This full-text paper was peer-reviewed and accepted to be presented at the IEEE WiSPNET 2016 conference.

Design of Traffic Engineered MPLS VPN for

Protected Traffic using GNS Simulator
Snehal Yadav and Amutha Jeyakumar
Department of Electrical Engineering
Veermata Jijabai Technological Institute, Mumbai 400039, India
snehaly1@gmail.com, amuthajaykumar@vjti.org.in

AbstractMultiprotocol Label Switching(MPLS) lends
efficiency to very large networks, and is the most used transport
technology for service provider networks to support multiple
customers. Customers connected to a service providers network
demand for secure, reliable, private and ultra fast connections
over the globe. This paper describes designing of MPLS
VPN(Virtual Private Network) along with dedicated traffic
tunneling for each VPN with the help of OSPF(Open Shortest
Path First) and MP-BGP(Multi Protocol-Border Gateway
Protocol) which helps in keeping the customers isolated, network
manageable and reliable. It also includes path protection, mainly
link and node protection in the MPLS network for failover
functionality along with features like route reflectors for better
efficiency. GNS(Graphical Network Simulator) software stack
with VMware virtualization were chosen for this purpose, as
these applications are well suited for emulation of real network
environment. The resultant network obtained after this design is
a real time solution to many problems and demands in todays
service providers network.
Index Terms MPLS, MPLS Traffic Engineering, MPLS
Virtual Private Network, routing protocols, route reflectors, link
protection, node protection.
I. INTRODUCTION
There has been an exponential growth in the tele-
communication sector throughout the world in the past few
years, which has led to an incredibly huge amount of traffic
being sent from one location to another with different
requirements and choices of services. MPLS has proved to be
a promising solution that provides different features in the
same network of the service provider, thus replacing many
transport technologies. One of the most exceptional feature of
MPLS is Traffic Engineering(TE) [1] that allows a service
provider to optimize the traffic flow and links utilization as it
would be demanded of a service providers network. It gives a
substantial amount of control in the hands of the service
provider regarding the optimal utilization of the available
resources[2].
There are many reasons why deployment of MPLS has
become so popular. The most significant of them is the
concept of VPN [3] which segregates the traffic according to
the criteria set by the customers, making the connection secure
and private. It can be used to establish private connections
between different sites of the same customers that might be
present at different locations. MPLS also has the capability of
protecting its path in case of any failover [4]. This helps the
service provider to provide a guaranteed service to its
customers. MPLS thus can provide multiple services at the
same instant in the same network, justifying its importance in
todays networking generation.
MPLS enabled networks are designed for various
customers and their various scenarios depending upon the
customers demands in the same network infrastructure. A
transparent tunnel can be created between the end points of the
network depending upon the class of traffic. All these
configurations are done on the service providers end and thus
the customer does not have to worry about the routing required
or deployment of extra resources.
The designed network in this paper connects customers
from its headquarters to its various sites throughout the world
using a private connection enabled with traffic tunneling. These
private communications are carried by MPLS VPN using
features like Route Distinguisher(RD) and Route Target(RT).
MP-BGP [5] is used to carry these large databases throughout
the network along with Route Reflectors that will allow the
IBGP(Internal Border Gateway Protocol) neighbors to learn all
the paths of the network. Every VPN is allotted a different
tunnel path so that complete privacy and security can be
achieved for every customer. Path protection mechanisms like
Fast Reroute(FRR) are used for faster recovery in case of a
failure. Link and node protection is given to the links and nodes
that carry higher importance in the network. All these features
included in the MPLS network leads to an highly efficient
network that can be used in real-time scenarios.
This paper is organized as follows: Section II illustrates the
previous work done in the MPLS domain. Section III
elaborates the proposed designing for a multiple customer
MPLS network, whereas Section IV deals with the analysis of
simulation results. The final section summarizes the paper.
II. PREVIOUS WORK
Earlier, if the customers were willing to setup a private link
between their various offices they would request the service
provider for a separate link which was a costly investment.
Also, the customers could not use the same private IP addresses
while connecting to the service provider network as the service
provider could not distinguish between the various customers.
When MPLS VPN started getting implemented [6] ,it enabled
the service provider to lease private links to the customer on

