Beruflich Dokumente
Kultur Dokumente
Bonaventure, 2004
Outline
BGP basics
Site2, alpha.com
Site4, beta.be
Site3, alpha.com
Site1, beta.be
Network provider
Site3, beta.be
Site3, alpha.com
R
R
R
Site1, beta.be
Network providing
R leased lines
R Site3, beta.be
R
R
Site1, alpha.com
Site2, beta.be
Principle
Site2, alpha.com
10.0.2.0/ 24 Site4, beta.be
10.0.5.0/ 24
Site3, alpha.com
10.0.4.0/ 24
Site3, alpha.com
R
R 10.0.4.0/ 24
R
Site1, beta.be
10.0.2.0/ 24 R R R
R
R Site3, beta.be
R 10.0.4.0/ 24
R
Site1, alpha.com
10.0.1.0/ 24
Site2, beta.be
10.0.3.0/ 24
Principle
Site3, alpha.com
R 10.0.4.0/ 24
WAN interface : 193.190.10.11 R
LAN interface : 10.0.2.1
IP Tunnels R WAN interface : 193.190.30.13
R LAN interface : 10.0.4.1
towards 193.190.20.12
towards 193.190.30.13 R IP Tunnels
towards 193.190.10.11
towards 193.190.20.12
R ISP : 193.190.0.0/ 16
Site1, alpha.com Backbone routers only use this address block
10.0.1.0/ 24
WAN interface : 193.190.20.12
LAN interface : 10.0.1.1
IP Tunnels
towards 193.190.10.11
towards 193.190.30.13
Principle
Tunnel is used to carry network layer packets
32 bits
IP Protocol
Ver IHL DS Total length Value 47 is reserved to indicate that
IP packet carries GRE-encapsulated
Identification Flags Fragment Offset
Delivery IP packet
Header TTL Protocol Checksum
Source IP address Protocol Type
Destination IP address
Indicates the type of network layer
packet carried by tunnel
GRE C Reserved Ver Protocol Type same values as Ethernet type field
Header Checksum (option) Reserved (0x800 for IP packet)
Site3, alpha.com
R
R 10.0.4.0/ 24
R
Site1, beta.be
10.0.2.0/ 24 R R R
R
R Site3, beta.be
R 10.0.4.0/ 24
R
Site1, alpha.com
10.0.1.0/ 24
Site2, beta.be
10.0.3.0/ 24
Principle
Site3, alpha.com
LAN interface : 10.0.2.1 10.0.4.0/ 24
FEC R
10.0.4.0/ 24, use label L1 R
10.0.1.0/ 24, use label L2 LAN interface : 10.0.4.1
R FEC
MPLS backbone 10.0.1.0/ 24, use label L6
10.0.2.0/ 24, use label L3
Advantages
a single physical line per VPN site
Flexibility
BGP basics
Objective
Site3, alpha.com
RD RB 10.0.4.0/ 24
ISP backbone
Site1, beta.be RE
10.0.4.0/ 24 R1 R3
R
RA
R2
R
RF
Site1, alpha.com
10.0.1.0/ 24
Site2, alpha.com
10.0.2.0/ 24
Site3, alpha.com
CE CE 10.0.4.0/ 24
ISP backbone
Site1, beta.be CE
10.0.4.0/ 24 PE1 PE3
P
CE
PE2
P
CE
Site1, alpha.com
10.0.1.0/ 24
Principle
Each CE router contains one routing table with
Site3, alpha.com
CE CE 10.0.4.0/ 24
ISP backbone
Site1, beta.be CE
10.0.4.0/ 24 PE1 PE3 CE(site3),alpha.com
P
CE 10.0.2.0/ 24 via PE3
PE2 10.0.4.0/ 24 via PE3
P
CE
Site1, alpha.com CE(site1),beta.be
10.0.1.0/ 24
10.0.2.0/ 24 via PE1
BGP/2004.5.21 O. Bonaventure, 2004
Routing tables on the P routers
Principle
P routers only know how to reach the routers in
their backbone
P routers do not know anything about VPNs
Site3, alpha.com
CE CE 10.0.4.0/ 24
ISP backbone
Site1, beta.be CE
10.0.4.0/ 24 PE1 PE3
Pa
CE Pb's routing table
PE2 Pa North-West
Pb
CE PE2 West
Site1, alpha.com PE3 North
10.0.1.0/ 24 PE1 North-West (via Pa)
BGP/2004.5.22 O. Bonaventure, 2004
Routing tables on the PE routers
Problem
Corporate networks often use RFC1918 addresses
Site3, alpha.com
CE CE 10.0.4.0/ 24
ISP backbone
Site1, beta.be CE
10.0.4.0/ 24 PE1 PE3 PE3's possible routing table
Pa Pa West
CE Pb South
PE2
Pb PE1 West (via Pa)
CE PE2 South (via Pb)
Site1, alpha.com 10.0.1.0 West (via PE2)
10.0.1.0/ 24 Where are
10.0.2.0/ 24 ???
