Beruflich Dokumente
Kultur Dokumente
50464928
1
Agenda
Day 5
Module 6
• BGP and MPLS Overview
Module 7
• MEN Architecture & Services
BGP
3
Overview Of BGP
The Autonomous System (AS) refers to a set of routers, which are managed
by the same technical management organization and adopt the unified routing
strategy. Each AS has a unique AS number, which is allocated by the
management organization authorized by the Internet.
The basic concept of introducing the AS is to differentiate different ASs by
different numbers. Thus, when the network administrator does not want his
own communication data to pass some AS, this numbering method becomes
very useful. Maybe the administrator's network can access this AS absolutely.
However, if this AS is managed by his component or lacks enough security
mechanism, he needs to avoid this AS. By adopting the routing protocol and
AS number, the routers can specify the path between them and the method for
routing information exchange.
The AS numbers range from 1 to 65535. Among them, the numbers from 1 to
64511 are the registered Internet number, and those from 64512 to 65535 are
the private network numbers.
Quiz
How many AS number available to the public internet network?
A: 1~64511
B: 1~65525
C: 64512~65535
D: 0~65535
5
Working Mechanism Of BGP
AS1 AS2
AS3
AS4
AS5 AS7
AS6
As the application layer protocol, the BGP system runs on a special router.
During the first startup of the system, the routing information is exchanged by
sending the whole BGP routing table. Later, for the objectives of updating the
routing table, only the update message is exchanged. During the operation,
the system checks whether the connection is normal by receiving and sending
the keep-alive message.
The router, which sends the BGP message, is called the BGP speaker. It
continuously receives and generates new routing information, and advertises
it to other BGP speakers. When a BGP speaker receives new route
advertisement from other ASs, it will advertise this route to all the other BGP
speakers inside the AS if this route is better than the currently known route,
or currently there is no acceptable route. A BGP speaker calls other BGP
speakers that exchange message with it as peer. Several related peers can
construct a group.
Generally, a route is generated inside the AS. It is discovered and calculated
by some interior routing protocol and transmitted to the boundary of the AS.
Then, The Autonomous System Boundary Router (ASBR) spreads it to other
ASs via the EBGP connection. During the spreading, the route may pass
several ASs, which are called the transitional AS, such as AS5. If this AS has
multiple boundary routers, Information will be exchanged among these
routers by running IBGP. In this case, the internal routers need not know
these exterior routes. They only need to maintain the IP connectivity among
the boundary routers, such as AS2, AS3 and AS4. After the route reaches the
AS boundary, ASBR can redistribute the route into the interior routing
protocol if the interior router needs to know these exterior routes. The
exterior routes have a large amount, which will usually exceed the processing
capability of the interior routers. So, filtering or aggregation shall be done 6
IBGP Neighbor & EBGP Neighbor
RTA RTE
AS100 AS300
EBGP
EBGP
IBGP
RTB RTD
AS200 RTC
On the router, BGP runs in the following two modes: IBGP (Internal BGP), EBGP
(External BGP)
• If two peers that exchange BGP messages belong to the same AS, they are Internal
BGP (IBGP), such as RTB and RTD.
• If two peers that exchange BGP messages do not belong to the same AS, they are
External BGP (EBGP), such as RTA and RTB.
Although BGP runs between ASs, it is also necessary to establish BGP connection
between different border routers of an AS. Only in this way, can routing information
be transmitted in the entire network, such as RTB and RTD. To establish the
communication between AS100 and AS300, we need to establish IBGP connection
between them.
The direct connection is not necessarily established between IBGP peers physically,
but the full logical connection between them must be ensured (it suffices if TCP
connection can be created).
In most of the cases, there is physically direct link between EBGP peers. However, if it
is hard to realize, remedy can be done by configuring the command "neighbor
neighbor-address ebgp-multihop[ttl]". Here, "ttl" is the maximum hop count. Its
default value is 64 and the value range is 1-255.
Quiz
1. Which of the following statements about IBGP routers are true? (Select one.)
A. They must be fully meshed.
B. They can be in a different AS.
C. They must be directly connected. 7
iBGP & eBGP
• BGP Speaker only selects the best one for its own use
• BGP Speaker only advertises the routes used by itself to its neighbors
• For the routes obtained from EBGP, the BGP Speaker will advertise them to
all its neighbors (including EBGP and IBGP)
• For the routes obtained from IBGP, the BGP Speaker will not advertise
them to its IBGP neighbors
• For the routes obtained from IBGP, whether the BGP Speaker will advertise
them to its EBGP neighbors depends on the synchronization state of IGP
and BGP
• Once the connection is established, the BGP Speaker will advertise all its
BGP routes to the new neighbors
Quiz
what would BGP router do when the TCP connection established ?
A: exchange the routing table between the BGP neighbors
B: exchange the BGP routes between the BGP neighbors
C: check the BGP version ,as numbers to form the EBGP/IBGP relationship
D: send a keep-a-live packet to the peer 9
BGP
• BGP advertises only one best path…
• Only incremental updates
– Keep alive messages after initial exchange
between BGP peers – every 60s
– Hold time – 180s
• Triggered updates are batched and rate-limited (every 5
seconds for internal peer, every 30 seconds for external
peer)
• Public AS number from InterNIC (www.internic.net) or RIPE
(www.ripe.net)
• Use private AS numbers (64512 - 65535) if BGP in a private
network
• Only one BGP routing process per router is allowed
• Reliance Public AS - 18101
E0:10.1.1.1/24
AS100 RTA
AS300
S0 RTF
EBGP EBGP
IBGP
RTB
S1
RTE
RTC
RTD
AS200
It is stated in the BGP protocol that: a BGP router does not advertise the
routing information learnt from the internal BGP peers to the external peers,
unless this information can also be obtained from IGP. If a router can learn
about this routing information via IGP, then it can be considered that the
route can be broadcast inside AS and the internal connection is ensured.
