MPLS Fundamentals and implementation

1. DIT
Dar es Salaam institute of Technology (DIT)
ETU 08102
Digital Networks
Ally, J
jumannea@gmail.com

2. DIT
Multi-Protocols Label Switching
(MPLS)

3. DIT
Traditional IP Forwarding
Traditional IP forwarding is based on the following:
Routing protocols are used to distribute Layer 3
routing information.
Forwarding is based on the destination address
only.
Routing lookups are performed on every hop.

4. DIT
Traditional IP Forwarding
 Destination-based routing lookup is needed on every
hop.
 Every router may need full Internet routing information
(more than 100,000 routes).
Update: 10.0.0.0/8
Update: 10.0.0.0/8 Update: 10.0.0.0/8
Update: 10.0.0.0/8
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.110.1.1.110.1.1.110.1.1.1
Routing
lookup
Routing
lookup
Routing
lookup

5. DIT
IP over ATM
 Layer 2 topology may be different from Layer 3 topology,
resulting in suboptimal paths and link utilization.
 Layer 2 devices have no knowledge of Layer 3 routing
information—virtual circuits must be manually established.
 Even if the two topologies overlap, the hub and spoke topology is
usually used because of easier management.
10.1.1.110.1.1.110.1.1.110.1.1.1
10.1.1.110.1.1.1
10.1.1.110.1.1.110.1.1.110.1.1.1
10.1.1.110.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.110.1.1.1

6. MPLS Origin
 To bring advantages of connection oriented protocols to
packet switched networks.
 Faster switching - Replace IP header with short and fixed-
length labels as forwarding basis.
 To substitute ATM & Frame Relay & provide Integrated
services with QoS without the overhead of call
segmentation.
 Technology combining the advantages of ATM and IP
DIT

7. DIT
Best of Both Worlds
PACKET
ROUTING
CIRCUIT
SWITCHING
MPLS + IP form a middle ground that combines the best
of IP and the best of circuit switching technologies.
MPLS
+IP
IP ATM
HYBRID

8. DIT
Needs for MPLS
Continuous increase of internet traffic
 Requirements for QoS guaranteed path for
mission critical communications
 Requirements for real time communications
(VoIP, Video, broadcasting ）
Carriers and ISPs look for the next
services
 SLA (Service Level agreement)
 Clear isolation between VPNs

9. DIT
MPLS(Multi Protocol Label Switching)
Simple IP Network
MPLS Network
 Additional Header realizes Label
Switched Path.
 Enable connection-oriented routing.
 Enable isolation between paths.
Incoming
packet
Forwarding by IP
address
Forwarding by IP
address
Forwarding by IP
address
Forwarding by label
that is generated from
IP address
Incoming
packet
Forwarding
by label
Remove label
Labeled path like
connection
label

10. DIT
Basic MPLS Concepts
 MPLS is a new forwarding mechanism in which
packets are forwarded based on labels.
 Labels may correspond to IP destination networks
(equal to traditional IP forwarding).
 Labels can also correspond to other parameters,
such as quality of service (QoS) or source address.
 MPLS was designed to support forwarding of other
protocols as well.

11. MPLS
 MPLS is the binding of the control plane at the
bottom of the network layer with the data forwarding
plane at the top of data link layer.
 MPLS is a hybrid of a traditional network layer-3
routing protocols and layer-2 switching technologies
 MPLS is not a new network layer protocol because it
does not have its own routing capabilities and
addressing schemes
 MPLS is designed to work over many of the data
layer technologies that provides requisite layer-2
addressing and functionality
 MPLS is a “Layer 2.5 Technology”
DIT

12. Benefits of MPLS
 The use of one unified network infrastructure
 Better IP over ATM integration
 Border Gateway Protocol (BGP) - free core
 The peer-to-peer model for MPLS VPN
 Optimal traffic flow
 Traffic engineering (TE)
DIT

13. MPLS Labels
 Are 4 byte identifiers used for forwarding
decisions
 Define the destination and services for a
packet
 Identify a forwarding equivalence class
(FEC)
 Have local significance
 Each LSR independently maps a label to an
FEC in a label binding.
 Label bindings are exchanged between
LSRs.

14. FEC and MPLS Forwarding
 An FEC is a group of packets forwarded:
 In the same manner
 Over the same path
 With the same forwarding treatment
 MPLS packet forwarding consists of:
 Assigning a packet to a specific FEC
 Determining the next hop of each FEC
 MPLS forwarding is connection-oriented.

