Sie sind auf Seite 1von 59

Internal

ODC010004 MPLS L3 VPN Advanced Application


ISSUE 1.2
www.huawei.com

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Wide application of MPLS technologies allows service providers to provide better extended/value-added services. Therefore, the implementation of MPLS functions can help an equipment vendor gain competitive advantages over other vendors.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 1

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

References
l VRP5 Operation Manual

VPN

l Technical White Paper for Cross-As

Solutions
l Technical White Paper for HoPE l RFC 2547

RFC 3107

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 2

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Upon completion of this course, you will be able to:


[ Learn about cross-AS MPLS VPN, HoPE, Internet access and multi-role host technologies. [ Understand specifics of the technologies. [ Understand applications of the technologies.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 3

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Cross-AS Solution Chapter 2 HoPE Solution Chapter 3 Internet Connection Solution Chapter 4 Multi-Role Host Technology

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 4

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Cross-AS Solution


1.1 Cross-AS Solution 1.2 Carrier's Carrier Solution

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 5

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS MPLS VPN


Origin of cross-AS VPN
l

In the technical system of MPLS, an MPLS domain and a router AS overlap each other. In actual networking, however, an MPLS domain frequently crosses multiple ASs: [ The carrier defines one province as one AS of the carrier network but requires to provide cross-province MPLS VPN services. [ Carriers cooperate with each other (especially with international carriers to provide international services).

To implement these services, cross-AS MPLS VPN solutions must be applied to solve the following two problems: [ Technical problem: how can VPN-IPv4 routes and VPN labels be distributed to another AS. [ Managerial problem: Normally, cross-AS LSPs are not allowed (this is especially important in the case of carrier cooperation).

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 6

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS MPLS VPN


Three Solutions
l Currently three MPLS VPN cross-domain solutions are

available: [ VRF-TO-VRF [ MP-eBGP for VPNV4 [ Multi-Hop MP-eBGP

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 7

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS MPLS VPN


Overview of the Solutions
Back-to-back VRFs ASBR-1 MP-eBGP for VPNv4 ASBR-2

Multi-hop MP-eBGP PE-1

AS #100

AS #200

PE-2

CE-1

CE-2

l Different domains or carriers have


VPN-A-1

different ASs.
l One VPN operates in multiple ASs.

VPN-A-2

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 8

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS solution 1: VRF-to-VRF


VRF-to-VRF Overview
VPN1-CE1 PE PE VPN2-CE1
MP-iBGP

VPN1-CE2 ASBR-1 ASBR-2 MP-iBGP PE


AS#200
One VRF and one logical interface are created for each VPN. MP-iBGP

AS#100
MP-iBGP

PE VPN2-CE2

VPN-LSP1 LSP-1

IP Forwarding

VPN-LSP2 LSP-2

PE
l

ASBR-1

ASBR-2

PE

An ASBR considers the peer ASBR its CE, and creates a VRF for each VPN. IP forwarding is applied between the ASBRs and MPLS forwarding is applied within the AS. Advantages: Simple with no need of protocol extension or special configuration, natural support; applicable in the case of a small number of cross-domain VPNs. Disadvantages: The ASBR must create a VRF for each VPN. To cross multiple domains, large configuration efforts are needed. The scalability is poor. All rights reserved Page 9

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS solution 1: VRF-to-VRF


Distribution of routing information
BGP, BGP, OSPF, OSPF, RIPv2 RIPv2 161.10.1.0/24,NH=CE-1 161.10.1.0/24,NH=CE-1 VPN-v4 VPN-v4 update: update: RD:1:27:161.10.1.0/24, RD:1:27:161.10.1.0/24, NH=PE-1 NH=PE-1 RT=100:1, RT=100:1, Label=(L1) Label=(L1) BGP, BGP, OSPF, OSPF, RIPv2 RIPv2 161.10.1.0/24,NH=PE-3 161.10.1.0/24,NH=PE-3 VPN-v4 VPN-v4 update: update: RD:1:27:161.10.1.0/24, RD:1:27:161.10.1.0/24, NH=ASBR-2 NH=ASBR-2 RT=100:1, RT=100:1, Label=(L2) Label=(L2)

VPN1-CE1 PE-1

VPN1-CE2 PE-3

MP-iBGPASBR-1

ASBR-2

MP-iBGP

AS#100

AS#200

VPN2-CE1

PE-2

PE-4
MP-iBGP
D: D:161.10.1.0/24 161.10.1.0/24 NH: NH:ASBR-1 ASBR-1

MP-iBGP

VPN2-CE2

VPN-LSP1 LSP-1

IP Forwarding

VPN-LSP2 LSP-2

PE
HUAWEI TECHNOLOGIES CO., LTD.