One of major duties of BGP is to transmit the network reachability
information of this AS to other ASs. As shown in the figure above, RTB will
encapsulate the routing information toward 10.1.1.1/24 into the UPDATE
message, and advertise it to RTE via the TCP connection established by RTC
and RTD. If RTE does not take synchronization into account, it will directly
accept such routing information and report it to RTF, then if RTF or RTE has
the data packet to be sent to 10.1.1.1/24, this packet must pass RTD and RTC
if it wants to reach the destination. As the synchronization was not taken into
account in advance, the routing tables of RTD and RTC have no routing
information to 10.1.1.1/24 and the data packet will be discarded when it
reaches RTD. So, BGP must be synchronous with IGP (e.g., RIP, OSPF, etc.).
Synchronization means that BGP will not advertise the transitional
information to other ASs until IGP broadcasts this routing information
successfully in its AS . That is, after a router receives the update information
of a destination from the IBGP peer, it shall attempt to verify whether this
destination can be reached via the internal AS before advertising it to other
EBGP peers (i.e., verify whether this destination is within IGP, and whether
the non-BGP router can transmit this traffic to this destination). If IGP knows
this destination, it will receive such routing information and then advertise it
to EBGP peers. Otherwise, it will consider that this route is asynchronous
with IGP and thus will not advertise it.
As shown in the figure above, RTE gets the route going to the network 11
Full Dynamic Redistribution
AS200
18.0.0.1/8
OSPF
RTB
The BGP routing protocol runs between ASs. Its major work is to transmit
routing information between ASs, instead of discovering and calculating
routing information. The work of discovering and calculating routing
information is done by the IGP routing protocol, e.g. RIP and OSPF. The
routing information of BGP needs to be redistributed into BGP in the mode of
configuration commands.
According to the redistribution mode, it can be classified into three types:
purely dynamic redistribution, semi-dynamic redistribution and static
redistribution.
Purely dynamic redistribution means that the router gets the routing
information by IGP routing protocol and then dynamically redistributes it into
BGP.
As shown in the figure above, RTB dynamically detects the routes going to
the network 18.0.0.0/8 via OSPF protocol and then dynamically redistributes
it into BGP. We call such a kind of route redistribution mode as purely
dynamic redistribution.
The route leading to the network 18.0.0.0/8 is redistributed from OSPF.
Meanwhile, other routing information of OSPF is also redistributed into BGP.
12
Semi Dynamic Redistribution
AS200
18.0.0.1/8
OSPF
RTB
13
Static Redistribution
AS200
18.0.0.1/8
RTB
Static redistribution means that the routing information obtained by the router
is the static routing information manually configured, which will be statically
redistributed into the BGP system.
As shown in the figure above, router B first establishes a static route going to
the network 18.0.0.0/8 and then redistributes it into BGP. Such kind of route
redistribution mode is called static redistribution.
As a result, a manually configured route is added into the BGP routing table.
How many methods can you use to installed the route to the bgp routing table
?(choose all apply)
A: Full Dynamic Redistribution
B: Semi Dynamic Redistribution
C: Static Redistribution
D: IGP route redistribute
14
BGP Messages
Quiz
(1) How many BGP messages available for the BGP version 4(choose all
apply)
A: OPEN
B: UPDATE 15
C: NOTIFICATION
Finite State Machine of BGP
Connect-Retry
timer expiry
TCP connection fails Connect-Retry
timer expiry
Active Connect
TCP connection fails
Others Start
TCP connection setup
Open-sent Idle
Error
Correct OPEN
packet received Error Error
The BGP finite state machine (FSM) has six states. The procedure of
transition between shows the establishment procedure of BGP neighborhood.
The first state is "Idle". Once BGP starts, the state machine enters the
"Connect" state. In this sate, if Connect-Retry timer expires, the BGP state
machine will stay in the "Connect" state. Meanwhile, BGP will attempt to
establish the TCP connection. If the creation of TCP connection fails, the
BGP state machine will enter the "Active" state. If the TCP connection is
established successfully, the BGP state machine will enter the "OpenSent"
state directly. In "Active" state, if the TCP connection cannot be established
yet, the BGP state machine will stay in the "Active" state and will not enter
the "OpenSent" state until the TCP connection is established successfully. In
the "OpenSent" state, once BGP receives a correct Open message, it will
enter the "OpenConfirm" state. In the "OpenConfirm" state, if the KeepAlive
timer expires, the BGP state machine will stay in the "OpenConfirm" state.
And it will not enter the "Established" state until BGP receives the KeepAlive
message. Till now, the BGP connection is really established.
In addition, when any of the five states ("Idle" excluded) has errors, the BGP
state machine will return to the "Idle" state.
Idle: "Idle" is the first state of BGP connection. In this state, BGP is waiting
for a start event. After such an event emerges, BGP will initialize the
resources, reset the Connect-Retry timer, and initiate a TCP connection.
Meanwhile, it will enter the "Connect" state.
Connect: in this state, BGP establishes the first TCP connection. If the
Connect-Retry timer expires, BGP will establish the TCP connection again
and continue to stay in the "Connect" state. If the TCP connection is
established successfully, it will enter the "OpenSent" state. Otherwise, it will
16
enter the "Active" state.
Application of Messages in BGP
BGP establishes the connection via TCP. The local monitoring port is 179.
The establishment of BGP connection needs a series of dialogs and
handshakes, which is the same as that of TCP connection. TCP uses the
handshake negotiation to advertise parameters like port. The handshake
negotiation parameters of BGP include BGP version, hold time of BGP
connection, local router ID and authorization information. They are included
in the Open message.
After BGP connection is established, the Update message shall be sent to
advertise the routing information to the peer end if there is a route to be sent.
The Update message is mainly used to advertise the routing information,
including failed (withdrawn) route. When the Update message is used to
distribute out the route, the attribute of this route needs to be specified so as
to help the peer BGP protocol select the best route. For the application of
route attribute for BGP to select the route, please refer to the application part
of he BGP protocol route attribute.
When the local BGP route changes, the Update message can also be used to
correct the routing table of the peer BGP.
If, after exchanging the routing information for a period of time both the local
BGP and the peer BGP have no new route advertisement, the condition
becomes stable. Now the KEEPALIVE message shall be sent regularly so as
to make the BGP connection remain valid. For the local BGP, if it receives no
BGP message after the hold time is over, this BGP connection will be
regarded as invalid and disconnection of this BGP will take place.
