Sie sind auf Seite 1von 75

Introduction to MPLS

BRKMPL-1100

Eric Osborne
Principal Engineer, Cisco
eosborne@cisco.com
2

Session Goals
Objectives
Understand history and business drivers for MPLS
Learn about MPLS customer and market segments
Understand the problems MPLS is addressing
Understand the major MPLS technology components
Understand typical MPLS applications
Understand benefits of deploying MPLS
Learn about MPLS futures; where MPLS is going

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Agenda
Topics

Introduction
MPLS Technology Basics
MPLS Layer-3 VPNs
MPLS Layer-2 VPNs
Advanced Topics
Summary

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Introduction

Intro
About Me
Involved in Internet networks since 1995
At cisco since 1998
TAC, AS, DE

Co-Author, Traffic Engineering with MPLS (Cisco Press 2003)


Long-time IP/MPLS guy

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

What Is MPLS?
Multi
Protocol

Multi-Protocol: The ability to carry any


payload.
Have:IPv4, IPv6, Ethernet, ATM, FR.
Could do IPX, AppleTalk, DECnet, etc
etc.

Label

Uses Labels to tell a node what to do


with a packet; separates forwarding
(hop by hop behavior) from routing
(control plane)

Switching

Routing == IPv4 or IPv6 lookup.


Everything else is Switching.

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

What is MPLS?
Brief Summary
Its all about labels
Use the best of both worlds
Layer-2 (ATM/FR): efficient forwarding and traffic engineering
Layer-3 (IP): flexible and scalable

MPLS forwarding plane


Use of labels for forwarding Layer-2/3 data traffic
Labeled packets are being switched instead of routed
Leverage layer-2 forwarding efficiency

MPLS control/signaling plane


Use of existing IP control protocols extensions + new protocols
to exchange label information
Leverage layer-3 control protocol flexibility and scalability
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

Technology Comparison
Key Characteristics of IP, Native Ethernet, and MPLS
IP

Native Ethernet

MPLS

Destination address based

Destination address based

Label based

Forwarding table learned


from control plane

Forwarding table learned


from data plane

Forwarding table learned from


control plane

TTL support

No TTL support

TTL support

Routing Protocols

Ethernet Loop avoidance


and signaling protocols

Routing Protocols

IP Header

802.3 Header

MPLS shim header

QoS

8 bit TOS field in IP header

3-bit 802.1p field in VLAN tag

3 bit TC field in label

OAM

IP ping, traceroute

E-OAM

MPLS OAM

Forwarding

Control Plane

Packet Encapsulation

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

MPLS protocols

Evolution of MPLS
Technology Evolution and Main Growth Areas
Evolved from tag switching in 1996 to full
IETF standard, covering over 130 RFCs
Key application initially were Layer-3 VPNs,
followed by Traffic Engineering (TE),
and Layer-2 VPNs

Optimize MPLS
for Cloud
Optimize MPLS for
packet transport
Optimize MPLS for video

Complete base MPLS portfolio


Bring MPLS to Market
First
L3VPNs
Deployed

Cisco ships
MPLS

1997 1998

BRKMPL-1100

Large Scale
L2VPN
Deployments

First L2VPN
Deployments

First MPLS TE
Deployments

1999 2000

2001 2002

Large Scale
L3VPN
Deployments

2003 2004

Large Scale
MPLS TE
Deployments

2005 2006

2013 Cisco and/or its affiliates. All rights reserved.

2007 2008

First LSM
Deployments

First MPLS TP
Deployments

2009 2010 2011 2012

Cisco Public

2013 2014

10

MPLS Technology Basics

Topics
Basics of MPLS Signaling and Forwarding
MPLS reference architecture
MPLS Labels

Service (Clients)
Layer-3 VPNs

Layer-2 VPNs

Transport

MPLS Traffic Engineering

IP/MPLS (LDP/RSVP-TE/BGP)

MPLS OAM

MPLS signaling and


forwarding operations

Management

MPLS OAM
MPLS Forwarding

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

12

MPLS Reference Architecture


Different Type of Nodes in a MPLS Network
P (Provider) router

MPLS Domain

Label switching router (LSR)


Switches MPLS-labeled packets

PE (Provider Edge) router


Edge router (LER)
Imposes and removes MPLS
labels

CE (Customer Edge) router

CE

PE

PE

CE

CE

CE
PE

Connects customer network to


MPLS network

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

PE

Label switched traffic

Cisco Public

13

MPLS Labels
Label Definition and Encapsulation
MPLS Label Stack Entry

Labels used for making


forwarding decision

Label = 20 bits

TC

TTL

TC = Traffic Class: 3 Bits; S = Bottom of Stack; TTL = Time to Live

Multiple labels can be used for


MPLS packet encapsulation
No limit on the number of
labels in a stack.

