sessions between LDP peers. Advertisement messages: used to create, change, and delete label mappings for FECs. Notification messages : used to provide advisory information and to signal error information.
40

20

LDP and Hop-by-Hop routing

10. 11. 12 . 0/24

network next-hop direct

AB C D

network next-hop
10. 11. 12 . 0/24

network next-hop
10. 11. 12 . 0/24

network next-hop
10. 11. 12 . 0/24

LSP
10. 11. 12 . 0/24

LDP LDP

417 LDP
10. 11. 12 . 0/24

666 233
10. 11. 12 . 0/24 10. 11. 12 . 0/24

Generate new label And bind to destination

pop swap push

swap
B C D

I P

417

I P

666

IP IP

23 3

I P
41

MPLS Traffic Engineering

42

21

MPLS Traffic Engineering

The optimization goals of traffic engineering are To enhance the performance of IP traffic while utilizing Network resources economically and reliably.

IntraDomain

A Framework for Internet Traffic Engineering Draft-ietf-tewg-framework02.txt A major goal of Internet Traffic Engineering is to facilitate efficient and network operations while simultaneously reliable network resource utilization and performance. optimizing

RFC 2702 Requirements for Traffic Engineering over MPLS

43

IntraDomain

TE May Require Going Beyond Hop-by-Hop Routing

Explicit routes Allow traffic sources to set up paths Constraint based routing Chose only best paths that do no violate
some constraints Needs explicit routing May need resource reservation

Traffic classification to appropriate LSPs Map traffic

4 4

22

Hop-by-Hop
Distributed control LSP trees rooted at destination Destination based forwarding

vs. Explicit Routes

Originates at source Paths from sources to destinations Traffic to path mapping based on what configuration commands your vendor(s) provide

45

RE Q U EST LSPI D 17

Explicit Setup

path
RE Q U EST LSPI D 17 RE Q U EST LSPI D 17 R equest pat h D -> C-> B -> A wi t h L SP ID 1 7

AB C D

LSP
reply

417
LS PI D 17

reply

666 233
LS PI D 17

reply
LS PI D 17

pop swap push

swap

I P

417

I P

666

IP IP

23 3

I P
46

23

Constraint Routing
Basic components
1. Specify path constraints topology database to 2. Extend include resource and constraint information that do not 3. Find paths violate constraints and optimize some metric 4. Signal to reserve resources along path 5. Set up LSP along path (with explicit route) 6. Map ingress appropriate LSP s traffic to the

Based
Problem here: OSPF areas hide information for scalability. So these extensions work best only within an area

Extend State Protocols OSPF)

Link (IS-IS,

Extend LDP or both!

RSVP

or

Note: (3) could be offline, or online (perhaps an extension to OSPF)

Problem here: what is the correct resource for model IP services? 47

Resource Reservation + Label Distribution Two emerging/competing/dueling approaches:

Add label distributio n and explicit routes to a resource reservation protoco l

RSVPTE

CRLDP

Add explicit routes and resource reservation to a label distribution protoco l

++
RSV P LD P
Cons t raint -B ased LS P Set up us ing LDP draf t-iet f-mpls -cr -lpd-05.txt

R SV P-T E: Ext ens ions t o R SV P for LSP Tunnels draf t-iet f-mpls -r sv p-ls p-tunnel-08.t xt

48

24

The Revisited

Fish

B
LSP2

A C
LSP1

Need at least one explicit route to A

49

Use Shortest Paths to get beyond Shortest Paths!

The IP routing protocol at LSR configured to (privately) see A -> C A is LSP link with weight as one 1.
1

A B

LSP
2 1 2 1

Vanilla IP forwarding
50

25

MPLS Fast Reroute

Using MPLS TE to improve availability creates backup tunnels RSVP-TE
On failure of protected LSP, packets are shoved down backup LSP tunnel Switchover is faster than waiting for CSPF to calculate and signal a new LSP

For local repair (link or node) can recover ~100ms or better

Backup LSP is already in place, so as soon as the failure is detected locally the headend just needs to reprogram the label FIB

51

Link Protection
Create backup LSP around link to Next Hop With or without reservation
Can also backup normal LDP LSP

