4. Why MPLS?
• Needed a single infrastructure that supports multitude of applications in a
secure manner
• Provide a highly scalable mechanism
• Load balance traffic to utilize network bandwidth efficiently
• Allow core routers/networking devices to switch packets based on some
simplified header
• Leverage hardware so that simple forwarding paradigm can be used
Diseños de Red Basados en MPLS
15. Identify MPLS as an Application-driven
Technology
MPLS Applications
Diseños de Red Basados en MPLS
16. Identify MPLS as an Application-driven
Technology (Cont.)
Unicast IP Routing
Diseños de Red Basados en MPLS
17. Identify MPLS as an Application-driven
Technology (Cont.)
MPLS Traffic Engineering
Diseños de Red Basados en MPLS
18. Identify MPLS as an Application-driven
Technology (Cont.)
MPLS TE Example
• Some traffic from the upper (overutilized) path should
be moved to the lower path.
Diseños de Red Basados en MPLS
19. Identify MPLS as an Application-driven
Technology (Cont.)
Quality of Service
Diseños de Red Basados en MPLS
20. Identify MPLS as an Application-driven
Technology (Cont.)
Virtual Private Networks
Diseños de Red Basados en MPLS
21. Identify MPLS as an Application-driven
Technology (Cont.)
VPN Example
Diseños de Red Basados en MPLS
22. Identify MPLS as an Application-driven
Technology (Cont.)
Layer 2 MPLS VPN
Diseños de Red Basados en MPLS
23. Identify MPLS as an Application-driven
Technology (Cont.)
Layer 2 MPLS VPN Example
Diseños de Red Basados en MPLS
26. Overlay VPN
Traditional VPN implementations were all based
on the overlay paradigm:
The service provider sells physical-layer connectivity, or
virtual circuits, or L2/L3 tunnels between customer sites
as a replacement for dedicated point-to-point links.
Diseños de Red Basados en MPLS
28. Peer-to-Peer VPN
The overlay VPN paradigm has a number of
drawbacks (need to establish point-to-point links
or VCs between customer sites).
To overcome this drawback and provide optimum
data transport, the peer-to-peer concept was
introduced.
Diseños de Red Basados en MPLS
29. Peer-to-Peer VPN (Cont.)
In a peer-to-peer VPN, the service provider
participates in the customer routing, accepting
customer routes, transporting them across the
service provider backbone, and finally propagating
them to other customer sites.
Diseños de Red Basados en MPLS
30. Peer-to-Peer VPN (Cont.)
The Move from Overlay to Peer-to-Peer
• Customers and service provider peer directly using the same OSI-layer
protocol - IP
Diseños de Red Basados en MPLS
31. The Major Categories of VPN
Benefits of the VPN Paradigms
Diseños de Red Basados en MPLS
32. The Major Categories of VPN (Cont.)
Drawbacks of the VPN Paradigms
Diseños de Red Basados en MPLS
33. MPLS Backbone
Benefits of deploy an MPLS
Backbone
• VPNs can utilize virtually any VPN technology (Layer 3
MPLS VPNs, Frame Relay, ATM, TDM, leased line) on the
edge of the backbone.
• All virtual VPN technologies use a single underlying MPLS
backbone to forward VPN packets, frames or cells.
Diseños de Red Basados en MPLS
34. MPLS Layer 2 and Layer 3 VPN
MPLS-based VPNs can provide VPN functionality using OSI Layers 2 and 3:
Layer 3 MPLS VPN is a peer-to-peer model where
the MPLS VPN backbone and the VPN are
exchanging Layer 3 routing information, and Layer 3
packets are transmitted across an MPLS-enabled IP
backbone.
Layer 2 MPLS VPN is an Overlay model where
Layer 2 frames or cells are transmitted across and
MPLS-enabled IP backbone.
Diseños de Red Basados en MPLS
35. MPLS Layer 2 and Layer 3 VPN (Cont.)
Layer 3 MPLS VPN
Layer 3 MPLS VPNs provide support for IPv4 protocol to be used inside a VPN:
The customer routers use a routing protocol (or static route) to exchange routing information with the provider
edge routers.