ASBR-1

ASBR-2

PE
Page 10

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS solution 1: VRF-to-VRF


Label switching procedure

VPN1-CE1

161.10.1.1 161.10.1.1

161.10.1.1 161.10.1.1

VPN1-CE2

MP-iBGP

ASBR-1
161.10.1.1 161.10.1.1

ASBR-2

MP-iBGP
Lx Lx L2 L2 161.10.1.1 161.10.1.1PE

PE
AS#100

Ly Ly

L1 L1

AS#200
161.10.1.1 161.10.1.1

VPN2-CE1

PE

PE
MP-iBGP

MP-iBGP

Create a VRF and a logical interface for each VPN

VPN2-CE2

VPN-LSP1 LSP-1

IP Forwarding

VPN-LSP2 LSP-2

PE

ASBR-1

ASBR-2

PE

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 11

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS Solution 2: MP-eBGP for VPNV4


MP-eBGP for VPNV4 overview
VPN1-CE1 PE VPN2-CE1 PE
MP-iBGP

VPN1-CE2 ASBR-1 ASBR-2 MP-iBGP PE


AS#200
MP-iBGP

AS#100
MP-iBGP

MP-EBGP
(VPN-V4)

PE VPN2-CE2

VPN-LSP1 LSP-1

VPN-LSP2

VPN-LSP3 LSP-2

PE
l l

ASBR-1

ASBR-2

PE

EBGP is used to advertise VPN-IPv4 routes between ASBRs. ! Advantages : [ No need of creating a VRF for each VPN on ASBR. [ No need of cross-domain extension protocol, easy to manage and configure

Disadvantages: All VPN routes need be stored on the ASBR. This imposes high requirements on the router so that the ASBR is easier to become faulty. !

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 12

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS Solution 2: MP-eBGP for VPNV4


Distribution of routing information
BGP, BGP, OSPF, OSPF, RIPv2 RIPv2 161.10.1.0/24,NH=CE-1 161.10.1.0/24,NH=CE-1 VPN-v4 VPN-v4 update: update: RD:1:27:161.10.1.0/24, RD:1:27:161.10.1.0/24, NH=PE-1 NH=PE-1 RT=100:1, RT=100:1, Label=(L1) Label=(L1) VPN-v4 VPN-v4 update: update: RD:1:27:161.10.1.0/24, RD:1:27:161.10.1.0/24, NH=PE-ASBR-2 NH=PE-ASBR-2 RT=100:1, RT=100:1, Label=(L3) Label=(L3) BGP, BGP, OSPF, OSPF, RIPv2 RIPv2 161.10.1.0/24,NH=PE-3 161.10.1.0/24,NH=PE-3

VPN1-CE1 PE-1 PE-2

VPN1-CE2 PE-3 PE-4

MP-iBGP

AS#100

ASBR-1 ASBR-2 MP-EBGP


(VPN-V4)
VPN-v4 VPN-v4 update: update: RD:1:27:161.10.1.0/24, RD:1:27:161.10.1.0/24, NH=PE-ASBR-1 NH=PE-ASBR-1 RT=100:1, RT=100:1, Label=(L2) Label=(L2)

MP-iBGP

AS#200
MP-iBGP

VPN2-CE1

MP-iBGP

VPN2-CE2

VPN-LSP1 LSP-1

VPN-LSP2

VPN-LSP3 LSP-2

PE
HUAWEI TECHNOLOGIES CO., LTD.

