Beruflich Dokumente
Kultur Dokumente
Matt Kolon
MFA Forum Ambassador
Senior Technical Solutions Manager
Juniper Networks
1
MPLS VPN Tutorial Agenda
• Layer 2 VPNs
• IETF PWE3 and L2VPN WG update
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt Frame Relay
• Virtual Private LAN Services – VPLS
Introduction to the
MFA Forum
2
Mission Statement
MFA Forum
3
Technical Committee
Major Work Items
• MPLS Inter-Carrier Interface
• Packet-Based GMPLS Client to Network Interconnect
(CNI)
• ATM and Frame Relay to MPLS Control Plane
interworking (in Final Ballot)
• Fault Management Interworking (in Final Ballot)
• ATM, Ethernet, and Frame Relay Interworking over
MPLS (in Final Ballot)
• Performance Monitoring Across Multiservice
Networks (in Straw Ballot)
• Layer 2 Service Mediation
• AAL1 and AAL2 Voice Trunking over MPLS
Slide 7 Copyright © 2006 MFA Forum
MFA Forum
• Market Awareness & Education
Tutorials
• Introduction to MPLS ½ day and full day
• MPLS Virtual Private Networks ½ day and full day
• MPLS VPN Security ½ day
• Traffic Engineering ½ day
• GMPLS ½ day
• Migrating Legacy Services to MPLS ½ day
• MPLS OAM ½ day
• Voice over MPLS ½ day
• New tutorials based upon demand
Conferences and exhibitions
• MFA Forum speaker at almost every MPLS conference globally
Website and Newsletter
Public message board
• Next meeting: June 27-29 in Vancouver, BC, Canada
• Please join us!
Subscribe to information mail list info@mfaforum.org
To join the Forum contact Alexa Morris, Executive Director
E-Mail: amorris@mfaforum.org Phone: 510 608-5914
Slide 8 Copyright © 2006 MFA Forum
4
Section 1
Why MPLS ?
A Common Control Plane
Best of
Best of the
the
packet-switched
packet-
packet -switched
and
and
circuit-switched
circuit-
circuit-switched Enhancement and Metro Ethernet
worlds
worlds scalability of IP Services
5
MPLS: Addresses many
network needs
End Users
Applications MPLS
L3 VPN &
L2 VPN
Access
MPLS
TE +
IP CoS/QoS
MPLS
Protection
SONET/ & rerouting
SDH
GMPLS
Photonics
Slide 11 Copyright © 2006 MFA Forum
Network
Home Remote
office office
Slide 12 Copyright © 2006 MFA Forum
6
Virtual Private Networks
L2TP
VPWS Point to multipoint
Kompella
Layer 2 IP VPNs Lasserre
Tunneling Vkompella
PWE3 Martini
VPLS
Point to point BGP / MPLS VPNs IPsec
Layer 3
IPLS RFC 2547 bis PPVPN
7
VPNs
Types, Layers, and Implementations
ATM 2 VC
GRE/UTI/L2TPv3 3 IP Tunnel
IP 3 RFC2547bis / VR
IP 3 IPsec
VPNs
How do they compare?
FR or IPsec L3 L2
Which one to choose?
ATM MPLS MPLS
Point-to-multipoint 2 2 √ √
Multi-protocol √ 2 2 √
QoS and CoS √ 2 √ √
Low latency √ 2 √ √
Security √ √ √ √
SLAs √ 2 √ √
8
MPLS VPNs in the IETF
IETF Areas
Application
General
L2VPN
Internet
L3VPN
IETF Op and Man
Routing
ISOC IAB
Security
Sub-IP MPLS
IANA
Transport PWE3
User Services
9
What are Layer 2, Layer 3 VPNs
CE VPN B
VPN A PE Device 1
CE PE
CE Device 1
P
P Device PE Device 1 &
Service Provider PE Device 2
Network support VPN
PE Device 2
PE
VPN Tunneling Protocols
LDP CE Device 2
PE
BGP
SP Tunnels PE Device 3 CE
VPN Tunnels CE Device 4
(inside SP
VPN A
CE
Tunnels)
VPN A
VPN B VPN B
Header 1 Header 2 Data Packet
10
Visually - Layer 3 VPN
CE Device 4
In a Layer 3 VPN,
P
P Device PE Device 1 &
Service Provider PE Device 2
CE Device and PE
Device are IGP peers
Network are BGP peers,
PE Device 2
and support VPN
VPN Tunneling Protocols PE
L2TP
IPSec P/
MP-iBGP PE
CE Device 3 PE Device 3 CE
CE Device 2
VPN VPN A
Tunnels
CE
VPN A
VPN B
VPN B
Header 1 Header 2 Data Packet
Section 2
11
MPLS VPN Tutorial Agenda
What is BGP?