The MPLS VPN backbone uses MP-BGP to propagate VPN routing information across the backbone.
Diseños de Red Basados en MPLS
36. MPLS Layer 2 and Layer 3 VPN (Cont.)
Layer 2 MPLS VPN
Layer 2 MPLS VPNs provide support for OSI Layer 2 Protocols to be used inside a VPN:
Point-to-point Layer 2 connections can be established over MPLS LSPs to provide support for Layer 2 protocols
such as Frame Relay, ATM, PPP.
Multipoint Layer 2 connections can be established to create virtual LANs across an MPLS backbone.
Diseños de Red Basados en MPLS
37. MPLS Layer 2 and Layer 3 VPN (Cont.)
A single IP backbone can do the job of:
Internet service provisioning
Layer 3 MPLS VPN provisioning
Frame Relay trunk or PVC provisioning
ATM trunk or PVC provisioning
Leased line provisioning
TDM provisioning
Interworking between different Layer 2 technologies
(e.g. Frame Relay ATM, Ethernet Frame
Relay)
Diseños de Red Basados en MPLS
44. Flexible QinQ Introduction
Typical Metro Ethernet challenges
L2 and L3 services on the same port
Flexible service mapping
Flexible VLAN matching and manipulation
Local VLAN significance
VLAN scale
H-QoS per VLAN
…
EVC based Flexible QinQ will meet all the above requirements
Diseños de Red Basados en MPLS
45. ServiceFlex
No global VLAN resource needed for xconnect
VLAN Scalability
VLAN 6
W
S
L
P
M
o
E
VLAN 7
o
t
a
n
i
m
r
e
T
F
R
V
/
3
L L3/VRF termination
VLAN 8
Split-horizon option provide “isolation”
between sub-interfaces
I
V
S
+
0
1
N
A
L
a
b
o
l
G
S
L
P
M
o
E
/
V Bridge-domain is global
Bridge-domain 100 [dot1q- F
R
V
/
3
L VLAN which has L2/L3
VLAN 6
service associated
tunnel] g
n
i
d
r
B
2
L
VLAN 7 [bpdu transparent | drop]
VLAN 9
Have option to add second vlan tag or replace the encap vlan tag
Have option to drop or transparently forward CE BPDU
L2 and L3 co-exist on the same port
Flexible L2/L3 service mapping
VLAN local port significance and VLAN Scalability
VLAN local port significance H-QoS support on main-interface/sub-interface
Diseños de Red Basados en MPLS
46. Flexible QinQ Overview
Service instance
One service instance (EFP) can
(Ethernet Flow Point)
match one or multiple or range Per service features
of VLANs at a time EVC
L3
VPLS
Flexible Flexible EoMPLS
VLAN VLAN H-QoS
Security
tag Tag per VLAN
matching rewrite
Local connect (P2P)
Local Bridging (MP)
Flexible VLAN tag manipulation,
pop/push/translate Flexible L2/L3 service mapping,
one or groups of EFPs can map
• VLAN local port significance to same EVC
• Two VLAN tag aware
• Flexible VLAN tag matching
(combination of up to two tag)
Diseños de Red Basados en MPLS
47. Parent VLAN
priority
Flexible QinQ - EVC Control Point CLI shape
average
bandwidth
shape
Child
average
interface <type><slot/port>
service instance <id> ethernet <evc-name> ID is per interface scope. evc-name
is global unique in the network. All service instances should have the same
evc-name if they are mapped to same EVC
<match criteria commands> VLAN tags, MAC, CoS, Ethertype
<rewrite commands> VLAN tags pop/push/translation
<forwarding commands> L2 P2P or MP
<feature commands> QoS, ACL, etc
Interface
service instance X service instance Y sub-interface
Per Sub-interface
Per Port Per EVC Per Port Per EVC
Features (L3)
Features Features
Layer 2 Services
Bridging (VPLS via SVI)
xconnect (EoMPLS) L3 VRF
Local Connect
Diseños de Red Basados en MPLS
48. Flexible QinQ Configuration –
flexible frame matching
Single tagged frame
encapsulation dot1q {any | “<vlan-id>[,<vlan-id>[-<vlain-id>]]”}
Vlan tag can be single, multiple or range or any (1-4096).
