Diseños de red basados en MPLS2011Carlos Nicasiocarlos.nicasio@la.logicalis.com
Contents-   ¿Por qué MPLS?-   MPLS L3 VPNs-   Metro Ethernet: Diseños más comunes-   Metro Ethernet: Cisco EVC Framework- ...
¿Por qué MPLS?
Why MPLS?•   Needed a single infrastructure that supports multitude of applications in a    secure manner•   Provide a hig...
Examine MPLS and Layer 3Routing Limitations
L3 Routing LimitationsTraditional IP Forwarding   Diseños de Red Basados en MPLS
L3 Routing Limitations (Cont.)Traffic Engineering Using Traditional IP Forwarding    Diseños de Red Basados en MPLS
MPLS ArchitectureWhat Is MPLS?   Diseños de Red Basados en MPLS
Control Plane and Data PlaneMPLS Functionality   Diseños de Red Basados en MPLS
Frame-ModeMPLS Modes of Operation   Diseños de Red Basados en MPLS
Label HeadersMPLS Label Format   Diseños de Red Basados en MPLS
Label Switched Router TypesLabel Switched Routers   Diseños de Red Basados en MPLS
The Process of MPLS ForwardingMPLS Forwarding   Diseños de Red Basados en MPLS
Identify Applications that Use MPLS
Identify MPLS as an Application-drivenTechnologyMPLS Applications   Diseños de Red Basados en MPLS
Identify MPLS as an Application-drivenTechnology (Cont.)Unicast IP Routing    Diseños de Red Basados en MPLS
Identify MPLS as an Application-drivenTechnology (Cont.)MPLS Traffic Engineering    Diseños de Red Basados en MPLS
Identify MPLS as an Application-drivenTechnology (Cont.)MPLS TE Example • Some traffic from the upper (overutilized) path ...
Identify MPLS as an Application-drivenTechnology (Cont.)Quality of Service    Diseños de Red Basados en MPLS
Identify MPLS as an Application-drivenTechnology (Cont.)Virtual Private Networks   Diseños de Red Basados en MPLS
Identify MPLS as an Application-drivenTechnology (Cont.)VPN Example   Diseños de Red Basados en MPLS
Identify MPLS as an Application-drivenTechnology (Cont.)Layer 2 MPLS VPN   Diseños de Red Basados en MPLS
Identify MPLS as an Application-drivenTechnology (Cont.)Layer 2 MPLS VPN Example   Diseños de Red Basados en MPLS
VPN TechnologiesOverview
VPN TerminologyThe Components of a Generic VPN    Diseños de Red Basados en MPLS
Overlay VPN  Traditional VPN implementations were all based   on the overlay paradigm:       The service provider sells p...
Overlay VPN (Cont.)Example of Implementing anOverlay VPN   Diseños de Red Basados en MPLS
Peer-to-Peer VPN   The overlay VPN paradigm has a number of    drawbacks (need to establish point-to-point links    or VC...
Peer-to-Peer VPN (Cont.)   In a peer-to-peer VPN, the service provider    participates in the customer routing, accepting...
Peer-to-Peer VPN (Cont.)The Move from Overlay to Peer-to-Peer    • Customers and service provider peer directly using the ...
The Major Categories of VPNBenefits of the VPN Paradigms      Diseños de Red Basados en MPLS
The Major Categories of VPN (Cont.)Drawbacks of the VPN Paradigms      Diseños de Red Basados en MPLS
MPLS BackboneBenefits of deploy an MPLSBackbone  • VPNs can utilize virtually any VPN technology (Layer 3    MPLS VPNs, Fr...
MPLS Layer 2 and Layer 3 VPN   MPLS-based VPNs can provide VPN functionality using OSI Layers 2 and 3:          Layer 3 M...
MPLS Layer 2 and Layer 3 VPN (Cont.)Layer 3 MPLS VPN    Layer 3 MPLS VPNs provide support for IPv4 protocol to be used in...
MPLS Layer 2 and Layer 3 VPN (Cont.)Layer 2 MPLS VPN     Layer 2 MPLS VPNs provide support for OSI Layer 2 Protocols to b...
MPLS Layer 2 and Layer 3 VPN (Cont.)   A single IP backbone can do the job of:          Internet service provisioning    ...
