Dar es Salaam institute of Technology

(DIT)
ETU 08102
Digital Networks
Ally, J
jumannea@gmail.com
DIT

Multi-Protocols Label Switching

(MPLS)

DIT

Traditional IP Forwarding
Traditional IP forwarding is based on the following:
Routing

protocols are used to distribute Layer 3

routing information.

Forwarding

is based on the destination address

only.
Routing

lookups are performed on every hop.

DIT

Traditional IP Forwarding
10.1.1.1

10.1.1.1
10
.1 .
1.1

Up
da
te:

Routing
lookup

1
.1.
8
1
.
.0/
10
0
.
0 .0
1
:
ate
d
Up

10
.0 .
0.0
/8

Routing
lookup

Routing
lookup

Destination-based routing lookup is needed on every hop.

Every router may need full Internet routing information (more than
100,000 routes).

DIT

IP over ATM
10.1.1.1

10.1.1.1

10.1.1.1

10.1.1.1

10.1.1.1

10
. 1.
1 .1

10.1.1.1

10.1.1.1

10
. 1.
1 .1

Layer 2 topology may be different from Layer 3 topology,

resulting in suboptimal paths and link utilization.
Layer 2 devices have no knowledge of Layer 3 routing
informationvirtual circuits must be manually established.
Even if the two topologies overlap, the hub and spoke topology is
usually used because of easier management.

DIT

MPLS Origin

To bring advantages of connection oriented protocols to

packet switched networks.
Faster switching - Replace IP header with short and fixedlength labels as forwarding basis.
To substitute ATM & Frame Relay & provide Integrated
services with QoS without the overhead of call
segmentation.
Technology combining the advantages of ATM and IP

DIT

Best of Both Worlds

PACKET
ROUTING

IP

HYBRID

MPLS
+IP

CIRCUIT
SWITCHING

ATM

MPLS + IP form a middle ground that combines the best

of IP and the best of circuit switching technologies.
DIT

Needs for MPLS

Continuous

increase of internet traffic

Requirements for QoS guaranteed path for

mission critical communications

Requirements for real time communications

(VoIP, Video, broadcasting

Carriers

and ISPs look for the next

services

SLA (Service Level agreement)

Clear isolation between VPNs

DIT

MPLS(Multi Protocol Label Switching)

Simple IP Network
Forwarding by IP
address

Forwarding by IP
address

Forwarding by IP
address

MPLS Network

Incoming
packet
Forwarding by label
that is generated
from IP address

Forwarding
by label

Remove label

label

Incoming
packet

Additional Header realizes Label

Switched Path.
Labeled path
like connection

Enable connection-oriented routing.

Enable isolation between paths.

DIT

Basic MPLS Concepts

MPLS is a new forwarding mechanism in which

packets are forwarded based on labels.

Labels may correspond to IP destination networks

(equal to traditional IP forwarding).

Labels can also correspond to other parameters,

such as quality of service (QoS) or source address.

MPLS was designed to support forwarding of other

protocols as well.
DIT

MPLS

MPLS is the binding of the control plane at the

bottom of the network layer with the data forwarding
plane at the top of data link layer.
MPLS is a hybrid of a traditional network layer-3
routing protocols and layer-2 switching technologies
MPLS is not a new network layer protocol because it
does not have its own routing capabilities and
addressing schemes
MPLS is designed to work over many of the data
layer technologies that provides requisite layer-2
addressing and functionality
MPLS is a Layer 2.5 Technology
DIT

Benefits of MPLS

The use of one unied network infrastructure

Better IP over ATM integration

Border Gateway Protocol (BGP) - free core

The peer-to-peer model for MPLS VPN

Optimal trafc ow

Trafc engineering (TE)

DIT

MPLS Labels

Are 4 byte identifiers used for forwarding

decisions
Define the destination and services for a
packet
Identify a forwarding equivalence class
(FEC)
Have local significance

Each LSR independently maps a label to an

FEC in a label binding.
Label bindings are exchanged between
LSRs.

FEC and MPLS

An FEC is a group of packets forwarded:
Forwarding

In the same manner

Over the same path
With the same forwarding treatment

MPLS packet forwarding consists of:

Assigning a packet to a specific FEC
Determining the next hop of each FEC

MPLS forwarding is connection-oriented.