12
IGP vs. EGP
AS 2
eBGP eBGP
13
External Border Gateway Protocol
eBGP eBGP
AS 1 AS 3
AS 2
PE P P PE
VPN A VPN A
CE CE
Backbone
• Requirements:
Support for overlapping, private IP address space
Different customers run different IGPs (i.e. RIP, OSPF, IS-IS)
• Solution:
VPN network layer is terminated at the edge (PE)
• PE routers use plain IP with CE routers
14
BGP/MPLS IP VPN
Key Characteristics
PE P P PE
VPN A VPN A
CE CE
Backbone
VRF-A VPN A
VPN A P P
10.1.1.0/24 CE PE PE CE 10.1.2.0/24
15
Virtual Routing and Forwarding
(VRF) PE to CE Router Connectivity
16
Virtual Routing and Forwarding
(VRF) Overlapping VPNs
Site-1 Site-2
P1 P2
VPN-A CE OSPF PE1 PE2 CE VPN-A
eBGP
17
VPN Route Distribution
Route Targets
VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24
PE2 PE3
VPN X CE CE VPN Y
PE1 P P PE4
VPN A
CE
Backbone CE VPN Y
CE
VPN X
VRFs at PE1 will VRFs at PE4 will
import routes from import routes from CE
VPN A
VPN-A and VPN-X VPN-A and VPN-Y
PE2 PE3
VPN X VPN Y
PE1 PE4
VPN A
18
VPN Route Distribution
IGP(VPN-A)
VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24
VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24
19
VPN Route Distribution
VPN-IPv4 Addresses
• VPN-IPv4 Address
VPN-IPv4 is a globally unique, 96bit routing prefix
IP-address:nn
• use only if the MPLS/VPN network uses a private AS number
00 02 BGP-AS4 nn
BGP-AS4:nn
• 4-byte Autonomous System Number (BGP-AS4)
20
VPN Route Distribution
BGP with Multiprotocol Extensions
21
IGP Label Distribution
P1 IGP P2
PE1 PE2
MPLS backbone
Global routing table Global routing table
Destination Next Hop Label Destination Next Hop Label
PE2 P1 25 PE1 P2 33
P2 P1 28 P1 P2 38
P1 interface POP P2 interface POP
P P
Site-1 Site-2
VPN-B CE CE VPN-B
update for Net1 update for Net1
VPN-IPv4 update:
Net1:RD1, Next-hop=PE2
VPN-IPv4 updates are translated RO=Site-2, RT=Green
into IPv4 address and inserted Label=10
into the VRF corresponding to “Net1” is the provider’s
the RT value VPN-IPv4 update: autonomous system
Net1:RD2, Next-hop=PE2
RO=Site-2, RT=Yellow
Label=12
22
MP-BGP Route Distribution
Summary
Backbone
P1 P2
PE1 PE2
23
VPN Packet Forwarding
Label Stacking
VRF Green:
Net1, Next-hop: PE2 Backbone
Label 10 P1 P2
PE1 PE2
VRF Yellow:
Net1, Next-hop: PE2
Label 12
CE1 CE2
PE1 P1 P2 PE2
IP IP
Packet Packet
IGP Label(PE2) IGP Label(PE2) IGP Label(PE2)
VPN Label VPN Label VPN Label
IP IP IP
Packet Packet Packet
24
VPN Packet Forwarding
Penultimate Hop Popping
IP IP
Packet Packet
IGP Label(PE2) IGP Label(PE2) VPN Label
VPN Label VPN Label IP
IP IP Packet
Packet Packet
25
Scaling BGP/MPLS VPNs
26
Reference Material
Books:
"BGP4 Inter-Domain Routing in the Internet" by John Stewart ISBN 0-201-
37951-1
"Internet Routing Architectures" by Bassam Halabi ISBN 1-56205-652-2
"Interconnections: Bridges and Routers" by Radia Perlman ISBN
“Internetworking with TCP/IP Volume 1” by Douglas Comer ISBN 0-13-
468505-9
“TCP/IP Network Administration - Second Edition” by Craig Hunt
ISBN 1-56592-322-7
"Routing in the Internet" by Christian Huitema ISBN 0-13-132192-7
Mail Lists:
SSR mailinglist - majordomo@cabletron.com
GateD mailinglists - See www.gated.org
North American Network Operators Group (NANOG) mailist - See
www.merit.org
Slide 53 Copyright © 2006 MFA Forum
Reference Material
Request For Comments - RFCs
08/98 - RFC2385PS "Protection of BGP Sessions via the TCP MD5 Signature Option"