MPLS and Enterprise Networks   Diseños de Red Basados en MPLS
Metro Ethernet Designs
Centralized MPLS VPN Design  Diseños de Red Basados en MPLS
QinQ VLAN Encapsulation  Diseños de Red Basados en MPLS
Distributed MPLS VPN Design  Diseños de Red Basados en MPLS
Metro EthernetArquitectura EVCs
Flexible QinQ Introduction Typical Metro Ethernet challenges       L2 and L3 services on the same port       Flexible s...
ServiceFlex                                      No global VLAN resource needed for xconnect                             ...
Flexible QinQ Overview                                                                                  Service instance O...
Parent VLAN                                                                                         priority  Flexible Qin...
Flexible QinQ Configuration –    flexible frame matching   Single tagged frame     encapsulation dot1q {any | “<vlan-id>...
Flexible QinQ Configuration –flexible encapsulation rewriteRouter(config-if-srv)#[no] rewrite ingress tag … symmetric   p...
Flexible QinQ Configuration –flexible service mapping/forwarding                                                          ...
EVC Infrastructure Overview                   EFP – Ethernet Flow Point                   EVC – Ethernet Virtual          ...
Hardware
Cisco ASR9000 Aggregation Service Router  6 and 10 slot chassis  1+1 RSP, SSO, NSR  180 Gbps per slot, Tbps fabrics.  ...
Cisco Metro 3600X Access Switches  Advanced Access  24xGE+2x10GE  Redundant Power Supplies (AC/DC)  65Mpps  EVC Frame...
Cisco Metro 3800X Switch Router   Advanced Access   24xGE+2x10GE   Redundant Power Supplies (AC/DC)   65Mpps   EVC Fr...
Thank youCarlos Nicasiocarlos.nicasio@la.logicalis.com
Upcoming SlideShare
Loading in...5
×

Diseños de red basados en MPLS

560

Published on

MPLS - Oscar Nicasio - UTE day - 14 de julio de 2011

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
560
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Why Technology was invented?
  • Traditional IP Forwarding Objective You will describe the limitations of L 3 routing. Introduction This section describes the limitations of L 3 routing. Definition There are several inherent drawbacks to traditional IP forwarding. With traditional IP forwarding, routing protocols are used to distribute L 3 routing information. Regardless of the routing protocol, forwarding is based on the destination address only. Routing lookups are performed on every router. Thus each router in the network makes an independent decision when forwarding packets. MPLS helps reduce the number of routing lookups and possibly changes the forwarding criteria.
  • Traffic Engineering Using Traditional IP Forwarding Facts Destination-based IP routing does not provide any mechanism for load balancing across unequal paths. This can result in the overutilization of a primary link, while backup links remain unused. All of the traffic going between sites A and B uses only the primary link because the destination network is only one hop away. Traditional IP forwarding does not have a scalable mechanism to allow for the utilization of the backup link. Policy-based routing and load-balancing could be used to forward packets based on other parameters, but this is not possible on networks with high volume traffic due to performance limitations.
  • What Is MPLS? Objective You will describe the basic architecture of a MPLS network. Introduction This section describes the basic architecture of a MPLS network. Definition MPLS is a new forwarding mechanism in which packets are forwarded based on labels. The labels may correspond to IP destination addresses or to other parameters, such as QoS and source address. MPLS is also designed to support the forwarding of other protocols. With MPLS enabled on the network, routers assign labels to define paths between end points. Because of this, only the routers on the edge of the network perform a routing lookup. The first router receives the packet and does a routing lookup. In this example, the packet is given a label of 25. MPLS core routers quickly switch the packets based on a simple label lookup instead of having to perform a routing table lookup. The router swaps the label and forwards the packet. The last router on the edge of the MPLS network removes the label and forwards the packet onto its destination. Multiprotocol Label Switching MPLS is a switching method that uses labels to forward L 2 and L3 traffic.