MPLS Label Format

MPLS uses a 32-bit label field that contains

the information that follows:

20-bit label (a number)

3-bit experimental field (typically used to carry
IP precedence value or QoS)
1-bit bottom-of-stack indicator (indicates
whether this is the last label before the IP
header)
8-bit TTL (equal to the TTL in the IP header)

MPLS Labels

Label Spaces :Each label space consists of the assignable

labels from 0-1048575 (0-15 Reserved)
Two basic notions of using label spaces
Per-Platform Label Space
Per-Interface Label Space
Per-Platform Label Space
There is one set of labels for the entire LSR
All interfaces share this common label pool
Per-Interface Label Space
Each interface has its own label pool
Used particularly with ATM-LSRs
Decision to choose the label platform to be implemented on a
particular LSR is a function of how the interfaces are used

DIT

MPLS Labels

MPLS technology is intended to be used

anywhere regardless of Layer 1 media and Layer
2 encapsulation.
Frame-mode MPLS is MPLS over a frame-based
Layer 2 encapsulation
The label is inserted between the Layer 2 and
Layer 3 headers.
Cell-mode MPLS is MPLS over ATM.
The fields in the ATM header are used as the
label.

MPLS Labels: FrameMode MPLS

MPLS Label Stack

Usually only one label is assigned to a packet, but

multiple labels in a label stack are supported.
These scenarios may produce more than one label:

MPLS VPNs (two labels): The top label points to the

egress router, and the second label identifies the
VPN.
MPLS TE (two or more labels): The top label points to
the endpoint of the traffic engineering tunnel and the
second label points to the destination.
MPLS VPNs combined with MPLS TE (three or more
labels).

Example: MPLS Label

Stack

The outer label is used for switching the packet in the

MPLS network (points to the TE destination).
Inner labels are used to separate packets at egress
points (points to egress router and identifies VPN).

Example: MPLS Label Stack

Format

The PID in a Layer 2 header specifies that

the payload starts with a label (labels)
followed by an IP header.
The bottom-of-stack bit indicates whether the
label is the last label in the stack.
The receiving router uses the top label only.

MPLS Terminology

Label Distribution Protocol (LDP): protocol which

associates a set of destinations with each LSP.

Label Switched Path (LSP): Refer to the path through which

an FEC is transmitted in the MPLS network. Two options to
set up LSP are hop-by- hop routing and explicit routing.

Forwarding Equivalence Class (FEC): Group of packets

that share the same requirement.

Label Switching Router (LSR): High speed router that
operates in the core of MPLS network.

Label Edge Router (LER): Operates at the end of the

access network and MPLS network.

DIT

MPLS Label Operations

An LSR can perform these functions:

Insert (impose or push) a label or a stack of
labels on ingress edge LSR
Swap a label with a next-hop label or a stack of
labels in the core
Remove (pop) a label on egress edge LSR
Multiple Push adding multiple labels up to 3
Swap and Push replace the existing top of the
label stack with a new label followed by pushing
another new label on top

Route at Edge, Switch in Core

IP

IP

IP Forwarding

#L1

IP

#L2

LABEL SWITCHING

DIT

IP

#L3

IP

IP Forwarding

MPLS Example
10.1.1.1

10.1.1.1

L=
3

Label removal
and
routing lookup
L=3

5
L=

Routing lookup
and
label assignment
10.0.0.0/8 L=5
Label
swapping
L=5 L=3

Only edge routers must perform a routing lookup.

Core routers switch packets based on simple label lookups
and swap labels.

DIT

MPLS Versus IP over ATM

10.1.1.1

L=17

L=3

L=5

10.1.1.1

Layer 2 devices run a Layer

3 routing protocol and
establish virtual circuits
dynamically based on
Layer 3 information

Layer 2 devices are IP-aware and run a routing protocol.

There is no need to manually establish virtual circuits.

MPLS provides a virtual full mesh topology.

DIT

MPLS Label Operations:

Frame Mode

On ingress, a label is assigned and imposed.