Double tagged frame (only look up to 2 tags if receive more than 2 tagged frames)
encapsulation dot1q <vlan-id> second-dot1q {any | “<vlan-id>[,<vlan-id>[-<vlain-id>]]”}
First vlan tag must be unique, second vlan tag can be any, unique, range or multiple
Default tag
encapsulation dot1q default
Match all frames tagged or untagged that are not matched by other more specific service
instances
untagged
encapsulation untagged
Match no tagged frames
One service instance can match one, multiple or range of VLANs
simplify configuration and operation, improve performance, more scale
Diseños de Red Basados en MPLS
49. Flexible QinQ Configuration –
flexible encapsulation rewrite
Router(config-if-srv)#[no] rewrite ingress tag … symmetric
push {dot1q <vlan-id> | dot1q <vlan-id> second-dot1q <vlan-id>} add 1 or 2 tag
pop {1 | 2} remove outer 1 or 2 tag
translate translate vlan tag
1-to-1 dot1q <vlan-id>
2-to-1 dot1q <vlan-id>
1-to-2 dot1q <vlan-id> second-dot1q <vlan-id>
2-to-2 dot1q <vlan-id> second-dot1q <vlan-id>
“symmetric” – any rewrite on ingress, do the reverse rewrite on egress. For example,
“rewrite ingress tag push dot1q 100 symmetric” =
“rewrite ingress tag push dot1q 100” +
“rewrite egress tag pop 1”
Note, we only support “rewrite ingress” with “symmetric” keyword. Not support “rewrite
egress” configuration. “symmetric” is MUST configuration, not optional
Diseños de Red Basados en MPLS
50. Flexible QinQ Configuration –
flexible service mapping/forwarding
Service instance
(Ethernet Flow Point)
connect test gig1/0/0 10 gig1/0/1
20 EVC
Local Connect, including hair pinning
xconnect …
EoMPLS
xconnect vfi …
VPLS
EoMPLS
BD
Local Bridging
bridge-domain 100 [split-horizon]
put multiple EFPs into one global VLAN for L2 bridging
split-horizon option to enable/disable bridging between
EFPs
interface vlan 100
xconnect … or ip address …
L2/L3 service associated to bridge-domain (global VLAN)
Diseños de Red Basados en MPLS
53. Cisco ASR9000 Aggregation Service Router
6 and 10 slot chassis
1+1 RSP, SSO, NSR
180 Gbps per slot, Tbps fabrics.
IOS XR Operating System, microkernel
EVC Framework (up to 32K EFPs per slot)
HQoS (up to 256K queues per slot)
High 10GE density (up to 24x10GE per
Diseños de Red Basados en MPLS
54. Cisco Metro 3600X Access Switches
Advanced Access
24xGE+2x10GE
Redundant Power Supplies (AC/DC)
65Mpps
EVC Framework (4000 EFPs)
MPLS, MPLS TE, EoMPLS, MPLS VPNs
HQoS on all ports
4K Egress Queues
Diseños de Red Basados en MPLS
55. Cisco Metro 3800X Switch Router
Advanced Access
24xGE+2x10GE
Redundant Power Supplies (AC/DC)
65Mpps
EVC Framework (16000 EFPs)
MPLS, MPLS TE, EoMPLS, VPLS, MPLS VPNs
HQoS on all ports
32K Egress Queues
Diseños de Red Basados en MPLS
Traditional IP Forwarding Objective You will describe the limitations of L 3 routing. Introduction This section describes the limitations of L 3 routing. Definition There are several inherent drawbacks to traditional IP forwarding. With traditional IP forwarding, routing protocols are used to distribute L 3 routing information. Regardless of the routing protocol, forwarding is based on the destination address only. Routing lookups are performed on every router. Thus each router in the network makes an independent decision when forwarding packets. MPLS helps reduce the number of routing lookups and possibly changes the forwarding criteria.