If, during the running, the local BGP detects an error, for example, the local
BGP does not support the version of the BGP peer or receives the Update
message with illegal structure, it shall send the NOTIFICATION message to 17
notify the BGP peer When the local BGP exits the BGP connection it shall
BGP Path Attributes
Notes:
Well-known means it must be recognized by all BGP implementations.
Optional means BGP implementation is not required to support the attribute.
Mandatory means the attribute must be included in all BGP Update messages
Discretionary means they may or may not be sent in a specific Update
messages
Transitive means a BGP process should accept the path in which the attribute
is included even if it doesn’t support this attribute and it should pass the path
on to its peers
Nontransitive means a BGP process that does not recognize the attribute can
quietly ignore the Update in which the attribute is included and not advertise
the path to its other peers
The enterprises and service providers are often concerned about such
questions: how to prevent my private network from being advertised out?
How to filter the route update that comes from some neighboring route? how
to make certain that I am using this link instead of any other link?. It is
through the use of route attribute that BGP answers these questions.
BGP route attribute is a set of parameters. It further describes the specific
route so as to enable BGP to filter and select routes. When configuring the
route strategy, we often use the route attribute. However, not all of them will
be involved.
In fact, route attributes are classified into the following categories:
Mandatory attribute: one that is necessary in the route update data message.
In the BGP routing information, this kind of attribute domain has its unique
role that cannot be substituted by any others. If it is not included, something
will be wrong with the routing information. For example, AS-Path is a 18
Path Attribute
Well-known mandatory Optional nontransitive
¾ORIGIN ¾Multi-Exit-Disc (MED)
¾AS-Path ¾ORIGINATOR-ID
¾Next hop ¾Cluster-List
Well-known discretionary
¾Destination Pref (MCI)
¾Local-Preference
¾Advertiser (Baynet)
¾Atomic-Aggregate
¾Rcid-Path (Baynet)
¾MP_Reach_NLRI
Optional transitive
¾MP_Unreach_NLRI
¾Aggregator
¾Extended_Communities
¾Community
Network Learning Centre
Page19 19
Proprietary & Confidential 19
• ORIGIN specifies the origin of the routing update. When BGP has multiple
routes, it uses ORIGIN as one factor in determining the preferred route.
– IGP NLRI (Network layer Reachability Information) was learned from a protocol
internal to the originating AS. BGP routes are given an origin of IGP if they are
learned from an IGP routing table via the network statement.
– EGP NLRI was learned from the Exterior Gateway Protocol.
– Incomplete NLRI was learned by some other means. Incomplete imply that the
information for determining the origin of the route is incomplete. Routes that BGP
learns through redistribution carry the incomplete origin attribute.
• Which one is preferred? IGP > EGP > Incomplete
When the BGP makes the route decision, it will take the origin attribute into
account to determine the precedence levels between multiple routes.
Specifically, the BGP will prefer the route with the minimum origin attribute
value, i.e. the IGP has the precedence over EGP, and EGP has the precedence
over INCOMPLETE. We can configure these three origin attributes
manually.
Generally:
If a route is redistributed into the BGP routing table with the specifically, the
origin attribute shall be IGP
If a route is obtained via EGP, the origin attribute shall be EGP
Otherwise, the Origin attribute should be Incomplete
Quiz
(1)When import a route from ospf routing protocol into the BGP routing table
,which origin attribute value would this route to be ?
A: IGP
B: EGP
C: OSPF
D: Incomplete
20
AS_PATH Attribute
• AS-PATH uses a sequence of AS numbers to describe the inter-AS path or route to the
destination specified by the NLRI.
• AS-PATH describes all AS it has passed through ,beginning with the most recent AS
and ending with the originating AS.
D(18.0.0.0/8)
AS300
AS200
RTA
AS400 30.0.0.1
D (500 200)
The AS-Path attribute is also a mandatory one. It is the sequence of numbers of all
the ASs passed by a route to a certain destination. The BGP uses the AS-path
attribute as a part of the route update (message update) to ensure a loopless
topology structure over the Internet. The BGP will not accept the route of this AS
number contained in the AS-path attribute, because this route has been processed
by this AS. In this way, route loop is avoided. For this reason, the BGP will add its
own AS number to the AS-path attribute when advertising a route to the EBGP
peer, so as to record the information on the AS area passed by the route.
Meanwhile, the AS-path attribute acts on route selection. In case other factors are
the same, the route with shorter AS path will be selected. As shown in the figure
above, the path for the network segment D18.0.0.0/8 in AS200 to reach AS100 by
passing AS200, AS300, and AS400 is d1 (400 300 200) and that for it to reach
AS100 by passing AS200 and AS500 is d2 (500 200). In this case, the BGP will
select the shorter path d2 by precedence.
Note: when the AS-Path field of a route records the AS-number, it will always put
the new AS-number in front. As shown in the figure above, the route first passes
AS200 and records d2 (200); then it passes AS500 and records: d2 (500 200).
We can increase the path length by adding the pseudo AS number, so as to act on
route selection, We can configure RTA to add two AS element ‘200, 200’ to the
AS-Path list carried by the route it sent to 30.0.0.2. After such a configuration, the
path d2 will change into 500 200 200 200, which is longer than the path d1. So now
the BGP will select the shorter path d1 by precedence.
Quiz
(1) When a route is passing AS100 from other AS, where the AS 100 value would 21
be put in the as-path field ?
