3. DIT
Traditional IP Forwarding
Traditional IP forwarding is based on the following:
Routing protocols are used to distribute Layer 3
routing information.
Forwarding is based on the destination address
only.
Routing lookups are performed on every hop.
4. DIT
Traditional IP Forwarding
Destination-based routing lookup is needed on every
hop.
Every router may need full Internet routing information
(more than 100,000 routes).
Update: 10.0.0.0/8
Update: 10.0.0.0/8 Update: 10.0.0.0/8
Update: 10.0.0.0/8
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.110.1.1.110.1.1.110.1.1.1
Routing
lookup
Routing
lookup
Routing
lookup
5. DIT
IP over ATM
Layer 2 topology may be different from Layer 3 topology,
resulting in suboptimal paths and link utilization.
Layer 2 devices have no knowledge of Layer 3 routing
information—virtual circuits must be manually established.
Even if the two topologies overlap, the hub and spoke topology is
usually used because of easier management.
10.1.1.110.1.1.110.1.1.110.1.1.1
10.1.1.110.1.1.1
10.1.1.110.1.1.110.1.1.110.1.1.1
10.1.1.110.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.1
10.1.1.110.1.1.1
6. MPLS Origin
To bring advantages of connection oriented protocols to
packet switched networks.
Faster switching - Replace IP header with short and fixed-
length labels as forwarding basis.
To substitute ATM & Frame Relay & provide Integrated
services with QoS without the overhead of call
segmentation.
Technology combining the advantages of ATM and IP
DIT
7. DIT
Best of Both Worlds
PACKET
ROUTING
CIRCUIT
SWITCHING
MPLS + IP form a middle ground that combines the best
of IP and the best of circuit switching technologies.
MPLS
+IP
IP ATM
HYBRID
8. DIT
Needs for MPLS
Continuous increase of internet traffic
Requirements for QoS guaranteed path for
mission critical communications
Requirements for real time communications
(VoIP, Video, broadcasting )
Carriers and ISPs look for the next
services
SLA (Service Level agreement)
Clear isolation between VPNs
9. DIT
MPLS(Multi Protocol Label Switching)
Simple IP Network
MPLS Network
Additional Header realizes Label
Switched Path.
Enable connection-oriented routing.
Enable isolation between paths.
Incoming
packet
Forwarding by IP
address
Forwarding by IP
address
Forwarding by IP
address
Forwarding by label
that is generated from
IP address
Incoming
packet
Forwarding
by label
Remove label
Labeled path like
connection
label
10. DIT
Basic MPLS Concepts
MPLS is a new forwarding mechanism in which
packets are forwarded based on labels.
Labels may correspond to IP destination networks
(equal to traditional IP forwarding).
Labels can also correspond to other parameters,
such as quality of service (QoS) or source address.
MPLS was designed to support forwarding of other
protocols as well.
11. MPLS
MPLS is the binding of the control plane at the
bottom of the network layer with the data forwarding
plane at the top of data link layer.
MPLS is a hybrid of a traditional network layer-3
routing protocols and layer-2 switching technologies
MPLS is not a new network layer protocol because it
does not have its own routing capabilities and
addressing schemes
MPLS is designed to work over many of the data
layer technologies that provides requisite layer-2
addressing and functionality
MPLS is a “Layer 2.5 Technology”
DIT
12. Benefits of MPLS
The use of one unified network infrastructure
Better IP over ATM integration
Border Gateway Protocol (BGP) - free core
The peer-to-peer model for MPLS VPN
Optimal traffic flow
Traffic engineering (TE)
DIT
13. MPLS Labels
Are 4 byte identifiers used for forwarding
decisions
Define the destination and services for a
packet
Identify a forwarding equivalence class
(FEC)
Have local significance
Each LSR independently maps a label to an
FEC in a label binding.
Label bindings are exchanged between
LSRs.
14. FEC and MPLS Forwarding
An FEC is a group of packets forwarded:
In the same manner
Over the same path
With the same forwarding treatment
MPLS packet forwarding consists of:
Assigning a packet to a specific FEC
Determining the next hop of each FEC
MPLS forwarding is connection-oriented.