Traffic Engineering Using Traditional IP Forwarding Facts Destination-based IP routing does not provide any mechanism for load balancing across unequal paths. This can result in the overutilization of a primary link, while backup links remain unused. All of the traffic going between sites A and B uses only the primary link because the destination network is only one hop away. Traditional IP forwarding does not have a scalable mechanism to allow for the utilization of the backup link. Policy-based routing and load-balancing could be used to forward packets based on other parameters, but this is not possible on networks with high volume traffic due to performance limitations.
What Is MPLS? Objective You will describe the basic architecture of a MPLS network. Introduction This section describes the basic architecture of a MPLS network. Definition MPLS is a new forwarding mechanism in which packets are forwarded based on labels. The labels may correspond to IP destination addresses or to other parameters, such as QoS and source address. MPLS is also designed to support the forwarding of other protocols. With MPLS enabled on the network, routers assign labels to define paths between end points. Because of this, only the routers on the edge of the network perform a routing lookup. The first router receives the packet and does a routing lookup. In this example, the packet is given a label of 25. MPLS core routers quickly switch the packets based on a simple label lookup instead of having to perform a routing table lookup. The router swaps the label and forwards the packet. The last router on the edge of the MPLS network removes the label and forwards the packet onto its destination. Multiprotocol Label Switching MPLS is a switching method that uses labels to forward L 2 and L3 traffic.
MPLS Functionality Objective You will describe the difference between the data plane and the control plane in MPLS. Introduction This section describes the difference between the data plane and the control plane in MPLS. Definition An MPLS-enabled router’s functionality is divided into two major parts: the control plane and data plane. The control plane exchanges L 3 routing information and labels. Various routing protocols—such as OSPF, EIGRP, IS-IS, and BGP—can be used in the control plane. The L 3 routing protocol is used to propagate L 3 routing information. In this case, OSPF is used to distribute L 3 reachability information by receiving and sending routing updates. The label exchange mechanism simply propagates labels that are used for L 3 destinations. In this example, the Label Distribution protocol receives a label of 17 to be used for packets with a destination address of 10.x.x.x. The data plane is a simple label-based forwarding engine that is independent of routing protocol or label exchange protocol. A Label Forwarding Information Base is used to forward packets based on labels. It is populated by the label exchange protocols used in the control plane. The label generated by the Label Distribution Protocol is stored in the Label Information Base. Since the label is from a next hop router it is then populated to the Label Forwarding Information Base (LFIB) table. A local label is generated and sent to upstream neighbors. In this example, the label is 16. The data plane then forwards all packets with a label of 16 through the appropriate interfaces and replaces the label with a label of 17. Control Plane The control plane exchanges L 3 routing information and labels. It contains a routing protocol and a label distribution protocol. Data Plane The data plane forwards packets either based on labels or destination addresses. It contains a Forwarding Information Base (FIB) that is populated by the routing protocol and a Label Forwarding Information Base (LFIB) that is populated by the label exchange protocols used in the control plane.
MPLS Modes of Operation Objective You will describe the difference between frame-mode and cell-mode MPLS. Introduction This section describes the difference between frame-mode and cell-mode MPLS. Definition MPLS is designed for use on virtually any media and L2 encapsulation. Most L2 encapsulations are frame based. With frame-based MPLS, an additional 32-bit label field is inserted between the L2 and L3 headers. MPLS over ATM is a special case because it can use frame mode or the label can be inserted into the ATM fixed-length cell headers in every cell. In frame-mode MPLS, when the edge router receives a normal IP packet, it does a routing lookup. The forwarding table shows that a label should be attached to the packet. A label is then imposed between the L 2 frame header and L3 packet header. The labeled packet is then sent out. In cell-mode MPLS, the ATM’s header Virtual Path Identifier/Virtual Channel Identifier fields (VPI/VCI) are used to hold the labels for forwarding decisions. The original 32-bit label is still preserved in the frame, but not used in the label switching decision.