LSRs in the core swap labels based on the contents of the label
forwarding table.

On egress, the label is removed and a routing lookup is used to

forward the packet.

MPLS: How Does It Works

TIME

UDP-Hello

UDP-Hello

TCP-open

Initialization(s)

IP

TIME

Label request

#L2
Label mapping

DIT

MPLS Applications

MPLS is already used in many different

applications:
Unicast IP routing
Multicast IP routing
MPLS TE (Traffic Engineering)
QoS
MPLS VPNs (Virtual Private Networks)
Any Transport over MPLS (AToM)

MPLS Architecture
MPLS

has two major components:

Control plane exchanges Layer 3 routing information and
labels
Data plane forwards packets based on labels
Control plane contains complex mechanisms to exchange
routing information, such as Open Shortest Path First
(OSPF), Enhanced Interior Gateway Routing Protocol
(EIGRP), Intermediate System-to-Intermediate System (ISIS), and BGP, and to exchange labels, such as Tag
Distribution Protocol (TDP), Label Distribution Protocol
(LDP), BGP, and Resource Reservation Protocol (RSVP).
Data

plane has a simple forwarding engine.

Control

plane maintains contents of the label-switching table

(label forwarding information base, or LFIB).

DIT

MPLS Architecture
Control Plane
OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8
Label 17

OSPF

OSPF: 10.0.0.0/8

LDP

LDP: 10.0.0.0/8
Label 4

Data Plane
Labeled packet
Label 17

LFIB
417

Labeled packet
Label 4

Router functionality is divided into two major parts: control

plane and data plane

DIT

MPLS Forwarding ( Frame Mode)

MPLS Domain
10.1.1.1

10.1.1.1

10.1.1.1

10.1.1.1

IP Lookup
10.0.0.0/8 label 3

IP Lookup
10.0.0.0/8 label 5

IP Lookup
10.0.0.0/8 next hop

LFIB
label 8 label 3

LFIB
label 3 label 5

LFIB
label 5 pop

On ingress a label is assigned and imposed by the IP routing

process.
LSRs in the core swap labels based on the contents of the
label forwarding table.
On egress the label is removed and a routing lookup is used to
forward the packet.

DIT

MPLS Forwarding (Cell-Mode)

MPLS Domain
10.1.1.1

1/3 1/3 1/3 1/3

1/5 1/5 1/5 1/5

10.1.1.1

IP Lookup
10.0.0.0/8 label 1/3

IP Lookup
10.0.0.0/8 label 1/5

IP Lookup
10.0.0.0/8 Next hop

LFIB
label 8 label 1/3

LFIB
label 1/3 label 1/5

LFIB
label 1/5 pop

Labels (VPI/VCI) are imposed during the IP lookup process on ingress

ATM edge LSRs. Packets are segmented into cells.
ATM LSRs in the core swap labels based on the contents of the ATM
switching table. ATM LSRs cannot forward IP packets.
On egress ATM edge LSRs the labels are removed (cells are reassembled
into packets) and a routing lookup is used to forward packets.

DIT

Protocol operation of MPLS

Representative 2 implementations
LDP (Label Distribution Protocol)

ordinary routing based IP

RSVP-TE (Traffic Engineering)

Enable explicit routing

Expand RSVP (ReSource reserVation Protocol)

Messages transferred according to IP routing

LSR-1

LSR-4

LSR-3

LSR-2

Egress

ingress
Request

Label Request

Path
set up
Label Mapping
Label=50
Data
Transfer

Label Request
Label Mapping
Label=30

IP 50

LSR: Label Switch Router

IP 30

DIT

Label Request
Label Mapping
Label=40

responce

IP 40

LSP: Label Switched Path

Forwarding Equivalence Classes

LSR

LER

LSR

LER

LSP
IP1

IP2

IP1
IP1

#L1

IP1

#L2

IP1

#L3

IP2

#L1

IP2

#L2

IP2

#L3

IP2

Packets are destined for different address prefixes, but can be

mapped to common path

FEC = A subset of packets that are all treated the same way by a router

The concept of FECs provides for a great deal of flexibility and scalability

In conventional routing, a packet is assigned to a FEC at each hop (i.e.,

L3 look-up), in MPLS it is only done once at the network ingress

DIT

MPLS Built on Standard IP

Dest
47.1
47.2
47.3

Dest
47.1
47.2
47.3

Out
1
2
3

3
Dest
47.1
47.2
47.3

Out
1
2
3

Out
1
2
3

1 47.1
2

1
2

1
47.2

47.3 3
2

Destination based forwarding tables as built by OSPF, IS-IS, RIP, etc.

