SlideShare una empresa de Scribd logo

Doc6 mpls vpn-ppt

Swarup Kumar Mall
Swarup Kumar Mall

MPLS VPN provides a way to extend private network connectivity over a shared public infrastructure in a secure manner. It utilizes MPLS to create virtual point-to-point connections between customer sites. There are two main types of MPLS VPNs - Layer 3 VPNs which use extensions to BGP to exchange routing information between customer edge routers and provider edge routers, and Layer 2 VPNs which extend customer layer 2 networks across the MPLS backbone by encapsulating layer 2 frames with labels.

1 de 59
Descargar para leer sin conexión
MPLS VPN PLS VPN V Prepared by Eng. Hussein M. Harb MP
Agenda • Why VPN • VPN Definition • VPN C t Categories i PLS VPN • VPN Implementations V • VPN Models MP • MPLS VPN Types • L3 MPLS VPN • L2 MPLS VPN
Why VPN? • VPNs were developed initially to deal with security issues of transmitting clear text data across a network network. • E Examples of applications th t send t ffi i a clear t t l f li ti that d traffic in l text PLS VPN format are Telnet, file transfers via FTP or TFTP. V • VPN - has attracted the attention of many organizations looking to expand their networking capabilities, secure MP h i ffi d d h i their traffic and reduce their costs.
VPN Definition The most common definition of a VPN is: A data network that utilizes a portion of a shared public p p PLS VPN network to extend a customer's private network. MP V
VPN Categories There are three basic VPN categories: h h b i i • Intranet PLS VPN • Extranet V • Internet MP
Intranet VPN • An intranet VPN connects resources from the same company across that company's infrastructure. PLS VPN MP V An example of intranet VPN is the connections between different l diff locations within a company's i f i i hi ' infrastructure, such as h VPNs between two offices
Extranet VPN • An extranet VPN connects resources from one company to another company, such as a business partner. PLS VPN MP V An example of an extranet is a company that has outsourced its help desk functions and sets up a VPN to provide a secure connection from its corporate office to the outsourcing company.
Internet • An Internet VPN uses a public network as the backbone to transport VPN traffic between devices. PLS VPN • As an example, you might use the Internet, which is a public V network, to connect two sites t th or h t k t tt it together have t l telecommuters t use their local ISPs to set up a VPN connection to the corporate network (remote access connections). p ( ) MP
VPN Components The VPN realm consist of the following regions: • Customer network: Consisted of the routers at the various customer sites called customer edge (CE) routers routers. PLS VPN V • Provider network: SP devices to which the CE routers were directly attached were called provider edge (PE) routers. e e ca ed p o de ( ) oute s. MP SP network might consist of devices used for forwarding data in the SP backbone called provider (P) routers.
VPN Implementations There are many ways for the implementation of VPN such as: • GRE PLS VPN • IPsec V • PPTP • L2TP MP • MPLS
MPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across a private network to emulate th VPN f ti l t the function. PLS VPN V • MPLS alone won't solve security problem; you'll have to complement it with another VPN solution, such as IPsec over MPLS MPLS. MP • MPLS supports multiple protocols. In other words, you can use MPLS to tag IP packets, Ethernet frames, IPX packets.
VPN Models The VPN implementations can be classified broadly into one of the following: • Overlay model PLS VPN • Peer-to-peer model MP V
Overlay model • The provider did not participate in customer routing. It provides the customer with transport of data using virtual point-to-point links (PVC or SVC). PLS VPN MP V
Overlay model (Continue) • The drawback of an Overlay model was the full mesh of virtual circuits between all customer sites for optimal connectivity. N sites need N(N-l )/2 circuits. PLS VPN • Overlay VPNs provides either Layer 1 (physical layer) connectivity or a Layer 2 transport circuit between customer y y p V sites for transportation of Layer 2 frames (Or cells) which was traditionally implemented using either Frame Relay or ATM it h switches . MP
Peer-to-peer model • The peer-to-peer model was developed to overcome the drawbacks of the Overlay model • The service provider would actively participate in customer routing g PLS VPN MP V
Peer-to-peer model (Continue) • Routing information is exchanged between the customer routers and the SP routers. • Th peer-to-peer model, consequently, d The t d l tl does not require th t i the PLS VPN creation of virtual circuits. V • Separation of customer-specific routing information is achieved b i l hi d by implementing packet fil i k filters at the routers h MP connecting to the customer network.
MPLS VPN Types • BGP/MPLS VPNs (Layer 3 VPNs): Use extensions to the existing routing protocol of the Internet (BGP-4) to interconnect remote locations, also called RFC 2547bis VPNs. PLS VPN • Layer 2 MPLS VPNs: V Extends the customer’s Layer 2 connectivity across an MPLS infrastructure. Commonly called Martini VPNs. An extension MP to L Layer 2 VPN also supports Virtual Private LAN Services VPNs l Vi lP i S i (VPLS).
L3 MPLS VPN Architecture • MPLS VPN is an implementation of the peer-to-peer model. • The MPLS-based VPN model also accommodates customers using-overlapping address spaces. i l i dd PLS VPN V • However, instead of deploying a dedicated PE router per customer, customer traffic is isolated on the same PE router providing connectivity f multiple customers. idi i i for li l MP • The MPLS VPN backbone and customer sites exchange Layer 3 customer routing information.
Components of MPLS VPN architecture PLS VPN MP V
L3 MPLS VPN Routing Model PLS VPN MP V • Th only requirement on the CE router is a routing protocol The l i h i i l or a static route that enables the router to exchange IPv4 routing information with the connected PE router.
L3 MPLS VPN Routing Model PLS VPN MP V PE routers Perform the following tasks: • The PE routers exchange IPv4 routes with connected CE routers using individual routing protocol contexts. • It must isolate customer traffic if more than one customer is connected to the PE router.
L3 MPLS VPN Routing Model PLS VPN MP V • M li Multiprotocol BGP is configured b l i fi d between PE routers to carry customer routes.
L3 MPLS VPN Routing Model PLS VPN MP V • P routers provide label switching between provider edge routers and are unaware of VPN routes.
Virtual Routing and Forwarding Table (VRF) PLS VPN MP V • Customer isolation is achieved on the PE router by the use of virtual routing tables or instances • The function of a VRF is similar to a global routing table, except that it contains all routes pertaining to a specific VPN versus the global routing table.
Virtual Routing and Forwarding Table (VRF) PLS VPN MP V • The VRF also defines the connectivity requirements and protocols f each customer site on a single PE router. l for h i i l • The VRF defines the interfaces on the local PE router that are part of a specific VPN.
Route Distinguisher PLS VPN MP V • The RD enable overlapping address spaces in connected customer networks. • Thus, a unique RD is configured per VRF on the PE router.