LAN MAC Header

Outer label always used for


switching MPLS packets in
network
Inner labels usually used for
services (e.g. L2/L3 VPN)

Label, S=1

Layer 3
Packet

MPLS Label Stack (1 label)

LAN MAC Header

Label, S=0

Label, S=1

Layer 3
Packet

MPLS Label Stack (2 labels)


BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

14

MPLS QoS
QoS Marking in MPLS Labels
MPLS label contains 3 TC bits
Used for packet classification and
prioritization
Similar to Type of Service (ToS) field
in IP packet (DSCP values)

MPLS DiffServ Marking


in Traffic Class Bits

DSCP values of IP packet mapped


into TC bits of MPLS label

TC

At ingress PE router

Most providers have defined 35


service classes (TC values)

Layer-2 Header

MPLS Header

IP DiffServ Marking

DSCP

Layer 3 Header

Different DSCP <-> TC mapping


schemes possible
Uniform mode, pipe mode, and short
pipe mode
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

15

Basic MPLS Forwarding Operations


How Labels Are Being Used to Establish End-to-end Connectivity
Label imposition (Push)

Label Imposition
(Push)

By ingress PE router; classify and


label packets
Based on Forwarding Equivalence
Class (FEC)
CE

Label swapping

PE

Label Swap

Label Swap

L1

CE

CE

CE
PE

Label disposition (Pop)

PE
L3

L2

By P router; forward packets using


labels; indicates service class &
destination

Label Disposition
(PoP)

PE

By egress PE router; remove label


and forward original packet to
destination CE

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

16

MPLS Path (LSP) Setup and Traffic Forwarding


MPLS Traffic Forwarding and MPLS Path (LSP) Setup
LSP signaling
Either LDP* or RSVP
Leverages IP routing
Routing table (RIB)

Forwarding

IP

MPLS

Destination address based

Label based

Forwarding table learned


from control plane

Forwarding table learned


from control plane

TTL support

TTL support

Exchange of labels
Label bindings
Downstream MPLS node advertises what
label to use to send traffic to node

MPLS forwarding

OSPF, IS-IS, BGP

Control Plane

OSPF, IS-IS, BGP

Packet
Encapsulation

IP Header

One or more labels

QoS

8 bit TOS field in IP header

3 bit TC field in label

OAM

IP ping, traceroute

MPLS OAM

LDP, RSVP

MPLS Forwarding table (FIB)


* LDP signaling assumed for next the examples
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

17

MPLS Path (LSP) Setup


Signaling Options
LDP signaling

LDP

Leverages existing routing

Forwarding path

LSP

RSVP signaling
Aka MPLS RSVP/TE
Enables enhanced capabilities, such as
Fast ReRoute (FRR)

They work differently, they solve


different problems
Dual-protocol deployments are very
common
BRKMPL-1100

LSP or TE Tunnel
Primary and, optionally, backup
Based on TE topology database

Forwarding
Calculation

Packet
Encapsulation

Can use both protocols


simultaneously

RSVP

Based on IP routing database


Shortest-Path based

Shortest-path and/or other


constraints
(CSPF calculation)

Single label

One or two labels

Initiated by head-end node towards


tail-end node
By each node independently
Signaling

2013 Cisco and/or its affiliates. All rights reserved.

Uses existing routing


protocols/information

Uses routing protocol


extensions/information
Supports bandwidth reservation
Supports link/node protection

Cisco Public

18

MPLS Path (LSP) Setup with LDP


Step 1: IP Routing (IGP) Convergence
Exchange of IP routes

Forwarding Table

OSPF, IS-IS, EIGRP, etc.

Establish IP
reachability

In
Address
Label Prefix

Out Out
Iface Label

Forwarding Table
In
Address
Label Prefix

Forwarding Table

Out Out
Iface Label

128.89

128.89

171.69

171.69

In
Address
Label Prefix

Out Out
Iface Label

128.89

0
0

128.89

0
1

You Can Reach 128.89 and


171.69 Thru Me

Routing Updates
(OSPF, EIGRP, )

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

You Can Reach 128.89 Thru Me


11

You Can Reach 171.69 Thru Me

Cisco Public

171.69

19

IP Packet Forwarding Example


Basic IP Packet Forwarding
IP routing information
exchanged between nodes
Via IGP (e.g., OSFP, IS-IS)

Packets being forwarded


based on destination IP
address

Forwarding
Table

Forwarding
Table

Address

I/F

Address

I/F

128.89

128.89

171.69

171.69

Forwarding
Table
Address

I/F

128.89

171.69

Lookup in routing table (RIB)

128.89

0
128.89.25.4 Data
128.89.25.4 Data

1
128.89.25.4 Data

128.89.25.4 Data
171.69

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

20

MPLS Path (LSP) Setup with LDP


Step 2: Assignment of Remote Labels
Local label mapping are sent to
connected nodes
Receiving nodes update
forwarding table

Forwarding Table
In Address Out Out
Label Prefix IfaceLabel
128.89
1
20

Forwarding Table

Forwarding Table

In Address Out Out


In Address Out Out
Label Prefix IfaceLabel Label Prefix IfaceLabel
20
128.89
0
30
30
128.89
0
-