2 D 2 D 3 A 3 C A C 1 B 1 B

Backup tunnel. Pushes label 51 o nto tunnel

pop

18 51 45

Protected LSP
52

26

Node Protection
Create backup tunnel LSP for two hops away (next-next hop) Backs up RSVP-TE tunnel
Learns labels from RESV recorded route of protected tunnel Backup tunnel. label 45 Pushes onto tunnel

2
pop

A
18 51 45

C B
Protected LSP
53

Path Protection
Create an end-to-end diverse backup tunnel Slower than local protection have to wait for headend to detect failure D 2
pop

Backup LSP

A
18 51 45

C B
Protected LSP
54

27

MPLS TE: Is it worth the cost?

Much of the traffic across a (transit) ISPs network is interdomain traffic
Congestion is most common on peering links The current work on MPLS TE does not apply to interdomain links! (Actually, it does not even work well across OSPF areas)

MPLS TE is probably most valuable when IP services require more than best effort
VPNs with SLAs? Supporting differentiated services?

55

VPNs MPLS
Traditional VPN overlay model: MPLS-based Layer 2 VPNs draft-kompella-mpls-l2vpn02.txt Whither Layer 2 VPNs? draft-kb-ppvpn-l2vpn-motiv00.txt New VPN peering model: RFC 2547. BGP/MPLS VPNs

with

56

28

Traditional VPNs
A

Overlay
B

Providers Layer 2 Network (ATM, Frame Relay, X.25)

C B
C

A
Customers Layer 2 VPN

57

Why Not Tunnels?

A

Use

MPLS
B

Providers MPLS enabled network

C B
C

MPLS LSP

A
MPLS LSP

Customers Layer 2 VPN

MPLS LSP

58

29

Potential Advantages MPLS Layer 2 VPNs

of

Provider needs only a single network infrastructure to support public IP, and VPN services, traffic engineered services, and differentiated services Additional routing burden on provider is bounded Clean separation of administrative responsibilities. Service provider does MPLS connectivity, customer does layer 3 connectivity Easy transition for customers currently using traditional Layer 2 VPNs

59

BGP/MPLS VPNs
RFC 2547 Is Peer Model of VPN (not Overlay) Also draft-rosen-rfc2547bis-02.txt Cisco configuration info : AT&Ts IPFR service is based on this RFC.
60

120newft/120t/120t5/vpn.ht http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/ m

30

RFC Model
VPN 2 VPN 1

2547

VPN Provider Network

VPN 1

VPN 2

61

CEs PEs

and

Customer Site

CE = customer edge

PE = provider edge Provider Network

62

31

VPN Address Vanilla Forwarding Work

Site 2 p1

Overlap Tables

Means Cant

Site 1 p1

VPRN 2

Provide r

VPRN 1

Site 3 p2

Dest. Hop p1 p2

Nxt ?? ??

Site 4 p2

63

VPN Overlap Means Vanilla forwarding tables Cant Vanilla Forwarding Tables are out Work
Site 1

Site 2 p2

VPRN 1 p1

VPRN 2

Provide r Violates isolation of Guarantee A VPN: site 1 can Exchange traffic with3! Site
64

Site 3 p 3

Dest. Hop p1 p2 p3

Nxt s 1 s 2 s3

32

RFC 2547 : Per site forwarding tables

Called VRFs, for "VPN Routing and Forwarding" tables.

Site 2 p2

VPRN 1 p1

Site 1

VPRN 2

Provide r Site 2 FT

Site 3 p 3

Site 1 FT Site 3 FT Dest. Hop p2 s2 Nxt Dest. Hop p2 s2 Nxt

Dest. Hop p1 p3

Nxt s 1 s3
65

Tunnels backbone
Site 2 VPRN 1 p2

required

across

Site 1 p1

VPRN 2

VPRN 3

Site 3 p 3

Site 4 p 3

66

33

Follow the Route and Follow the Packet

MPLS VPN Clou d LSR3

LSR2 LSR1

PER1

PER2

CR1

Network Z CR2

Site 1 CR1 at Site 1 has a packet addressed to a host in network Z at Site 2. How does it get there?