AS_PATH Attribute
D(18.0.0.0/8)
AS300
AS200
RTA
AS400 30.0.0.1
D (200 200 200)
D (400 300 200)
30.0.0.2
RTB
AS100 AS500
D (500 200,200,200)
22
Next Hop Attribute
AS200
RTC
RTA 10.0.0.1
18.0.0.0/8
AS100 21.0.0.2
10.0.0.2 IBGP
EBGP
IBGP
20.0.0.0/8
21.0.0.1 10.0.0.3
RTD
19.0.0.0/8
RTB
RTA
I can reach 18.0.0.0/8 via the next hop10.0.0.2
I can reach 20.0.0.0/8 via the next hop 10.0.0.3
RTC
I can reach 19.0.0.0/8 via the next hop 21.0.0.1
I can reach 19.0.0.0/8 via the next hop 10.0.0.1
RTB I can reach 20.0.0.0/8 via the next hop 10.0.0.3
I can reach 18.0.0.0/8 via the next hop 10.0.0.2
I can reach 20.0.0.0/8 via the next hop 10.0.0.3
Network Learning Centre
Page23 23
Proprietary & Confidential 23
The next hop attribute is also an accepted mandatory attribute. The next hop
in the BGP is different from that in the IGP. The concept of the next hop in
the BGP is a little complicated. It can be one of the following three types:
When the BGP notifies the IBGP of the route obtained from other EBGPs, it
does not change the next hop attribute of the route. The local BGP directly
transmits the next hop attribute obtained from the EBGP to the IBGP. As
shown in the figure above, the next hop attribute is 10.0.0.2 when the RTA
notifies the route 18.0.0.0 to RTB via the IBGP.
When the BGP notifies the EBGP peer of the route, the next hop attribute is
the port address of the connection between the BGP and its peer. As shown
in the figure above, the next hop attribute is 10.0.0.2 when the RTC
notifies the RTA of the route 18.0.0.0/8. And when it notifies the RTC of
the route 19.0.0.0/8, the next hop attribute is 10.0.0.1.
For the multi-access network (e.g. Ethernet or frame relay), something is
different with the next hop. As shown in the figure above, when RTC is
advertising the route 20.0.0.0/8 to the EBGP router RTA, it finds that the
local port 10.0.0.2 and the next hop 10.0.0.3 of this route are the same
shared subnet. So, it uses 10.0.0.3 as the next hop to advertise the route to
the EBGP, instead of 10.0.0.2.
Quiz
(1)select the following statement which are true
A: When the BGP notifies the IBGP of the route obtained from other EBGPs,
it does not change the next hop attribute of the route
B: When the BGP notifies the IBGP of the route obtained from other EBGPs, 23
it h th th tt ib t t th l l i dd
LOCAL_PREF Attribute
Quiz
(1)A BGP speaker received the same route from its two IBGP peer with
different preference ,which route the BGP speaker will use by default ?
A: the route with the bigger preference value
B: the route with the smaller preference value
C: the route with the bigger router-id
D: the route with the smaller router-id
24
LOCAL_PREF Attribute
AS400
D (18.0.0.0/8)
RTF
AS200 AS300
RTD 30.0.0.1 20.0.0.1 RTE
RTA
• D,local-pref1 100
• D,local-pref2 200 RTA will select local-pref2 that has higher local preference
As shown in the figure above, the RTB sets the local precedence level of the
route received via the RTD as local-pref1 100, and the RTC sets the local
precedence level of the route received via the RTE as local-pref2 200. In this
way, the RTA will prefer local-pref2 which has a higher precedence level.
25
MULTI-EXIT-DISC (MED) Attribute
The MED attribute is optional, used to indicate the preferable path for the
external neighbor router to enter some AS that has multiple entries. When
some AS has multiple entries, the MED attribute can be used to help its
external neighbor router select a better entry path. That is, select the entry
path with smaller MED value by precedence.
A BGP speaker received the same route from its two EBGP peer with
different MED value ,which route the BGP speaker will use by default ?
A: the route with the bigger MED value
B: the route with the smaller MED value
C: use tow for backup
D: the route with the smaller router-id
26
MULTI-EXIT-DISC (MED) Attribute
AS100
D,metric1 10
D,metric2 20
RTA
30.0.0.1 20.0.0.1
D,metric1 10 D,metric2 20
30.0.0.2 20.0.0.2
RTB RTC
IBGP
D(18.0.0.0/8)
AS200
As shown in the figure above, we can set the metric value of the network D
notified by the RTB as metric 1 10 and that of the network D notified by the
RTC as metric 2 20. In this way, the RTA will select the metric 1 that has
smaller metric value by precedence.
Generally, the router only compares the MED values of respective EBGP
neighbor paths from the same AS, but not those from different ASs. If
comparison is required, the Quidway series routers offer the one user
interface command to change this default behavior.
Note: By default, it is not allowed to compare the MED attribute values of
paths from different AS neighbors, unless it can be confirmed that different
ASs adopt the same IGP and route selection method.
27
Community Attribute
In the range of the BGP, a community is a group of destinations that have the
same nature. It is not limited to a network or an AS and has no physical
boundary.
28
Well-known Community
– NO_EXPORT
• Routes received carrying this value cannot be advertised to EBGP peers and outside of
the confederation
– NO_ADVERTISE
• Routes received carrying this value cannot be advertised at all to either EBGP or IBGP
peers.
– LOCAL_AS
• Routes received carrying this value cannot be advertised to EBGP peers including
peers in other AS within a confederation.
– INTERNET
• All routes belong to this community by default. Received routes belonging to this
community are advertised freely
29
BGP Route Selection Procedure
30
Module 6
MPLS
31
Chapter 1 MPLS Overview
Network
Page 32 Learning Centre 32
Proprietary & Confidential 32
32
MPLS
• MPLS——Multi-Protocol Label
Switching
– Multi-Protocol
– Support multiple Layer-3 protocols,
such as IP, IPv6, IPX, SNA
– Label Switching
– Label packets, and replace IP
forwarding with label switching
Network
Page 33 Learning Centre 33
Proprietary & Confidential 33
For more details about MPLS, refer to RFC 3031 (Multi-protocol Label
Switching Architecture).
33
Origin: To Integrate IP with ATM
IP MPLS ATM
Connectionless Connectionless
control plane control plane Connection-oriented
control plane
Network
Page 34 Learning Centre 34
Proprietary & Confidential 34
MPLS originates from the Internet Protocol version 4 (IPv4). Before MPLS
generation, IP network forwarding packets with IP routing table, by looking for the
IP routing table with packet’s destination IP address and get the next hop, as each
forwarded packet need to look for the IP routing table, the efficiency is low.