ASBR-1

ASBR-2
Page 13

PE

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS Solution 2: MP-eBGP for VPNV4


Label switching procedure

VPN1-CE1
161.10.1.1 161.10.1.1 L1 L1 161.10.1.1 161.10.1.1 Lx Lx L3 L3

VPN1-CE2
161.10.1.1 161.10.1.1 161.10.1.1 161.10.1.1

PE-1
L3 L3 Ly Ly L1 L1 161.10.1.1 161.10.1.1 161.10.1.1 161.10.1.1

PE-3

MP-iBGP

AS#100

ASBR-1 ASBR-2 MP-EBGP


(VPN-V4)

MP-iBGP

AS#200

VPN2-CE1

PE-2

PE-4
MP-iBGP

MP-iBGP

L2 L2

161.10.1.1 161.10.1.1

VPN2-CE2

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 14

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS Solution 3: Multi-Hop eBGP


Multi-Hop eBGP overview
Multi-Hop MP-EBGP(VPN V4) VPN1-CE1 ASBR-1 PE
AS#100

VPN1-CE2 ASBR-2 PE
AS#200

EBGP Multi-Hop MP-EBGP


VPN-LSP BGP 4+

VPN2-CE1

PE

PE VPN2-CE2

LSP-1

LSP-2

PE
l l

ASBR-1

ASBR-2

PE

Establish MP-EBGP peer between PEs and distribute VPN-IPV4 routes using this connection. Advantages : [ This is the optimal solution because it meets the structural requirements of MPLS VPN. Only PE knows the VPN routing information. P only concerns the forwarding of packets. [ The advantage is more notable when a VPN crosses multiple AS. This solution also supports load sharing. Disadvantages :BGP extensions are needed. The setup of tunnels differs from the common MPLS VPN structure so that the solution is hard to maintain or understand.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 15

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS Solution 3: Multi-Hop eBGP


Distribution of routing information
VPN-v4 VPN-v4 update: update: RD:1:27:162.11.1.0/24, RD:1:27:162.11.1.0/24, NH=PE-1 NH=PE-1 RT=100:1, RT=100:1, Label=(L3) Label=(L3)

VPN1-CE1

VPN1-CE2

BGP, BGP, OSPF, OSPF, RIPv2 RIPv2 162.11.1.0/24, 162.11.1.0/24, NH=CE-1 NH=CE-1

Network=PE-1 Network=PE-1 NH=ASBR-2 NH=ASBR-2 Label=(L10) Label=(L10)

BGP, BGP, OSPF, OSPF, RIPv2 RIPv2 162.11.1.0/24, 162.11.1.0/24, NH=PE-2 NH=PE-2

PE-1
AS#100

ASBR-1 EBGP

ASBR-2
AS#200

PE-2 PE-4

VPN2-CE1

PE-3

Network=PE-1 Network=PE-1 NH=ASBR-1 NH=ASBR-1 Label=(L9) Label=(L9)

VPN2-CE2

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 16

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Cross-AS Solution 3: Multi-Hop eBGP


Label switching procedure
VPN1-CE1 VPN1-CE2

161.10.1.1 161.10.1.1 L3 161.10.1.1 Lx L10 L3 161.10.1.1

PE-1
Ly L3 161.10.1.1 L10 L3 161.10.1.1

PE-3

ASBR-1
AS#100

ASBR-2 EBGP
AS#200

VPN2-CE1

PE-2

PE-4
L9 L3 161.10.1.1

VPN2-CE2

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 17

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Cross-AS Solution


1.1 Cross-AS Solution 1.2 Carrier's Carrier Solution

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 18

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Carrier!s Carrier Solution


Carrier s Carrier Topology
MP-IBGP/Romete-Peer LDP LDP/BGP LDP IBGP LDP LDP/BGP LDP

L1 PE L2 PE L1 CE

L1 PE L1 CE

L2 PE

Level 2 carrier

Level 1 carrier

Level 2 carrier

VPNB

VPNA

VPNA

VPNB

A level 2 carrier can provide L2&L3 VPNs


HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 19

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Carrier!s Carrier Solution


Three Solutions
l Level 1 carriers use MPLS/BGP VPN technologies.