15. MPLS Label Format
 MPLS uses a 32-bit label field that contains
the information that follows:
 20-bit label (a number)
 3-bit experimental field (typically used to carry
IP precedence value or QoS)
 1-bit bottom-of-stack indicator (indicates
whether this is the last label before the IP
header)
 8-bit TTL (equal to the TTL in the IP header)

16. MPLS Labels
 Label Spaces :Each label space consists of the assignable
labels from 0-1048575 (0-15 Reserved)
 Two basic notions of using label spaces
 Per-Platform Label Space
 Per-Interface Label Space
 Per-Platform Label Space
 There is one set of labels for the entire LSR
 All interfaces share this common label pool
 Per-Interface Label Space
 Each interface has its own label pool
 Used particularly with ATM-LSRs
 Decision to choose the label platform to be implemented on
a particular LSR is a function of how the interfaces are used
DIT

17. MPLS Labels
 MPLS technology is intended to be used
anywhere regardless of Layer 1 media and Layer
2 encapsulation.
 Frame-mode MPLS is MPLS over a frame-based
Layer 2 encapsulation
 The label is inserted between the Layer 2 and
Layer 3 headers.
 Cell-mode MPLS is MPLS over ATM.
 The fields in the ATM header are used as the
label.

18. MPLS Labels: Frame-Mode MPLS

19. MPLS Label Stack
 Usually only one label is assigned to a packet,
but multiple labels in a label stack are supported.
 These scenarios may produce more than one
label:
 MPLS VPNs (two labels): The top label points to
the egress router, and the second label identifies
the VPN.
 MPLS TE (two or more labels): The top label points
to the endpoint of the traffic engineering tunnel and
the second label points to the destination.
 MPLS VPNs combined with MPLS TE (three or
more labels).

20. Example: MPLS Label Stack
 The outer label is used for switching the packet in
the MPLS network (points to the TE destination).
 Inner labels are used to separate packets at egress
points (points to egress router and identifies VPN).

21. Example: MPLS Label Stack Format
 The PID in a Layer 2 header specifies that
the payload starts with a label (labels)
followed by an IP header.
 The bottom-of-stack bit indicates whether the
label is the last label in the stack.
 The receiving router uses the top label only.

22. DIT
MPLS Terminology
 Label Distribution Protocol (LDP): protocol which associates
a set of destinations with each LSP.
 Label Switched Path (LSP): Refer to the path through which
an FEC is transmitted in the MPLS network. Two options to set
up LSP are hop-by- hop routing and explicit routing.
 Forwarding Equivalence Class (FEC): Group of packets that
share the same requirement.
 Label Switching Router (LSR): High speed router that
operates in the core of MPLS network.
 Label Edge Router (LER): Operates at the end of the access
network and MPLS network.

23. MPLS Label Operations
 An LSR can perform these functions:
 Insert (impose or push) a label or a stack of
labels on ingress edge LSR
 Swap a label with a next-hop label or a stack
of labels in the core
 Remove (pop) a label on egress edge LSR
 Multiple Push – adding multiple labels up to 3
 Swap and Push – replace the existing top of
the label stack with a new label followed by
pushing another new label on top

24. DIT
Route at Edge, Switch in Core
IP ForwardingLABEL SWITCHINGIP Forwarding
IP IP #L1 IP #L2 IP #L3 IP

25. DIT
MPLS Example
 Only edge routers must perform a routing lookup.
 Core routers switch packets based on simple label
lookups and swap labels.
L=5
L=3
10.1.1.110.1.1.1
Routing lookup and
label assignment
10.0.0.0/8  L=5
Label
swapping
L=5  L=3
Label removal
and
routing lookup
L=3

26. DIT
MPLS Versus IP over ATM
 Layer 2 devices are IP-aware and run a routing protocol.
 There is no need to manually establish virtual circuits.
 MPLS provides a virtual full mesh topology.
10.1.1.110.1.1.1L=5L=5
L=3L=3
L=17L=1710.1.1.110.1.1.1
Layer 2 devices run a Layer
3 routing protocol and
establish virtual circuits
dynamically based on Layer
3 information

27. MPLS Label Operations: Frame Mode
• On ingress, a label is assigned and imposed.
• LSRs in the core swap labels based on the contents of the label
forwarding table.
• On egress, the label is removed and a routing lookup is used to
forward the packet.