  • MPLS Functionality Objective You will describe the difference between the data plane and the control plane in MPLS. Introduction This section describes the difference between the data plane and the control plane in MPLS. Definition An MPLS-enabled router’s functionality is divided into two major parts: the control plane and data plane. The control plane exchanges L 3 routing information and labels. Various routing protocols—such as OSPF, EIGRP, IS-IS, and BGP—can be used in the control plane. The L 3 routing protocol is used to propagate L 3 routing information. In this case, OSPF is used to distribute L 3 reachability information by receiving and sending routing updates. The label exchange mechanism simply propagates labels that are used for L 3 destinations. In this example, the Label Distribution protocol receives a label of 17 to be used for packets with a destination address of 10.x.x.x. The data plane is a simple label-based forwarding engine that is independent of routing protocol or label exchange protocol. A Label Forwarding Information Base is used to forward packets based on labels. It is populated by the label exchange protocols used in the control plane. The label generated by the Label Distribution Protocol is stored in the Label Information Base. Since the label is from a next hop router it is then populated to the Label Forwarding Information Base (LFIB) table. A local label is generated and sent to upstream neighbors. In this example, the label is 16. The data plane then forwards all packets with a label of 16 through the appropriate interfaces and replaces the label with a label of 17. Control Plane The control plane exchanges L 3 routing information and labels. It contains a routing protocol and a label distribution protocol. Data Plane The data plane forwards packets either based on labels or destination addresses. It contains a Forwarding Information Base (FIB) that is populated by the routing protocol and a Label Forwarding Information Base (LFIB) that is populated by the label exchange protocols used in the control plane.
  • MPLS Modes of Operation Objective You will describe the difference between frame-mode and cell-mode MPLS. Introduction This section describes the difference between frame-mode and cell-mode MPLS. Definition MPLS is designed for use on virtually any media and L2 encapsulation. Most L2 encapsulations are frame based. With frame-based MPLS, an additional 32-bit label field is inserted between the L2 and L3 headers. MPLS over ATM is a special case because it can use frame mode or the label can be inserted into the ATM fixed-length cell headers in every cell. In frame-mode MPLS, when the edge router receives a normal IP packet, it does a routing lookup. The forwarding table shows that a label should be attached to the packet. A label is then imposed between the L 2 frame header and L3 packet header. The labeled packet is then sent out. In cell-mode MPLS, the ATM’s header Virtual Path Identifier/Virtual Channel Identifier fields (VPI/VCI) are used to hold the labels for forwarding decisions. The original 32-bit label is still preserved in the frame, but not used in the label switching decision.
  • MPLS Label Format Objective You will describe how label headers are used in MPLS. Introduction This section describes how label headers are used in MPLS. Definition MPLS uses a 32-bit label header format that contains a label, an experimental field, a bottom-of-stack indicator, and a time-to-live field. The 32-bit MPLS label header begins with a 20-bit label that has local significance and might change on every hop. A 3-bit experimental field is currently used to define a class of service in a similar way as the IP precedence of the encapsulated IP packet. By default, Cisco routers automatically copy the IP precedence value to this field during label imposition, attaching the label to the IP packet, and copy back from this field to the IP precedence during label disposition. However, this behavior can be changed to meet QoS policy needs. MPLS allows multiple labels to be inserted. A 1-bit bottom-of-stack indicator is used to determine whether the label is the last label before the IP header. The bit in the last label in the packet is set to 1. An 8-bit TTL field is used to prevent indefinite looping of packets. The Time-to-Live (TTL) field is decremented at every hop.
  • Label Switched Routers Objective You will describe the different types of label switched routers used in a MPLS network. Introduction This section describes the different types of label switched routers used in a MPLS network. Definition There are two types of label switched routers: Label Switch Routers ( LSRs) and Edge LSRs. Edge LSRs are positioned on the edges of the MPLS domain. Their primary function is either to label IP packets and forward them into the MPLS domain or to remove labels and forward IP packets out of the MPLS domain. Cell-mode MPLS uses ATM LSRs. ATM edge LSRs segment packets into cells and assign labels to the ATM cell header or, they reassemble ATM cells back into packets. LSRs exist inside the MPLS domain. An LSR will primarily forward labeled packets by swapping a label. Both LSRs and edge LSRs are capable of both label switching and IP routing. LSRs have all interfaces enabled for MPLS, while edge LSRs have some interfaces that are not enabled for MPLS. ATM LSRs are typically ATM switches running an IP routing protocol and forward cells based on MPLS labels. Edge LSR Edge LSRs primarily either label IP packets and send them into an MPLS domain, or remove labels from packets and forward IP packets out of an MPLS domain. ATM edge LSRs also segment packets into cells. LSR LSRs are the core routers in an MPLS domain. They perform label swapping to forward packets or cells quickly.