DIT

MPLS Label Distribution

Intf Label Dest Intf Label
In In
Out Out
3
0.50 47.1 1
0.40

Request: 47.1

Intf Dest Intf Label

In
Out Out
3
47.1 1
0.50

47.1
:
t
s
ue
Req

1
47.3 3
2

Intf
In
3

Ma

g: 0
n
i
p
p

1
.50

Label Dest Intf

In
Out
0.40 47.1 1
1

47.1

3
2

Mapping: 0.40
47.2

DIT

Label Switched Path (LSP)

Intf Label Dest Intf Label
In In
Out Out
3
0.50 47.1 1
0.40
Intf Dest Intf Label
In
Out Out
3
47.1 1
0.50

Label Dest Intf

In
Out
0.40 47.1 1
IP 47.1.1.1
1 47.1

3
1

Intf
In
3

47.3 3

47.2
2

IP 47.1.1.1

DIT

Explicitly Routed LSP (ER-LSP)

Intf Label Dest Intf Label
In In
Out Out
3
0.50 47.1 1
0.40
Intf
In
3
3

Dest
47.1.1
47.1

Intf
Out
2
1

Label
Out
1.33
0.50

Label Dest Intf

In
Out
0.40 47.1 1
IP 47.1.1.1
1 47.1

3
1

Intf
In
3

47.3 3

47.2
2

IP 47.1.1.1

DIT

ER LSP - Advantages

Operator has routing flexibility (policybased, QoS-based)

Can

use routes other than shortest path

Can

compute routes based on

constraints in exactly the same manner

as ATM based on distributed topology
database.
(Traffic Engineering)
DIT

IP and ATM Integration

IP
IPover
overATM
ATMVCs
VCs

ATM cloud invisible to Layer 3

Routing

IP
IPover
overMPLS
MPLS

ATM network visible to Layer 3 Routing

Singe adjacency possible with edge router

Hierachical network design possible

Reduces route update traffic and power

needed to process them

Full mesh of VCs within ATM cloud

Many adjacencies between edge routers

Topology change generates many route

updates

Routing algorithm made more complex

DIT

Label Switch Router (LSR)

MPLS Domain
10.1.1.1

20.1.1.1

Edge
LSR

L=3

L=5

10.1.1.1

L=31

L=43

20.1.1.1

LSR

Label switch router (LSR) primarily forwards labeled

packets (label swapping)

Edge LSR primarily labels IP packets and forwards them

into MPLS domain, or removes labels and forwards IP
packets out of the MPLS domain
DIT

Architecture of LSRs
LSRs,

regardless of the type, perform the following

three functions:

Exchange routing information

Exchange labels

Forward packets (LSRs and edge LSRs) or cells (ATM

LSRs and ATM edge LSRs)

The

first two functions are part of the control plane.

The

last function is part of the data plane.

DIT

Architecture of LSRs
LSR
Exchange of
routing information

Exchange of
labels

Incoming
labeled packets

Control Plane
Routing Protocol
IP Routing Table
Label Distribution Protocol

Data Plane
Label Forwarding Table

Outgoing
labeled packets

LSRs primarily forward labeled packets or cells

(ATM LSRs).
DIT

Architecture of Edge LSRs

Exchange of
routing information

Edge LSR
Control Plane
Routing Protocol

Exchange of
labels

IP Routing Table
Label Distribution Protocol

Incoming
IP packets
Incoming
labeled packets

Data Plane
IP Forwarding Table
Label Forwarding Table

Outgoing
IP packets
Outgoing
labeled packets

Note: ATM edge LSRs can only forward cells.