28. DIT
MPLS: How Does It Works
UDP-Hello
UDP-Hello
TCP-open
TIME
TIME
Label request
IP
Label mapping
#L2
Initialization(s)

29. MPLS Applications
 MPLS is already used in many different
applications:
 Unicast IP routing
 Multicast IP routing
 MPLS TE (Traffic Engineering)
 QoS
 MPLS VPNs (Virtual Private Networks)
 Any Transport over MPLS (AToM)

30. DIT
MPLS Architecture
 MPLS has two major components:
 Control plane —exchanges Layer 3 routing information
and labels
 Data plane —forwards packets based on labels
 Control plane contains complex mechanisms to exchange
routing information, such as Open Shortest Path First
(OSPF), Enhanced Interior Gateway Routing Protocol
(EIGRP), Intermediate System-to-Intermediate System (IS-
IS), and BGP, and to exchange labels, such as Tag
Distribution Protocol (TDP), Label Distribution Protocol
(LDP), BGP, and Resource Reservation Protocol (RSVP).
 Data plane has a simple forwarding engine.
 Control plane maintains contents of the label-switching table
(label forwarding information base, or LFIB).

31. DIT
MPLS Architecture
 Router functionality is divided into two major parts:
control plane and data plane
Data PlaneData Plane
Control PlaneControl Plane
OSPF: 10.0.0.0/8OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8
Label 17
LDP: 10.0.0.0/8
Label 17
OSPF
LDP
LFIB
LDP: 10.0.0.0/8
Label 4
LDP: 10.0.0.0/8
Label 4
OSPF: 10.0.0.0/8OSPF: 10.0.0.0/8
417
Labeled packet
Label 4
Labeled packet
Label 4
Labeled packet
Label 17
Labeled packet
Label 17

32. DIT
MPLS DomainMPLS Domain
MPLS Forwarding ( Frame Mode)
 On ingress a label is assigned and imposed by the IP routing
process.
 LSRs in the core swap labels based on the contents of the
label forwarding table.
 On egress the label is removed and a routing lookup is used to
forward the packet.
10.1.1.1
IP Lookup
10.0.0.0/8  label
3
LFIB
label 8  label 3
IP Lookup
10.0.0.0/8  label
5
LFIB
label 3  label 5
IP Lookup
10.0.0.0/8  next
hop
LFIB
label 5  pop
10.1.1.13 10.1.1.15 10.1.1.1

33. DIT
MPLS DomainMPLS Domain
MPLS Forwarding (Cell-Mode)
 Labels (VPI/VCI) are imposed during the IP lookup process on ingress
ATM edge LSRs. Packets are segmented into cells.
 ATM LSRs in the core swap labels based on the contents of the ATM
switching table. ATM LSRs cannot forward IP packets.
 On egress ATM edge LSRs the labels are removed (cells are
reassembled into packets) and a routing lookup is used to forward
packets.
10.1.1.1
IP Lookup
10.0.0.0/8  label
1/3
LFIB
label 8  label 1/3
IP Lookup
10.0.0.0/8  Next
hop
LFIB
label 1/5  pop
10.1.1.1
IP Lookup
10.0.0.0/8  label 1/5
LFIB
label 1/3  label 1/5
1/3 1/3 1/3 1/3 1/5 1/5 1/5 1/5

34. DIT
Protocol operation of MPLS
 Representative 2 implementations
 LDP (Label Distribution Protocol)
 ordinary routing based IP
 RSVP-TE (Traffic Engineering)
 Enable explicit routing
 Expand RSVP (ReSource reserVation Protocol)
 Messages transferred according to IP routing
LSP: Label Switched Path
LSR-1 LSR-2 LSR-3 LSR-4
ingress Egress
Label Request
Label Request
Label Request
Label=40
Label Mapping
Label Mapping
Label Mapping Label=30
Label=50
Data
Transfer
IP 50 IP 30 IP 40
Path
set up
Request
responce
LSR: Label Switch Router