Another packet forwarding technology is ATM, forward packet by VPI/VCI
switching, a type of label switching, the efficiency is higher than IP forwarding. IP
network, its control plane is connectionless, and forwarding plane also is
connectionless, just hop by hop, each hop decide to choose the next hop. while
ATM, its control plane is connection-oriented, if many device need to set up the
connection with each other, the configuration is very heavy, and with label
switching, the forwarding plane is connection-oriented, the packet forwarding path
is defined before.
MPLS integrates both of the two forwarding technologies. Its control plane is
connectionless, easy to widen its network, and forwarding plane is connection-
oriented, before data forwarding, LSP need to be set up, and is available to manager
and control the setting up.
34
Connection-oriented Features
S2 1 S6 S2 S6
1 1
S1 S8 S1 S3 S5 S8
S3 S5 VC
2 2
S4 2 S7 S4 S7
As for connectionless packet forwarding, the data reach their destination out of
order, because each packet choose its forwarding path independently, and usually
the path will be different and the time delay of each packet also will be different, so
the sending sequence and the arriving sequence will be different. While the
connection-oriented packet switching, the forwarding path is fixed and then time
delay is fixed and the sending sequence and arriving sequence are the same. And it
is easy to control. There have two connection type: PVC (Permanent Virtual
Circuit) and SVC (Switched Virtual Circuit)
35
Basic MPLS Concepts
LER
MPLS domain
IP
LER LSR LSR
LER
LSP
LSR
MPLS
LER
Network
Page 36 Learning Centre 36
Proprietary & Confidential 36
LSR is the basic component of the MPLS network. The network consisting of
LSRs, is called an MPLS domain. The LSR located at the edge of the domain and
having a neighbor not running MPLS is an edge LSR, also called Labeled Edge
Router (LER).
The LSR located inside the domain is called a core LSR. The core LSR can be
either a router that supports MPLS or an ATM-LSR upgraded from an ATM switch.
MPLS runs between LSRs in the domain, and IP runs between an LER and an router
outside the domain.
The LSRs along which labeled packets are transmitted form an LSP.
36
Basic Working Process of MPLS
Core LSR
Edge LSR Edge LSR
IP IP L1 IP L2 IP L3 IP
Traditional Traditional IP
IP forwarding Label forwarding forwarding
Network
Page 37 Learning Centre 37
Proprietary & Confidential 37
1.LDP establishes a label map for desired FECs in each LSR through the
routing table generated by the traditional routing protocols like OSPF and
IS-IS
2.The ingress receives a packet, determines its FEC and adds a label to the
packet. This packet is called the MPLS labeled packet;
3.The Transits forward the packet according to its label and the label
forwarding information base without any Layer 3 processing;
4.The egress rips off the label and continues forwarding for delivery
37
MPLS Packet Flow
Now the most charm of MPLS is that it can provide many value-added service
such as follows:
1.MPLS VPN
3.MPLS Qos
39
MPLS Encapsulation Format and Label
0 20 23 24 31
Layer 2
MPLS header IP header Data
header
Network
Page 40 Learning Centre 40
Proprietary & Confidential 40
•Label: 20 bits, represents label value, and used as the pointer for
forwarding.
•Exp: 3 bits, reserved, used for experiments, and generally used as Class of
Service (CoS).
•S: 1 bit, represents label stack. The value 1 refers to the bottom layer label.
Just 0 means next head is MPLS header and 1 means next header is IP
header.
•TTL: 8 bits, represents time to live, and has the same meaning as the TTL
in the IP packet.
40
A value of 0 represents the "IPv4 Explicit NULL Label". This label value is
only legal at the bottom of the label stack. It indicates that the label stack must be
popped, and the forwarding of the packet must then be based on the IPv4 header.
A value of 1 represents the "Router Alert Label". This label value is legal
anywhere in the label stack except at the bottom. When a received packet contains
this label value at the top of the label stack, it is delivered to a local software
module for processing. The actual forwarding of the packet is determined by the
label beneath it in the stack. However, if the packet is forwarded further, the Router
Alert Label should be pushed back onto the label stack before forwarding. The use
of this label is analogous to the use of the "Router Alert Option" in IP packets .
Since this label cannot occur at the bottom of the stack, it is not associated with a
particular network layer protocol.
A value of 2 represents the "IPv6 Explicit NULL Label". This label value is
only legal at the bottom of the label stack. It indicates that the label stack must be
popped, and the forwarding of the packet must then be based on the IPv6 header.
A value of 3 represents the "Implicit NULL Label". This is a label that an LSR
may assign and distribute, but which never actually appears in the encapsulation.
When an LSR would otherwise replace the label at the top of the stack with a new
label, but the new label is "Implicit NULL", the LSR will pop the stack instead of
doing the replacement. Although this value may never appear in the encapsulation,
it needs to be specified in the Label Distribution Protocol, so a value is reserved. 41
A label space refers to the value range of labels that can be allocated to LDP
peers. You can specify a label space for each interface of an LSR (per interface
label space) or for the entire LSR (per platform label space).
Platform-wide means the label should be unique with all the interfaces on the
device; interface-specific means the label should be unique with one interface,
while different interface of the device, the label value could be the same.
LDP is the protocol used to distribute the label, how can we identify the type
of generated label. LDP choose the < LSR ID> :< Label Space ID >, LSR ID—
Globally unique value of an LSR (4 octets); Label space ID—Zero for platform-
wide label space (2 octets). For example, identifier 192.168.1.1:0 means platform-
wide, identifier 192.168.1.1:5 means interface-specific.
•MPLS based frame mode use Platform-wide label space, such as IP,
Ethernet.
•MPLS based cell mode use Per-interface label space, such as ATM
42
MPLS TTL Processing
IP TTL --
MPLS TTL=255 MPLS TTL -- IP TTL --
The MPLS label comprises an 8-bit TTL field, which is similar to that in an IP
header. TTL is also used in the trace route function. As described in RFC 3031, an
LSR node needs to copy the TTL value of the IP packet or that of the upper layer
label to the TTL field of the added label. When LSR forwards a labeled packet, the
TTL value of the label at the top of the label stack decrements by 1. When the label
is out of the label stack, the LSR copies the TTL value at the top of the stack to the
IP packet or lower layer label.