MPLS Label Format Objective You will describe how label headers are used in MPLS. Introduction This section describes how label headers are used in MPLS. Definition MPLS uses a 32-bit label header format that contains a label, an experimental field, a bottom-of-stack indicator, and a time-to-live field. The 32-bit MPLS label header begins with a 20-bit label that has local significance and might change on every hop. A 3-bit experimental field is currently used to define a class of service in a similar way as the IP precedence of the encapsulated IP packet. By default, Cisco routers automatically copy the IP precedence value to this field during label imposition, attaching the label to the IP packet, and copy back from this field to the IP precedence during label disposition. However, this behavior can be changed to meet QoS policy needs. MPLS allows multiple labels to be inserted. A 1-bit bottom-of-stack indicator is used to determine whether the label is the last label before the IP header. The bit in the last label in the packet is set to 1. An 8-bit TTL field is used to prevent indefinite looping of packets. The Time-to-Live (TTL) field is decremented at every hop.
Label Switched Routers Objective You will describe the different types of label switched routers used in a MPLS network. Introduction This section describes the different types of label switched routers used in a MPLS network. Definition There are two types of label switched routers: Label Switch Routers ( LSRs) and Edge LSRs. Edge LSRs are positioned on the edges of the MPLS domain. Their primary function is either to label IP packets and forward them into the MPLS domain or to remove labels and forward IP packets out of the MPLS domain. Cell-mode MPLS uses ATM LSRs. ATM edge LSRs segment packets into cells and assign labels to the ATM cell header or, they reassemble ATM cells back into packets. LSRs exist inside the MPLS domain. An LSR will primarily forward labeled packets by swapping a label. Both LSRs and edge LSRs are capable of both label switching and IP routing. LSRs have all interfaces enabled for MPLS, while edge LSRs have some interfaces that are not enabled for MPLS. ATM LSRs are typically ATM switches running an IP routing protocol and forward cells based on MPLS labels. Edge LSR Edge LSRs primarily either label IP packets and send them into an MPLS domain, or remove labels from packets and forward IP packets out of an MPLS domain. ATM edge LSRs also segment packets into cells. LSR LSRs are the core routers in an MPLS domain. They perform label swapping to forward packets or cells quickly.
MPLS Forwarding Objective You will describe the basic concepts of MPLS and explain L 3 IP routing limitations. Introduction This section describes the basic concepts of MPLS and explain L 3 IP routing limitations. Definition MPLS forwarding is based on exchanged labels. An MPLS-enabled router can either insert, swap, or remove a label. In this example, on the edge of the MPLS domain, the ingress edge LSR performs a routing table lookup and assigns (inserts) a label of 23 to the packet. The packet is then forwarded to the LSR in the center of the domain. The middle LSR router accepts the packet with a label of 23 and swaps the label based on the contents of the label forwarding table. It has the capability to perform a routing table lookup, but it does not have to. The packet is sent on with a new label of 25. The egress router removes (pops) the label and does a forwarding table lookup to forward the packet out of the domain. Penultimate Hop Popping Penultimate hop popping slightly optimizes packet-mode MPLS forwarding by eliminating one LFIB lookup. Instead of removing the label on the last hop, the label is removed on the router before the last hop within an MPLS domain. This will be covered in more depth in the Configure Packet-Mode MPLS topic. When discussing MPLS packet forwarding in this topic, the examples will show the label being removed on the last hop.
MPLS Applications Objective You will identify the network services that require MPLS. Introduction This section identifies the network services that require MPLS. Definition Many types of applications make use of MPLS’s label switching technology. Each MPLS application may use a different routing protocol and a different label exchange protocol, but all of the applications use one single label-forwarding engine. MPLS applications also have a unique Forwarding Equivalence Class (FEC). The FEC is used to describe packets that are using the same path across the network. Forwarding Equivalence Class The FEC describes packets that are using the same path across a network. It can correspond to, for example, a destination prefix in unicast routing (simplest case), a destination prefix and Class of Service in QoS, or a destination prefix and bandwidth requirements i n MPLS Traffic Engineering (MPLS TE ) .
Unicast IP Routing Facts Unicast IP routing is the most common application for MPLS. Unicast IP routing with MPLS requires two control plane mechanisms: an IP routing protocol and a label distribution protocol (LDP). The routing protocol carries any information on the network’s reachability, while the label distribution protocol binds the labels to networks learned via the routing protocol. A label is assigned to every destination network found in the IP forwarding table, so the FEC corresponds to an IP destination network.