Route Distinguisher (Cont.) • A RD is a 64-bit unique identifier that is prepended to the 32- bit customer prefix or route learned from a CE router, which makes it a unique 96-bit address called VPNv4 address that can be transported between the PE routers in the MPLS domain. domain PLS VPN • A unique RD is configured per VRF on the PE router. MP V
Route targets (RT) PLS VPN MP V • When a VPN route learned from a CE router is injected into VPNv4 BGP, a list of VPN route target extended community attributes is associated with it.
Route targets (RT) PLS VPN MP V • The export route target is appended to a customer prefix when it is converted to a VPNv4 prefix by the PE router and propagated in MP-BGP updates.
Route targets (RT) PLS VPN MP V • The import route target is associated with each VRF and identifies the VPN v4 routes to be imported into the VRF for the specific customer.
L3 MPLS VPN Operation • Phase 1: Propagation of VPN routes and distribution of MPLS labels (Control Plane) PLS VPN • Phase 2: Packet forwarding (Data Plane) MP V
Control Plane Operation • Taking the next figure as an example Propagation of VPN routes and distribution of MPLS labels takes place in three different stages PLS VPN MP V
Stage 1 • Stage 1: PE routers receive IPv4 routing updates from CE routers and populate these routes into the appropriate VRF table. PLS VPN MP V
Stage 2 • Stage 2: PE routers export VPN routes from VRF tables into MP-IBGP and propagate them with VPN label as VPNv4 routes via MP-IBGP to other remote PE routers. PLS VPN MP V
Stage 3 • Stage 3: The remote PE routers on receiving MP-IBGP updates will import the incoming VPNv4 routes into their respective VRF tables according to the import RTs. The VPNv4 routes installed in VRF tables are then converted back to IPv4 routes and propagated to the CE routers routers. PLS VPN MP V
Summary for Control Plane Operation PLS VPN MP V
Example-Control Plane Operation 1. IPv4 update for network 172.16.10.0 is received by the egress PE router PLS VPN MP V
Example-Control Plane Operation 2. PE1-AS1 accepts and transforms the IPv4 route, 172.16.10.0/24, to a VPN v4 route by assigning an RD 1:100 and RT 1:100. It allocates a label V1 and rewrites the next- hop attribute to the PE1-AS1 loopback0 IP address 10.10.10.101. 10 10 10 101 PLS VPN MP V
Example-Control Plane Operation 2a. Edge LSR PE2-AS1 requests a label for the 10.10.10.101/32 prefix using LDP from LSR P2-AS1 then from P1-AS1 then P2 AS1 P1 AS1 from Edge LSR PE1-AS1. Edge LSR PEl-AS1 allocates a label of implicit-null and sends it to P1-AS1. PLS VPN MP V
Example-Control Plane Operation 2b. P1-AS1 uses the implicit-null label received from PE1-AS1 as its outbound label value, allocates a label (L1) to prefix value 10.10.10.101/32, and sends this label value to P2-AS1 via LDP. PLS VPN MP V
Example-Control Plane Operation 2c. P2-AS1 uses the label (L1) received from PI-AS1 as its outbound label value allocates a label (L2) to prefix value, 10.10.10.101/32, and sends this label value to PE2-AS1 via LDP. PLS VPN MP V
Example-Control Plane Operation 3. PEl-AS1 has the VRF configured to accept routes with RT 1:100 and therefore translates the VPNv4 update to IPv4 and inserts the route in VRF A. It then propagates this route to the CE2-A. PLS VPN MP V
Example-Data Plane Operation 1. CE2-A originates a data packet with the source address of 172.16.20.1 and destination of 172.16.10.1. PLS VPN MP V
Example-Data Plane Operation 2. PE2-AS1 receives the data packet and appends the VPN label V1 and LDP label L2 and forwards the packet to P2- P2 AS1. PLS VPN MP V
Example-Data Plane Operation 3. P2-AS1 receives the data packet destined to 172.16.10.1 and swaps LDP label L2 with L1. PLS VPN MP V
Example-Data Plane Operation 4. P1-AS1 receives the data packet destined to 172.16.10.1 and pops the top label. The resulting labeled packet with VPN Label V1 is forwarded to PE1-AS1. PLS VPN MP V
Example-Data Plane Operation 5. PE1-AS1 pops the VPN label and forwards the data packet to CE1-A where the 172.16.10.0 network is located. CE1 A PLS VPN MP V
Layer 2 VPN • Customers may desire to extend their current Layer 2 infrastructure (frame relay, ATM, Ethernet, VLANs, TDM, ( y, , , , , transparent LAN services, etc.). PLS VPN • IP-based Layer 3 VPNs will not satisfy any of these V requirements; instead, a Layer 2 solution is required. MP • MPLS-based Layer 2 VPNs prepends a label to a Layer 2 PDU and then forwarding the packet across the MPLS backbone. backbone
Layer 2 VPN Components • The Martini draft builds on some fundamental concepts associated with RFC 2547bis VPNs. • Provider (P) routers still will not be aware of the VPNs. They PLS VPN will continue to forward packets over pre-established LSPs. V • Customer Edge (CE) routers will operate without any MP knowledge of the existence of MPLS VPNs. • The PE routers do not participate in the routing algorithms of the end-users, and there are no requirements for the q construction of VPN routing and forwarding tables (VRFs).
Martini VPNs (Point-Point Connectivity) • The Martini drafts introduce the concept of Virtual Circuits (VCs). (VCs) An LSP acts as a tunnel carrying multiple VCs. VCs PLS VPN • VCs are uni-directional, for bi-directional communication, a pair of VCs – one in each direction – is needed. MP V
L2 VPN Routing Information • Tunnel LSPs between the PE routers could be created using any protocol like RSVP/TE or LDP. PLS VPN MP V
L2 VPN Routing Information • PE routers exchange the VC labels via LDP. Once the session is established, VC ID data which includes the VC ID, the Group ID, VC Type, the VC Interface Parameters and a Control Word notification can be exchanged. PLS VPN MP V
L2 VPN Data Traffic • The PE router encapsulates the subscriber layer-2 frame and attaches two labels; the top (tunnel label) identifies the destination of the remote PE router. PLS VPN MP V
L2 VPN Data Traffic • The receiving PE router pops the tunnel label, uses the bottom (or inner) label to deliver the packet to the correct end-user (CE router) with the appropriate Layer 2 encapsulation based on the VC label. PLS VPN MP V
VC Types • Martini Virtual Circuit Encapsulation Types: Frame Relay – Type 01 y yp ATM AAL5 VCC – Type 02 ATM Transparent Cell Transport – Type 03 Ethernet VLAN – T Eh Type 04 PLS VPN Ethernet – Type 05 V HDLC – Type 06 PPP – Type 07 CEM – Type 08 MP ATM VCC Cell Transport – Type 09 ATM VPC Cell Transport – Type 10 or Hex. “0A”
Virtual Private LAN Services (VPLS) • The Kompella draft specification creates a new VC type specifically for Ethernet VPLS frames This is type eleven frames. (hex B). PLS VPN • Customer frames are switched based on their destination V MAC address address. MP • VPN is established by creating a full mesh of VCs between the PEs facing the sites that make the VPN.
Virtual Private LAN Services (VPLS) • PE routers perform source MAC address learning just like a normal transparent switch, except that they perform it on switch frames received over the VCs. PLS VPN • A PE router maintains a separate layer-2 forwarding table, V called Virt al Forwarding Instance (VFI), for each VPN that it Virtual For arding (VFI) carries. MP
Virtual Private LAN Services (VPLS) • PE router does not learn all the MAC addresses in all the VPNs carried by the provider network. A PE router learns MAC addresses related only to the VPNs that it carries. P routers do not learn any MAC addresses, they just perform label i hi l b l switching. PLS VPN MP V
MP PLS VPN V Thank You