171.69

21

21

171.69

36

Out label

0 128.89

LDP label advertisement


happens in parallel
(downstream unsolicited)

0
1

Use Label 20 for 128.89 and


Use Label 21 for 171.69

Label Distribution
Protocol (LDP)

Use Label 30 for 128.89


11

Use Label 36 for 171.69

171.69

(Downstream
Allocation)

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

21

MPLS Traffic Forwarding with LDP


Hop-by-hop Traffic Forwarding Using Labels
Ingress PE node adds label
to packet (push)
Via forwarding table

Downstream node use


label for forwarding
decision (swap)

Forwarding Table

Forwarding Table

In Address Out Out


In Address Out Out
Label Prefix IfaceLabel Label Prefix IfaceLabel
20
128.89
0
30
30
128.89
0
-

171.69

21

21

171.69

36

0 128.89
0

Outgoing interface
Out label

128.89.25.4 Data

30 128.89.25.4 Data

20 128.89.25.4 Data

2013 Cisco and/or its affiliates. All rights reserved.

0
128.89.25.4 Data

Egress PE removes label


and forwards original
packet (pop)
BRKMPL-1100

Forwarding Table

In Address Out Out


Label Prefix IfaceLabel
128.89
1
20

11

Forwarding based on
Label

Cisco Public

171.69

22

MPLS Traffic Forwarding with LDP


Quick recap
Routing protocol distributes routes
LDP distributes labels that map to routes
Packets are forwarded using labels

So what?

MPLSs benefit shows up later, in two places:


1. Divergence from IP routed shortest path
2. Payload-independent tunneling
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

23

MPLS Path (RSVP) Setup


MPLS-TE lets you deviate from the IGP shortest-cost path
This gives you lots of flexibility around how you send traffic across your network
Three steps:
1. Information distribution
2. Path calculation
3. LSP signaling

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

24

MPLS Path (RSVP) Setup


Flood link characteristics in the IGP
Reservable bandwidth, link colors, other
properties

IP/MPLS

TE
Topology
database

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

25

MPLS Path (RSVP) Setup


IGP: Find shortest (lowest
cost) path to all nodes.

Find
shortest
path to R8
with 8Mbps

Link with insufficient bandwidth


Link with sufficient bandwidth

IP/MPLS

TE: Per node, find the shortest


(lowest cost) path which
meets constraints.

R1
15

10
10

R8

10
10

TE
Topology
database

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

26

MPLS Path (RSVP) Setup


Set up the calculated path using RSVP
(Resource ReSerVation Protocol)

Head end

IP/MPLS

Once labels are learned, theyre


programmed just like LDP labels
At the forwarding level, you cant tell whether
your label came from RSVP or LDP
All the hard work is in the control plane
No per-packet forwarding hit for any of this

L=16
RESV

Tail end

PATH

TE LSP

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

27

MPLS TE Fast ReRoute (FRR)


Implementing Network Failure Protection Using MPLS RSVP/TE
Steady state

Router A

Router B

Router D

Router E

Primary tunnel:
ABDE

Backup tunnel:
B C D (pre-provisioned)

Failure of link between router B


and D
Traffic rerouted over backup
tunnel

Router Y

Router X
Router C

Primary Tunnel

Recovery time 50 ms

Backup Tunnel

Actual Time VariesWell Below 50 ms in Lab


Tests
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

28

MPLS OAM
Tools for Reactive and Proactive Trouble Shooting of MPLS Connectivity
MPLS LSP Ping
Used for testing end-to-end MPLS connectivity similar to IP ping
Can we used to validate reachability of LDP-signaled LSPs, TE tunnels, and PWs

MPLS LSP Trace


Used for testing hop-by-hop tracing of MPLS path similar to traceroute
Can we used for path tracing LDP-signaled LSPs and TE tunnels

MPLS LSP Multipath (ECMP) Tree Trace


Used to discover of all available equal cost LSP paths between PEs
Unique capability for MPLS OAM; no IP equivalent!

Auto IP SLA
Automated discovery of all available equal cost LSP paths between PEs
LSP pings are being sent over each discovered LSP path
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

29

Summary
Key Takeaways
MPLS networks consist of PE routers at in/egress and P routers in core
Traffic is encapsulated with label(s) at ingress (PE router)
Labels are removed at egress (PE router)
MPLS forwarding operations include label imposition (PUSH), swapping, and
disposition (POP)
LDP and RSVP can be used for signaling label mapping information to set up
an end-to-end Label Switched Path (LSP)
RSVP label signaling enables setup of TE tunnels, supporting enhanced traffic
engineering capabilities; traffic protection and path management

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

30

MPLS Virtual Private Networks

MPLS Virtual Private Networks


Topics
Definition of MPLS VPN
service

Layer-3 VPNs

BRKMPL-1100

Layer-2 VPNs

Transport

IP/MPLS (LDP/RSVP-TE/BGP)

MPLS Forwarding

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

MPLS OAM

Basic MPLS VPN deployment


scenario
Technology options

Management

Service (Clients)

32

What Is a Virtual Private Network?