MPLS Traffic Engineering Facts MPLS TE is an add-on to MPLS that provides more intelligent link utilization. Traffic Engineering with MPLS requires either IS-IS or OSPF with extensions for MPLS TE as the internal gateway protocol (IGP) , because the IGP’s database contains the entire network topology and additional information about network resources and constraints. Edge Label Switch Routers (E-LSRs) must be able to dynamically create Label Switched Paths (LSPs) that meet a defined bandwidth requirement. Cisco uses the Internet Engineering Task Force ( IE TF) standard Resource Reservation Protocol (RSVP) with Traffic Engineering extensions to create the LSP and to propagate labels for MPLS TE tunnels. Constraint-based LDP is another protocol for this purpose.
MPLS TE Example Example In this case study, an undesirable situation exists with an overutilized primary path and an underutilized alternative path. Traffic from both R1 and R8 toward R5 takes the upper path via R2. Traffic Engineering can be used to move some traffic volume from the overutilized upper path to the underutilized lower path. Using MPLS, a tunnel is configured between R1 and R5. This tunnel is engineered to take the underutilized path through R6 and R7. Traffic from R1 to destinations behind R4 can now be directed by R2 into the tunnel. The traffic from R8 is not injected into the tunnel and still takes the upper path. The network traffic is now load shared between the two paths rather than overwhelming the least-cost path.
Quality of Service Facts Quality of Service (QoS) is an extension to unicast forwarding that provides differentiated services. Differentiated QoS is achieved either by using MPLS experimental bits (so - called E-LDP variant) or by creating separate LSPs for different classes (so - called L-LDP variant) . Extensions to Tag Distribution Protocol (TDP) or LDP are used to propagate different labels to the different classes. The FEC corresponds to the combination of a destination network and the class of service.
Virtual Private Networks Facts MPLS also provides an efficient mechanism for supporting VPNs. MPLS VPNs use an additional label to determine the corresponding VPN destination network. Customer network information is exchanged between the customer’s router and the edge LSR via an IGP from a customer or BGP. The customer’s networks are stored in a special routing instance referred to as a Virtual Routing and Forwarding (VRF). Labels are assigned for the networks in the VRF and advertised to the egress LSR via Multiprotocol BGP. An LSP constructed by either TDP/LDP or TE tunnels is still needed to link edge LSRs. The FEC corresponds to a VPN destination network.
VPN Example Example In this case study, a service provider is operating an MPLS-based network to provide VPN service to customers A, B, and C. The customers should only be able to exchange traffic with their own sites. There should be no leaking of customer information. The ingress router receives an IP packet from customer A. The packet is MPLS encapsulated and assigned a stack of two labels. The topmost label indicates how the packet should be forwarded through the service provider network. The second label indicates how to forward the packet to the customer A site once it reaches the end of the service provider network.
Any Transport over MPLS (AToM) Example AToM provides forwarding of Layer 2 frames, or cells, across an MPLS backbone. With AToM, Ethernet, Frame Relay, High-level Data Link Control (HDLC), or Point-to-Point Protocol (PPP), frame and ATM cells are received by the ingress edge LSR. The Layer 2 frames, or cells, are then MPLS encapsulated and assigned a stack of two labels. The top label points the frame to the egress edge LSR and the second label identifies the outgoing interface on the egress router. A directed multihop LDP session between the ingress and egress edge LSRs is used to exchange the second label. The FEC corresponds to the outgoing interface on the egress router .
AToM Example Example In this case study, a service provider is operating an MPLS network to provide forwarding of Frame Relay frames. The ingress service provider router receives Frame Relay frames on a serial interface from a customer’s switch. The frames are MPLS encapsulated and assigned two labels. The topmost label indicates how the frames should be forwarded through the service provider MPLS network. The second label indicates how to forward the frames to the customer site once they reach the end of the service provider network. The forwarding can be done on any media type supported by MPLS. The customer devices view the route across the service provider network as a transparent Frame Relay link. This means the two Frame Relay switches can be configured to provide a PVC between the two customer routers. The customer routers appear as Layer 3 neighbors and any traffic between them will be tunneled across the MPLS network.