  • MPLS Forwarding Objective You will describe the basic concepts of MPLS and explain L 3 IP routing limitations. Introduction This section describes the basic concepts of MPLS and explain L 3 IP routing limitations. Definition MPLS forwarding is based on exchanged labels. An MPLS-enabled router can either insert, swap, or remove a label. In this example, on the edge of the MPLS domain, the ingress edge LSR performs a routing table lookup and assigns (inserts) a label of 23 to the packet. The packet is then forwarded to the LSR in the center of the domain. The middle LSR router accepts the packet with a label of 23 and swaps the label based on the contents of the label forwarding table. It has the capability to perform a routing table lookup, but it does not have to. The packet is sent on with a new label of 25. The egress router removes (pops) the label and does a forwarding table lookup to forward the packet out of the domain. Penultimate Hop Popping Penultimate hop popping slightly optimizes packet-mode MPLS forwarding by eliminating one LFIB lookup. Instead of removing the label on the last hop, the label is removed on the router before the last hop within an MPLS domain. This will be covered in more depth in the Configure Packet-Mode MPLS topic. When discussing MPLS packet forwarding in this topic, the examples will show the label being removed on the last hop.
  • MPLS Applications Objective You will identify the network services that require MPLS. Introduction This section identifies the network services that require MPLS. Definition Many types of applications make use of MPLS’s label switching technology. Each MPLS application may use a different routing protocol and a different label exchange protocol, but all of the applications use one single label-forwarding engine. MPLS applications also have a unique Forwarding Equivalence Class (FEC). The FEC is used to describe packets that are using the same path across the network. Forwarding Equivalence Class The FEC describes packets that are using the same path across a network. It can correspond to, for example, a destination prefix in unicast routing (simplest case), a destination prefix and Class of Service in QoS, or a destination prefix and bandwidth requirements i n MPLS Traffic Engineering (MPLS TE ) .
  • Unicast IP Routing Facts Unicast IP routing is the most common application for MPLS. Unicast IP routing with MPLS requires two control plane mechanisms: an IP routing protocol and a label distribution protocol (LDP). The routing protocol carries any information on the network’s reachability, while the label distribution protocol binds the labels to networks learned via the routing protocol. A label is assigned to every destination network found in the IP forwarding table, so the FEC corresponds to an IP destination network.
  • MPLS Traffic Engineering Facts MPLS TE is an add-on to MPLS that provides more intelligent link utilization. Traffic Engineering with MPLS requires either IS-IS or OSPF with extensions for MPLS TE as the internal gateway protocol (IGP) , because the IGP’s database contains the entire network topology and additional information about network resources and constraints. Edge Label Switch Routers (E-LSRs) must be able to dynamically create Label Switched Paths (LSPs) that meet a defined bandwidth requirement. Cisco uses the Internet Engineering Task Force ( IE TF) standard Resource Reservation Protocol (RSVP) with Traffic Engineering extensions to create the LSP and to propagate labels for MPLS TE tunnels. Constraint-based LDP is another protocol for this purpose.
  • MPLS TE Example Example In this case study, an undesirable situation exists with an overutilized primary path and an underutilized alternative path. Traffic from both R1 and R8 toward R5 takes the upper path via R2. Traffic Engineering can be used to move some traffic volume from the overutilized upper path to the underutilized lower path. Using MPLS, a tunnel is configured between R1 and R5. This tunnel is engineered to take the underutilized path through R6 and R7. Traffic from R1 to destinations behind R4 can now be directed by R2 into the tunnel. The traffic from R8 is not injected into the tunnel and still takes the upper path. The network traffic is now load shared between the two paths rather than overwhelming the least-cost path.
  • Quality of Service Facts Quality of Service (QoS) is an extension to unicast forwarding that provides differentiated services. Differentiated QoS is achieved either by using MPLS experimental bits (so - called E-LDP variant) or by creating separate LSPs for different classes (so - called L-LDP variant) . Extensions to Tag Distribution Protocol (TDP) or LDP are used to propagate different labels to the different classes. The FEC corresponds to the combination of a destination network and the class of service.