Definition
Set of sites which communicate with each other in a secure way
Typically over a shared public or private network infrastructure

Defined by a set of administrative policies


Policies established by VPN customers themselves (DIY)
Policies implemented by VPN service provider (managed/unmanaged)

Different inter-site connectivity schemes possible


Full mesh, partial mesh, hub-and-spoke, etc.

VPN sites may be either within the same or in different organizations


VPN can be either intranet (same org) or extranet (multiple orgs)

VPNs may overlap; site may be in more than one VPN


BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

33

MPLS VPN: Build vs Buy?


To some people, deploying MPLS VPN means building your own MPLS
network
To some, it means buying MPLS-based VPN services from a provider
Most of the heavy lifting is in building your own
Buying may or may not have any impact on your network

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

34

MPLS VPN Example


Basic Building Blocks
VPN policies

PE-CE
Link

Configured on PE routers (manual


operation)

PE

CE

VPN signaling
Between PEs
Exchange of VPN policies

VPN traffic forwarding

PE-CE
Link

VPN Signaling

PE

VPN
Policy

VPN
Policy
VPN
Policy

VPN

CE Policy

Additional VPN-related MPLS label


encapsulation

CE

PE

CE

PE

PE-CE link
Connects customer network to MPLS
network; either layer-2 or layer-3
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Label Switched Traffic

Cisco Public

35

MPLS VPN Models


Technology Options
MPLS VPN Models

MPLS Layer-3 VPNs


Peering relationship between CE
and PE

MPLS Layer-2 VPNs


Interconnect of layer-2 Attachment
Circuits (ACs)

MPLS Layer-2 VPNs


Point-to-Point
Layer-2 VPNs

Multi-Point
Layer-2 VPNs

CE
connected
to PE via
p2p L2
connection

CE
connected to
PE via
mp2mp
Ethernet
connection

CE-CE L2
connectivity
CE-CE
routing; no
SP
involvement
BRKMPL-1100

MPLS Layer-3 VPNs

2013 Cisco and/or its affiliates. All rights reserved.

CE-CE L2
connectivity
CE-CE
routing; no
SP
involvement

CE connected to PE via IPbased connection (over any


layer-2 type)
Static routing
PE-CE routing protocol;
eBGP, OSPF, IS-IS
CE routing has peering
relationship with PE router; PE
routers are part of customer
routing
PE routers maintain customerspecific routing tables and
exchange customer=specific
routing information

Cisco Public

36

MPLS Layer-3 Virtual Private Networks

MPLS Layer-3 Virtual Private Networks


Topics
Technology components

Management

Service (Clients)

VPN control plane mechanisms

Layer-3 VPNs

Layer-2 VPNs

VPN forwarding plane


Business VPN services
Network segmentation
Data Center access

BRKMPL-1100

Transport

IP/MPLS (LDP/RSVP-TE/BGP)

MPLS Forwarding

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

MPLS OAM

Deployment use cases

38

MPLS Layer-3 VPN Overview


Technology Components
VPN policies
Separation of customer routing via virtual VPN routing table (VRF)
In PE router, customer interfaces are connected to VRFs

VPN signaling
Between PE routers: customer routes exchanged via BGP (MP-iBGP)

VPN traffic forwarding


Separation of customer VPN traffic via additional VPN label
VPN label used by receiving PE to identify VPN routing table

PE-CE link
Can be any type of layer-2 connection (e.g., FR, Ethernet)
CE configured to route IP traffic to/from adjacent PE router
Variety of routing options; static routes, eBGP, OSPF, IS-IS
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

39

Virtual Routing and Forwarding Instance


Virtual Routing Table and Forwarding to Separate Customer Traffic
Virtual routing and forwarding table
On PE router
Separate instance of routing (RIB) and
forwarding table

CE

Typically, VRF created for each


customer VPN
Separates customer traffic

VRF
Green

VPN 1

PE
MPLS Backbone

CE
VPN 2

VRF
Blue

VRF associated with one or more


customer interfaces
VRF has its own routing instance for
PE-CE configured routing protocols
E.g., eBGP
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

40

VPN Route Distribution


Exchange of VPN Policies Among PE Routers
Full mesh of BGP sessions
among all PE routers
Or BGP Route Reflector
(common)

PE-CE routing options

PE

CE

Multi-Protocol BGP extensions


(MP-iBGP) to carry VPN policies

BGP Route Reflector

PE-CE
Link

PE

Blue VRF

CE

CE
Blue VRF
Red VRF

Red VRF

CE
PE

Static routes
eBGP
OSPF
IS-IS

BRKMPL-1100

PE-CE
Link

PE

Label Switched Traffic

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

41

VPN Control Plane Processing


Make customer routes unique:
Route Distinguisher (RD):
8-byte field, VRF parameters; unique value to make VPN IP routes unique
VPNv4 address: RD + VPN IP prefix
Selective distribute VPN routes:
Route Target (RT): 8-byte field, VRF parameter, unique value to define the
import/export rules for VPNv4 routes
MP-iBGP: advertises VPNv4 prefixes + labels