Recomendados

MPLS VPN
MPLS VPNMPLS VPN
MPLS VPNShahzaib Mahesar
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
Mpls
MplsMpls
MplsFasih Rehman
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP PresentationGino McCarty
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS PresentationUnni Kannan VijayaKumar
 
MPLS
MPLSMPLS
MPLSElyes Naouar
 

Recomendados

MPLS VPN
MPLS VPNMPLS VPN
MPLS VPNShahzaib Mahesar
 
MPLS Traffic Engineering
MPLS Traffic EngineeringMPLS Traffic Engineering
MPLS Traffic EngineeringAPNIC
 
Mpls
MplsMpls
MplsFasih Rehman
 
MPLS + BGP Presentation
MPLS + BGP PresentationMPLS + BGP Presentation
MPLS + BGP PresentationGino McCarty
 
MPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicMPLS Deployment Chapter 1 - Basic
MPLS Deployment Chapter 1 - BasicEricsson
 
MPLS L3 VPN Deployment
MPLS L3 VPN DeploymentMPLS L3 VPN Deployment
MPLS L3 VPN DeploymentAPNIC
 
MPLS Presentation
MPLS PresentationMPLS Presentation
MPLS PresentationUnni Kannan VijayaKumar
 
MPLS
MPLSMPLS
MPLSElyes Naouar
 
Mpls
MplsMpls
Mplsrahulvce07
 
Mpls L3_vpn
Mpls L3_vpnMpls L3_vpn
Mpls L3_vpnReza Farahani
 
MPLS
MPLSMPLS
MPLSSaif Ullah Khan
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
BGP
BGP BGP
BGP Reza Farahani
 
Implementing cisco mpls
Implementing cisco mplsImplementing cisco mpls
Implementing cisco mplsMatiullah Jamil
 
Multiprotocol label switching
Multiprotocol label switchingMultiprotocol label switching
Multiprotocol label switchingSumita Das
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
Cisco MPLS
Cisco MPLSCisco MPLS
Cisco MPLSwebhostingguy
 
MPLS Tutorial
MPLS TutorialMPLS Tutorial
MPLS Tutorialkennedy Ochieng Ndire
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentBangladesh Network Operators Group
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPNrosmida
 
SEGMENT Routing
SEGMENT RoutingSEGMENT Routing
SEGMENT RoutingBangladesh Network Operators Group
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISPWahyu Nasution
 
MPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingMPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingPeter R. Egli
 
Mpls Services
Mpls ServicesMpls Services
Mpls ServicesKristof De Brouwer
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS FundamentalReza Farahani
 
Carrier Ethernet
Carrier EthernetCarrier Ethernet
Carrier Ethernetrjain51
 
Design And Analysis Of MPLS based VPN
Design And Analysis Of MPLS based VPNDesign And Analysis Of MPLS based VPN
Design And Analysis Of MPLS based VPNgandhimb
 
Multi-Protocol Label Switching: Basics and Applications
Multi-Protocol Label Switching: Basics and ApplicationsMulti-Protocol Label Switching: Basics and Applications
Multi-Protocol Label Switching: Basics and ApplicationsVishal Sharma, Ph.D.
 

Más contenido relacionado

La actualidad más candente

Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Febrian ‎
 
Multiprotocol label switching
Multiprotocol label switchingMultiprotocol label switching
Multiprotocol label switchingSumita Das
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorialrakiva29
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPNrosmida
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]APNIC
 
MPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingMPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingPeter R. Egli
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab Cisco Canada
 
Carrier Ethernet
Carrier EthernetCarrier Ethernet
Carrier Ethernetrjain51
 

La actualidad más candente (20)

Mpls
MplsMpls
Mpls
 
Mpls L3_vpn
Mpls L3_vpnMpls L3_vpn
Mpls L3_vpn
 
MPLS
MPLSMPLS
MPLS
 
Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010Deploying IP/MPLS VPN - Cisco Networkers 2010
Deploying IP/MPLS VPN - Cisco Networkers 2010
 
BGP
BGP BGP
BGP
 
Implementing cisco mpls
Implementing cisco mplsImplementing cisco mpls
Implementing cisco mpls
 
Multiprotocol label switching
Multiprotocol label switchingMultiprotocol label switching
Multiprotocol label switching
 
Waris l2vpn-tutorial
Waris l2vpn-tutorialWaris l2vpn-tutorial
Waris l2vpn-tutorial
 
Cisco MPLS
Cisco MPLSCisco MPLS
Cisco MPLS
 
MPLS Tutorial
MPLS TutorialMPLS Tutorial
MPLS Tutorial
 
Inter-AS MPLS VPN Deployment
Inter-AS MPLS VPN DeploymentInter-AS MPLS VPN Deployment
Inter-AS MPLS VPN Deployment
 
Layer-2 VPN
Layer-2 VPNLayer-2 VPN
Layer-2 VPN
 
SEGMENT Routing
SEGMENT RoutingSEGMENT Routing
SEGMENT Routing
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
Bgp tutorial for ISP
Bgp tutorial for ISPBgp tutorial for ISP
Bgp tutorial for ISP
 
MPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label SwitchingMPLS - Multiprotocol Label Switching
MPLS - Multiprotocol Label Switching
 
Mpls Services
Mpls ServicesMpls Services
Mpls Services
 
Segment Routing Lab
Segment Routing Lab Segment Routing Lab
Segment Routing Lab
 
VPLS Fundamental
VPLS FundamentalVPLS Fundamental
VPLS Fundamental
 
Carrier Ethernet
Carrier EthernetCarrier Ethernet
Carrier Ethernet
 

Destacado

Design And Analysis Of MPLS based VPN
Design And Analysis Of MPLS based VPNDesign And Analysis Of MPLS based VPN
Design And Analysis Of MPLS based VPNgandhimb
 
Multi-Protocol Label Switching: Basics and Applications
Multi-Protocol Label Switching: Basics and ApplicationsMulti-Protocol Label Switching: Basics and Applications
Multi-Protocol Label Switching: Basics and ApplicationsVishal Sharma, Ph.D.
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentationstolentears
 
Squire Technologies: Media Gateway Controller
Squire Technologies: Media Gateway ControllerSquire Technologies: Media Gateway Controller
Squire Technologies: Media Gateway ControllerSquire Technologies
 
Jawdat SDN NFV solutions 2016 v1.1
Jawdat SDN NFV solutions 2016 v1.1Jawdat SDN NFV solutions 2016 v1.1
Jawdat SDN NFV solutions 2016 v1.1Tedhi Achdiana
 