Before the LSP transverses the non-TTL LSP segment formed by ATM-LSRs
or FR-LSRs, the TTL should be processed uniformly because the LSRs within that
domain cannot process the TTL field. That is, the value of the length in this non-
TTL LSP segment should be decremented by 1 on entering the segment.
In MPLS VPN applications, you can hide the MPLS backbone network
structure for security. The VRP supports different TTL propagation settings for
VPN packets and public packets.
43
Label Stack
In layer2 header how to identify the higher layer’s protocol? In PPP there add a
new type of NCP called MPLSCP, identified with 0x8281. while in Ethernet 0x8847
means unicast MPLS, 0x8848 means multicast and 0x0800 means IP packet.
The label stack follow FIFO, label process from the top stack. When executing
MPLS forwarding, only use the outer side label.
44
MPLS Architecture
Control Plane
OSPF
OSPF: 10.0.0.0/8 OSPF: 10.0.0.0/8
Data Plane
Labeled packet LFIB Labeled packet
Label 17 4Æ17 Label 4
Network
Page 46 Learning Centre 46
Proprietary & Confidential 46
FEC to NHLFE map (FTN): indicates the mapping for an FEC to NHLFE on
the ingress.
Incoming Label Map (ILM): indicates the mapping process of the received label
to NHLFE on the transits and egress.
46
Label Forwarding
label operation: pop
A B C D
Ingress LER LSR LSR Egress LER
• The traditional routing protocol and Label Distribution Protocol (LDP) serve to create routing
table and label mapping table (FEC-Label mapping) in each LSR for FECs with service
requirement, i.e. create LSP successfully.
• Ingress LER receives a packet, determines the FEC that the packet belongs to, and label the
packet
• In MPLS domain, packets are forwarded in accordance with labels and label forwarding table via
the forwarding unit
• Egress LER removes the label and continues forwarding the packet
Network
Page 47 Learning Centre 47
Proprietary & Confidential 47
On the ingress, the packets entering the network are classified into various
FECs by their characteristics. Usually, FEC classification is done based on the
destination IP address prefix or host address. The packets belonging to the same
FEC will have the same label and pass through the same path in the MPLS domain.
LSR assigns a label for an incoming packet, and then forwards it through a specified
interface.
On the transits along the LSP, the mapping table of the incoming and outgoing
labels is established. The element of this table is referred to as NHLFE. When a
labeled packet arrives, LSR only needs to find the corresponding NHLFE from the
table according to the incoming label and replace the original label with the new
outgoing label, and then forward the labeled packet. This process is called ILM.
Therefore, this method is much simpler, and the forwarding is faster.
On the LER, it removes the label and continues forwarding the packet .
47
NHLFE
A:
NHLFE
FEC next hop Transmitting interface Label operation Others
10.0.1.0/24 B E1 Add label L1 …
B:
Ingress NHLFE
label Next hop Transmitting interface label operation Others
L1 C E1 Remove the previous label and add L2 …
C:
Ingress NHLFE
label Next hop Transmitting interface Label operation Others
L2 D E1 Remove the previous label and add L3 …
Network
Page 48 Learning Centre 48
Proprietary & Confidential 48
The "Next Hop Label Forwarding Entry" (NHLFE) is used when forwarding a
labeled packet. It contains the following information:
2. the operation to perform on the packet's label stack; this is one of the following
operations:
a) replace the label at the top of the label stack with a specified new label
c) replace the label at the top of the label stack with a specified new label, and then
push one or more specified new labels onto the label stack.
48
Creating LSP
Actually, LSP establishment refers to the process of binding FEC with the
label, and then advertising this binding to the adjacent LSR on LSP. But how to
drive the LSP’s creation, there have several drive modes:
And now there have several signaling protocol can be used to distribute
labels such as :
• MP-BGP:Multiprotocol-BGP
1 2 0 2 4
LER LSR 1 LER
8 12
50
Label Forwarding Table
IN interface IN label Prefix/MASK OUT interface OUT label
(next hop)
Serial0 50 10.1.1.0/24 Eth0(3.3.3.3) 80
z The “in” and “out” is correspond to the label swap,not the label
distribution.
> The in label is that I distribute to the others, I will not put it to
the packet
> The out label is the others distribute to me, I will put it to the
packet
Network
Page 51 Learning Centre 51
Proprietary & Confidential 51
Look carefully about the label forwarding table, there have IN interface and IN
label, OUT interface and OUT label. As for IN label, this label means that I (stand
for this router) distribute to the others, the OUT label means that the other routers
distribute to me, I will put it to the packet. As for some special label value such as 3,
the operation is pop, the label will be removed.
From this table we can view that IN label is different (if it is platform-wide),
and OUT label there may have some same values, why?
Perhaps one is that the label is distributed by different next hop device, they
generate the labels independently, the other is the same route item such as
10.1.1.0/24 in this table, there have several different IN interface such as Serial0 and
Serial1.
51
MPLS Operation – Re-Cap
1a. Existing routing protocols (e.g. OSPF, IS-IS) 4. Edge LSR at
establish reachability to destination networks egress removes
label and delivers
1b. Label Distribution Protocol (LDP)
packet
establishes label to destination
network mappings.
52
Module 7
BN MAN MAN
City A City C
RDN IP/MPLS
Backbone
City B MCN2 City D
MAN BN
MAN
MCN1
MCN1 BN
BN BAN
BAN MAN MAN
MAN
BAN
BN
BAN All MCN nodes connect
BN
BN
to RDN with full mesh by
BN BN
L2VPN Virtual Circuit.
BN BN
Network
Page 56 Learning Centre 56
Proprietary & Confidential 56
MCN:Media Convergence Node (Cisco 7609), in Mumbai city and top ten cities
deployed two node for redundancy and other cities only deployed one node.
MAN:Metro Aggregation Node (Cisco 7609), each cities deployed multiple node.