DIT

MPLS VPN Technology

DIT

Traditional Router-Based
Networks

Traditional router-based networks connect

customer sites through routers connected via
dedicated point-to-point links.

Virtual Private Networks

VPNs replace dedicated point-to-point links with emulated

point-to-point links sharing common infrastructure.

Customers use VPNs primarily to reduce their operational

costs.

VPN Terminology

VPN Terminology (Cont.)

VPN Implementation
A VPN is an IP Models
network infrastructure that

delivers private network services over a public

infrastructure.
VPN services can be offered based on two major
models:
Overlay VPNs, in which the service provider
provides virtual point-to-point links between
customer sites
Peer-to-peer VPNs, in which the service
provider participates in the customer routing

Overlay VPNs:
Redundant Hub-and-Spoke
Topology

Overlay VPNs: Layer 3

Routing

The service provider infrastructure appears as

point-to-point links to customer routes.
Routing protocols run directly between customer
routers.
The service provider does not see customer
routes and is responsible only for providing pointto-point transport of customer data.

Peer-to-Peer VPNs:
Implementation Techniques

Benefits of VPN
Implementations
Overlay
VPN:

Well-known and easy to implement

Service provider does not participate in customer
routing
Customer network and service provider network
are well-isolated

Peer-to-peer VPN:

Guarantees optimum routing between customer

sites
Easier to provision an additional VPN
Only sites provisioned, not links between them

Drawbacks of VPN
Overlay VPN:
Implementations

Implementing optimum routing requires a full mesh of virtual circuits.

Virtual circuits have to be provisioned manually.
Bandwidth must be provisioned on a site-to-site basis.
Overlay VPNs always incur encapsulation overhead.

Peer-to-peer VPN:

The service provider participates in customer routing.

The service provider becomes responsible for customer
convergence.
PE routers carry all routes from all customers.
The service provider needs detailed IP routing knowledge.

VPN Business Category

VPNs can be categorized based on the

business needs that they fulfill:
Intranet VPNs connect sites within an
organization.

Extranet VPNs connect different

organizations in a secure way.

Access VPNs provides dialup access into

a customer network.

VPN Connectivity
Category
VPNs can also
be categorized according to
the connectivity required between sites:

Simple VPN: Every site can communicate with

every other site.
Overlapping VPNs: Some sites participate in
more than one simple VPN.
Central services VPN: All sites can
communicate with central servers but not with
each other.
Managed network: A dedicated VPN is
established to manage CE routers.

Drawbacks of Traditional
Peer-to-Peer VPNs

Shared PE router:

All customers share the same

(provider-assigned or public) address space.
High maintenance costs are associated with packet
filters.
Performance is lower - each packet has to pass a
packet filter.

Dedicated PE router:

All customers share the same address space.

Each customer requires a dedicated router at each
Point of Presence (POP).

MPLS VPN Architecture

An MPLS VPN combines the best features

of an overlay VPN and a peer-to-peer
VPN:

PE routers participate in customer routing,

guaranteeing optimum routing between sites
and easy provisioning.
PE routers carry a separate set of routes for
each customer (similar to the dedicated PE
router approach).
Customers can use overlapping addresses.

MPLS VPN Architecture:

Terminology

Note:

PE Router = Edge LSR

P Router = LSR

PE Router Architecture

PE router in an MPLS VPN uses virtual routing tables to

implement the functionality of customer dedicated PE routers.

Propagation of Routing
Information
Across the P-Network

Question: How will PE routers exchange customer routing information?

Option #1: Run a dedicated IGP for each customer across the Pnetwork.
This is the wrong answer for these reasons:
The solution does not scale.
P routers carry all customer routes.

Propagation of Routing
Information
Across the P-Network (Cont.)

Question: How will PE routers exchange customer routing information?

Option #2: Run a single routing protocol that will carry all customer
routes inside the provider backbone.

Better answer, but still not good enough:

P routers carry all customer routes.

Propagation of Routing
Information

Across the P-Network

(Cont.)

Question:

How will PE routers exchange customer routing information?

Option #3: Run a single routing protocol that will carry all customer
between PE routers. Use MPLS labels to exchange
packets between PE routers.
The best answer:

P routers do not carry customer routes; the solution is scalable.

routes

Propagation of Routing
Information
Across the P-Network (Cont.)