Bts commissioning (alcatel lucent)
Bts commissioning (alcatel lucent)Bts commissioning (alcatel lucent)
Bts commissioning (alcatel lucent)Sayed Qaisar Shah
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)Vipin Sahu
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefitsqaisar17
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private NetworkPeter R. Egli
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slidesrahul kundu
 
Virtual private network
Virtual private networkVirtual private network
Virtual private networkSowmia Sathyan
 

Destacado (19)

Design And Analysis Of MPLS based VPN
Design And Analysis Of MPLS based VPNDesign And Analysis Of MPLS based VPN
Design And Analysis Of MPLS based VPN
 
Multi-Protocol Label Switching: Basics and Applications
Multi-Protocol Label Switching: Basics and ApplicationsMulti-Protocol Label Switching: Basics and Applications
Multi-Protocol Label Switching: Basics and Applications
 
MPLS ppt
MPLS pptMPLS ppt
MPLS ppt
 
Vpn
VpnVpn
Vpn
 
Vpn presentation
Vpn presentationVpn presentation
Vpn presentation
 
Squire Technologies: Media Gateway Controller
Squire Technologies: Media Gateway ControllerSquire Technologies: Media Gateway Controller
Squire Technologies: Media Gateway Controller
 
Jawdat SDN NFV solutions 2016 v1.1
Jawdat SDN NFV solutions 2016 v1.1Jawdat SDN NFV solutions 2016 v1.1
Jawdat SDN NFV solutions 2016 v1.1
 
Bts commissioning (alcatel lucent)
Bts commissioning (alcatel lucent)Bts commissioning (alcatel lucent)
Bts commissioning (alcatel lucent)
 
Types of VPN
Types of VPNTypes of VPN
Types of VPN
 
What Is VPN
What Is VPNWhat Is VPN
What Is VPN
 
MPLS
MPLSMPLS
MPLS
 
MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)MPLS (Multi-Protocol Label Switching)
MPLS (Multi-Protocol Label Switching)
 
VPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and BenefitsVPN, Its Types,VPN Protocols,Configuration and Benefits
VPN, Its Types,VPN Protocols,Configuration and Benefits
 
Firewall
Firewall Firewall
Firewall
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
VPN - Virtual Private Network
VPN - Virtual Private NetworkVPN - Virtual Private Network
VPN - Virtual Private Network
 
Introduction of firewall slides
Introduction of firewall slidesIntroduction of firewall slides
Introduction of firewall slides
 
Virtual private network
Virtual private networkVirtual private network
Virtual private network
 
MPLS: Multiprotocol Label Switching
MPLS: Multiprotocol Label SwitchingMPLS: Multiprotocol Label Switching
MPLS: Multiprotocol Label Switching
 

Similar a Doc6 mpls vpn-ppt

International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private NetworkRajan Kumar
 
MPLS-VPN-Technology.pdf
MPLS-VPN-Technology.pdfMPLS-VPN-Technology.pdf
MPLS-VPN-Technology.pdfHuynh MVT
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfHirazNor
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...nvirters
 
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsThomas Morin
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALLMoin Islam
 

Similar a Doc6 mpls vpn-ppt (20)

VPN Network
VPN NetworkVPN Network
VPN Network
 
International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)International Journal of Engineering Research and Development (IJERD)
International Journal of Engineering Research and Development (IJERD)
 
Vivpn pp tfinal
Vivpn pp tfinalVivpn pp tfinal
Vivpn pp tfinal
 
Mplsvpn seminar
Mplsvpn seminarMplsvpn seminar
Mplsvpn seminar
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
Vpn1
Vpn1Vpn1
Vpn1
 
Vpn1
Vpn1Vpn1
Vpn1
 
Vpn networks kami
Vpn networks kamiVpn networks kami
Vpn networks kami
 
Vpn rsvp
Vpn rsvpVpn rsvp
Vpn rsvp
 
Shradhamaheshwari vpn
Shradhamaheshwari vpnShradhamaheshwari vpn
Shradhamaheshwari vpn
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Vpnppt1884
Vpnppt1884Vpnppt1884
Vpnppt1884
 
MPLS-VPN-Technology.pdf
MPLS-VPN-Technology.pdfMPLS-VPN-Technology.pdf
MPLS-VPN-Technology.pdf
 
csevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdfcsevpnppt-170905123948 (1).pdf
csevpnppt-170905123948 (1).pdf
 
Virtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) pptVirtual Private Networks (VPN) ppt
Virtual Private Networks (VPN) ppt
 
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
Tech Talk by John Casey (CTO) CPLANE_NETWORKS : High Performance OpenStack Ne...
 