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

42

VPN Control Plane Processing


Interactions Between VRF and BGP VPN Signaling
1. CE1 redistribute IPv4 route to
PE1 via eBGP
2. PE1 allocates VPN label for
prefix learnt from CE1 to create
unique VPNv4 route

eBGP:
16.1/16

CE1

PE1

3. PE1 redistributes VPNv4 route


into MP-iBGP, it sets itself as a
next hop and relays VPN site
routes to PE2
4. PE2 receives VPNv4 route
and, via processing in local
VRF (green), it redistributes
original IPv4 route to CE2
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

BGP advertisement:
VPN-IPv4 Addr = RD:16.1/16
BGP Next-Hop = PE1
Route Target = 100:1
Label=42

Blue VPN

eBGP:
16.1/16
PE2

CE2

ip vrf blue-vpn
VRF
parameters:
RD 1:100
Name
= blue-vpn
route-target
export
RD = 1:100
1:100
Import
Route-Target
route-target
import = 100:1
Export Route-Target = 100:1
1:100

Cisco Public

43

VPN Forwarding Plane Processing


Forwarding of Layer-3 MPLS VPN Packets
1. CE2 forwards IPv4 packet to PE2
2. PE2 imposes pre-allocated VPN
label to IPv4 packet received from
CE2

IPv4

Learned via MP-IBGP

3. PE2 imposes outer IGP label A


(learned via LDP) and forwards
labeled packet to next-hop
P-router P2

IGP
Label C

VPNv4
Label

IGP
Label B

IPv4

VPNv4
Label

IGP
Label A

IPv4

IPv4

IPv4

IPv4
Packet

IPv4
Packet

CE1

VPNv4
Label

PE1

P1

P2

PE2

CE2

4. P-routers P1 and P2 swap outer


IGP label and forward label packet
to PE1
A->B (P2) and B->C (P1)

5. Router PE1 strips VPN label and


IGP labels and forwards IPv4
packet to CE1
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

44

Service Provider Deployment Scenario


MPLS Layer-3 VPNs for Offering Layer-3 Business VPN Services
Deployment Use Case

Managed VPN Service

Delivery of IP VPN services to


business customers

Unmanaged VPN Service

CPE

Edge

Core

VPN Core

Edge

CPE

Benefits
Leverage same network for
multiple services and customers
(CAPEX)
Highly scalable

MPLS Node

Service enablement only


requires edge node
configuration (OPEX)
Different IP connectivity can be
easily configured; e.g.,
full/partial mesh
BRKMPL-1100

Network
Segment

Typical
Platforms

2013 Cisco and/or its affiliates. All rights reserved.

CPE

Edge

Core

CE

PE

ASR1K

ASR9K

CRS-1

ISR/G2

7600

ASR9K

ASR1K
ASR903
ME3800X
Cisco Public

45

Enterprise Deployment Scenario


MPLS Layer-3 VPNs for Implementing Network Segmentation
Deployment Use Case
Segmentation of enterprise
network to provide selective
connectivity for specific user
groups and organizations

Benefits
Network segmentation only
requires edge node configuration
Flexible routing; different IP
connectivity can be easily
configured; e.g., full/partial mesh

MPLS VPNs for L3 Network


Segmentation

Access

Edge

Network
Segment
MPLS Node
Typical
Platforms

Core

VPN Core

Edge

Access

Access

Edge

Core

CE

PE

ASR1K

7600

CRS-1

ISR/G2

ASR1K

ASR9K
7600
6500

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

46

Data Center Deployment Scenario


MPLS Layer-3 VPNs for Segmented L3 Data Center Access and Interconnect
MPLS VPNs terminating on DC
aggregation

Deployment Use Case


Segmented WAN Layer-3 at
Data Center edge
Layer-3 segmentation in Data
Center

MPLS VPNs
at DC edge
Access
Top Of Rack Distribution

Benefits

Core

Edge

Data Center

Only single Data Center edge


node needed for segmented
layer-3 access
Enables VLAN/Layer-2 scale (>
4K)

BRKMPL-1100

Core

Network
Segment
MPLS Node
Typical
Platforms

2013 Cisco and/or its affiliates. All rights reserved.

Distribution

Core

Edge

CE or PE

P or CE

PE

N7K

N7K

ASR9K

6500

6500

7600

Cisco Public

47

MPLS L3 VPN: Build vs buy?