35. DIT
Forwarding Equivalence Classes
• FEC = “A subset of packets that are all treated the same way by a router”
• The concept of FECs provides for a great deal of flexibility and scalability
• In conventional routing, a packet is assigned to a FEC at each hop (i.e.,
L3 look-up), in MPLS it is only done once at the network ingress
Packets are destined for different address prefixes, but can be
mapped to common path
Packets are destined for different address prefixes, but can be
mapped to common path
IP1
IP2
IP1
IP2
LSRLSR
LER LER
LSP
IP1 #L1
IP2 #L1
IP1 #L2
IP2 #L2
IP1 #L3
IP2 #L3

36. DIT
MPLS Built on Standard IP
47.1
47.247.3
Dest Out
47.1 1
47.2 2
47.3 3
1
2
3
Dest Out
47.1 1
47.2 2
47.3 3
Dest Out
47.1 1
47.2 2
47.3 3
1
2
3
1
2
3
• Destination based forwarding tables as built by OSPF, IS-IS, RIP, etc.

37. DIT
Intf
In
Label
In
Dest Intf
Out
3 0.40 47.1 1
Intf
In
Label
In
Dest Intf
Out
Label
Out
3 0.50 47.1 1 0.40
MPLS Label Distribution
47.1
47.247.3
1
2
3
1
2
1
2
3
3
Intf
In
Dest Intf
Out
Label
Out
3 47.1 1 0.50 Mapping: 0.40
Request: 47.1
Mapping: 0.50
Request: 47.1

38. DIT
Label Switched Path (LSP)
Intf
In
Label
In
Dest Intf
Out
3 0.40 47.1 1
Intf
In
Label
In
Dest Intf
Out
Label
Out
3 0.50 47.1 1 0.40
47.1
47.247.3
1
2
3
1
2
1
2
3
3Intf
In
Dest Intf
Out
Label
Out
3 47.1 1 0.50
IP 47.1.1.1
IP 47.1.1.1

39. DIT
Intf
In
Label
In
Dest Intf
Out
3 0.40 47.1 1
Intf
In
Label
In
Dest Intf
Out
Label
Out
3 0.50 47.1 1 0.40
47.1
47.247.3
1
2
3
1
2
1
2
3
3
Intf
In
Dest Intf
Out
Label
Out
3 47.1.1 2 1.33
3 47.1 1 0.50
IP 47.1.1.1
IP 47.1.1.1
Explicitly Routed LSP (ER-LSP)

40. DIT
ER LSP - Advantages
 Operator has routing flexibility (policy-
based, QoS-based)
Can use routes other than shortest path
Can compute routes based on
constraints in exactly the same manner
as ATM based on distributed topology
database.
(Traffic Engineering)

41. DIT
IP and ATM Integration
IP over ATM VCsIP over ATM VCs
• ATM cloud invisible to Layer 3
Routing
• Full mesh of VCs within ATM cloud
• Many adjacencies between edge routers
• Topology change generates many route
updates
• Routing algorithm made more complex
• ATM network visible to Layer 3 Routing
• Singe adjacency possible with edge router
• Hierachical network design possible
• Reduces route update traffic and power
needed to process them
IP over MPLSIP over MPLS

42. DIT
Label Switch Router (LSR)
 Label switch router (LSR) primarily forwards labeled
packets (label swapping)
 Edge LSR primarily labels IP packets and forwards them
into MPLS domain, or removes labels and forwards IP
packets out of the MPLS domain
MPLS Domain
Edge
LSR
LSR
10.1.1.1 L=3
L=5
L=43
L=31
20.1.1.1
10.1.1.1
20.1.1.1

43. DIT
Architecture of LSRs
LSRs, regardless of the type, perform the following
three functions:
 Exchange routing information
 Exchange labels
 Forward packets (LSRs and edge LSRs) or cells (ATM
LSRs and ATM edge LSRs)
The first two functions are part of the control plane.
The last function is part of the data plane.

44. DIT
Architecture of LSRs
LSRs primarily forward labeled packets or cells
(ATM LSRs).
LSRLSR
Control Plane
Data Plane
Routing Protocol
Label Distribution Protocol
Label Forwarding Table
IP Routing Table
Exchange of
routing information
Exchange of
labels
Incoming
labeled packets Outgoing
labeled packets

45. DIT
Architecture of Edge LSRs
Note: ATM edge LSRs can only forward cells.
Edge LSREdge LSR
Control Plane
Data Plane
Routing Protocol
Label Distribution Protocol
Label Forwarding Table
IP Routing Table
Exchange of
routing information
Exchange of
labels
Incoming
labeled packets
Outgoing
labeled packets
IP Forwarding Table
Incoming
IP packets
Outgoing
IP packets

46. MPLS VPN Technology
DIT

47. Traditional Router-Based Networks
 Traditional router-based networks connect
customer sites through routers connected via
dedicated point-to-point links.