15. MPLS Label Format
MPLS uses a 32-bit label field that contains
the information that follows:
20-bit label (a number)
3-bit experimental field (typically used to carry
IP precedence value or QoS)
1-bit bottom-of-stack indicator (indicates
whether this is the last label before the IP
header)
8-bit TTL (equal to the TTL in the IP header)
16. MPLS Labels
Label Spaces :Each label space consists of the assignable
labels from 0-1048575 (0-15 Reserved)
Two basic notions of using label spaces
Per-Platform Label Space
Per-Interface Label Space
Per-Platform Label Space
There is one set of labels for the entire LSR
All interfaces share this common label pool
Per-Interface Label Space
Each interface has its own label pool
Used particularly with ATM-LSRs
Decision to choose the label platform to be implemented on
a particular LSR is a function of how the interfaces are used
DIT
17. MPLS Labels
MPLS technology is intended to be used
anywhere regardless of Layer 1 media and Layer
2 encapsulation.
Frame-mode MPLS is MPLS over a frame-based
Layer 2 encapsulation
The label is inserted between the Layer 2 and
Layer 3 headers.
Cell-mode MPLS is MPLS over ATM.
The fields in the ATM header are used as the
label.
19. MPLS Label Stack
Usually only one label is assigned to a packet,
but multiple labels in a label stack are supported.
These scenarios may produce more than one
label:
MPLS VPNs (two labels): The top label points to
the egress router, and the second label identifies
the VPN.
MPLS TE (two or more labels): The top label points
to the endpoint of the traffic engineering tunnel and
the second label points to the destination.
MPLS VPNs combined with MPLS TE (three or
more labels).
20. Example: MPLS Label Stack
The outer label is used for switching the packet in
the MPLS network (points to the TE destination).
Inner labels are used to separate packets at egress
points (points to egress router and identifies VPN).
21. Example: MPLS Label Stack Format
The PID in a Layer 2 header specifies that
the payload starts with a label (labels)
followed by an IP header.
The bottom-of-stack bit indicates whether the
label is the last label in the stack.
The receiving router uses the top label only.
22. DIT
MPLS Terminology
Label Distribution Protocol (LDP): protocol which associates
a set of destinations with each LSP.
Label Switched Path (LSP): Refer to the path through which
an FEC is transmitted in the MPLS network. Two options to set
up LSP are hop-by- hop routing and explicit routing.
Forwarding Equivalence Class (FEC): Group of packets that
share the same requirement.
Label Switching Router (LSR): High speed router that
operates in the core of MPLS network.
Label Edge Router (LER): Operates at the end of the access
network and MPLS network.
23. MPLS Label Operations
An LSR can perform these functions:
Insert (impose or push) a label or a stack of
labels on ingress edge LSR
Swap a label with a next-hop label or a stack
of labels in the core
Remove (pop) a label on egress edge LSR
Multiple Push – adding multiple labels up to 3
Swap and Push – replace the existing top of
the label stack with a new label followed by
pushing another new label on top
24. DIT
Route at Edge, Switch in Core
IP ForwardingLABEL SWITCHINGIP Forwarding
IP IP #L1 IP #L2 IP #L3 IP
25. DIT
MPLS Example
Only edge routers must perform a routing lookup.
Core routers switch packets based on simple label
lookups and swap labels.
L=5
L=3
10.1.1.110.1.1.1
Routing lookup and
label assignment
10.0.0.0/8 L=5
Label
swapping
L=5 L=3
Label removal
and
routing lookup
L=3
26. DIT
MPLS Versus IP over ATM
Layer 2 devices are IP-aware and run a routing protocol.
There is no need to manually establish virtual circuits.
MPLS provides a virtual full mesh topology.
10.1.1.110.1.1.1L=5L=5
L=3L=3
L=17L=1710.1.1.110.1.1.1
Layer 2 devices run a Layer
3 routing protocol and
establish virtual circuits
dynamically based on Layer
3 information
27. MPLS Label Operations: Frame Mode
• On ingress, a label is assigned and imposed.
• LSRs in the core swap labels based on the contents of the label
forwarding table.
• On egress, the label is removed and a routing lookup is used to
forward the packet.