Key consideration: bringing SP into the customers routing domain
Easy to solve with BGP, the worlds only political routing protocol!
Also works with static routes: no dynamic handoff, no potential for dynamic
mess
BGP and static are very popular
EIGRP, OSPF, RIP are also options

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

48

Summary
Key Takeaways
MPLS Layer-3 VPNs provide IP connectivity among CE sites
MPLS VPNs enable full-mesh, hub-and-spoke, and hybrid IP connectivity

CE sites connect to the MPLS network via IP peering across PE-CE links
MPLS Layer-3 VPNs are implemented via VRFs on PE edge nodes
VRFs providing customer routing and forwarding segmentation

BGP used for signaling customer VPN (VPNv4) routes between PE nodes
To ensure traffic separation, customer traffic is encapsulated in an additional
VPN label when forwarded in MPLS network
Key applications are layer-3 business VPN services, enterprise network
segmentation, and segmented layer-3 Data Center access
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

49

MPLS Layer-2 Virtual Private Networks

MPLS Layer-2 Virtual Private Networks


Topics
L2VPN technology options
P2P VPWS services (PWs)

MP2MP VPLS services


Overview & Technology Basics
VPN control plane
VPN forwarding plane

Layer-3 VPNs

Layer-2 VPNs

Transport

IP/MPLS (LDP/RSVP-TE/BGP)

MPLS Forwarding

MPLS OAM

Overview & Technology Basics


VPN control plane
VPN forwarding plane

Management

Service (Clients)

Deployment use cases


L2 Business VPN services
Data Center Interconnect
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

51

MPLS Layer-2 Virtual Private Networks


Technology Options
VPWS services

MPLS Layer-2 VPNs

Point-to-point
Referred to as Pseudowires
(PWs)

Point-to-Point
Layer-2 VPNs (VPWS)

Multipoint-to-Multipoint
Layer-2 VPNs

VPLS services
Multipoint-to-Multipoint
EVPN

EVPN

VPLS

BGP-based mp2mp

PBB-EVPN

PBB-EVPN

Combines scale tools from


PBB with BGP learning from
EVPN
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

52

MPLS L2 VPN
Why so many solutions?
Started with p2p, but that doesnt scale well
Many issues to solve with multipoint

Discovery: who do I talk to?


Signaling: what label(s) do I send them?
Learning: what MACs are at which sites?
Connectivity: can CEs be multihomed? ECMP or
redundancy?

Can solve in the control plane or in the data


plane
Control plane: BGP or LDP?
Data plane is often expensive
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

53

Virtual Private Wire Services (VPWS)


Overview of Pseudowire (PW) Architecture
Based on IETFs Pseudo-Wire
(PW) Reference Model
Enables transport of any Layer-2
traffic over MPLS
PE-CE link is referred to as
Attachment Circuit (AC)

Attachment
Circuit (AC)

Attachment
Circuit (AC)

Pseudo-Wire 1

PE

CE

PE

Layer-2

CE
Layer-2

CE

CE
Layer-2

Provides a p2p service

PE

Pseudo-Wire 2

Layer-2

PE

Discovery: manual (config)


Emulated Layer-2 Service

Signaling: LDP

Label Switched Traffic

Learning: data plane


BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

54

VPWS Control Plane Processing


Signaling of a New Pseudo-Wire
1. New Virtual Circuit (VC) crossconnect connects customer L2
interface (AC) to new PW via VC ID
and remote PE ID
2. New targeted LDP session between
PE1 and PE2 is established, in case
one
does not already exist

3
4
CE

3. PE binds VC label with customer


layer-2 interface and sends labelmapping to remote PE

PE

Label Mapping Messages

4
LDP session

PE

CE

Emulated Layer-2 Service

4. Remote PE receives LDP label


binding message and matches VC
ID with local configured VC crossconnect
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

55

VPWS Forwarding Plane Processing


Forwarding of Layer-2 Traffic Over PWs
1. CE2 forwards L2 packet to PE2.
2. PE2 pushes VC (inner) label to L2
packet received from CE2
Optionally, a control word is added
as well (not shown)

3. PE2 pushed outer (Tunnel) label


and forwards packet to P2

Eth

IGP
Label C

PW
Label

IGP
Label B

Eth

PW
Label

IGP
Label A

Eth

Eth

Eth

Ethernet
Frame

Ethernet
Frame

CE1

PW
Label

PE1

P1

P2

PE2

CE2

4. P2 and P1 forward packet using


outer (tunnel) label (swap)
5. Router PE2 pops Tunnel label and,
based on VC label, L2 packet is
forwarded to customer interface to
CE1, after VC label is removed
In case control word is used, new
layer-2 header is generated first
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

56

EVPN
Provides mp2mp

BGP advertisement:
L2VPN/EVPN Addr = CE1.MAC
BGP Next-Hop = PE1
Route Target = 100:1
Label=42

Discovery: BGP, using MPLS


VPN mechanisms (RT)
Signaling: BGP
Learning: Control plane (BGP)
Allows for multihomed CEs

BGP RR
CE1

PE

PE

CE3

CE4

CE2
PE

PE

Emulated Virtual Switch


BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

58

PBB-EVPN
Combines Provider Backbone
Bridging (802.1ah) with EVPN
Scales better than straight EVPN
Removes the need to flood all MAC
addresses in BGP