Question:

Which protocol can be used to carry customer routes between

PE routers?

Answer:

The number of customer routes can be very large. BGP is the only
routing protocol that can scale to a very large number of routes.

Conclusion:
BGP is used to exchange customer routes directly between PE routers.

Propagation of Routing
Information
Across the P-Network (Cont.)

Question: How will information about the overlapping

subnetworks of two customers be propagated via a
single routing protocol?
Answer: Extend the customer addresses to make them unique.

Route Distinguishers
RD converts non-unique IP addresses into unique VPN(RD)
IPv4 addresses.
The resulting address is a VPNv4 address.
VPNv4 addresses are exchanged between PE routers
via BGP.

BGP that supports address families other than IPv4

addresses is called MP-BGP.

A similar process is used in IPv6:

64-bit route distinguisher is prepended to a 16-byte IPv6

address.

The resulting 24-byte address is a unique VPNv6 address.

RDs are assigned by Service Provider (SP)

Route Distinguishers
(Cont.)

Route Distinguishers
(Cont.)

RDs: Usage in an MPLS

VPN
The RD has no special meaning.

The RD is used only to make potentially

overlapping IPv4 addresses globally
unique.

The RD is used as a VPN identifier, but

this design could not support all topologies
required by the customers.

Is the RD Enough?
VoIP Service Sample

Requirements:

All sites of one customer need to communicate.

Central sites of both customers need to communicate with VoIP

gateways and other central sites.

Other sites from different customers do not communicate with each other.

The Need for Route Targets

(RTs

Some sites have to participate in more

than one VPN.
The RD cannot identify participation in
more than one VPN.
RTs were introduced in the MPLS VPN
architecture to support complex VPN
topologies.

A different method is needed in which a set

of identifiers can be attached to a route.

What are RTs?

RTs are additional attributes attached to VPNv4

BGP routes to indicate VPN membership.

Extended BGP communities are used to

encode these attributes.

Extended communities carry the meaning of the

attribute together with its value.

Any number of RTs can be attached to a single

route.

RTs: How Do They Work?

Export RTs:

Identifying VPN membership

Appended to the customer route when it is
converted into a VPNv4 route

Import RTs:

Associated with each virtual routing table

Select routes to be inserted into the virtual
routing table

VPNs Redefined

With the introduction of complex VPN

topologies, VPNs have had to be redefined:

A VPN is a collection of sites sharing common

routing information.
A site can be part of different VPNs.
A VPN can be seen as a community of interest
(closed user group).
Complex VPN topologies are supported by
multiple virtual routing tables on the PE routers.

Impact of Complex VPN

Topologies on Virtual
Routing
Tables
A virtual routing
table in a
PE router can be used
only for sites with identical connectivity
requirements.

Complex VPN topologies require more than one

virtual routing table per VPN.

As each virtual routing table requires a distinct

RD value, the number of RDs in the MPLS VPN
network increases.

Impact of Complex VPN

Topologies on Virtual
Routing Tables (Cont.)

MPLS VPN Routing

Requirements

CE routers have to run standard IP

routing software.

PE routers have to support MPLS

VPN services and IP routing.

P routers have no VPN routes.

MPLS VPN Routing:

CE Router Perspective

The CE routers run standard IP routing software and

exchange routing updates with the PE router.

EBGP, OSPF, RIPv2, EIGRP, and static routes are

supported.

The PE router appears as another router in the C-network.

MPLS VPN Routing:

Overall Customer
Perspective

To the customer, the PE routers appear as core routers

connected via a BGP backbone.
The usual BGP and IGP design rules apply.
The P routers are hidden from the customer.

MPLS VPN Routing:

P Router Perspective

P routers do not participate in MPLS VPN routing and do

not carry VPN routes.

P routers run backbone IGP with the PE routers and

exchange information about global subnetworks (core links
and loopbacks).

MPLS VPN Routing:

PE Router Perspective

PE routers:
Exchange VPN routes with CE routers via per-VPN routing protocols.
Exchange core routes with P routers and PE routers via core IGP.
Exchange VPNv4 routes with other PE routers via MP-IBGP sessions.