  • Virtual Private Networks Facts MPLS also provides an efficient mechanism for supporting VPNs. MPLS VPNs use an additional label to determine the corresponding VPN destination network. Customer network information is exchanged between the customer’s router and the edge LSR via an IGP from a customer or BGP. The customer’s networks are stored in a special routing instance referred to as a Virtual Routing and Forwarding (VRF). Labels are assigned for the networks in the VRF and advertised to the egress LSR via Multiprotocol BGP. An LSP constructed by either TDP/LDP or TE tunnels is still needed to link edge LSRs. The FEC corresponds to a VPN destination network.
  • VPN Example Example In this case study, a service provider is operating an MPLS-based network to provide VPN service to customers A, B, and C. The customers should only be able to exchange traffic with their own sites. There should be no leaking of customer information. The ingress router receives an IP packet from customer A. The packet is MPLS encapsulated and assigned a stack of two labels. The topmost label indicates how the packet should be forwarded through the service provider network. The second label indicates how to forward the packet to the customer A site once it reaches the end of the service provider network.
  • Any Transport over MPLS (AToM) Example AToM provides forwarding of Layer 2 frames, or cells, across an MPLS backbone. With AToM, Ethernet, Frame Relay, High-level Data Link Control (HDLC), or Point-to-Point Protocol (PPP), frame and ATM cells are received by the ingress edge LSR. The Layer 2 frames, or cells, are then MPLS encapsulated and assigned a stack of two labels. The top label points the frame to the egress edge LSR and the second label identifies the outgoing interface on the egress router. A directed multihop LDP session between the ingress and egress edge LSRs is used to exchange the second label. The FEC corresponds to the outgoing interface on the egress router .
  • AToM Example Example In this case study, a service provider is operating an MPLS network to provide forwarding of Frame Relay frames. The ingress service provider router receives Frame Relay frames on a serial interface from a customer’s switch. The frames are MPLS encapsulated and assigned two labels. The topmost label indicates how the frames should be forwarded through the service provider MPLS network. The second label indicates how to forward the frames to the customer site once they reach the end of the service provider network. The forwarding can be done on any media type supported by MPLS. The customer devices view the route across the service provider network as a transparent Frame Relay link. This means the two Frame Relay switches can be configured to provide a PVC between the two customer routers. The customer routers appear as Layer 3 neighbors and any traffic between them will be tunneled across the MPLS network.
  • The Components of a VPN Objective You will describe the major architectural blocks of MPLS VPNs and describe the role of the Customer Edge (CE), Provider Edge (PE), and Provider core (P) routers. Introduction This section describes the major architectural blocks of MPLS VPNs and describe the role of the CE, PE, and P routers. Definition All Virtual Private Networks (VPNs) use the same basic components. There are many conceptual models and terminologies describing VPNs. The terminology is generic enough to cover any VPN technology or implementation. The framework begins with the major parts of a VPN solution, including the service provider network, or P network, which is the common infrastructure the service provider uses to offer VPN services to the customers. The customer network, or C network, which is the part of the overall customer network that is exclusively under the customer control . A typical customer network implemented with any VPN technology would contain islands of connectivity, completely under the customer control, called customer sites, which are connected together via the service provider infrastructure . The devices that enable the overall VPN solution are named based on their position in the network. The customer router that connects the customer site to the service provider network is called a customer edge router (CE). Traditionally, this device is called Customer Premises Equipment (CPE). Service provider devices, to which the customer devices are attached, are called provider edge devices (PE). In traditional switched WAN implementations, these devices would be Frame Relay or X.25 edge switches. Service provider devices that only provide data transport across the service provider backbone and have no customers attached to them are called provider devices (P). In traditional switched WAN implementations these would be core, or transit, switches. Switched WAN technologies introduce a term, Virtual Circuit (VC), which is an emulated point-to-point link established across Layer 2 infrastructure. VCs are further differentiated into Permanent Virtual Circuits (PVCs), which are pre-established by means of network management or manual configuration, and Switched Virtual Circuits (SVCs), which are established on demand through a call-setup request from the CE device.