BGP/2004.5.23 10.0.4.0/ 24 O. Bonaventure, 2004
Routing tables on PE routers (2)
Principle
Each PE router maintains several routing tables
Routing problem
How can we correctly distribute the routing
OSPF
This is a special OSPF instance between PE and CE, not the
OSPF that is used inside the ISP backbone
eBGP
CE router uses eBGP session to advertise routes to PE
Principle
VPN-A
AS20 VPN-A
10/8 2.2.2.2
CEA1 11/8
PE2 CEA2
iBGP
PE5
iBGP
iBGP 5.5.5.5
VPN-B CEB3
VPN-B
10/8 PE4 P
CEB2
4.4.4.4 12/8
MP-BGP
an extension to BGP that allows a BGP router to
ASnumber:value
IPv4address:value
VPN-A
AS20 VPN-A
10/8 2.2.2.2
CEA1 11/8
PE2 CEA2
UPDATE sent by PE2 iBGP
NextHop:2.2.2.2
VPN-IPv4 address
RD:20:22 PE5
Prefix:10.0.0.0/8 iBGP
iBGP 5.5.5.5
Route Target (Ext.Com)
Blue
CEB3
VPN-B VPN-B
PE4 P
10/8 12/8
CEB2 4.4.4.4 UPDATE sent by PE5
NextHop:5.5.5.5
VPN-IPv4 address
RD: 20:22
Prefix:11.0.0.0/8
Route Target (Ext.Com)
BGP/2004.5.32 Blue O. Bonaventure, 2004
MP-BGP and the VPN-IPv4 addresses (2)
Example
per-site route distinguisher
VPN-A
AS20 VPN-A
10/8 2.2.2.2
CEA1 11/8
PE2 CEA2
iBGP
PE5
iBGP
iBGP 5.5.5.5
CEB3
VPN-B VPN-B
PE4 P
10/8 12/8
CEB2 4.4.4.4 UPDATE sent by PE5
UPDATE sent by PE4 NextHop:5.5.5.5
NextHop:4.4.4.4 VPN-IPv4 address
VPN-IPv4 address RD: 5.5.5.5:123
RD: 4.4.4.4:10 Prefix:12.0.0.0/8
Prefix:10.0.0.0/8 Route Target (Ext.Com)
Route Target (Ext.Com) Magenta
BGP/2004.5.33 Magenta O. Bonaventure, 2004
Types of VPN connectivity
Utilization of the BGP extended community
attribute
depends on the type of inter-sites connectivity
CE
IBGP
Hub, beta.be PE2
10.0.2.0/ 24 PE3
IBGP P
IBGP Spoke1, beta.be
CE CE
PE1 10.0.4.0/ 24
PE
Spoke3, beta.be
CE 10.0.1.0/ 24
BGP/2004.5.35 O. Bonaventure, 2004
Types of VPN connectivity (3)
PE2
Redistributes : VPN beta Comm: beta_spoke,next-hop= PE2
Imports routes with target : beta_hub
PE3
Redistributes
VPN betaComm: beta_spoke,next-hop= PE3
Spoke2, beta.be VPN alpha,Comm: alpha,next-hop= PE3
10.0.3.0/ 24 Imports the routes with target : beta_hub, alpha
CE Site3, alpha.com
IBGP 10.0.4.0/ 24
Hub, beta.be PE2
CE
10.0.2.0/ 24 PE3
IBGP P
IBGP Spoke1, beta.be
CE CE
PE1 10.0.4.0/ 24
P
CE
Site1, alpha.com PE1
10.0.1.0/ 24 Redistributes to PE3 and PE2 the following routes
VPN alpha Comm: alpha,next-hop= PE1
VPN beta Comm: beta_hub,next-hop= PE1
Imports the routes with target
alpha, beta_spoke
BGP/2004.5.36 O. Bonaventure, 2004
Solving the forwarding problem
CE CE Site3, alpha.com
10.0.4.0/ 24
Hub, beta.be PE2
CE
10.0.2.0/ 24 PE3
P
Spoke1, beta.be
CE CE
PE1 10.0.4.0/ 24
P
CE
Site1, alpha.com Example
10.0.1.0/ 24 transmission from 10.0.2.1 to 10.0.5.10 in beta.be
transmission from 10.0.1.1 to 10.0.4.10 in alpha.com
Principle of the solution : two levels of label
Spoke3, beta.be
Spoke2, beta.be 10.0.5.0/ 24
10.0.3.0/ 24
CE CE Site3, alpha.com
10.0.4.0/ 24
Hub, beta.be PE2
CE
10.0.2.0/ 24 PE3
LDP P
LDP Spoke1, beta.be
CE CE
PE1 10.0.4.0/ 24
P P
CE L7:West-> North-East:POP
Site1, alpha.com PE1 ...