28. DIT
MPLS: How Does It Works
UDP-Hello
UDP-Hello
TCP-open
TIME
TIME
Label request
IP
Label mapping
#L2
Initialization(s)
29. MPLS Applications
MPLS is already used in many different
applications:
Unicast IP routing
Multicast IP routing
MPLS TE (Traffic Engineering)
QoS
MPLS VPNs (Virtual Private Networks)
Any Transport over MPLS (AToM)
30. DIT
MPLS Architecture
MPLS has two major components:
Control plane —exchanges Layer 3 routing information
and labels
Data plane —forwards packets based on labels
Control plane contains complex mechanisms to exchange
routing information, such as Open Shortest Path First
(OSPF), Enhanced Interior Gateway Routing Protocol
(EIGRP), Intermediate System-to-Intermediate System (IS-
IS), and BGP, and to exchange labels, such as Tag
Distribution Protocol (TDP), Label Distribution Protocol
(LDP), BGP, and Resource Reservation Protocol (RSVP).
Data plane has a simple forwarding engine.
Control plane maintains contents of the label-switching table
(label forwarding information base, or LFIB).
31. DIT
MPLS Architecture
Router functionality is divided into two major parts:
control plane and data plane
Data PlaneData Plane
Control PlaneControl Plane
OSPF: 10.0.0.0/8OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8
Label 17
LDP: 10.0.0.0/8
Label 17
OSPF
LDP
LFIB
LDP: 10.0.0.0/8
Label 4
LDP: 10.0.0.0/8
Label 4
OSPF: 10.0.0.0/8OSPF: 10.0.0.0/8
417
Labeled packet
Label 4
Labeled packet
Label 4
Labeled packet
Label 17
Labeled packet
Label 17
32. DIT
MPLS DomainMPLS Domain
MPLS Forwarding ( Frame Mode)
On ingress a label is assigned and imposed by the IP routing
process.
LSRs in the core swap labels based on the contents of the
label forwarding table.
On egress the label is removed and a routing lookup is used to
forward the packet.
10.1.1.1
IP Lookup
10.0.0.0/8 label
3
LFIB
label 8 label 3
IP Lookup
10.0.0.0/8 label
5
LFIB
label 3 label 5
IP Lookup
10.0.0.0/8 next
hop
LFIB
label 5 pop
10.1.1.13 10.1.1.15 10.1.1.1
33. DIT
MPLS DomainMPLS Domain
MPLS Forwarding (Cell-Mode)
Labels (VPI/VCI) are imposed during the IP lookup process on ingress
ATM edge LSRs. Packets are segmented into cells.
ATM LSRs in the core swap labels based on the contents of the ATM
switching table. ATM LSRs cannot forward IP packets.
On egress ATM edge LSRs the labels are removed (cells are
reassembled into packets) and a routing lookup is used to forward
packets.
10.1.1.1
IP Lookup
10.0.0.0/8 label
1/3
LFIB
label 8 label 1/3
IP Lookup
10.0.0.0/8 Next
hop
LFIB
label 1/5 pop
10.1.1.1
IP Lookup
10.0.0.0/8 label 1/5
LFIB
label 1/3 label 1/5
1/3 1/3 1/3 1/3 1/5 1/5 1/5 1/5
34. DIT
Protocol operation of MPLS
Representative 2 implementations
LDP (Label Distribution Protocol)
ordinary routing based IP
RSVP-TE (Traffic Engineering)
Enable explicit routing
Expand RSVP (ReSource reserVation Protocol)
Messages transferred according to IP routing
LSP: Label Switched Path
LSR-1 LSR-2 LSR-3 LSR-4
ingress Egress
Label Request
Label Request
Label Request
Label=40
Label Mapping
Label Mapping
Label Mapping Label=30
Label=50
Data
Transfer
IP 50 IP 30 IP 40
Path
set up
Request
responce
LSR: Label Switch Router
35. DIT
Forwarding Equivalence Classes
• FEC = “A subset of packets that are all treated the same way by a router”
• The concept of FECs provides for a great deal of flexibility and scalability
• In conventional routing, a packet is assigned to a FEC at each hop (i.e.,
L3 look-up), in MPLS it is only done once at the network ingress
Packets are destined for different address prefixes, but can be
mapped to common path
Packets are destined for different address prefixes, but can be
mapped to common path
IP1
IP2
IP1
IP2
LSRLSR
LER LER
LSP
IP1 #L1
IP2 #L1
IP1 #L2
IP2 #L2
IP1 #L3
IP2 #L3
36. DIT
MPLS Built on Standard IP
47.1
47.247.3
Dest Out
47.1 1
47.2 2
47.3 3
1
2
3
Dest Out
47.1 1
47.2 2
47.3 3
Dest Out
47.1 1
47.2 2
47.3 3
1
2
3
1
2
3
• Destination based forwarding tables as built by OSPF, IS-IS, RIP, etc.