978-1-4673-9338-6/16/$31.00 2016
c IEEE 405
 This full-text paper was peer-reviewed and accepted to be presented at the IEEE WiSPNET 2016 conference.
the same network without any additional links to be installed.
Also the VRF(Virtual Routing and Forwarding) feature in VPN
now allows the customers to even use the same IP addresses.
Traffic engineering implementation [7] further made
optimal utilization of all the links present in the network,
reducing the load from over utilized links. Thus parameters like
packet loss, jitter and delay are improved in MPLS enabled
network. Path protection and restoration is a key element in
MPLS networks. Providers sell their services to customers.
This service delivery is concluded by a contract where certain
SLAs are specified. In order to provide reliable service
delivery, the network is to be made immune to different kind
of network outages and instability. This can be achieved by
using Fast Reroute specification for link protection and Record
Route Object for node protection.
III. DESCRIPTION OF PROPOSED NETWORK
A. Motivation
At the present time, the customers not only want to have
private connections with their own sites but also some other
constraints involved along with it like communication with
between various other company headquarters also in the same
link. This leads to a complex VPN structure where some
connections are to made absolutely secure whereas some
should be interconnected with others and all this should be
managed in the same link leased by the customer from the
service provider.
Also, the company customers do not like to share their links
with other customers, to maintain the required privacy and
security. Sharing of links can also lead to unwanted traffic of
others on the links which could lead to packet loss of their own
traffic, thus reducing the Quality of Services(QoS).
Consequently, it is preferred to use a personal link for every
customer.
Fig. 1: MPLS enabled sample network
406
B. Design scenario of a sample network
The goal of the proposed sample network as shown below
in Fig. 1, is to show how the features of MPLS VPN can be
combined with traffic engineering and path protection to satisfy
certain given constraints by customers. The sample network
has three different companies : Customer A, B and C, and these
three companies have their headquarters and sites at different
locations throughout the globe. This sample network insists on
the following constraints:
x C1: Customer A should be able to communicate among
its headquarters and sites. Similarly customer B and C
should be able to communicate amongst their own
headquarters and sites.
x C2:Customer As headquarter should be able to
communicate with customer Bs and Cs headquarters
only and not their site locations. Similarly for customer
B and C.
x C3:All the customers belong to different Autonomous
Systems.
x C4:Minimum number of links should be utilized for
communication between these companies and their
sites by the service provider.
x C5:Every customer should be allotted a separate tunnel
for communication between its own centers.
x C6:Path protection should be enabled for the network
for guaranteed services.
C. Proposed Solution
The proposed solution satisfying these constraints can be
shown via emulators like GNS(Graphical Network Simulator)
which is applicable for real-time scenarios. The steps for
designing this network can be shown as below:
x S1:Layer 3 MPLS VPNs
When more than one customer is connected to a
 This full-text paper was peer-reviewed and accepted to be presented at the IEEE WiSPNET 2016 conference.

network it is very important to keep their routing IV. SIMULATION RESULTS

information separate. Virtual Routing and Forwarding The sample scenario was implemented in GNS3 and the
(VRF) instance is used for every customer in the following results were obtained which are satisfying all the
network to achieve this. criteria mentioned resulting in a better service provider network
The Route-Distinguisher (RD) and Route-Target (RT) with many real-time features included.
are two different concepts that are both used in an
MPLS VPN. The RD is used to keep all prefixes in the A. Layer 3 MPLS VPNs
BGP table unique, and the RT is used to transfer routes Different VRFs are created for every customer location.
between VRFs/VPNS. Figure 2 shows the VRF implemented on PE2 router which is
x S2: Multi-protocol BGP connected to customer A and C Headquarters. Two VRFs are
Multi-protocol BGP which allows multiple address created for each with RTs and RDs of the connections that are
families to be transferred across the network in parallel required between these headquarters and their sites. Similar
should be used for the exchange of customers routing configurations is to be done on all the Provider Edge(PE)
information. routers.
BGP is designed to be the protocol operating across
multiple Autonomous Systems (AS) and is more
suitable for distributing very large amount of routing
information along with label distribution for MPLS.
This information helps in supporting multiple
customers.
x S3:Route Reflector (RR)
The architecture of BGP for the internal neighbor ship
requires full-mesh of connections between all
PEs(Provider Edge). RR can be used in order to reduce
this amount of iBGP connections. Following this
approach RRs are fully meshed and rest of the BGP
speakers within AS peer only with this RRs rather than
with each other.
x S4:MPLS Traffic Engineering (TE)
TE deployment offers service provider to increase
revenue allowing them to save money spent on extra
resources which are not really required. This is
achieved with the extra work spent for building a Fig. 2: VRF implementation on PE2 router
MPLS network topology with embedded TE
functionality. B. Multi-protocol BGP
Every traffic that flows through the link can be planned MP-BGP is run only on the PE routers, for connectivity
and its path can be decided using TE. Here, every between the customers and IGP(Internal Gateway Protocol)
customer is provide with a separate TE tunnel in the like OSPF is run in the MPLS core network to learn all the
same network. paths. Figure 3 shows BGP neighbors on PE2.
x S5:Failover functionality in MPLS
Path protection also known as end-to-end protection is
one of the essential protection service providers can
offer. Primary LSP(Label Switched Path) is backed up
by another LSP between the same source and
destination but using different physical path. It is one
of the most common practice of providing resiliency.
Under normal conditions only primary LSP is used for
the traffic.
Local protection using FRR [8] provides shortest
possible bypass path around the failure point. This in
the end makes path recovery very fast with minimum Fig. 3: BGP neighbors on PE2 router
devices involved in the recovery [9]. Bypass path is
pre-computed and maintained in hardware ready to be C. Route Reflector(RR)
used immediately when failure is detected.
In a MP_BGP MPLS network all PEs should be connected
to each other. In this scenario there are 6 PEs and if all are
supposed to be connected to each other then in all 15 links