  • Overlay VPN Objective You will describe an Overlay VPN implementation based on legacy technologies such as Frame Relay, ATM, and ISDN. Introduction This section describes an Overlay VPN implementation based on legacy technologies. Definition Traditional VPN implementations were all based on the overlay paradigm, in which the service provider sells virtual circuits between customer sites as a replacement for dedicated point-to-point links.
  • Implementing an Overlay VPN Example In this example, a customer needs to connect to three remote sites, with Router A representing the hub, and demands connectivity between the hub and Routers B, C, and D. The service provider implements this request by providing three Permanent Virtual Circuits across the Frame Relay network. From the Layer 3 perspective, the service provider network is invisible, the customer routers are linked with emulated point-to-point links. A routing protocol is run directly between customer routers that establish routing adjacencies and exchange routing information. The service provider is not aware of customer routing and has no information about customer routes. The responsibility of the service provider is purely the point-to-point data transport between customer sites.
  • Overlay VPN Objective You will describe an Overlay VPN implementation based on legacy technologies such as Frame Relay, ATM, and ISDN. Introduction This section describes an Overlay VPN implementation based on legacy technologies. Definition Traditional VPN implementations were all based on the overlay paradigm, in which the service provider sells virtual circuits between customer sites as a replacement for dedicated point-to-point links.
  • Overlay VPN Objective You will describe an Overlay VPN implementation based on legacy technologies such as Frame Relay, ATM, and ISDN. Introduction This section describes an Overlay VPN implementation based on legacy technologies. Definition Traditional VPN implementations were all based on the overlay paradigm, in which the service provider sells virtual circuits between customer sites as a replacement for dedicated point-to-point links.
  • The Move from Overlay to Peer-to-Peer VPN Objective You will describe peer-to-peer VPN implementation using controlled route distribution or packet filters. Introduction This section describes peer-to-peer VPN implementation using controlled route distribution or packet filter. Definition The o verlay VPN paradigm has a number of drawbacks, the most significant of them being the need for the customer to establish point-to-point links or virtual circuits between the customer sites. To overcome this drawback and provide the customer with optimum data transport, the peer-to-peer concept was introduced. In a peer-to-peer VPN implementation, the service provider actively participates in the customer routing, accepting customer routes, transporting them across the service provider backbone, and finally propagating them to other customer sites. Routing information is exchanged between customer and service provider routers. Service provider routers exchange customer routes through the core network. Finally, the customer routes propagated through the service provider network are sent to other customer routers.
  • Benefits of the VPN Paradigms Objective You will describe the major categories of VPN technology. Introduction This section describes the major categories of VPN technology. Definition Each VPN paradigm has a number of benefits. For example, overlay VPNs are well known and easy to implement, both from customer and service provider perspectives. The service provider does not participate in customer routing in overlay VPNs, making the demarcation point between the service provider and the customer easier to manage. In peer-to-peer VPNs, optimum routing between customer sites is assured without any special design or configuration effort. This implementation also allows for easy provisioning of additional VPNs or customer sites, as the service provider only needs to provision individual sites, not the links between individual customer sites.
  • Drawbacks of the VPN Paradigms Example There are also several drawbacks to each VPN implementation. Overlay VPNs require a full mesh of virtual circuits between customer sites to provide optimum inter-site routing. The virtual circuits between customer sites in Layer 2 Overlay VPN are usually provisioned manually, and the bandwidth must be provisioned on a site-to-site basis, which is not always easy to achieve. In addition, the IP-based Layer 3 Overlay VPN implementations, which use GRE or IPSec, also incur high encapsulation overhead. Peer-to-peer VPNs have their share of drawbacks as well. For example, the service provider becomes responsible for correct customer routing and for fast convergence of a customer’s network following a link failure. The service provider’s core routers have to carry all customer routes that were hidden from the service provider in the overlay VPN paradigm, increasing memory requirements on core routers. Also, the service provider needs detailed IP routing knowledge, which is not readily available in traditional Layer 2 service support staff.
  • Layer 2 and Layer 3 VPN (Cont.) Benefits of MPLS-based VPNs Facts MPLS backbones provide advanced and cost-effective VPNs based on Layer 3 MPLS VPN technology. They also provide old-style Layer 2 VPN services augmented by a number of new Layer 2 VPN services like interworking between different Layer 2 technologies. All these services can be provided using a single MPLS backbone without the need for special equipment.