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNs
 
VPN & FIREWALL
VPN & FIREWALLVPN & FIREWALL
VPN & FIREWALL
 
Vpn_NJ ppt
Vpn_NJ pptVpn_NJ ppt
Vpn_NJ ppt
 
Vp ns
Vp nsVp ns
Vp ns
 

Más de Swarup Kumar Mall

Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156Swarup Kumar Mall
 
Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_Swarup Kumar Mall
 

Más de Swarup Kumar Mall (17)

Vp ns
Vp nsVp ns
Vp ns
 
Vp npresentation 2
Vp npresentation 2Vp npresentation 2
Vp npresentation 2
 
Vpn 3 13_07
Vpn 3 13_07Vpn 3 13_07
Vpn 3 13_07
 
Vpn 3
Vpn 3Vpn 3
Vpn 3
 
Vpn 2
Vpn 2Vpn 2
Vpn 2
 
Vpn
VpnVpn
Vpn
 
Presentation vpn
Presentation vpnPresentation vpn
Presentation vpn
 
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
Doc c26 c9d9e63c44cba392505b49890b5af_1285830910188_156
 
D l table
D l tableD l table
D l table
 
Cheap vpn
Cheap vpnCheap vpn
Cheap vpn
 
Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_Btech. 1st year_new_syllabus_final__2008_bput_
Btech. 1st year_new_syllabus_final__2008_bput_
 