BAN:Building Aggregation Node (Some site are Cisco 7609 acting as layer 3
device, some site are Cisco 3750 acting as layer 2 traffic aggregation device and
will be replaced by CX600).
BN: Building Nodes (Cisco ME3400 and Cisco 3550), act as last mile accessing
customers.
RDN: Reliance Data Network (Juniper T640/T320), is Reliance IP/MPLS backbone
network.
56
Topology of Mumbai City today
SESM
Radius IAG Internet
RDN IP/MPLS
Backbone
DHCP/IPTV TG
ISG CAG1
CAG2
MCN1 MCN2
Reliance Voice
MAN MAN
AG/MGW
MAN
MAN
MAN
BAN •BAN Rings dual homing to
BAN MAN Ring
BAN BAN •Two sets of MCN link to
BN RDN with back up design
BN
BN BN BN
BN
BN BN BN BN
BN BN BN
BN BN
BN
Wimax Base
IP DSLAM Station
IAD CPE
CPE
IAD IAD SS SS
Network
Page 57 Learning Centre 57
Proprietary & Confidential 57
Each city the MCN nodes connecting the IDC where it is deployed DHCP servers,
AAA servers, IPTV head system, Network Management system, ISG, SESM.
In Mumbai city there are two MCN nodes deployed.
For residential customers, there are three access types on last mile, IP DSLAM and
Lan switch and Wimax, and each customer can be deployed three terminals: PC、
STB、VoIP.
For enterprise customers, each customer deployed a CPE and connected to BN node
of Reliance MEN.
57
Topology of Top Ten Cities today
SESM
Radius IAG Internet
RDN IP/MPLS
Backbone
DHCP/IPTV
ISG TG
CAG1
CAG2
MCN1 MCN2
MAN Reliance Voice
MAN
AG/MGW
MAN MAN
MAN
•BAN rings single homing
BAN to MAN ring
BAN
BAN BAN •Two sets of MCN link to
BN
BN RDN with back up design
BN BN BN
BN
BN BN BN BN
BN BN BN
BN BN
BN
Wimax Base
IP DSLAM Station
IAD CPE
CPE
IAD IAD SS SS
Network
Page 58 Learning Centre 58
Proprietary & Confidential 58
Each city the MCN nodes connecting the IDC where it is deployed DHCP servers,
AAA servers, IPTV head system, Network Management system, ISG, SESM.
In Mumbai city there are two MCN nodes deployed.
For residential customers, there are three access types on last mile, IP DSLAM and
Lan switch and Wimax, and each customer can be deployed three terminals: PC、
STB、VoIP.
For enterprise customers, each customer deployed a CPE and connected to BN node
of Reliance MEN.
58
Topology of Normal City today
SESM IAG
Radius Internet
RDN IP/MPLS
Backbone
DHCP/IPTV
ISG TG
CAG1
CAG2
MCN1
Reliance Voice
MAN MAN
AG/MGW
MAN
BAN BAN
BN BN BN BN
BN BN BN BN
BN
BN
BN BN
Wimax Base
IP DSLAM Station
IAD CPE
CPE
IAD IAD SS SS
Network
Page 59 Learning Centre 59
Proprietary & Confidential 59
For MCN node, only Mumbai city deployed two nodes and other cities just
deployed one node.
59
building up New BAN and BN Ring
CX200 CX200
CX200 CX200
CX200 CX200
CX200
CX200 CX200
CX200 CX200
CX200
Network
Page 60 Learning Centre 60
Proprietary & Confidential 60
Each BAN has maximum 12 BN rings and each BN ring has maximum 14 BN
nodes on the ring.
Two scenario: one is BN ring single homing to BAN node, the other scenario is BN
ring dual homing to BAN nodes.
60
Adding CX600 or Replacing Cisco
Equipments in MAN/BAN Ring
MCN1 MCN2
C7609
C7609
C7609 C7609
C7609 C7609
MAN Ring
MAN Ring
CX600 CX600
Network
Page 61 Learning Centre 61
Proprietary & Confidential 61
61
Unused Fiber Route (UFR) Network
BT S BT S
B TS / B A N
Le vel - 1 3 7 5 0 S tac k
BT S
B TS 3 7 5 0 S tac k
BT S
M E3 4 00
Le ve l - 2
M E3 4 00
Network Learning Centre 63
Proprietary & Confidential 63
In the standard metro ethernet we are using one level for L2 aggregation as The BN
ME3400 ring or IP-DSLAM ring parents to L3/MPLS 7609. As shown in above
figure in the proposed UFR architecture there are two levels of aggregation rings in
the l2 domain.
Figure above shows the UFR-MEN architecture. Cisco ME3400 acting as Layer-2
BN or IP-DSLAM in the MEN will be connected to the Stack C3750 switches via
Gigabit Ethernet trunk ports. This level is referred as level-2 Aggregation.
Aggregation of the C3750 rings traffic will be done at the 7609 MCN/MAN
collocated BAN. This level is referred as the Level-1 Aggregation.
Also some Nodes can be dual homed to two aggregation nodes
63
UFR Network
Dual-Homed Section UFR with IP-DSLAM ring
z VoIP
z IPTV (BTV&VOD)
z Enterprise Services
Network
Page 68 Learning Centre 68
Proprietary & Confidential 68
68
Residential Service
Radius SESM
IAG Internet
Reliance RDN
IP/MPLS Backbone
ISG
CAG1 TG
DHCP/IPTV CAG2
MCN1 MCN2
BN BN BN BN
BN BN BN BN
BN
BN BN
Wimax Base
IP DSLAM Station
IAD CPE
CPE
IAD IAD SS SS
Network
Page 69 Learning Centre 69
Proprietary & Confidential 69
For residential customer there are three types of services HSI, VoIP, IPTV (BTV
(multicast) and VOD).
The HSI service will be terminated on ISG and then forwarding to internet by IAG.
The IPTV services will be terminated on IPTV head end system including BTV
servers and VOD servers,.
The VoIP service will be terminated on AG or MGW and register on TG or soft
switch servers.