10.0.1.0/ 24 -> PE2 :use label L8, port North
-> PE3 : use label L7, port South
PE3
Redistributes through iBGP
VPN beta rt: beta_spoke,next-hop= PE3, label:L4
Spoke2, beta.be VPN alpha rt: alpha,next-hop= PE3, label : L9
10.0.3.0/ 24
CE Site3, alpha.com
IBGP 10.0.4.0/ 24
Hub, beta.be PE2
CE
10.0.2.0/ 24 PE3
IBGP P
IBGP Spoke1, beta.be
CE CE
PE1 10.0.4.0/ 24
P
CE
Site1, alpha.com PE1
10.0.1.0/ 24 Redistributes through iBGP the following routes and labels
VPN alpha rt: alpha,next-hop= PE1, label= L11
VPN beta rt: beta_hub,next-hop= PE1, label= L17
Principle
VPN-A AS20
2.2.2.2
10/8
CEA1 PE2
iBGP 11/8
CEA2
PE5
VPN-A
iBGP 5.5.5.5
iBGP CEA3
PE4
4.4.4.4
VPN-A AS20
2.2.2.2
10/8
CEA1 PE2
iBGP 11/8
CEA2
PE5
VPN-A
iBGP 5.5.5.5
iBGP CEA3
PE4
4.4.4.4
CE CE Site3, alpha.com
10.0.4.0/ 24
Hub, beta.be PE2
CE
10.0.2.0/ 24 PE3
P
Spoke1, beta.be
CE CE
PE1 10.0.4.0/ 24
P
CE
Site1, alpha.com
10.0.1.0/ 24
PE1 IP address
PE3 IP address
Source IP address
Destination IP address
Payload
BGP/2004.5.45 O. Bonaventure, 2004
Solving the forwarding
problem with tunnels (3)
PE3
Redistributes via iBGP
VPN beta rt: beta_spoke,next-hop= PE3, 10.0.5.0/ 24:label:L4
VPN beta rt: beta_spoke,next-hop= PE3, 10.0.4.0/ 24:label:L5
VPN alpha rt: alpha,next-hop= PE3, label : 10.0.4.0/ 24L9
Spoke3, beta.be
Spoke2, beta.be 10.0.5.0/ 24
10.0.3.0/ 24
CE CE Site3, alpha.com
10.0.4.0/ 24
Hub, beta.be PE2
CE
10.0.2.0/ 24 PE3
P
Spoke1, beta.be
CE CE
PE1 10.0.4.0/ 24
P
CE
Site1, alpha.com Example
10.0.1.0/ 24
transmission from 10.0.2.1 to 10.0.5.10 in beta.be
transmission from 10.0.1.1 to 10.0.4.10 in alpha.com
BGP/2004.5.46 O. Bonaventure, 2004
Comparison of VPN solutions
Customer-provisionned VPNs
Providers are not involved in the provisionning of
the VPN
no per-VPN routing tables to maintain and distribute
no revenue for value-added service
Customer builds VPN by establising tunnels
Olivier Bonaventure
Department of Computing Science and Engineering
Universit catholique de Louvain (UCL)
Place Sainte-Barbe, 2, B-1348, Louvain-la-Neuve (Belgium)