[ Level 2 carriers do not use VPN technologies. [ Level 2 carriers use VPN technologies.
l Level 1 carriers use L2 MPLS VPN technologies.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 20

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Carrier!s Carrier Solution


Solution 1
BGP BGP/LDP MP-IBGP / LDP BGP/LDP

CE-1 Level-2 SP

PE-1 Level-1 SP

PE-2

CE-2 Level-2 SP

l l l

Level 2 carriers do not provide MPLS/BGP VPN. Level 1 carriers do not have IGP routing information of level 2 carriers. If traffic flows from CE-1 to CE-2, the LSP starts at CE-1 and ends at PE-2. All rights reserved Page 21

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Carrier!s Carrier Solution


Solution 2
MP-IBGP / Remote Peer LDP LDP BGP/LDP MP-IBGP / LDP BGP/LDP LDP

CE-1 Level-2 SP PE-3

PE-1 Level-1 SP

PE-2

CE-2 Level-2 SP PE-4

VPN 1 VPN 2 Site 1 Site 1


l Level 2 carriers provide MPLS/BGP VPN
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved

VPN 1 Site 2

VPN 2 Site 2

Page 22

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Carrier!s Carrier Solution


Solution 3
MP-IBGP / Remote Peer LDP LDP MP-IBGP / LDP LDP

CE-1 Level-2 SP PE-3

PE-1 Level-1 SP

PE-2

CE-2 Level-2 SP PE-4

VPN 1 Site 1

VPN 2 Site 1

VPN 1 Site 2

VPN 2 Site 2

l Level 2 carriers provide MPLS L2 VPN


HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 23

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Carrier!s Carrier Solution


Carrier"s Carrier Summary
Level 1 carrier : MPLS/BGP VPN Does a level 1 carrier have the routing information of a level 2 carrier? Is a routing protocol needed between the PE of a level 1 carrier and the CE of a level 2 carrier? Does LDP operate between the PE of a level 1 carrier and the CE of a level 2 carrier? How is encapsulation performed in a level 1 carrier network? YES Level 1 carrier : MPLS L2 VPN NO

Static or dynamic routing protocol Yes, multi-instance LDP is needed. IP encapsulated by MPLS (L2 or L3 labels)

NO

NO IP encapsulated by MPLS (L2 labels), L2 labels, or MPLS (L1 or L2 labels) Page 24

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Cross-AS Solution Chapter 2 HoPE Solution Chapter 3 Internet Connection Solution Chapter 4 Multi-Role Host Technology

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 25

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 2 HoPE Solution


2.1 Background of HoPE 2.2 Framework of HoPE 2.3 Applications of HoPE

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 26

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Background of HoPE
Condition of PE
CORE LAYER

DISTRIBUTION LAYER

ACCESS LAYER
l

PE is in an awkward position at different layers: [ Access layer: unable to support because of small capacity [ Distribution layer: a large number of interfaces (or subinterfaces) are needed for subscriber identification. The number of subscribers is large but PE provides limited interfaces. [ Core layer: the number of subscribers is larger, the number of interfaces become more limited, and the bandwidth granularity is larger.

The lower layer the PE is located, the more specific the routes are, and the more routes the PE needs to maintain.
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 27

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Background of HoPE
Problem

l l l

The number of interfaces and storage capacity must increase, finally reaches the equipment limit. The growth of network scale and the increase of subscribers in the local and peer sites require the local PE to have larger storage capacity. Solution [ Expand and migrate PE [ Add PEs to share the load of the VPN subscribers

This is an expensive solution


HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 28

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Background of HoPE
Cause
l Large numbers of interfaces are needed to access subscribers. Large amounts of

memory and forwarding capability are needed to handle subscriber packets.


l It is hard for a PE to provide large memory and a large number of interfaces at the

same time.
l A typical network constitutes of different layers, featuring many edge interfaces and a

large core capacity.


l MPLS VPN is flat. The requirement for memory capacity is similar regardless of the

position of the PE in the network. When a PE is expanded toward the edge, more memory is required whereas the capacity the network equipment decreases.

Key point: the model of MPLS VPN differs from the typical network model.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 29

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Background of HoPE
Multi-VRF Solution
VPN1 Site1 VPN2 Site1

VCE1 MPLS network PE


VPN1 Site2 VPN2 Site2

VCE2
l l l l l

the CE functionality so that it has the VRF function, called Multi-VRF CE (VCE for short). A VCE can access multiple VPN subscribers and simulate multiple CEs. The VCE connects with the PE through multiple interfaces (or subinterfaces). The VCE only needs to maintain routes of the local site. No changes are needed in the PE. All rights reserved Page 30