The Components of a VPN Objective You will describe the major architectural blocks of MPLS VPNs and describe the role of the Customer Edge (CE), Provider Edge (PE), and Provider core (P) routers. Introduction This section describes the major architectural blocks of MPLS VPNs and describe the role of the CE, PE, and P routers. Definition All Virtual Private Networks (VPNs) use the same basic components. There are many conceptual models and terminologies describing VPNs. The terminology is generic enough to cover any VPN technology or implementation. The framework begins with the major parts of a VPN solution, including the service provider network, or P network, which is the common infrastructure the service provider uses to offer VPN services to the customers. The customer network, or C network, which is the part of the overall customer network that is exclusively under the customer control . A typical customer network implemented with any VPN technology would contain islands of connectivity, completely under the customer control, called customer sites, which are connected together via the service provider infrastructure . The devices that enable the overall VPN solution are named based on their position in the network. The customer router that connects the customer site to the service provider network is called a customer edge router (CE). Traditionally, this device is called Customer Premises Equipment (CPE). Service provider devices, to which the customer devices are attached, are called provider edge devices (PE). In traditional switched WAN implementations, these devices would be Frame Relay or X.25 edge switches. Service provider devices that only provide data transport across the service provider backbone and have no customers attached to them are called provider devices (P). In traditional switched WAN implementations these would be core, or transit, switches. Switched WAN technologies introduce a term, Virtual Circuit (VC), which is an emulated point-to-point link established across Layer 2 infrastructure. VCs are further differentiated into Permanent Virtual Circuits (PVCs), which are pre-established by means of network management or manual configuration, and Switched Virtual Circuits (SVCs), which are established on demand through a call-setup request from the CE device.
Overlay VPN Objective You will describe an Overlay VPN implementation based on legacy technologies such as Frame Relay, ATM, and ISDN. Introduction This section describes an Overlay VPN implementation based on legacy technologies. Definition Traditional VPN implementations were all based on the overlay paradigm, in which the service provider sells virtual circuits between customer sites as a replacement for dedicated point-to-point links.
Implementing an Overlay VPN Example In this example, a customer needs to connect to three remote sites, with Router A representing the hub, and demands connectivity between the hub and Routers B, C, and D. The service provider implements this request by providing three Permanent Virtual Circuits across the Frame Relay network. From the Layer 3 perspective, the service provider network is invisible, the customer routers are linked with emulated point-to-point links. A routing protocol is run directly between customer routers that establish routing adjacencies and exchange routing information. The service provider is not aware of customer routing and has no information about customer routes. The responsibility of the service provider is purely the point-to-point data transport between customer sites.
Overlay VPN Objective You will describe an Overlay VPN implementation based on legacy technologies such as Frame Relay, ATM, and ISDN. Introduction This section describes an Overlay VPN implementation based on legacy technologies. Definition Traditional VPN implementations were all based on the overlay paradigm, in which the service provider sells virtual circuits between customer sites as a replacement for dedicated point-to-point links.
Overlay VPN Objective You will describe an Overlay VPN implementation based on legacy technologies such as Frame Relay, ATM, and ISDN. Introduction This section describes an Overlay VPN implementation based on legacy technologies. Definition Traditional VPN implementations were all based on the overlay paradigm, in which the service provider sells virtual circuits between customer sites as a replacement for dedicated point-to-point links.
The Move from Overlay to Peer-to-Peer VPN Objective You will describe peer-to-peer VPN implementation using controlled route distribution or packet filters. Introduction This section describes peer-to-peer VPN implementation using controlled route distribution or packet filter. Definition The o verlay VPN paradigm has a number of drawbacks, the most significant of them being the need for the customer to establish point-to-point links or virtual circuits between the customer sites. To overcome this drawback and provide the customer with optimum data transport, the peer-to-peer concept was introduced. In a peer-to-peer VPN implementation, the service provider actively participates in the customer routing, accepting customer routes, transporting them across the service provider backbone, and finally propagating them to other customer sites. Routing information is exchanged between customer and service provider routers. Service provider routers exchange customer routes through the core network. Finally, the customer routes propagated through the service provider network are sent to other customer routers.