48. Virtual Private Networks
• VPNs replace dedicated point-to-point links with emulated
point-to-point links sharing common infrastructure.
• Customers use VPNs primarily to reduce their operational
costs.

49. VPN Terminology

50. VPN Terminology (Cont.)

51. VPN Implementation Models
 A VPN is an IP network infrastructure that
delivers private network services over a public
infrastructure.
 VPN services can be offered based on two
major models:
 Overlay VPNs, in which the service provider
provides virtual point-to-point links between
customer sites
 Peer-to-peer VPNs, in which the service
provider participates in the customer routing

52. Overlay VPNs:
Redundant Hub-and-Spoke Topology

53. Overlay VPNs: Layer 3 Routing
 The service provider infrastructure appears as
point-to-point links to customer routes.
 Routing protocols run directly between customer
routers.
 The service provider does not see customer
routes and is responsible only for providing point-
to-point transport of customer data.

54. Peer-to-Peer VPNs:
Implementation Techniques

55. Benefits of VPN Implementations
 Overlay VPN:
 Well-known and easy to implement
 Service provider does not participate in customer
routing
 Customer network and service provider network
are well-isolated
 Peer-to-peer VPN:
 Guarantees optimum routing between customer
sites
 Easier to provision an additional VPN
 Only sites provisioned, not links between them

56. Drawbacks of VPN Implementations
 Overlay VPN:
 Implementing optimum routing requires a full mesh of
virtual circuits.
 Virtual circuits have to be provisioned manually.
 Bandwidth must be provisioned on a site-to-site basis.
 Overlay VPNs always incur encapsulation overhead.
 Peer-to-peer VPN:
 The service provider participates in customer routing.
 The service provider becomes responsible for customer
convergence.
 PE routers carry all routes from all customers.
 The service provider needs detailed IP routing
knowledge.

57. VPN Business Category
 VPNs can be categorized based on the
business needs that they fulfill:
 Intranet VPNs connect sites within an
organization.
 Extranet VPNs connect different
organizations in a secure way.
 Access VPNs provides dialup access
into a customer network.

58. VPN Connectivity Category
 VPNs can also be categorized according to
the connectivity required between sites:
 Simple VPN: Every site can communicate with
every other site.
 Overlapping VPNs: Some sites participate in
more than one simple VPN.
 Central services VPN: All sites can
communicate with central servers but not with
each other.
 Managed network: A dedicated VPN is
established to manage CE routers.

59. Drawbacks of Traditional
Peer-to-Peer VPNs
 Shared PE router:
 All customers share the same
(provider-assigned or public) address space.
 High maintenance costs are associated with packet
filters.
 Performance is lower - each packet has to pass a
packet filter.
 Dedicated PE router:
 All customers share the same address space.
 Each customer requires a dedicated router at each
Point of Presence (POP).

60. MPLS VPN Architecture
 An MPLS VPN combines the best features
of an overlay VPN and a peer-to-peer
VPN:
 PE routers participate in customer routing,
guaranteeing optimum routing between sites
and easy provisioning.
 PE routers carry a separate set of routes for
each customer (similar to the dedicated PE
router approach).
 Customers can use overlapping addresses.

61. MPLS VPN Architecture:
Terminology
Note:
• PE Router = Edge LSR
• P Router = LSR

62. PE Router Architecture
• PE router in an MPLS VPN uses virtual routing tables to implement the
functionality of customer dedicated PE routers.

63. Propagation of Routing Information
Across the P-Network
Question: How will PE routers exchange customer routing information?
Option #1: Run a dedicated IGP for each customer across the P-
network.
This is the wrong answer for these reasons:
• The solution does not scale.
• P routers carry all customer routes.

64. Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will PE routers exchange customer routing information?
Option #2: Run a single routing protocol that will carry all customer
routes inside the provider backbone.
Better answer, but still not good enough:
• P routers carry all customer routes.

65. Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will PE routers exchange customer routing information?
Option #3: Run a single routing protocol that will carry all customer routes
between PE routers. Use MPLS labels to exchange
packets between PE routers.
The best answer:
• P routers do not carry customer routes; the solution is scalable.

66. Propagation of Routing Information
Across the P-Network (Cont.)
Question: Which protocol can be used to carry customer routes between
PE routers?
Answer: The number of customer routes can be very large. BGP is the only
routing protocol that can scale to a very large number of routes.
Conclusion:
BGP is used to exchange customer routes directly between PE routers.

67. Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will information about the overlapping
subnetworks of two customers be propagated via a
single routing protocol?
Answer: Extend the customer addresses to make them unique.

68. Route Distinguishers (RD)
 RD converts non-unique IP addresses into unique
VPN-IPv4 addresses.
 The resulting address is a VPNv4 address.
 VPNv4 addresses are exchanged between PE routers
via BGP.
 BGP that supports address families other than IPv4
addresses is called MP-BGP.
 A similar process is used in IPv6:
 64-bit route distinguisher is prepended to a 16-byte IPv6
address.
 The resulting 24-byte address is a unique VPNv6
address.
 RDs are assigned by Service Provider (SP)

69. Route Distinguishers (Cont.)

70. Route Distinguishers (Cont.)

71. RDs: Usage in an MPLS VPN
 The RD has no special meaning.
 The RD is used only to make potentially
overlapping IPv4 addresses globally
unique.
 The RD is used as a VPN identifier, but
this design could not support all topologies
required by the customers.

72. Requirements:
• All sites of one customer need to communicate.
• Central sites of both customers need to communicate with VoIP
gateways and other central sites.
• Other sites from different customers do not communicate with each other.
Is the RD Enough?
VoIP Service Sample

73. The Need for Route Targets (RTs
 Some sites have to participate in more
than one VPN.
 The RD cannot identify participation in
more than one VPN.
 RTs were introduced in the MPLS VPN
architecture to support complex VPN
topologies.
 A different method is needed in which a set
of identifiers can be attached to a route.

74. What are RTs?
 RTs are additional attributes attached to
VPNv4 BGP routes to indicate VPN
membership.
 Extended BGP communities are used to
encode these attributes.
 Extended communities carry the meaning of the
attribute together with its value.
 Any number of RTs can be attached to a
single route.

75. RTs: How Do They Work?
 Export RTs:
 Identifying VPN membership
 Appended to the customer route when it is
converted into a VPNv4 route
 Import RTs:
 Associated with each virtual routing table
 Select routes to be inserted into the virtual
routing table

76. VPNs Redefined
 With the introduction of complex VPN
topologies, VPNs have had to be redefined:
 A VPN is a collection of sites sharing common
routing information.
 A site can be part of different VPNs.
 A VPN can be seen as a community of interest
(closed user group).
 Complex VPN topologies are supported by
multiple virtual routing tables on the PE
routers.

77. Impact of Complex VPN Topologies
on Virtual Routing Tables
 A virtual routing table in a PE router can be
used only for sites with identical connectivity
requirements.
 Complex VPN topologies require more than
one virtual routing table per VPN.
 As each virtual routing table requires a
distinct RD value, the number of RDs in the
MPLS VPN network increases.

78. Impact of Complex VPN Topologies
on Virtual Routing Tables (Cont.)

79. MPLS VPN Routing Requirements
 CE routers have to run standard IP
routing software.
 PE routers have to support MPLS
VPN services and IP routing.
 P routers have no VPN routes.

80. MPLS VPN Routing:
CE Router Perspective
 The CE routers run standard IP routing software and
exchange routing updates with the PE router.
 EBGP, OSPF, RIPv2, EIGRP, and static routes are
supported.
 The PE router appears as another router in the C-network.

81. MPLS VPN Routing:
Overall Customer Perspective
 To the customer, the PE routers appear as core routers
connected via a BGP backbone.
 The usual BGP and IGP design rules apply.
 The P routers are hidden from the customer.

82. MPLS VPN Routing:
P Router Perspective
• P routers do not participate in MPLS VPN routing and do
not carry VPN routes.
• P routers run backbone IGP with the PE routers and
exchange information about global subnetworks (core links
and loopbacks).

83. MPLS VPN Routing:
PE Router Perspective
PE routers:
Exchange VPN routes with CE routers via per-VPN routing protocols.
Exchange core routes with P routers and PE routers via core IGP.
Exchange VPNv4 routes with other PE routers via MP-IBGP
sessions.