Blug talk
Blug talkBlug talk
Blug talk
 
Allaboutvpn
AllaboutvpnAllaboutvpn
Allaboutvpn
 
2008 cse
2008 cse2008 cse
2008 cse
 
2008 cse copy
2008 cse copy2008 cse copy
2008 cse copy
 
4 vpn s
4 vpn s4 vpn s
4 vpn s
 
VPN
VPNVPN
VPN
 

Doc6 mpls vpn-ppt

  • 1. MPLS VPN PLS VPN V Prepared by Eng. Hussein M. Harb MP
  • 2. Agenda • Why VPN • VPN Definition • VPN C t Categories i PLS VPN • VPN Implementations V • VPN Models MP • MPLS VPN Types • L3 MPLS VPN • L2 MPLS VPN
  • 3. Why VPN? • VPNs were developed initially to deal with security issues of transmitting clear text data across a network network. • E Examples of applications th t send t ffi i a clear t t l f li ti that d traffic in l text PLS VPN format are Telnet, file transfers via FTP or TFTP. V • VPN - has attracted the attention of many organizations looking to expand their networking capabilities, secure MP h i ffi d d h i their traffic and reduce their costs.
  • 4. VPN Definition The most common definition of a VPN is: A data network that utilizes a portion of a shared public p p PLS VPN network to extend a customer's private network. MP V
  • 5. VPN Categories There are three basic VPN categories: h h b i i • Intranet PLS VPN • Extranet V • Internet MP
  • 6. Intranet VPN • An intranet VPN connects resources from the same company across that company's infrastructure. PLS VPN MP V An example of intranet VPN is the connections between different l diff locations within a company's i f i i hi ' infrastructure, such as h VPNs between two offices
  • 7. Extranet VPN • An extranet VPN connects resources from one company to another company, such as a business partner. PLS VPN MP V An example of an extranet is a company that has outsourced its help desk functions and sets up a VPN to provide a secure connection from its corporate office to the outsourcing company.
  • 8. Internet • An Internet VPN uses a public network as the backbone to transport VPN traffic between devices. PLS VPN • As an example, you might use the Internet, which is a public V network, to connect two sites t th or h t k t tt it together have t l telecommuters t use their local ISPs to set up a VPN connection to the corporate network (remote access connections). p ( ) MP
  • 9. VPN Components The VPN realm consist of the following regions: • Customer network: Consisted of the routers at the various customer sites called customer edge (CE) routers routers. PLS VPN V • Provider network: SP devices to which the CE routers were directly attached were called provider edge (PE) routers. e e ca ed p o de ( ) oute s. MP SP network might consist of devices used for forwarding data in the SP backbone called provider (P) routers.
  • 10. VPN Implementations There are many ways for the implementation of VPN such as: • GRE PLS VPN • IPsec V • PPTP • L2TP MP • MPLS
  • 11. MPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across a private network to emulate th VPN f ti l t the function. PLS VPN V • MPLS alone won't solve security problem; you'll have to complement it with another VPN solution, such as IPsec over MPLS MPLS. MP • MPLS supports multiple protocols. In other words, you can use MPLS to tag IP packets, Ethernet frames, IPX packets.
  • 12. VPN Models The VPN implementations can be classified broadly into one of the following: • Overlay model PLS VPN • Peer-to-peer model MP V
  • 13. Overlay model • The provider did not participate in customer routing. It provides the customer with transport of data using virtual point-to-point links (PVC or SVC). PLS VPN MP V
  • 14. Overlay model (Continue) • The drawback of an Overlay model was the full mesh of virtual circuits between all customer sites for optimal connectivity. N sites need N(N-l )/2 circuits. PLS VPN • Overlay VPNs provides either Layer 1 (physical layer) connectivity or a Layer 2 transport circuit between customer y y p V sites for transportation of Layer 2 frames (Or cells) which was traditionally implemented using either Frame Relay or ATM it h switches . MP
  • 15. Peer-to-peer model • The peer-to-peer model was developed to overcome the drawbacks of the Overlay model • The service provider would actively participate in customer routing g PLS VPN MP V
  • 16. Peer-to-peer model (Continue) • Routing information is exchanged between the customer routers and the SP routers. • Th peer-to-peer model, consequently, d The t d l tl does not require th t i the PLS VPN creation of virtual circuits. V • Separation of customer-specific routing information is achieved b i l hi d by implementing packet fil i k filters at the routers h MP connecting to the customer network.
  • 17. MPLS VPN Types • BGP/MPLS VPNs (Layer 3 VPNs): Use extensions to the existing routing protocol of the Internet (BGP-4) to interconnect remote locations, also called RFC 2547bis VPNs. PLS VPN • Layer 2 MPLS VPNs: V Extends the customer’s Layer 2 connectivity across an MPLS infrastructure. Commonly called Martini VPNs. An extension MP to L Layer 2 VPN also supports Virtual Private LAN Services VPNs l Vi lP i S i (VPLS).