69
BIA thru DLC
MCN
RDN ILT
7609 TAG TN
TN
MAN
BAN
BAN TN
BAN CT
RJ 11
ADSL Modem
RJ 45
Network Learning Centre 70
Proprietary & Confidential 70
IAD
7 x 8x 9x 1 0x 1 1x 1 2 x 7x 8x 9 x 1 0
x 1 1 x 12 x
Fiber Access Ring
E t h re n e t
C
7 8 91 01 12
A 1 2 3 45 6
1 x 2x 3x A 4 x 5 x 6 x 1x 2x 3 x B 4 x 5 x 6x
Class 5 switch
IAD
Metro E1
7 x 8x 9x 1 0x 1 1x 1 2 x 7x 8x 9 x 1 0
x 1 1 x 12 x
Ethernet
r ne t
C
7 8 91 01 12
Et h e
A 1 2 3 45 6
1 x 2x 3x A 4 x 5 x 6 x 1x 2x 3 x B 4 x 5 x 6x
Network LE
RDT-8v, Telephony
IP DSLAM or Access Gateway, TAG
Cisco 3550 or
7 x 8x 9x 1 0x 1 1x 1 2 x 7x 8x 9 x 1 0
x 1 1 x 12 x
E t h re n e t
C
7 8 91 01 12
A 1 2 3 45 6
1 x 2x 3x A 4 x 5 x 6 x 1x 2x 3 x B 4 x 5 x 6x
Internet
Microsoft IP TV
server
71
Reliance MEN Services
z Enterprise Services
z E-LINE
z E-LAN
z L3VPN
z MVPN
Network
Page 72 Learning Centre 72
Proprietary & Confidential 72
Enterprise Services:
-EPL
72
Enterprise Services (E-LINE)
RDN IP/MPLS
Backbone
BN BN BN BN BN BN
BN BN
BN BN BN BN BN BN BN BN
BN BN
BN BN
CPE BN BN
CPE
CPE CPE
Network
Page 73 Learning Centre 73
Proprietary & Confidential 73
73
Enterprise Services (E-LAN)
VPN-X VPN-Y VPN-Z
BN
BN
BAN
BAN
MCN1
RR2
R
BAN
Multipoint-to-multipoint
connection for
enterprise customers
by E-LAN
Network
Page 74 Learning Centre 74
Proprietary & Confidential 74
74
Enterprise Services (MPLS L3VPN )
VPN-X VPN-Y VPN-Z
BN
BN
BAN
BAN
MCN1
RR2
R
BAN
Multipoint-to-multipoint
connection for
enterprise customers
by L3VPN
Network
Page 75 Learning Centre 75
Proprietary & Confidential 75
75
Enterprise Services (MVPN)
RDN IP/MPLS
Backbone
BAN Ring
BAN Ring
CX600 CX600 CX600 CX600
BN Ring
CX200 CX200
CX200 CX200
CPE CPE
CX200 CPE
City X City Y
Network
Page 76 Learning Centre 76
Proprietary & Confidential 76
76
Reliance MEN Services
z Enterprise Services
Network
Page 77 Learning Centre 77
Proprietary & Confidential 77
77
Inter-AS VPN(L3VPN)
CPE
SESM
DHCP/IPTV/Management IAG Internet
RDN IP/MPLS
Backbone
ISG
CAG1
CAG2
MCN1
MCN acts as ASBR of
MAN MAN Reliance MEN and
MAN established Inter-AS
BAN connection with CAG
BAN
BN BN BN BN
BN BN BN BN
BN
BN BN
CPE
CPE
Network
Page 78 Learning Centre 78
Proprietary & Confidential 78
78
Network Implementation
– HSI
• HSI service assigned with public internet IP
address
– VoIP
• VoIP service assigned with Reliance private IP
address
– IPTV
• IPTV service assigned with Reliance private IP
address
•Page80
different services using different scopes of IP addresses.
Network Learning Centre 80
Proprietary & Confidential 80
VLAN Assigning
Access Mode VALN ID IP Address of Gateway
Residential Customers can access Reliance MEN by three last miles access
types, IP DSLAM, Active Ethernet LAN switch and Wimax. Each access types
assigned one VLAN id, IP DSLAM assigned VLAN id 102, LAN switch
assigned VLAN id 66,Wimax assigned VLAN id 65, static IP address assigned
VLAN id 64, multicast VLAN id 999;
For VLAN id 65,66,102 act as sub-VLANs and created a super-VLAN logic
interface to share the IP gateway and isolated different sub-VLANs each
other;
For VLAN id 64, services carried with VLAN 64 will be terminated by itself
logic interface, not by super-VLAN interface;
Multiple ports belong to same VLAN on one box deployed port separated
feature with each other;
For VLAN id 999, used for multicast VLAN and created VLAN logic interface
to terminate multicast service;
81
VLAN Assigning
Radius SESM
IAG Internet
Reliance RDN
IP/MPLS Backbone
ISG
CAG1 TG
DHCP/IPTV CAG2
MCN1 MCN2
BN BN BN BN
BN BN Customer VLAN ID
BN BN
BN should be configured
BN BN
Wimax Base
IP DSLAM Station
IAD CPE
CPE
IAD IAD SS SS
Network
Page 82 Learning Centre 82
Proprietary & Confidential 82
82
MPLS L3VPN for HIS and VoIP
Radius SESM
IAG Internet
Reliance RDN
IP/MPLS Backbone
ISG
CAG1 TG
DHCP/IPTV CAG2
MCN1 MCN2
Wimax Base
IP DSLAM Station
IAD CPE
CPE
IAD IAD SS SS
BN
MPLS LDP LSP BN
AS 65000 BAN
MP-iBGP
BAN
MCN1
RR2
R
BAN
MPLS TE
Tunnel
MPLS TE
Tunnel
Martini mode
Network Learning Centre
Page85 85
Proprietary & Confidential 85
MPLS VPLS for Customers
VPN-X VPN-Y VPN-Z
BN
MPLS LDP LSP BN
BAN
BAN
MCN1
RR2
R
BAN
MPLS TE
Tunnel
Martini mode
City X City Y
87
ThankYou