02/98 - RFC 2283PS "Multiprotocol Extensions for BGP-4"
01/97 - RFC 2042 "Registering New BGP Attribute Types"
08/96 - RFC 1998 "An Application of the BGP Community Attribute in Multi-home
Routing"
08/96 - RFC 1997 "BGP Communities Attribute"
06/96 - RFC 1966 "BGP Route Reflection An alternative to full mesh"
06/96 - RFC 1965 "Autonomous System Confederations for BGP"
10/95 - RFC 1863 "A BGP/IDRP Route Server alternative to a full mesh routing"
08/95 - RFC 1817 “CIDR and Classful Routing”
03/95 - RFC 1774 "BGP-4 Protocol Analysis"
03/95 - RFC 1773 "Experience with the BGP-4 protocol"
03/95 - RFC 1772 "Application of the Border Gateway Protocol in the Internet"
03/95 - RFC 1771 "A Border Gateway Protocol 4 (BGP-4)
12/94 - RFC 1745 "BGP4/IDRP for IP---OSPF Interaction"
07/94 - RFC 1657 "Definitions of Managed Objects for BGP-4 using SMIv2"
09/93 - RFC 1520 “Exchanging Routing Information Across Provider Boundaries in
CIDR”
09/93 - RFC 1519 “CIDR; an Address Assignment and Aggregation Strategy”
09/93 - RFC 1518 “An Architecture for IP Address Allocation with CIDR”
27
Reference Material
Internet Drafts
Section 3
Layer 2 VPNs
28
MPLS VPN Tutorial Agenda
Layer 2 VPNs
• IETF PWE3 and L2VPN WG update
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt
Frame Relay
• Virtual Private LAN Services – VPLS
29
MPLS Layer 2 VPNs
30
MPLS Point-to-Point Services
Label Stacking
31
LDP - Label Mapping Message
32
Layer 2 Encapsulation
Ongoing work in PWE3
33
MPLS Ethernet Encapsulation
draft-ietf-pwe3-ethernet-encap-11.txt
34
Life of a Frame
Ethernet over Ethernet MPLS
VC
DA” SA” 0x8847 DA SA T 802.1q payload FCS”
Label
Tunnel VC
DA’ SA’ 0x8847 DA SA T 802.1q payload FCS’
Label Label
PE PE
CPE CPE
Penultimate
Hop LSR
CPE CPE
PE Provider’s MPLS PE
Last Mile Backbone POP Last Mile
POP
Pseudo Wire
PSN Tunnel
ATM or FR ATM or FR
CE-1 Service Service CE-2
UNI or UNI or
NNI PE1 PE2 NNI
Emulated Service
PE = Provider Edge
CE = Customer Edge
35
ATM AAL5 Encapsulation
draft-ietf-pwe3-atm-encap-10.txt
4 octets 4 octets 4 octets
Tunnel Demux Control
AAL5 CPCS-PDU
Header Field word
bits 4 11 1 1 8 16
bits 4 11 1 1 8 16
36
MPLS PWE3 FR Encapsulation
draft-ietf-pwe3-frame-relay-06.txt
End-to-end FR VCs
Pair of Uni-directional
One PW LSPs One
Bi-directional Bi-directional
FR VC FR VC
CE-1 CE-2
PE1 PE2
Tunnel LSP
Pseudo Wire Emulated Service
37
MPLS PWE3 FR Encapsulation
draft-ietf-pwe3-frame-relay-06.txt
End-to-end FR VCs
Many Many
Bi-directional
Pair of Uni-directional Bi-directional
FR VC PW LSPs FR VC
CE-1 CE-2
PE1 PE2
Tunnel LSP
Pseudo Wire Emulated Service
6 1 1 4 1 1 1 1
bits 4 1 1 1 1 8 16
38
MPLS VPN Tutorial Agenda
Layer 2 VPNs
• IETF PWE3 and L2VPN WG update
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt
Frame Relay
• Virtual Private LAN Services – VPLS
• draft-ietf-l2vpn-requirements-01.txt – Nov 05
Provides requirements for Layer 2 Provider Provisioned
Virtual Private Networks (L2VPNs) Provides taxonomy and
terminology and states generic and general services
requirements. It covers point-to-point VPNs referred to as
Virtual Provate Wire Services (VPWS), as well as multipoint-to-
multipoint VPNs as known as Virtual Private LAN services
(VPLS)
This document provides a framework for Layer 2 Provider
Provisioned Virtual Private Networks (L2VPNs). This
framework is intended to aid in standardizing protocols and
mechanisms to support interoperable L2VPNs.