84. Support for Existing Internet
Routing
 PE routers can run standard IPv4 BGP in the global
routing table:
 PE routers exchange Internet routes with other PE routers.
 CE routers do not participate in Internet routing.
 P routers do not need to participate in Internet routing.

85. Routing Tables on PE Routers
 PE routers contain a number of routing tables:
 The global routing table contains core routes (filled with core
IGP) and Internet routes (filled with IPv4 BGP).
 The VRF tables contains routes for sites of identical routing
requirements from local (IPv4 VPN) and remote (VPNv4 via
MP-BGP) CE routers.

86. End-to-End Routing Update Flow
 PE routers receive IPv4 routing updates from CE routers and
install them in the appropriate VRF table.

87.  PE routers export VPN routes from VRF
tables into MP-BGP and propagate them
as VPNv4 routes to other PE routers.
End-to-End Routing Update Flow (Cont.)

88. End-to-End Routing Update Flow:
MP-BGP Update
 An MP-BGP update contains these elements:
 VPNv4 address
 Extended communities
(route targets, optionally SOO)
 Label used for VPN packet forwarding
 Any other BGP attribute (for example,
AS path, local preference, MED,
standard community)

89. • The receiving PE router imports the incoming VPNv4
routes into the appropriate VRF based on route targets
attached to the routes.
• The routes installed in the VRFs are propagated to the
CE routers.
End-to-End Routing Update
Flow (Cont.)

90. Route Distribution to CE Routers
 A route is installed in the site VRF if it
matches the import route target attribute.
 Route distribution to CE sites is driven by
the following:
 Route targets
 SOO attribute if defined

91. What Is Multi-VRF CE (VRF-Lite)?
 Multi-VRF CE (VRF-lite) is an application based
on VRF implementation.
 VRF-lite supports multiple overlapping and
independent VRFs on the CE router.
 The CE router separates traffic between client
networks using VRFs.
 There is no MPLS functionality on the CE router.
 No label exchange between the CE and PE router.
 No labeled packet flow between the CE and PE
router.
 Any routing protocol supported by normal VRF
can be used in a Multi-VRF CE implementation.

92. VPN Packet Forwarding Across an
MPLS VPN Backbone: Approach 1
Approach 1: The PE routers will label the VPN packets with an LDP label
for the egress PE router, and forward the labeled packets
across the MPLS backbone.
Results:
• The P routers perform the label switching, and the packet reaches the
egress PE router.
• Because the egress PE router does not know which VRF to use for
packet switching, the packet is dropped.

93. VPN Packet Forwarding Across an
MPLS VPN Backbone: Approach 2
Result:
• The P routers perform label switching using the top label, and the packet
reaches the egress PE router. The top label is removed.
• The egress PE router performs a lookup on the VPN label and forwards the
packet toward the CE router.
Approach 2: The PE routers will label the VPN packets with a label stack,
using the LDP label for the egress PE router as the top label, and
the VPN label assigned by the egress PE router as the second
label in the stack.

94. VPN PHP
• Penultimate hop popping (PHP) on the LDP label can
be performed on the last P router.
• The egress PE router performs label lookup only on the
VPN label, resulting in faster and simpler label lookup.
• IP lookup is performed only once—in the ingress PE
router.

95. VPN Label Propagation
Question: How will the ingress PE router get the second label
in the label stack from the egress PE router?
Answer: Labels are propagated in MP-BGP VPNv4 routing
updates.

96. p 1: A VPN label is assigned to every VPN route by the egress
PE router.
VPN Label Propagation (Cont.)
Step 2: The VPN label is advertised to all other PE routers in an
MP-BGP update.
p 3: A label stack is built in the VRF table.