37. DIT
Intf
In
Label
In
Dest Intf
Out
3 0.40 47.1 1
Intf
In
Label
In
Dest Intf
Out
Label
Out
3 0.50 47.1 1 0.40
MPLS Label Distribution
47.1
47.247.3
1
2
3
1
2
1
2
3
3
Intf
In
Dest Intf
Out
Label
Out
3 47.1 1 0.50 Mapping: 0.40
Request: 47.1
Mapping: 0.50
Request: 47.1
38. DIT
Label Switched Path (LSP)
Intf
In
Label
In
Dest Intf
Out
3 0.40 47.1 1
Intf
In
Label
In
Dest Intf
Out
Label
Out
3 0.50 47.1 1 0.40
47.1
47.247.3
1
2
3
1
2
1
2
3
3Intf
In
Dest Intf
Out
Label
Out
3 47.1 1 0.50
IP 47.1.1.1
IP 47.1.1.1
39. DIT
Intf
In
Label
In
Dest Intf
Out
3 0.40 47.1 1
Intf
In
Label
In
Dest Intf
Out
Label
Out
3 0.50 47.1 1 0.40
47.1
47.247.3
1
2
3
1
2
1
2
3
3
Intf
In
Dest Intf
Out
Label
Out
3 47.1.1 2 1.33
3 47.1 1 0.50
IP 47.1.1.1
IP 47.1.1.1
Explicitly Routed LSP (ER-LSP)
40. DIT
ER LSP - Advantages
Operator has routing flexibility (policy-
based, QoS-based)
Can use routes other than shortest path
Can compute routes based on
constraints in exactly the same manner
as ATM based on distributed topology
database.
(Traffic Engineering)
41. DIT
IP and ATM Integration
IP over ATM VCsIP over ATM VCs
• ATM cloud invisible to Layer 3
Routing
• Full mesh of VCs within ATM cloud
• Many adjacencies between edge routers
• Topology change generates many route
updates
• Routing algorithm made more complex
• ATM network visible to Layer 3 Routing
• Singe adjacency possible with edge router
• Hierachical network design possible
• Reduces route update traffic and power
needed to process them
IP over MPLSIP over MPLS
42. DIT
Label Switch Router (LSR)
Label switch router (LSR) primarily forwards labeled
packets (label swapping)
Edge LSR primarily labels IP packets and forwards them
into MPLS domain, or removes labels and forwards IP
packets out of the MPLS domain
MPLS Domain
Edge
LSR
LSR
10.1.1.1 L=3
L=5
L=43
L=31
20.1.1.1
10.1.1.1
20.1.1.1
43. DIT
Architecture of LSRs
LSRs, regardless of the type, perform the following
three functions:
Exchange routing information
Exchange labels
Forward packets (LSRs and edge LSRs) or cells (ATM
LSRs and ATM edge LSRs)
The first two functions are part of the control plane.
The last function is part of the data plane.
44. DIT
Architecture of LSRs
LSRs primarily forward labeled packets or cells
(ATM LSRs).
LSRLSR
Control Plane
Data Plane
Routing Protocol
Label Distribution Protocol
Label Forwarding Table
IP Routing Table
Exchange of
routing information
Exchange of
labels
Incoming
labeled packets Outgoing
labeled packets
45. DIT
Architecture of Edge LSRs
Note: ATM edge LSRs can only forward cells.
Edge LSREdge LSR
Control Plane
Data Plane
Routing Protocol
Label Distribution Protocol
Label Forwarding Table
IP Routing Table
Exchange of
routing information
Exchange of
labels
Incoming
labeled packets
Outgoing
labeled packets
IP Forwarding Table
Incoming
IP packets
Outgoing
IP packets
47. Traditional Router-Based Networks
Traditional router-based networks connect
customer sites through routers connected via
dedicated point-to-point links.