BGP advertisement:
L2VPN/EVPN Addr = PE1.B-MAC
BGP Next-Hop = PE1
Route Target = 100:1
Label=42

CE-CE MAC addresses learned in the data plane)

Provides mp2mp

BGP RR

Discovery: BGP, using MPLS


VPN mechanisms (RT)

CE1

Signaling: BGP

CE2

Learning: Forwarding plane


Allows for multihomed CEs
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

PE

PE

CE3

CE4
PE

PE

Emulated Virtual Switch


Cisco Public

59

Service Provider Deployment Scenario


PWs for Offering Layer-2 Business VPN Services
Deployment Use Case

Layer-2 VPN Service

Delivery of E-LINE services to


business customers

CE

PE

PE

CE

Benefits
Leverage same network for
multiple services and
customers (CAPEX)
Highly scalable

Service enablement only


requires edge node
configuration (OPEX)

BRKMPL-1100

Network
Segment

CE

PE

Typical
Platforms

M3400

ME3800X

CRS-1

ASR901

ASR903

ASR9K

2013 Cisco and/or its affiliates. All rights reserved.

ASR9K

Cisco Public

60

Data Center Deployment Scenario

Data Center

VPLS for Layer-2 Data Center Interconnect (DCI) Services

DC
Edge

Deployment Use Case

Data Center

E-LAN services for Data Center


interconnect

DC
Edge

Core

Core

Edge
Data Center

Edge

Benefits

DC
Edge

Single WAN uplink to connect to


multiple
Data Centers
Easy implementation of
segmented layer-2 traffic
between Data Centers

Core

Network
Segment
MPLS Node
Typical
Platforms

Edge

Core

DC Edge

Core

Edge

CE

PE

ASR9K

CRS-1

ASR9K

7600

ASR9K

7600

6500
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

61

Summary
Key Takeaways
L2VPNs enable transport of any Layer-2 traffic over MPLS network
L2 packets encapsulated into additional VC label
Both LDP and BGP can be used L2VPN signaling
PWs suited for implementing transparent point-to-point connectivity between
Layer-2 circuits (E-LINE services)
VPLS suited for implementing transparent point-to-multipoint connectivity
between Ethernet links/sites (E-LAN services)
Typical applications of L2VPNs are layer-2 business VPN services and Data
Center interconnect

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

62

Advanced Topics

MPLS And IPv6


IPv6 Support for Native MPLS Deployments and MPLS Layer-3 Services
MPLS allows IPv6 to be
deployed as an edge-only
service, no need to run v6 in the
core

IPv6

6PE

CE

IPv6

IPv4 MPLS

6PE

CE

Easier to deploy
Security mechanism

6PE: All IPv6 can see each


other (single VPN)
IPv6+label (no RD, no RT)

IPv6

CE

6VPE

IPv6

IPv4 MPLS

6VPE

CE

6VPE: Separate IPv6 VPNs


VPNv6, includes RD and RT

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

64

Label Switched Multicast (LSM)


Point-to-Multi-Point MPLS Signaling and Connectivity
What is Label Switched Multicast?
MPLS extensions to provide
P2MP connectivity
RSVP extensions and multicast LDP

Uni-Directional
LSP

MPLS /
IP
IP/MPLS

Why Label-Switched Multicast?


Enables MPLS capabilities, which
can not be applied to IP multicast
traffic (e.g., FRR)

Benefits of Label-Switched
Multicast
Efficient IP multicast traffic
forwarding
Enables MPLS traffic protection and
BW control of IP multicast traffic
BRKMPL-1100

P2MP or MP2MP
LSP Tree

Label Switched
Multicast (LSM)

2013 Cisco and/or its affiliates. All rights reserved.

IP/MPLS

Cisco Public

65

MPLS Transport Profile (TP)


Bi-Directional MPLS Tunnel Extensions For Transport Oriented Connectivity
What is MPLS TP?

Bi-Directional
MPLS TP Tunnel

Point-to-point static LSPs which are corouted


Bi-directional TP tunnel

PE

CE

Why MPLS TP?


Migration of TDM legacy networks often
assume continuation of connectionoriented operations model
MPLS TP enables packet-based
transport with connection-oriented
connectivity

Benefits of MPLS TP

PE

CE

Transport
IP/MPLS
(LDP/RSVP-TE/BGP)

Meets transport-oriented operations


requirements
Enables seamless migration to dynamic
MPLS

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

MPLS-TP
(Static/RSVP-TE)

MPLS Forwarding

Cisco Public

66

Futures
New MPLS Developments on the Horizon

Global Optimization

MPLS and Cloud


Integration

S-PCE/SDN

VPN Data Center


Integration

MPLS Multilayer
Optimizaton
TE+TP+RSVP+GMPLS

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Control Plane
Reduction
Segment Routing

Cisco Public

67

Summary

Summary
Key Takeaways
Its all about labels
Label-based forwarding and protocol for label exchange
Best of both worlds L2 deterministic forwarding and scale/flexible L3 signaling

Key MPLS applications are end-to-end VPN services


Secure and scalable layer 2 and 3 VPN connectivity

MPLS supports advanced traffic engineering capabilities


QoS, bandwidth control, and failure protection

MPLS is a mature technology with widespread deployments


Defacto for most SPs, large enterprises, and increasingly in Data Centers

Ongoing technology evolution


IPv6, optimized video transport, TP transport evolution, and cloud integration
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

69

Consider MPLS When


Decision Criteria
Is there a need for network segmentation?
Segmented connectivity for specific locations, users, applications, etc.