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Background of HoPE
Defects of Multi-VRF Solution
l Large numbers of interfaces and subinterfaces out of the limited interface resources

are needed between PE and VCE.


l Multiple VRFs need be configured at PE and CE. Configuration efforts are large and

repetitive.
l The use of dynamic routing protocol for route exchange between PE and VCE

requires both PE and VCE to run multiple instances. The use of static routes, however, demands large configuration efforts.
l If PE and CE are not connected directly but through tunnels, each VRF needs a tunnel

so that lots of tunnel resources are used.


l VCEs need be interconnected to transfer VPN packets to reduce the load of PE. That

means each VRF needs an interface/subinterface.


l The ultimate implementation is a single-layer VPN access. The solution for the access

of a separate MPLS VPN is still not provided.


HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 31

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 2 HoPE Solution


2.1 Background of HoPE 2.2 Framework of HoPE 2.3 Applications of HoPE

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 32

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
New Solution#Hierarchy of PE
VPN1 Site1 VPN2 Site1 VPN1 Site3

UPE1

PE
MP-BGP

MPLS network
VPN1 Site2 VPN2 Site2
MPLS network

SPE
VPN2 Site3

UPE2
HOPE
l l l l

PE

A PE is connected with other PEs to fulfill the functions of a traditional PE together. The PEs form a hierarchy. A PE that directly accesses VPN subscribers is a UPE (Underlayer PE). One inside the network is an SPE (Superstratum PE). A UPE and an SPE can be connected directly or through an IP/MPLS network. Such a structure is called HoPE (Hierarchy of PE). All rights reserved Page 33

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
Functions of UPE and SPE
l The UPE only maintains the routes of the directly connected VPN Site other than

the remote VPN Sites. The SPE maintains all routes in the VPN it connects through UPEs, including routes of the local and remote VPN Sites.
l The UPE assigns inner layer labels for routes of the directly connected VPN Site

and advertises the routes to the SPE. The SPE only advertises the default VRF route to the UPE with its label.
l Label switching is used between UPE and SPE and therefore only one interface (or

subinterface) is needed for their interconnection. If an IP/MPLS network is present between UPE and SPE, GRE/LSP tunnels are used for their interconnection.

A UPE is a traditional PE whereas an SPE requires functional enhancements to a traditional PE.


HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 34

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
Forwarding of Data
SPE1 advertises UPE advertises the the default route of default route to CE1. VPN to the UPE with an inner label. PE2 assigns an inner label for the CE2 advertises a route of Site2 route

0/0

0/0, L0

Dest/Mask, Li

Dest/Mask

Site1

Site2

CE1

UPE

SPE1

PE2

CE2

Dest/Mask
Forward the packets destined to Site2 from Site1 to the UPE according to the default route.

Dest/Mask, L0 Dest/Mask, Li, Lo Dest/Mask, Li


POP the inner label of the default route, query the related VRF Route Table and PUSH the inner and outer labels POP the outer label (PHP)

Dest/Mask

Push the inner layer label and forward the packets to SPE1 according to the default VPN route

POP inner lable

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 35

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
Forwarding of Data
CE1 advertises a route of Site1. UPE assigns an inner route label and advertises the route to SPE1 SPE1 replaces the label assigned by UPE with another inner label PE2 advertises a route to CE2 without a label

Dest/Mask

Dest/Mask, Li1

Dest/Mask, Li2

Dest/Mask

Site1

Site2

CE1
Dest/Mask

UPE

SPE1

PE2
Dest/Mask

CE2

Dest/Mask, Li1

Dest/Mask, Li2 Dest/Mask, Li2, Lo

POP the inner label and forward the packets to CE1

SWAP inner label

Pop outer label (PHP)

Query VRF Route Table and PUSH inner and outer labels

Query Route Table and forward packets to PE2

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 36

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
SPE-UPE Protocol
VRF1 Import route-target 100:1
VPN route (label) ORF (extended community list)

VRF2 Import route-target 200:1 UPE


l

Global Global Import Import route-target route-target 100:1, 100:1, 200:1 200:1
VRF default route (label)

SPE

Use MP-BGP to distribute VPN-IPv4 routes [ SPE and UPE belong to a same carrier, MP-iBGP is used and the SPE serves as RR. [ If SPE and UPE belong to different carriers, MP-eBGP is used and the UPE uses the private AS number.