48. Virtual Private Networks
• VPNs replace dedicated point-to-point links with emulated
point-to-point links sharing common infrastructure.
• Customers use VPNs primarily to reduce their operational
costs.
51. VPN Implementation Models
A VPN is an IP network infrastructure that
delivers private network services over a public
infrastructure.
VPN services can be offered based on two
major models:
Overlay VPNs, in which the service provider
provides virtual point-to-point links between
customer sites
Peer-to-peer VPNs, in which the service
provider participates in the customer routing
53. Overlay VPNs: Layer 3 Routing
The service provider infrastructure appears as
point-to-point links to customer routes.
Routing protocols run directly between customer
routers.
The service provider does not see customer
routes and is responsible only for providing point-
to-point transport of customer data.
55. Benefits of VPN Implementations
Overlay VPN:
Well-known and easy to implement
Service provider does not participate in customer
routing
Customer network and service provider network
are well-isolated
Peer-to-peer VPN:
Guarantees optimum routing between customer
sites
Easier to provision an additional VPN
Only sites provisioned, not links between them
56. Drawbacks of VPN Implementations
Overlay VPN:
Implementing optimum routing requires a full mesh of
virtual circuits.
Virtual circuits have to be provisioned manually.
Bandwidth must be provisioned on a site-to-site basis.
Overlay VPNs always incur encapsulation overhead.
Peer-to-peer VPN:
The service provider participates in customer routing.
The service provider becomes responsible for customer
convergence.
PE routers carry all routes from all customers.
The service provider needs detailed IP routing
knowledge.
57. VPN Business Category
VPNs can be categorized based on the
business needs that they fulfill:
Intranet VPNs connect sites within an
organization.
Extranet VPNs connect different
organizations in a secure way.
Access VPNs provides dialup access
into a customer network.
58. VPN Connectivity Category
VPNs can also be categorized according to
the connectivity required between sites:
Simple VPN: Every site can communicate with
every other site.
Overlapping VPNs: Some sites participate in
more than one simple VPN.
Central services VPN: All sites can
communicate with central servers but not with
each other.
Managed network: A dedicated VPN is
established to manage CE routers.
59. Drawbacks of Traditional
Peer-to-Peer VPNs
Shared PE router:
All customers share the same
(provider-assigned or public) address space.
High maintenance costs are associated with packet
filters.
Performance is lower - each packet has to pass a
packet filter.
Dedicated PE router:
All customers share the same address space.
Each customer requires a dedicated router at each
Point of Presence (POP).
60. MPLS VPN Architecture
An MPLS VPN combines the best features
of an overlay VPN and a peer-to-peer
VPN:
PE routers participate in customer routing,
guaranteeing optimum routing between sites
and easy provisioning.
PE routers carry a separate set of routes for
each customer (similar to the dedicated PE
router approach).
Customers can use overlapping addresses.
62. PE Router Architecture
• PE router in an MPLS VPN uses virtual routing tables to implement the
functionality of customer dedicated PE routers.
63. Propagation of Routing Information
Across the P-Network
Question: How will PE routers exchange customer routing information?
Option #1: Run a dedicated IGP for each customer across the P-
network.
This is the wrong answer for these reasons:
• The solution does not scale.
• P routers carry all customer routes.
64. Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will PE routers exchange customer routing information?
Option #2: Run a single routing protocol that will carry all customer
routes inside the provider backbone.
Better answer, but still not good enough:
• P routers carry all customer routes.
65. Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will PE routers exchange customer routing information?
Option #3: Run a single routing protocol that will carry all customer routes
between PE routers. Use MPLS labels to exchange
packets between PE routers.
The best answer:
• P routers do not carry customer routes; the solution is scalable.
66. Propagation of Routing Information
Across the P-Network (Cont.)
Question: Which protocol can be used to carry customer routes between
PE routers?
Answer: The number of customer routes can be very large. BGP is the only
routing protocol that can scale to a very large number of routes.
Conclusion:
BGP is used to exchange customer routes directly between PE routers.
67. Propagation of Routing Information
Across the P-Network (Cont.)
Question: How will information about the overlapping
subnetworks of two customers be propagated via a
single routing protocol?
Answer: Extend the customer addresses to make them unique.
68. Route Distinguishers (RD)
RD converts non-unique IP addresses into unique
VPN-IPv4 addresses.