Support for Existing

Internet Routing

PE routers can run standard IPv4 BGP in the global routing table:

PE routers exchange Internet routes with other PE routers.

CE routers do not participate in Internet routing.
P routers do not need to participate in Internet routing.

Routing Tables on PE
Routers

PE routers contain a number of routing tables:

The global routing table contains core routes (filled with core IGP)
and Internet routes (filled with IPv4 BGP).
The VRF tables contains routes for sites of identical routing
requirements from local (IPv4 VPN) and remote (VPNv4 via MPBGP) CE routers.

End-to-End Routing Update

Flow

PE routers receive IPv4 routing updates from CE routers and

install them in the appropriate VRF table.

End-to-End Routing Update

Flow (Cont.)

PE routers export VPN routes from VRF tables into MPBGP and propagate them as VPNv4 routes to other PE
routers.

End-to-End Routing
Update Flow:
An MP-BGP
MP-BGP
Update
update contains
these elements:
VPNv4 address
Extended communities
(route targets, optionally SOO)
Label used for VPN packet forwarding
Any other BGP attribute (for example,
AS path, local preference, MED,
standard community)

End-to-End Routing
Update Flow (Cont.)

The receiving PE router imports the incoming VPNv4

routes into the appropriate VRF based on route targets
attached to the routes.
The routes installed in the VRFs are propagated to the
CE routers.

Route Distribution to CE
Routers

A route is installed in the site VRF if it

matches the import route target attribute.
Route distribution to CE sites is driven by
the following:

Route targets
SOO attribute if defined

What Is Multi-VRF CE
(VRF-Lite)?
Multi-VRF CE (VRF-lite) is an application based on
VRF implementation.

The CE router separates traffic between client

networks using VRFs.
There is no MPLS functionality on the CE router.

VRF-lite supports multiple overlapping and

independent VRFs on the CE router.

No label exchange between the CE and PE router.

No labeled packet flow between the CE and PE router.

Any routing protocol supported by normal VRF can

be used in a Multi-VRF CE implementation.

VPN Packet Forwarding

Across an MPLS VPN
Backbone: Approach 1

Approach 1: The PE routers will label the VPN packets with an LDP label
for the egress PE router, and forward the labeled packets
across the MPLS backbone.
Results:
The P routers perform the label switching, and the packet reaches the
egress PE router.
Because the egress PE router does not know which VRF to use for
packet switching, the packet is dropped.

VPN Packet Forwarding

Across an MPLS VPN
Backbone: Approach 2

Approach 2:

Result:

The PE routers will label the VPN packets with a label stack,
using the LDP label for the egress PE router as the top label, and
the VPN label assigned by the egress PE router as the second
label in the stack.

The P routers perform label switching using the top label, and the packet
reaches the egress PE router. The top label is removed.

The egress PE router performs a lookup on the VPN label and forwards the
packet toward the CE router.

VPN PHP

Penultimate hop popping (PHP) on the LDP label can

be performed on the last P router.

The egress PE router performs label lookup only on the

VPN label, resulting in faster and simpler label lookup.

IP lookup is performed only oncein the ingress PE

router.

VPN Label Propagation

Question: How will the ingress PE router get the second label
in the label stack from the egress PE router?
Answer: Labels are propagated in MP-BGP VPNv4 routing
updates.

VPN Label Propagation

(Cont.)

Step 1: A VPN label is assigned to every VPN route by the egress

PE router.
Step 2: The VPN label is advertised to all other PE routers in an
MP-BGP update.
Step 3: A label stack is built in the VRF table.