407
 This full-text paper was peer-reviewed and accepted to be presented at the IEEE WiSPNET 2016 conference.
would be required which is not affordable to the service
provider. Hence here PE2 and PE3 are declared as RR and
other PEs are supposed to get connected to only either one of
them which shall be called as its client. Here, PE1 is the client
of PE2 and PE4, PE5, PE6 are the clients of PE 3 as shown in
Fig. 4.
Fig. 4: Route Reflector Clients of PE3 router.
D. MPLS Traffic Engineering (TE)
In the given scenario customers A, B and C have their site 2
locations connected to PE6 and all of them demand for a
separate link between their headquarters and their sites. Hence
three different traffic engineered tunnels are created for them as
shown in Fig. 1. The path taken by traffic from the
headquarters to their site 2 is as shown in Fig. 5, Fig. 6 and Fig.
7
Fig. 5: MPLS TE tunnel 1 for customer A
Fig. 6: MPLS TE tunnel 2 for customer B
408
Fig. 7: MPLS TE tunnel 3 for customer C
E. Failover functionality in MPLS
To protect the tunnels from any kind of failover FRR and
Record Route object is implemented on the tunnels as shown in
Fig. 8.
Fig. 8: Path Protection over tunnels
V. CONCLUSION
The major challenge for MPLS network is to cope up with
the ever increasing needs and demands for various services in
limited amount of resources. Meanwhile it should also maintain
the quality of services in terms of packet loss, jitter, delay,
privacy and security. This paper provides a design for such a
complex MPLS enabled network along with various criteria
and features, thus proving it to be a promising technology for
future also. Every step required to design a traffic engineered
MPLS VPN network with path protection is mentioned and
proved by implementing the scenario in GNS3 software.
The use of this design will limit the wastage of unused links
and instead provide tunneled route for every customer at the
same instant and in the same network infrastructure. This in
turn will prove to be cost effective for both the customers and
service provider. The implementation of the proposed design
will surely reduce parameters like packet loss and delay.
Security and privatization of the link is achieved by using
complex MPLS VPN, that puts restrictions on the connectivity
with unwanted customers. Failover functionality is provided for
guaranteed service to customers by giving path protection to
the important traffic engineered tunnels.
 This full-text paper was peer-reviewed and accepted to be presented at the IEEE WiSPNET 2016 conference.
ACKNOWLEDGMENT
We would like to express our gratitude towards Dr. R.N.
Awale for his crucial guidance and assistance in our project.
We are also thankful to our institute Veermata Jijabai
Technological Institute, Mumbai, India for providing the
facilities to carry out our research and project work.
REFERENCES
[1] E. Rosen, A. Viswanathan and R. Callon,"Multiprotocol label
switching architecture", IETF RFC 3031, 2001.
[2] D. Awduche, J. Malcolm, J. Agogbua, M. O'Dell and J.
McManus, "Requirements for Traffic Engineering Over MPLS,
IETF RFC 2702,1999.
[3] Ivan Pepelnjak and Jim Guichard, MPLS and VPN
Architectures, Cisco Press, March 2001.
[4] C. Huang, V. Sharma, K. Owens, S. Makam, Building Reliable
MPLS Networks Using a Path Protection Mechanism, IEEE
Communications Magazine, March 2002.
409
[5] E. Rosen and Y. Rekhter, BGP/MPLS VPNs, Internet
Engineering Task Force, RFC 2547, 1999.
[6] LI Ming-hui and XIA Jing-bo, Research and Simulation on
VPN Networking Based on MPLS, in 2008 International
Conference on Wireless Communications, Networking and
Mobile Computing, Dalian, China, October 12-17 2008.
[7] Jasmina Barakovic, Himzo Bajric and Amir Husic, Multimedia
Traffic Analysis of MPLS and non-MPLS Network, in 48th
International Symposium ELMAR-2006, Zadar, Croatia, June
07-09 2006.
[8] D. Haskin, R.Krishnan A Method for Setting an Alternative
Label Switched Paths to Handle Fast Reroute draft-haskin-
mpls-fast-reroute-05.txt , November 2000.
[9] L.Hundessa, J.Pascual, Fast Rerouting mechanism for a
protected label switched path , Proceedings of the IEEE
International Conference on Computer Communications 01,
October 2001.