The resulting address is a VPNv4 address.
VPNv4 addresses are exchanged between PE routers
via BGP.
BGP that supports address families other than IPv4
addresses is called MP-BGP.
A similar process is used in IPv6:
64-bit route distinguisher is prepended to a 16-byte IPv6
address.
The resulting 24-byte address is a unique VPNv6
address.
RDs are assigned by Service Provider (SP)
71. RDs: Usage in an MPLS VPN
The RD has no special meaning.
The RD is used only to make potentially
overlapping IPv4 addresses globally
unique.
The RD is used as a VPN identifier, but
this design could not support all topologies
required by the customers.
72. Requirements:
• All sites of one customer need to communicate.
• Central sites of both customers need to communicate with VoIP
gateways and other central sites.
• Other sites from different customers do not communicate with each other.
Is the RD Enough?
VoIP Service Sample
73. The Need for Route Targets (RTs
Some sites have to participate in more
than one VPN.
The RD cannot identify participation in
more than one VPN.
RTs were introduced in the MPLS VPN
architecture to support complex VPN
topologies.
A different method is needed in which a set
of identifiers can be attached to a route.
74. What are RTs?
RTs are additional attributes attached to
VPNv4 BGP routes to indicate VPN
membership.
Extended BGP communities are used to
encode these attributes.
Extended communities carry the meaning of the
attribute together with its value.
Any number of RTs can be attached to a
single route.
75. RTs: How Do They Work?
Export RTs:
Identifying VPN membership
Appended to the customer route when it is
converted into a VPNv4 route
Import RTs:
Associated with each virtual routing table
Select routes to be inserted into the virtual
routing table
76. VPNs Redefined
With the introduction of complex VPN
topologies, VPNs have had to be redefined:
A VPN is a collection of sites sharing common
routing information.
A site can be part of different VPNs.
A VPN can be seen as a community of interest
(closed user group).
Complex VPN topologies are supported by
multiple virtual routing tables on the PE
routers.
77. Impact of Complex VPN Topologies
on Virtual Routing Tables
A virtual routing table in a PE router can be
used only for sites with identical connectivity
requirements.
Complex VPN topologies require more than
one virtual routing table per VPN.
As each virtual routing table requires a
distinct RD value, the number of RDs in the
MPLS VPN network increases.
79. MPLS VPN Routing Requirements
CE routers have to run standard IP
routing software.
PE routers have to support MPLS
VPN services and IP routing.
P routers have no VPN routes.
80. MPLS VPN Routing:
CE Router Perspective
The CE routers run standard IP routing software and
exchange routing updates with the PE router.
EBGP, OSPF, RIPv2, EIGRP, and static routes are
supported.
The PE router appears as another router in the C-network.
81. MPLS VPN Routing:
Overall Customer Perspective
To the customer, the PE routers appear as core routers
connected via a BGP backbone.
The usual BGP and IGP design rules apply.
The P routers are hidden from the customer.
82. MPLS VPN Routing:
P Router Perspective
• P routers do not participate in MPLS VPN routing and do
not carry VPN routes.
• P routers run backbone IGP with the PE routers and
exchange information about global subnetworks (core links
and loopbacks).
83. MPLS VPN Routing:
PE Router Perspective
PE routers:
Exchange VPN routes with CE routers via per-VPN routing protocols.
Exchange core routes with P routers and PE routers via core IGP.
Exchange VPNv4 routes with other PE routers via MP-IBGP
sessions.
84. Support for Existing Internet
Routing
PE routers can run standard IPv4 BGP in the global
routing table:
PE routers exchange Internet routes with other PE routers.
CE routers do not participate in Internet routing.
P routers do not need to participate in Internet routing.
85. Routing Tables on PE Routers
PE routers contain a number of routing tables:
The global routing table contains core routes (filled with core
IGP) and Internet routes (filled with IPv4 BGP).
The VRF tables contains routes for sites of identical routing
requirements from local (IPv4 VPN) and remote (VPNv4 via
MP-BGP) CE routers.
86. End-to-End Routing Update Flow
PE routers receive IPv4 routing updates from CE routers and
install them in the appropriate VRF table.
87. PE routers export VPN routes from VRF
tables into MP-BGP and propagate them
as VPNv4 routes to other PE routers.