SPE creates the global import route-target list using the union set of the VRF import route-target lists of UPE [ UPE transfers import route-target list using the ORF mechanism and SPE generates the global import route-target list automatically. [ The global import route-target list is created manually on SPE.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 37

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
SPE-UPE Connection
SPE Lease line

LSP GRE tunnel

UPE
l l

UPE

Through any form of interface/subinterface Through tunnel interface [ MP-BGP can cross multiple hops. [ When LSPs are used, LDP/RSVP-TE operates on UPE/SPE

One SPE/UPE pair requires only one connection

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 38

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
HoPE Hierarchy

SPE
VRF default route VRF default route

PE in a hierarchy serves as UPE (SPE) to form another PE hierarchy with

MPE
VRF default route VRF default route

UPE

another SPE (UPE).


l l

The middle level PE is called MPE. An SPE can connect with a standalone UPE when connecting with a PE in a hierarchy.

UPE

UPE

VPN1 VPN2 Site3 Site3

VPN1 VPN2 Site1 Site1

VPN1 VPN2 Site2 Site2

Endless hierarchies
HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 39

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
Multi-homed UPE
SPE1
VPN1 route VRF default route VPN2 route VRF default route

SPE2

UPE

l l

A UPE connects with multiple SPEs.

VPN1 VPN2 Site Site

The multiple SPEs all advertise the VRF default routes to the UPE. The UPE selects one default route in preference or selects multiple routes for load sharing.

The UPE broadcasts its VPN routes to all the multiple SPEs or part of the VPN routes to each of the SPEs for load sharing.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 40

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
SPE Connected with Both UPE and CE
SPE

CE

UPE

VPN1 Site1 l l

VPN1 VPN2 Site2 Site2

an SPE is connected with a UPE, it can still be connected to CEs. Sites of a same VPN intercommunicate through SPE All rights reserved Page 41

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
Back Door Connection between UPEs
SPE

Back door connection

UPE1

MP-BGP

UPE2

VPN1 VPN2 Site1 Site1 l

VPN1 VPN2 Site2 Site2

SPEA back door connection is established between two UPEs. VPN sites intercommunicate directly through this connection without the help of SPE. A UPE communicates with the peer and they exchange their routes through MP-BGP. UPEs can communicate across a network All rights reserved Page 42

l l

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Framework of HoPE
Best Solution
l l l

An SPE and a UPE communicate through only one interface/subinterface, which saves the limited interface resources. No need to configure the same VRF in SPE which already configured on UPE, which minimizes the configuration efforts. SPE and UPE exchange routes and advertise labels using the dynamic routing protocol MP-BGP. Each UPE only needs to run MP-BGP with one peer so that the protocol overhead is small and the configuration efforts are reduced. SPE and UPE can connect with each other through the tunnel interface so that they can communicate across a network. Especially, this can be an MPLS network, which features excellent scalability when MPLS VPNs are deployed in tiers. The back door connection between UPEs can reduce the load of SPE. Only one interface/subinterface is needed between UPEs.

BGP/MPLS VPN can be deployed on a tier by tier basis. When the performance of UPE is insufficient, an SPE can be added and the UPE is moved a lower tier. When the access capability of SPE becomes insufficient, more UPEs can be added. HUAWEI TECHNOLOGIES CO., LTD. All rights reserved Page 43

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 2 HoPE Solution


2.1 Background of HoPE 2.2 Framework of HoPE 2.3 Applications of HoPE

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 44

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Applications of HoPE
Application in Finance/Government Networks
SPE MPLS backbone SPE

Province

SPE

NE80/NE40/NE20/NE20s NE16/08/05

MPE

NE08/NE05 R3680

City
R3680 R2630

UPE

County

VPN1 VPN2 Site1 Site1

VPN1 VPN2 Site1 Site1

VPN1 VPN2 Site1 Site1

VPN1 VPN2 Site1 Site1

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 45

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Applications of HoPE
Application in MAN
core core

distribution(PE)

NE16/08 S8016

C75XX C6509

Insufficient distribution(SPE) interfaces

NE16/08 S8016

C75XX C6509

access

access(UPE)

NE05 R3680

Insufficient routing capability

Insufficient routing capability

core(SPE)

NE80

core(SPE)