Site 2
67

LSP Setup for OSPF Route to PER2

MPLS VPN Clou d L4 L2 LSR3 L2 pop L1 L2 LSR1 PER2 L1 PER1 PER2 LSR2

CR1 CR2

Li - labels requested via LDP from next hop neighbor for each routing table entry LSP for the OSPF route to reach PER2

68

34

How MPLS VPNs work

1) Follow the routes
Each VPN on a PER has a private routing table Called a Virtual Routing Forwarding (vrf)
table is assigned attributes that are unique to the vrf VPN Route Targets (RT) - attached to VPN
routes. only vrfs with common RTs share routes Route Distinguishers (RD) - appended to routes to ensure uniqueness even if VPNs have overlapping address spaces Creates a new address family called vpnv4 = RD+ipv4 NOTE: RTs and RDs are applied to routes,

NOT packets

2) Follow the packet

A stack of two labels is used to forward the packet on the interior LSP and then external interface

69

VPN extensions
Route Target (RT) BGP 64 bit extended comm unity value
First 16bit identify as RT type. Other 48 bit is variable
Conventional format ASN:X, i.e., 16b:32b

Route Distinguisher (RD) BGP 64 bit extended comm unity value

First 16bit identify as RD type. Other 48 bit is variable
Conventional format ASN:X, i.e., 16b:32b
70

35

Distributing Customer Routes

Q: How does PER2 learn Rt Z? A: Eithe via BGP or r statically configured MPLS VPN Clou d LSR3

LSR2 LSR1

PER1

PER2 Network Z

CR1 LNK2 data: vrf1 vrf1: CR2

Li -labels LS P

RT1, RD1 table: Rt Z LNK2 71

Customer Routes Distributed via IBGP with Label

MPLS VPN Clou d LSR3

LSR2 LSR1

PER1

PER2 IBGP msg Network Z

CR1

RD1+Z, L4, RT1, PER2 LNK2 data: vrf1 vrf1: CR2

Li -labels LS P

RT1, RD1 table: Rt Z L4,CR2,LNK2

72

36

Only vrfs with Matching RTs Import Route

Q: Why different RDs can be used? A: RDs ensure unique andaddresses are NOT related to VPN Unique RDs connectivity ! PEs all help on route reflectors balance load LNK1 data: vrf1 vrf1: RT1, RD2 PER1 table: Rt Z L4, PER2 L1, LSR1 PER2 LSR1 MPLS VPN Clou d LSR3

LSR2

PER2 Network Z

CR1 LNK2 data: vrf1 CR2

Li -labels LS P

vrf1: RT1, table:

RD1 73

Rt Z L4,CR2,LNK2

CR1 learns RT Z
Q: How does CR1 learn Rt Z? A: Eithe via BGP or r statically configured MPLS VPN Clou d LSR3

LNK1 data: vrf1 vrf1: RT1, RD2 table: Rt Z L4, PER2 PER2 L1, LSR1 PER1 LSR1

LSR2

PER2 Network Z

CR1 table: Rt Z PER1,LNK1 LNK2 data: vrf1 vrf1: RT1, RD1 table: Rt Z L4,CR2,LNK2 74 CR2

Li -labels LS P

37

Packet for Rt Z forwarded by CR1

MPLS VPN Clou d LSR3

LNK1 data: vrf1 vrf1: RT1, RD1 table: Rt Z L4, PER2 L1, LSR1 PER2 PER1 LSR1

LSR2

PER2 Route Z

Z| packet CR1 table: Rt Z PER1,LNK1 LNK2 data: vrf1 vrf1: RT1, RD1 table: Rt Z L4,CR2,LNK2

CR2

Li -labels LS P

75

Top label is label-switched through interior

Q: What happens at end of LSP? MPLS VPN Clou d LSR3 L2 pop LNK1 data: vrf1 vrf1: RT1, RD1 table: PER1 Rt Z L4, PER2 PER2 L1, LSR1 L1|L4|Z| packet PER2 Route Z CR1 LNK2 data: vrf1 CR2 L1 L2 LSR1 LSR2