97. MPLS VPNs and Packet Forwarding:
Summarization in the Core

98. MPLS-VPN Terminology and Definitions
 Provider Network (P-Network):The backbone under control
of a service provider
 Customer Network (C-Network):Network under customer
control
 CE-router: Part of the customer network and interfaces to a
PE router
 Site: Set of (sub)networks part of the customer network
and co-located.
 PE-router: Part of the provider network and interfaces to
CE routers
 P-router: Provider (core) router, without knowledge of VPN
 Border router: Provider edge router interfacing to other
provider networks
DIT

99. MPLS-VPN Terminology and Definitions
 VRF: VPN routing and forwarding instance
 Extended Community: BGP attribute used to identify a
route-origin, route-target
 Site of Origin Identifier (SOO): 64 bits identifying the site
where the route originated
 route target: 64 bits identifying the VRFs that should
receive the route
 Route Distinguisher: Attributes of each route used to
uniquely identify prefixes among VPNs (64 bits).
 VPN-IPv4 addresses: Normal IP address including the
64-bit route distinguisher and the 32-bit IP address
 VPN-Aware network: A provider backbone where MPLS
PN is deployed
DIT

100. MPLS Traffic Engineering (TE)
Overview
DIT

101. What Is Traffic Engineering?
 TE is a process of measures, models, and
controls of traffic to achieve various goals.
 TE for data networks provides an integrated
approach to managing traffic at Layer 3.
 Traffic engineering is manipulating your
traffic to fit your network.
 Network engineering is building your
network to carry your predicted traffic.
 TE is commonly used in voice telephony
networks.

102. Traffic Engineering Motivations
 Reduce the overall cost of operations by
more efficient use of bandwidth resources
 Prevent a situation where some parts of a
network are overutilized (congested), while
other parts remain underutilized
 Implement traffic protection against failures
 Enhance SLA in combination with QoS

103. Business Drivers for Traffic Engineering
 Routers forward traffic along the least-cost route
discovered by routing protocols.
 Network bandwidth may not be efficiently utilized:
 The least-cost route may not be the only possible route.
 The least-cost route may not have enough resources to carry
all the traffic.
 Alternate paths may be underutilized.
 Lack of resources results in congestion in two ways:
 When network resources themselves are insufficient to
accommodate offered load
 When traffic streams are inefficiently mapped onto available
resources
 Some resources are overutilized while others remain
underutilized.

104. Congestion Avoidance and Traffic
Engineering
 Network congestion can be addressed by
either:
 Expansion of capacity or classical congestion
control techniques (queuing, rate limiting, and
so on)
 Traffic engineering, if the problems result from
inefficient resource allocation
 The focus of TE is not on congestion
created as a result of a short-term burst, but
on congestion problems that are prolonged.

105. Traffic Engineering with a Layer 2
Overlay Model
 The use of the explicit Layer 2 transit layer allows very
exact control of how traffic uses the available bandwidth.
 PVCs or SVCs carry traffic across Layer 2.
 Layer 3 at the edge sees a complete mesh.

106. Traffic Engineering with a Layer 2
Overlay Model: Example

107. Traffic Engineering with a Layer 2
Overlay Model (Cont.)
 Drawbacks of the Layer 2 overlay solution
 Extra network devices
 More complex network management:
 Two-level network without integrated network
management
 Additional training, technical support, field
engineering
 IGP routing scalability issue for meshes
 Additional bandwidth overhead (“cell tax”)
 No differential service (class of service)

108. Layer 3 Model with No Traffic
Engineering

109. Traffic Engineering with the MPLS TE
Model
 Tunnel is assigned labels that represent the path (LSP)
through the system.
 Forwarding within the MPLS network is based on labels
(no Layer 3 lookup).

110. Traffic Engineering with the MPLS
TE Model (Cont.)
 The MPLS TE LSPs are created by
RSVP.
 The actual path can be specified:
 Explicitly defined by the system
administrator
 Dynamically defined using the
underlying IGP protocol

111. DIT
MPLS TE
 MPLS traffic engineering requires OSPF or
IS­IS with extensions for MPLS TE as the
IGP.
 OSPF and IS-IS with extensions hold the
entire topology in their databases.
 OSPF and IS-IS should also have some
additional information about network
resources and constraints.
 RSVP is used to establish traffic engineering
tunnels (TE tunnels) and propagate labels.

112. Summary
 Traffic engineering measures, models, and
controls traffic to achieve various goals.
 TE is driven by inefficient bandwidth utilization.
 TE focuses on prolonged congestion problems.
 With the TE Layer 2 overlay model, routers are not
aware of the physical structure and bandwidth
available on links.
 With the TE Layer 3 model, the destination-based
forwarding paradigm cannot handle the problem of
overutilization of one path while an alternate path is
underutilized.
 TE with the MPLS TE model means that the routers
use the MPLS label-switching paradigm.