  • 18. L3 MPLS VPN Architecture • MPLS VPN is an implementation of the peer-to-peer model. • The MPLS-based VPN model also accommodates customers using-overlapping address spaces. i l i dd PLS VPN V • However, instead of deploying a dedicated PE router per customer, customer traffic is isolated on the same PE router providing connectivity f multiple customers. idi i i for li l MP • The MPLS VPN backbone and customer sites exchange Layer 3 customer routing information.
  • 19. Components of MPLS VPN architecture PLS VPN MP V
  • 20. L3 MPLS VPN Routing Model PLS VPN MP V • Th only requirement on the CE router is a routing protocol The l i h i i l or a static route that enables the router to exchange IPv4 routing information with the connected PE router.
  • 21. L3 MPLS VPN Routing Model PLS VPN MP V PE routers Perform the following tasks: • The PE routers exchange IPv4 routes with connected CE routers using individual routing protocol contexts. • It must isolate customer traffic if more than one customer is connected to the PE router.
  • 22. L3 MPLS VPN Routing Model PLS VPN MP V • M li Multiprotocol BGP is configured b l i fi d between PE routers to carry customer routes.
  • 23. L3 MPLS VPN Routing Model PLS VPN MP V • P routers provide label switching between provider edge routers and are unaware of VPN routes.
  • 24. Virtual Routing and Forwarding Table (VRF) PLS VPN MP V • Customer isolation is achieved on the PE router by the use of virtual routing tables or instances • The function of a VRF is similar to a global routing table, except that it contains all routes pertaining to a specific VPN versus the global routing table.
  • 25. Virtual Routing and Forwarding Table (VRF) PLS VPN MP V • The VRF also defines the connectivity requirements and protocols f each customer site on a single PE router. l for h i i l • The VRF defines the interfaces on the local PE router that are part of a specific VPN.
  • 26. Route Distinguisher PLS VPN MP V • The RD enable overlapping address spaces in connected customer networks. • Thus, a unique RD is configured per VRF on the PE router.
  • 27. Route Distinguisher (Cont.) • A RD is a 64-bit unique identifier that is prepended to the 32- bit customer prefix or route learned from a CE router, which makes it a unique 96-bit address called VPNv4 address that can be transported between the PE routers in the MPLS domain. domain PLS VPN • A unique RD is configured per VRF on the PE router. MP V
  • 28. Route targets (RT) PLS VPN MP V • When a VPN route learned from a CE router is injected into VPNv4 BGP, a list of VPN route target extended community attributes is associated with it.
  • 29. Route targets (RT) PLS VPN MP V • The export route target is appended to a customer prefix when it is converted to a VPNv4 prefix by the PE router and propagated in MP-BGP updates.
  • 30. Route targets (RT) PLS VPN MP V • The import route target is associated with each VRF and identifies the VPN v4 routes to be imported into the VRF for the specific customer.
  • 31. L3 MPLS VPN Operation • Phase 1: Propagation of VPN routes and distribution of MPLS labels (Control Plane) PLS VPN • Phase 2: Packet forwarding (Data Plane) MP V
  • 32. Control Plane Operation • Taking the next figure as an example Propagation of VPN routes and distribution of MPLS labels takes place in three different stages PLS VPN MP V
  • 33. Stage 1 • Stage 1: PE routers receive IPv4 routing updates from CE routers and populate these routes into the appropriate VRF table. PLS VPN MP V
  • 34. Stage 2 • Stage 2: PE routers export VPN routes from VRF tables into MP-IBGP and propagate them with VPN label as VPNv4 routes via MP-IBGP to other remote PE routers. PLS VPN MP V
  • 35. Stage 3 • Stage 3: The remote PE routers on receiving MP-IBGP updates will import the incoming VPNv4 routes into their respective VRF tables according to the import RTs. The VPNv4 routes installed in VRF tables are then converted back to IPv4 routes and propagated to the CE routers routers. PLS VPN MP V
  • 36. Summary for Control Plane Operation PLS VPN MP V
  • 37. Example-Control Plane Operation 1. IPv4 update for network 172.16.10.0 is received by the egress PE router PLS VPN MP V
  • 38. Example-Control Plane Operation 2. PE1-AS1 accepts and transforms the IPv4 route, 172.16.10.0/24, to a VPN v4 route by assigning an RD 1:100 and RT 1:100. It allocates a label V1 and rewrites the next- hop attribute to the PE1-AS1 loopback0 IP address 10.10.10.101. 10 10 10 101 PLS VPN MP V
  • 39. Example-Control Plane Operation 2a. Edge LSR PE2-AS1 requests a label for the 10.10.10.101/32 prefix using LDP from LSR P2-AS1 then from P1-AS1 then P2 AS1 P1 AS1 from Edge LSR PE1-AS1. Edge LSR PEl-AS1 allocates a label of implicit-null and sends it to P1-AS1. PLS VPN MP V