Is there a need for flexible connectivity?


E.g., Flexible configuration of full-mesh or hub-and-spoke connectivity

Is there a need for implementing/supporting multiple (integrated) services?


Leverage same network for multiple services

Are there specific scale requirements?


Large number of users, customer routes, etc.

Is there a need for optimized network availability and performance?


Node/link protection, pro-active connectivity validation
Bandwidth traffic engineering and QoS traffic prioritization
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

70

Cisco Live 2013


MPLS Sessions

BRKMPL-1100
BRKMPL-2100
BRKMPL-2101
BRKMPL-2102
BRKMPL-2108
BRKMPL-2109
BRKMPL-2333
BRKMPL-3010
BRKMPL-3101
LTRMPL-2102
LTRMPL-3100
LTRMPL-3102
PNLSPG-3999
TECMPL-3100
TECMPL-3200
BRKMPL-1100

Introduction to MPLS
Deploying MPLS Traffic Engineering
Deploying MPLS-based Layer 2 Virtual Private Networks
Deploying MPLS-based IP VPNs
Designing MPLS in Next Generation Data Center: A Case Study
MPLS Solutions for Cloud Networking
E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN
Generalized MPLS - Introduction and Deployment
Advanced Topics and Future Directions in MPLS
Enterprise Network Virtualization using IP and MPLS Technologies: Introduction
Unified MPLS Lab
Enterprise Network Virtualization using IP and MPLS Technologies: Advanced
Transport Evolution in SP Core Networks
Unified MPLS - An architecture for Advanced IP NGN Scale
SDN WAN Orchestration in MPLS and Segment Routing Networks
2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

71

Terminology Reference
Acronyms Used in MPLS Reference Architecture
Terminology

Description

AC

Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.

AS

Autonomous System (a Domain)

CoS

Class of Service

ECMP

Equal Cost Multipath

IGP

Interior Gateway Protocol

LAN

Local Area Network

LDP

Label Distribution Protocol, RFC 3036.

LER

Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains.

LFIB

Labeled Forwarding Information Base

LSP

Label Switched Path

LSR

Label Switching Router

NLRI

Network Layer Reachability Information

P Router

An Interior LSR in the Service Provider's Autonomous System

PE Router

An LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Backbone Network.

PSN Tunnel

Packet Switching Tunnel

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

72

Terminology Reference
Acronyms Used in MPLS Reference Architecture
Terminology

Description

Pseudo-Wire

A Pseudo-Wire Is a Bidirectional Tunnel" Between Two Features on a Switching Path.

PWE3

Pseudo-Wire End-to-End Emulation

QoS

Quality of Service

RD

Route Distinguisher

RIB

Routing Information Base

RR

Route Reflector

RT

Route Target

RSVP-TE

Resource Reservation Protocol based Traffic Engineering

VPN

Virtual Private Network

VFI

Virtual Forwarding Instance

VLAN

Virtual Local Area Network

VPLS

Virtual Private LAN Service

VPWS

Virtual Private WAN Service

VRF

Virtual Route Forwarding Instance

VSI

Virtual Switching Instance

BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

73

Further Reading
MPLS References at Cisco Press and cisco.com
http://www.cisco.com/go/mpls
http://www.ciscopress.com
MPLS and VPN Architectures Cisco Press
Jim Guichard, Ivan Papelnjak

Traffic Engineering with MPLS Cisco Press


Eric Osborne, Ajay Simha

Layer 2 VPN Architectures Cisco Press


Wei Luo, Carlos Pignataro, Dmitry Bokotey, and Anthony Chan

MPLS QoS Cisco Press


Santiago Alvarez
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

74

Complete Your Online Session Evaluation


Give us your feedback and
you could win fabulous prizes.
Winners announced daily.
Receive 20 Cisco Daily Challenge
points for each session evaluation
you complete.
Complete your session evaluation
online now through either the mobile
app or internet kiosk stations.
Maximize your Cisco Live experience with your
free Cisco Live 365 account. Download session
PDFs, view sessions on-demand and participate in
live activities throughout the year. Click the Enter
Cisco Live 365 button in your Cisco Live portal to
log in.
BRKMPL-1100

2013 Cisco and/or its affiliates. All rights reserved.

Cisco Public

75