End-to-End Routing Update Flow (Cont.)
88. End-to-End Routing Update Flow:
MP-BGP Update
An MP-BGP update contains these elements:
VPNv4 address
Extended communities
(route targets, optionally SOO)
Label used for VPN packet forwarding
Any other BGP attribute (for example,
AS path, local preference, MED,
standard community)
89. • The receiving PE router imports the incoming VPNv4
routes into the appropriate VRF based on route targets
attached to the routes.
• The routes installed in the VRFs are propagated to the
CE routers.
End-to-End Routing Update
Flow (Cont.)
90. Route Distribution to CE Routers
A route is installed in the site VRF if it
matches the import route target attribute.
Route distribution to CE sites is driven by
the following:
Route targets
SOO attribute if defined
91. What Is Multi-VRF CE (VRF-Lite)?
Multi-VRF CE (VRF-lite) is an application based
on VRF implementation.
VRF-lite supports multiple overlapping and
independent VRFs on the CE router.
The CE router separates traffic between client
networks using VRFs.
There is no MPLS functionality on the CE router.
No label exchange between the CE and PE router.
No labeled packet flow between the CE and PE
router.
Any routing protocol supported by normal VRF
can be used in a Multi-VRF CE implementation.
92. VPN Packet Forwarding Across an
MPLS VPN Backbone: Approach 1
Approach 1: The PE routers will label the VPN packets with an LDP label
for the egress PE router, and forward the labeled packets
across the MPLS backbone.
Results:
• The P routers perform the label switching, and the packet reaches the
egress PE router.
• Because the egress PE router does not know which VRF to use for
packet switching, the packet is dropped.
93. VPN Packet Forwarding Across an
MPLS VPN Backbone: Approach 2
Result:
• The P routers perform label switching using the top label, and the packet
reaches the egress PE router. The top label is removed.
• The egress PE router performs a lookup on the VPN label and forwards the
packet toward the CE router.
Approach 2: The PE routers will label the VPN packets with a label stack,
using the LDP label for the egress PE router as the top label, and
the VPN label assigned by the egress PE router as the second
label in the stack.
94. VPN PHP
• Penultimate hop popping (PHP) on the LDP label can
be performed on the last P router.
• The egress PE router performs label lookup only on the
VPN label, resulting in faster and simpler label lookup.
• IP lookup is performed only once—in the ingress PE
router.
95. VPN Label Propagation
Question: How will the ingress PE router get the second label
in the label stack from the egress PE router?
Answer: Labels are propagated in MP-BGP VPNv4 routing
updates.
96. p 1: A VPN label is assigned to every VPN route by the egress
PE router.
VPN Label Propagation (Cont.)
Step 2: The VPN label is advertised to all other PE routers in an
MP-BGP update.
p 3: A label stack is built in the VRF table.
97. MPLS VPNs and Packet Forwarding:
Summarization in the Core
98. MPLS-VPN Terminology and Definitions
Provider Network (P-Network):The backbone under control
of a service provider
Customer Network (C-Network):Network under customer
control
CE-router: Part of the customer network and interfaces to a
PE router
Site: Set of (sub)networks part of the customer network
and co-located.
PE-router: Part of the provider network and interfaces to
CE routers
P-router: Provider (core) router, without knowledge of VPN
Border router: Provider edge router interfacing to other
provider networks
DIT
99. MPLS-VPN Terminology and Definitions
VRF: VPN routing and forwarding instance
Extended Community: BGP attribute used to identify a
route-origin, route-target
Site of Origin Identifier (SOO): 64 bits identifying the site
where the route originated
route target: 64 bits identifying the VRFs that should
receive the route
Route Distinguisher: Attributes of each route used to
uniquely identify prefixes among VPNs (64 bits).
VPN-IPv4 addresses: Normal IP address including the
64-bit route distinguisher and the 32-bit IP address
VPN-Aware network: A provider backbone where MPLS
PN is deployed
DIT
101. What Is Traffic Engineering?
TE is a process of measures, models, and
controls of traffic to achieve various goals.
TE for data networks provides an integrated
approach to managing traffic at Layer 3.
Traffic engineering is manipulating your
traffic to fit your network.
Network engineering is building your
network to carry your predicted traffic.
TE is commonly used in voice telephony
networks.