Li -labels LS P

vrf1: RT1, RD1 table: Rt Z L4,CR2,LNK2 76

38

Top label popped at end of LSP

Q: What next? MPLS VPN Clou d LSR3

LSR2 LSR1

PER1

L4|Z| packet PER2 Route Z

CR1 LNK2 data: vrf1 CR2

Li -labels LS P

vrf1: RT1, RD1 table: Rt Z L4,CR2,LNK2 77

Inner label determines egress interface and then is popped

Q: Is inner necessary? A No. : optimization. IP It saves an lookup label An
MPLS VPN Clou d LSR3

LSR2 LSR1

PER1

Z|packet PER2 Route Z

CR1 LNK2 data: vrf1 CR2

Li -labels LS P

vrf1: RT1, RD1 table: Rt Z L4,CR2,LNK2 78

39

Purpose of BGP Label

Indicates which vrf and optionally which interface on the egress PER Locally, the egress PER will treat labels in two possible ways:
Non-aggregate label is associated with an external route
Will be switched directly to an outgoing interfaceheader is not IP examined Aggregate label is associated with a

locally originated or directly connected route

Packet will be looked up in the vrf context

79

MPLS in Core Not Needed

MPLS for IGP domain serves as a tunneling method among PERs Could use other tunneling methods Advantages to MPLS:
Full mesh of LSP tunnels automatically created MPLS TE Can use

Internet draft to use IP or GRE tunneling

Automatically (treat vpnv4 BGP next hop as a recursive encapsulation) BGP/IPsecVPN <draft-declercq-bgp-ipsec-vpn00.txt>

80

40

RFC Summary

2547

Piggyback VPN information on BGP New address family New attributes for membership New Per-site forwarding tables (VRFs) MPLS Tunnels between Use PEs No need for VPN routes onbackbone LSRs, only on PEs
81

MPLS Security

VPN

Private routing table for each VPN (vrf) VPN membership identity associated with each access connection
VPN membership is not determined by IP header, only by interface (e.g., DLCI, VPI/VCI, PPP, VLAN tag). and RT for VPN attached to routes Label for interface. advertised Route and its matching label are only imported by routing tables that match the VPN RT. Impossible for a packet on a PVC in one vrf to spoof its way or jump into another vrf

82

41

Layer VPNs

vs. VPNs

BGP/MPLS

Customer routing stays with customer May allow an easier transition for customers currently using Frame/ATM circuits Familiar paradigm Easier to extend to multiple providers

Customer routing is outsourced to provider Transition may be complicated if customer has many extranets or multiple providers New peering paradigm Not clear how provider will multiple (IMHO work )

83

Summar y
MPLS is an interesting and potentially valuable because it technology

provides an efficient and scalable tunneling mechanism provides an efficient and scalable mechanism for extending IP routing with explicit routes

84

42

More info on MPLS

MPLS group MPLS archive working
http://www.ietf.org/html.charters/mpls-

charter.html

email

list

http://cell.onecall.net/cellrelay/archives/mpls/mpls.index.html

MPLS Center Peter Tutorial

Resource

http://www.mplsrc.com

Ashwood-Smiths

NANOG

http://www.nanog.org/mtg-

9910/mpls.html

MPLS: Technology and Applications. By Bruce Davie and Yakov Rekhter. Morgan Kaufmann. 2000. MPLS: Is it all it's cracked up to be? Talk by Pravin K. Johri
http://buckaroo.mt.att.com/~pravin/docs/mpls.pdf 85

More info on MPLS TE

tewg working group
http://www.ietf.org/html.charters/tewgcharter.html

NANOG Tutorial by Jeff Doyle and Chris Summers

http://www.nanog.org/mtg0006/mpls.html

NANOG Tutorial by Robert Raszuk

http://www.nanog.org/mtg0002/robert.html

86

43

More info on MPLS VPNs

PPVPN working group
http://www.ietf.org/html.charters/ppvpncharter.html

PPVPN Archive
http://nbvpn.francetelecom.com

NANOG Panel:Provider-Provisioned VPNs

http://www.nanog.org/mtg0102/jessica.html

MPLS and VPN Architectures. By Ivan Pepelnjak and Jim Guichard. Cisco Press. 2001

87

44