Benefits of the VPN Paradigms Objective You will describe the major categories of VPN technology. Introduction This section describes the major categories of VPN technology. Definition Each VPN paradigm has a number of benefits. For example, overlay VPNs are well known and easy to implement, both from customer and service provider perspectives. The service provider does not participate in customer routing in overlay VPNs, making the demarcation point between the service provider and the customer easier to manage. In peer-to-peer VPNs, optimum routing between customer sites is assured without any special design or configuration effort. This implementation also allows for easy provisioning of additional VPNs or customer sites, as the service provider only needs to provision individual sites, not the links between individual customer sites.
Drawbacks of the VPN Paradigms Example There are also several drawbacks to each VPN implementation. Overlay VPNs require a full mesh of virtual circuits between customer sites to provide optimum inter-site routing. The virtual circuits between customer sites in Layer 2 Overlay VPN are usually provisioned manually, and the bandwidth must be provisioned on a site-to-site basis, which is not always easy to achieve. In addition, the IP-based Layer 3 Overlay VPN implementations, which use GRE or IPSec, also incur high encapsulation overhead. Peer-to-peer VPNs have their share of drawbacks as well. For example, the service provider becomes responsible for correct customer routing and for fast convergence of a customer’s network following a link failure. The service provider’s core routers have to carry all customer routes that were hidden from the service provider in the overlay VPN paradigm, increasing memory requirements on core routers. Also, the service provider needs detailed IP routing knowledge, which is not readily available in traditional Layer 2 service support staff.
Layer 2 and Layer 3 VPN (Cont.) Benefits of MPLS-based VPNs Facts MPLS backbones provide advanced and cost-effective VPNs based on Layer 3 MPLS VPN technology. They also provide old-style Layer 2 VPN services augmented by a number of new Layer 2 VPN services like interworking between different Layer 2 technologies. All these services can be provided using a single MPLS backbone without the need for special equipment.
Layer 2 and Layer 3 VPNs (Cont.) Definition Layer 3 MPLS VPNs were the first addition to use a peer-to-peer VPN model where the customer routers are sharing their routing information with the provider edge routers. The provider edge routers use virtual routing contexts to prevent routing information from different VPNs to mix. The MPLS backbone carries packets of different VPNs across a shared infrastructure even if they use overlapping addressing. Layer 2 MPLS VPNs (AToM – Any Transport over MPLS) were introduced to offer services identical to those provided by traditional Layer 2 Overlay VPN technologies such as Frame Relay and ATM. New Layer 2 MPLS VPN services even offer interworking between different Layer 2 technologies, such as Frame Relay to ATM and many others that are not supported by traditional VPN technologies.
Layer 3 MPLS VPN Example The figure illustrates the basic characteristics of a Layer 3 MPLS VPN where any-to-any connectivity is provided to sites belonging to the same VPN. Layer 3 MPLS VPNs ensure optimal forwarding inside the MPLS backbone. Note: Traditional VPNs would require a full mesh of connections to provide a similar service. Multiprotocol BGP (MP BGP) is used inside the MPLS backbone to carry VPN (customer) routing information across the MPLS backbone.
Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
Layer 2 and Layer 3 VPN (Cont.) Facts MPLS allows the same MPLS backbone infrastructure to provide Layer 2 and Layer 3 MPLS VPNs. With MPLS, all traditional VPN technologies, such as Frame Relay, ATM, GRE and IPsec, can be implemented using the same network. With layer 2 MPLS VPN (AToM), the MPLS networks can translate one Layer 2 technology on one end into another on the other end of the connection: Ethernet to Frame Relay (Bridged Interworking) Ethernet to Frame Relay (Routed Interworking) Ethernet to ATM (Bridged Interworking) Ethernet to ATM (Routed Interworking) Frame Relay to ATM (FRF.8 like Service Interworking) Frame Relay to PPP Frame Relay to HDLC
Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.