102. Traffic Engineering Motivations
Reduce the overall cost of operations by
more efficient use of bandwidth resources
Prevent a situation where some parts of a
network are overutilized (congested), while
other parts remain underutilized
Implement traffic protection against failures
Enhance SLA in combination with QoS
103. Business Drivers for Traffic Engineering
Routers forward traffic along the least-cost route
discovered by routing protocols.
Network bandwidth may not be efficiently utilized:
The least-cost route may not be the only possible route.
The least-cost route may not have enough resources to carry
all the traffic.
Alternate paths may be underutilized.
Lack of resources results in congestion in two ways:
When network resources themselves are insufficient to
accommodate offered load
When traffic streams are inefficiently mapped onto available
resources
Some resources are overutilized while others remain
underutilized.
104. Congestion Avoidance and Traffic
Engineering
Network congestion can be addressed by
either:
Expansion of capacity or classical congestion
control techniques (queuing, rate limiting, and
so on)
Traffic engineering, if the problems result from
inefficient resource allocation
The focus of TE is not on congestion
created as a result of a short-term burst, but
on congestion problems that are prolonged.
105. Traffic Engineering with a Layer 2
Overlay Model
The use of the explicit Layer 2 transit layer allows very
exact control of how traffic uses the available bandwidth.
PVCs or SVCs carry traffic across Layer 2.
Layer 3 at the edge sees a complete mesh.
107. Traffic Engineering with a Layer 2
Overlay Model (Cont.)
Drawbacks of the Layer 2 overlay solution
Extra network devices
More complex network management:
Two-level network without integrated network
management
Additional training, technical support, field
engineering
IGP routing scalability issue for meshes
Additional bandwidth overhead (“cell tax”)
No differential service (class of service)
109. Traffic Engineering with the MPLS TE
Model
Tunnel is assigned labels that represent the path (LSP)
through the system.
Forwarding within the MPLS network is based on labels
(no Layer 3 lookup).
110. Traffic Engineering with the MPLS
TE Model (Cont.)
The MPLS TE LSPs are created by
RSVP.
The actual path can be specified:
Explicitly defined by the system
administrator
Dynamically defined using the
underlying IGP protocol
111. DIT
MPLS TE
MPLS traffic engineering requires OSPF or
ISIS with extensions for MPLS TE as the
IGP.
OSPF and IS-IS with extensions hold the
entire topology in their databases.
OSPF and IS-IS should also have some
additional information about network
resources and constraints.
RSVP is used to establish traffic engineering
tunnels (TE tunnels) and propagate labels.
112. Summary
Traffic engineering measures, models, and
controls traffic to achieve various goals.
TE is driven by inefficient bandwidth utilization.
TE focuses on prolonged congestion problems.
With the TE Layer 2 overlay model, routers are not
aware of the physical structure and bandwidth
available on links.
With the TE Layer 3 model, the destination-based
forwarding paradigm cannot handle the problem of
overutilization of one path while an alternate path is
underutilized.
TE with the MPLS TE model means that the routers
use the MPLS label-switching paradigm.
Notas del editor
The “Forwarding Equivalence Class” is an important concept in MPLS. An FEC is any subset of packets that are treated the same way by a router. By “treated” this can mean, forwarded out the same interface with the same next hop and label. It can also mean given the same class of service, output on same queue, given same drop preference, and any other option available to the network operator.
When a packet enters the MPLS network at the ingress node, the packet is mapped into an FEC. The mapping can also be done on a wide variety of parameters, address prefix (or host), source/destination address pair, or ingress interface. This greater flexibility adds functionality to MPLS that is not available in traditional IP routing.
FECs also allow for greater scalability in MPLS. In Ipsilon’s implementation of IP Switching or in MPOA, their equivalent to an FEC maps to a data flow (source/destination address pair, or source/destination address plus port no.). The limited flexibility and large numbers of (short lived) flows in the Internet limits the applicability of both IP Switching and MPOA. With MPLS, the aggregation of flows into FECs of variable granularity provides scalability that meets the demands of the public Internet as well as enterprise applications.
In the current Label Distribution Protocol specification, only three types of FECs are specified:
- IP Address Prefix
- Router ID
- Flow (port, dest-addr, src-addr etc.)
The spec. states that new elements can be added as required.