  • 40. Example-Control Plane Operation 2b. P1-AS1 uses the implicit-null label received from PE1-AS1 as its outbound label value, allocates a label (L1) to prefix value 10.10.10.101/32, and sends this label value to P2-AS1 via LDP. PLS VPN MP V
  • 41. Example-Control Plane Operation 2c. P2-AS1 uses the label (L1) received from PI-AS1 as its outbound label value allocates a label (L2) to prefix value, 10.10.10.101/32, and sends this label value to PE2-AS1 via LDP. PLS VPN MP V
  • 42. Example-Control Plane Operation 3. PEl-AS1 has the VRF configured to accept routes with RT 1:100 and therefore translates the VPNv4 update to IPv4 and inserts the route in VRF A. It then propagates this route to the CE2-A. PLS VPN MP V
  • 43. Example-Data Plane Operation 1. CE2-A originates a data packet with the source address of 172.16.20.1 and destination of 172.16.10.1. PLS VPN MP V
  • 44. Example-Data Plane Operation 2. PE2-AS1 receives the data packet and appends the VPN label V1 and LDP label L2 and forwards the packet to P2- P2 AS1. PLS VPN MP V
  • 45. Example-Data Plane Operation 3. P2-AS1 receives the data packet destined to 172.16.10.1 and swaps LDP label L2 with L1. PLS VPN MP V
  • 46. Example-Data Plane Operation 4. P1-AS1 receives the data packet destined to 172.16.10.1 and pops the top label. The resulting labeled packet with VPN Label V1 is forwarded to PE1-AS1. PLS VPN MP V
  • 47. Example-Data Plane Operation 5. PE1-AS1 pops the VPN label and forwards the data packet to CE1-A where the 172.16.10.0 network is located. CE1 A PLS VPN MP V
  • 48. Layer 2 VPN • Customers may desire to extend their current Layer 2 infrastructure (frame relay, ATM, Ethernet, VLANs, TDM, ( y, , , , , transparent LAN services, etc.). PLS VPN • IP-based Layer 3 VPNs will not satisfy any of these V requirements; instead, a Layer 2 solution is required. MP • MPLS-based Layer 2 VPNs prepends a label to a Layer 2 PDU and then forwarding the packet across the MPLS backbone. backbone
  • 49. Layer 2 VPN Components • The Martini draft builds on some fundamental concepts associated with RFC 2547bis VPNs. • Provider (P) routers still will not be aware of the VPNs. They PLS VPN will continue to forward packets over pre-established LSPs. V • Customer Edge (CE) routers will operate without any MP knowledge of the existence of MPLS VPNs. • The PE routers do not participate in the routing algorithms of the end-users, and there are no requirements for the q construction of VPN routing and forwarding tables (VRFs).
  • 50. Martini VPNs (Point-Point Connectivity) • The Martini drafts introduce the concept of Virtual Circuits (VCs). (VCs) An LSP acts as a tunnel carrying multiple VCs. VCs PLS VPN • VCs are uni-directional, for bi-directional communication, a pair of VCs – one in each direction – is needed. MP V
  • 51. L2 VPN Routing Information • Tunnel LSPs between the PE routers could be created using any protocol like RSVP/TE or LDP. PLS VPN MP V
  • 52. L2 VPN Routing Information • PE routers exchange the VC labels via LDP. Once the session is established, VC ID data which includes the VC ID, the Group ID, VC Type, the VC Interface Parameters and a Control Word notification can be exchanged. PLS VPN MP V
  • 53. L2 VPN Data Traffic • The PE router encapsulates the subscriber layer-2 frame and attaches two labels; the top (tunnel label) identifies the destination of the remote PE router. PLS VPN MP V
  • 54. L2 VPN Data Traffic • The receiving PE router pops the tunnel label, uses the bottom (or inner) label to deliver the packet to the correct end-user (CE router) with the appropriate Layer 2 encapsulation based on the VC label. PLS VPN MP V
  • 55. VC Types • Martini Virtual Circuit Encapsulation Types: Frame Relay – Type 01 y yp ATM AAL5 VCC – Type 02 ATM Transparent Cell Transport – Type 03 Ethernet VLAN – T Eh Type 04 PLS VPN Ethernet – Type 05 V HDLC – Type 06 PPP – Type 07 CEM – Type 08 MP ATM VCC Cell Transport – Type 09 ATM VPC Cell Transport – Type 10 or Hex. “0A”
  • 56. Virtual Private LAN Services (VPLS) • The Kompella draft specification creates a new VC type specifically for Ethernet VPLS frames This is type eleven frames. (hex B). PLS VPN • Customer frames are switched based on their destination V MAC address address. MP • VPN is established by creating a full mesh of VCs between the PEs facing the sites that make the VPN.
  • 57. Virtual Private LAN Services (VPLS) • PE routers perform source MAC address learning just like a normal transparent switch, except that they perform it on switch frames received over the VCs. PLS VPN • A PE router maintains a separate layer-2 forwarding table, V called Virt al Forwarding Instance (VFI), for each VPN that it Virtual For arding (VFI) carries. MP
  • 58. Virtual Private LAN Services (VPLS) • PE router does not learn all the MAC addresses in all the VPNs carried by the provider network. A PE router learns MAC addresses related only to the VPNs that it carries. P routers do not learn any MAC addresses, they just perform label i hi l b l switching. PLS VPN MP V
  • 59. MP PLS VPN V Thank You