MPLS VPNs and Packet

Forwarding:
Summarization in the Core

MPLS-VPN Terminology and

Provider Network Definitions
(P-Network):The backbone under control
of a service provider
Customer Network (C-Network):Network under customer
control
CE-router: Part of the customer network and interfaces to a
PE router
Site: Set of (sub)networks part of the customer network and
co-located.
PE-router: Part of the provider network and interfaces to
CE routers
P-router: Provider (core) router, without knowledge of VPN
Border router: Provider edge router interfacing to other
provider networks

DIT

MPLS-VPN Terminology and

VRF: VPN routing and forwarding instance
Definitions

Extended Community: BGP attribute used to identify a

route-origin, route-target
Site of Origin Identifier (SOO): 64 bits identifying the site
where the route originated
route target: 64 bits identifying the VRFs that should
receive the route
Route Distinguisher: Attributes of each route used to
uniquely identify prefixes among VPNs (64 bits).
VPN-IPv4 addresses: Normal IP address including the
64-bit route distinguisher and the 32-bit IP address
VPN-Aware network: A provider backbone where MPLS
PN is deployed

DIT

MPLS Traffic Engineering (TE)

Overview

DIT

What Is Traffic
Engineering?
TE is a process
of measures, models, and

controls of traffic to achieve various goals.

TE for data networks provides an integrated
approach to managing traffic at Layer 3.
Traffic engineering is manipulating your
traffic to fit your network.
Network engineering is building your
network to carry your predicted traffic.
TE is commonly used in voice telephony
networks.

Traffic Engineering
Motivations
Reduce the
overall cost of operations by more
efficient use of bandwidth resources

Prevent a situation where some parts of a

network are overutilized (congested), while
other parts remain underutilized

Implement traffic protection against failures

Enhance SLA in combination with QoS

Business Drivers for Traffic

Engineering
Routers forward traffic
along the least-cost route discovered

by routing protocols.
Network bandwidth may not be efficiently utilized:

Lack of resources results in congestion in two ways:

The least-cost route may not be the only possible route.

The least-cost route may not have enough resources to carry all
the traffic.
Alternate paths may be underutilized.
When network resources themselves are insufficient to
accommodate offered load
When traffic streams are inefficiently mapped onto available
resources

Some resources are overutilized while others remain

underutilized.

Congestion Avoidance and

Traffic Engineering

Network congestion can be addressed by

either:

Expansion of capacity or classical congestion

control techniques (queuing, rate limiting, and
so on)
Traffic engineering, if the problems result from
inefficient resource allocation

The focus of TE is not on congestion

created as a result of a short-term burst, but
on congestion problems that are prolonged.

Traffic Engineering with a

Layer 2 Overlay Model

The use of the explicit Layer 2 transit layer allows very exact
control of how traffic uses the available bandwidth.
PVCs or SVCs carry traffic across Layer 2.
Layer 3 at the edge sees a complete mesh.

Traffic Engineering with a

Layer 2 Overlay Model:
Example

Traffic Engineering with a

Layer 2 Overlay Model
(Cont.)
Drawbacks of the
Layer 2 overlay solution

Extra network devices

More complex network management:

Two-level network without integrated network

management
Additional training, technical support, field
engineering

IGP routing scalability issue for meshes

Additional bandwidth overhead (cell tax)
No differential service (class of service)

Layer 3 Model with No Traffic

Engineering

Traffic Engineering with the

MPLS TE Model

Tunnel is assigned labels that represent the path (LSP)

through the system.
Forwarding within the MPLS network is based on labels
(no Layer 3 lookup).

Traffic Engineering with

the MPLS TE Model (Cont.)

The MPLS TE LSPs are created by

RSVP.

The actual path can be specified:

Explicitly defined by the system
administrator
Dynamically defined using the underlying
IGP protocol

MPLS TE

MPLS traffic engineering requires OSPF or IS

IS with extensions for MPLS TE as the IGP.
OSPF and IS-IS with extensions hold the
entire topology in their databases.
OSPF and IS-IS should also have some
additional information about network
resources and constraints.
RSVP is used to establish traffic engineering
tunnels (TE tunnels) and propagate labels.
DIT

Summary

Traffic engineering measures, models, and controls

traffic to achieve various goals.

TE is driven by inefficient bandwidth utilization.

TE focuses on prolonged congestion problems.
With the TE Layer 2 overlay model, routers are not
aware of the physical structure and bandwidth available
on links.
With the TE Layer 3 model, the destination-based
forwarding paradigm cannot handle the problem of
overutilization of one path while an alternate path is
underutilized.
TE with the MPLS TE model means that the routers use
the MPLS label-switching paradigm.