NE80

distribution(UPE)

NE16/08 S8016

C75XX C6509

Insufficient distribution(MPE) interfaces

NE16/08 S8016

C75XX C6509

access

access(UPE)

NE05 R3680

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 46

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Applications of HoPE
Application in Cross-AS MAN-Backbone
ASBR SPE

NE80

backbone
All routes in the AS VRF default route All routes in the AS VRF default route

ASBR/RR UPE

NE80/40/20 NE16/08

MAN A

MAN B

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 47

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Cross-AS Solution Chapter 2 HoPE Solution Chapter 3 Internet Connection Solution Chapter 4 Multi-Role Host Technology

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 48

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Internet Connection Solution


Three Internet Access Solutions
l Subscribers of any type of network wish to have access to the

Internet, which is an inevitable demand


l In an MPLS VPN, three Internet access solutions are available:

[ Through external ISP [ Through static default route [ Through subinterface

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 49

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Internet Connection Solution


Internet Access Through External ISP
CE1 External ISP

VPN1

Eudemon

PE1

VPN1
CE2
l l

MPLS VPN BACKBONE


PE2 PE3

VPN1

CE3

Advantages: All VPN1 sites use CE1 as the egress, convenient for management. This solution is also called centralized access and is widely applied. Disadvantages: Multiple default routes may be added to the VRF instances of VPN, which may result in that the packet forwarding of multiple default gateways is not optimal. All rights reserved Page 50

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Internet Connection Solution


Internet Access Through Static Default Route
CE1

VPN1
.1 PE1 61.1.1.0 .2

External ISP VPN1

VPN1

MPLS VPN backbone

CE2
l

PE2

PE3

CE3

Advantages: Each VPN site can access Internet though the local PE, which facilitates management. This solution is also called distributed access. Disadvantages: The network segment of CE will be broadcasted in a public network. The security cannot be assured. NAT configuration is needed on CE. All rights reserved Page 51

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Internet Connection Solution


Internet Access Through Subinterface
CE1

VPN1

PE1

External ISP VPN1

VPN1

MPLS VPN backbone


PE2 PE3

CE2

CE3

Features: CE and PE are connected through subinterfaces. One subinterface is responsible for VPN communication and the other is responsible for public network access.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 52

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Chapter 1 Cross-AS Solution Chapter 2 HoPE Solution Chapter 3 Internet Connection Solution Chapter 4 Multi-Role Host Technology

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 53

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Multi-Role Host Solution


Selection Modes
l Client selection modes

[ L2TP accessing PE [ PPPOE accessing PE [ Mapping between 802.1X and VPN [ VLAN+Web
l PE selection modes

[ ACL-based VPN identification

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 54

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Multi-Role Host Solution


Client Selection Modes
The The host host accessed accessed PE PE through through L2TP L2TP tunnel tunnel

Radius/CAMS

L2TP Multi-role Host VLAN

PE

MPLS VPN LNS


PE PE dynamically dynamically imports imports different VPNs and different VPNs and assigns assigns the the IP IP addresses addresses according according to to the the user user name name and and password password l l l

Typical application of MPLS VPN access L2TP adapter can take place of real network adapter. Dynamic VPN selection implemented through L2TP authentication mechanism All rights reserved Page 55

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Multi-Role Host Solution


Multi-Purpose Server
Firewall

PE MPLS VPN
Shared server VRF

Configure Configure VRF VRF for for the the multimultipurpose server. Configure purpose server. Configure firewall firewall to to protect protect the the server. server. l l l l

Multiple VPNs share a server, with a fixed position and fixed role. Configure a private VRF for the multi-purpose server to exchange routes with multiple VPNs. IP address of the multi-purpose server is globally unique. Enhance protection for the server. All rights reserved Page 56

HUAWEI TECHNOLOGIES CO., LTD.

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

l Cross-AS, HoPE, Internet access and

Summary

multi-role host technologies are very useful extensions to MPLS and solve many problems in current networks.
l We must understand these technologies

in detail to facilitate future application and troubleshooting.

HUAWEI TECHNOLOGIES CO., LTD.

All rights reserved

Page 57

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Thank You
www.huawei.com

PDF created with FinePrint pdfFactory Pro trial version www.pdffactory.com

Das könnte Ihnen auch gefallen