39
MPLS VPLS
Architecture
Distributed PE functions
PE-POP = PE at SP POP
PE-CLE = PE at customer site PE-CLE
CE
CE PE-POP VPLS-A
PE
VPLS-A
CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B L2
Access
CE
CE VPLS-A
PE
CE
VPLS-A PE-CLE
VPLS-B
MPLS VPLS
CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B
Ethernet
Network
CE
PE
CE
VPLS-A VPLS-B
Multi Tenant CE
Unit(s) (MTU-s)
VPLS-B
40
MPLS VPLS
CE
CE VPLS-B
VPLS-B
Ethernet
PE Network
CE
z Tunnel LSPs are CE
VPLS-B
established between PEs
VPLS-A
MTU-s CE
z Customer Virtual Private
LANs are tunneled VPLS-B
through MPLS network
41
Virtual Private LAN Services
draft-ietf-l2vpn-vpls-ldp-08.txt
C1
Customer-1 • Tunnel LSPs are
VC LSP established between PEs
Tunnel LSP
• Customers designated C1
C1 C2 and C2 are part of two
independent Virtual
Private LANs
C2 C1 z Layer 2 VC LSPs are set
z
up in Tunnel LSPs
Customer-1 & 2 z
z Core MPLS network acts
VC LSPs as a LAN switch
C2 C1
B PE2-rs
CE-1 • Reduces signaling
Tunnel LSP
VC-1 and packet
MTU-s PE1-rs
replication to allow
B B large scale
deployment of VPLS
Layer 2
aggregation • Uses Martini VC /
LSPs between edge
B PE3-rs
MTU and VPLS
CE-2 CE-3 aware PE devices
42
VPLS Internal PE Architecture
Attachment
circuit
CE
PE PE Emulated
LAN
VPLS
Code
Pseudo-Wires
Bridge
IEEE 802.1D bridging code Code PE
IETF VPLS code
VPLS Code
• VPLS Forwarding
Learns MAC addresses per pseudo-wire (VC LSP)
Forwarding based on MAC addresses
Replicates multicast & broadcast frames
Floods unknown frames
Split-horizon for loop prevention
• VPLS Signaling
Establishes pseudo-wires per VPLS between relevant
PEs
• VPLS Discovery (Manual, LDP, BGP, DNS)
43
Bridging Code
VPLS Scalability
Parameters
44
VPLS Scalability
Signaling Overhead – Flat Topology
VPLS Scalability
Signaling Overhead – Hierarchical Topology
Hub VCs
Spoke VCs
45
VPLS Scalability
Replication Overhead – Flat Topology
VPLS Scalability
Replication Overhead – Hierarchical Topology
46
VPLS Scalability
Adding a New Site – Flat Topology
VPLS Scalability
Adding a New Site – Hierarchical Topology
47
VPLS Scalability
Inter-Metro Service
Metro
IP / MPLS
ISP Network
IP / MPLS
Core Network
Metro
IP / MPLS
Network
VPLS Scalability
Inter-Metro Service
Metro
ISP IP / MPLS
IP / MPLS Network
Core Network
Metro
IP / MPLS
Network
48
VPLS Scalability
FIB Size
49
Section 4
Why Interwork?
50
Interworking
History
51
Network Interworking FRF.5
Reference Model
Emulated FR Service
IWF ATM
ATM IWF
52
Why not continue with ATM IW?
53
MPLS Multi-Service Interworking
ATM
FR
IP / MPLS
TDM
Ethernet
Point-to-point tunnels
ATM ATM Encapsulation
ATM
FR FR Encapsulation FR
IP / MPLS
Service has to be pt-to-pt between like services: ATM to ATM, FR to FR, Enet to Enet, etc
54
MPLS Multi-Service Interworking
Reference Model
PE Device PE Device
CE Devices CE Devices
Emulated Service
PE = Provider Edge
CE = Customer Edge
PSN = Packet Switched Network
IWF = InterWorking Function
Multi-Service: Services equal to FR, ATM, Ethernet
55
For More Information. . .
• http://www.mfaforum.org
• http://www.ietf.org
• http://www.itu.int
• http://www.mplsrc.com
MPLS based
Virtual Private Network Services
Tutorial
56