  • Layer 2 and Layer 3 VPNs (Cont.) Definition Layer 3 MPLS VPNs were the first addition to use a peer-to-peer VPN model where the customer routers are sharing their routing information with the provider edge routers. The provider edge routers use virtual routing contexts to prevent routing information from different VPNs to mix. The MPLS backbone carries packets of different VPNs across a shared infrastructure even if they use overlapping addressing. Layer 2 MPLS VPNs (AToM – Any Transport over MPLS) were introduced to offer services identical to those provided by traditional Layer 2 Overlay VPN technologies such as Frame Relay and ATM. New Layer 2 MPLS VPN services even offer interworking between different Layer 2 technologies, such as Frame Relay to ATM and many others that are not supported by traditional VPN technologies.
  • Layer 3 MPLS VPN Example The figure illustrates the basic characteristics of a Layer 3 MPLS VPN where any-to-any connectivity is provided to sites belonging to the same VPN. Layer 3 MPLS VPNs ensure optimal forwarding inside the MPLS backbone. Note: Traditional VPNs would require a full mesh of connections to provide a similar service. Multiprotocol BGP (MP BGP) is used inside the MPLS backbone to carry VPN (customer) routing information across the MPLS backbone.
  • Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
  • Layer 2 and Layer 3 VPN (Cont.) Facts MPLS allows the same MPLS backbone infrastructure to provide Layer 2 and Layer 3 MPLS VPNs. With MPLS, all traditional VPN technologies, such as Frame Relay, ATM, GRE and IPsec, can be implemented using the same network. With layer 2 MPLS VPN (AToM), the MPLS networks can translate one Layer 2 technology on one end into another on the other end of the connection: Ethernet to Frame Relay (Bridged Interworking) Ethernet to Frame Relay (Routed Interworking) Ethernet to ATM (Bridged Interworking) Ethernet to ATM (Routed Interworking) Frame Relay to ATM (FRF.8 like Service Interworking) Frame Relay to PPP Frame Relay to HDLC
  • Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
  • Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
  • Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
  • Layer 2 MPLS VPN Example The figure illustrates a few of the many possibilities that exist when implementing Layer 2 MPLS VPNs (AToM). The existing and planned Layer 2 services provided by MPLS networks are PPP over MPLS, HDLC over MPLS, Frame Relay over MPLS (Frame Relay Trunking and Per-DLCI Tunneling), AAL5 over MPLS, ATM Cell Relay over MPLS, ATM PVCs over MPLS, Point-to-point Ethernet over MPLS, Switched multipoint Ethernet over MPLS (Virtual Private LAN Services [VPLS]), and TDM over MPLS.
  • Diseños de red basados en MPLS

    1. 1. Diseños de red basados en MPLS2011Carlos Nicasiocarlos.nicasio@la.logicalis.com
    2. 2. Contents- ¿Por qué MPLS?- MPLS L3 VPNs- Metro Ethernet: Diseños más comunes- Metro Ethernet: Cisco EVC Framework- Hardware2 Diseños de Red Basados en MPLS
    3. 3. ¿Por qué MPLS?
    4. 4. Why MPLS?• Needed a single infrastructure that supports multitude of applications in a secure manner• Provide a highly scalable mechanism• Load balance traffic to utilize network bandwidth efficiently• Allow core routers/networking devices to switch packets based on some simplified header• Leverage hardware so that simple forwarding paradigm can be used Diseños de Red Basados en MPLS
    5. 5. Examine MPLS and Layer 3Routing Limitations
    6. 6. L3 Routing LimitationsTraditional IP Forwarding Diseños de Red Basados en MPLS
    7. 7. L3 Routing Limitations (Cont.)Traffic Engineering Using Traditional IP Forwarding Diseños de Red Basados en MPLS
    8. 8. MPLS ArchitectureWhat Is MPLS? Diseños de Red Basados en MPLS
    9. 9. Control Plane and Data PlaneMPLS Functionality Diseños de Red Basados en MPLS
    10. 10. Frame-ModeMPLS Modes of Operation Diseños de Red Basados en MPLS
    11. 11. Label HeadersMPLS Label Format Diseños de Red Basados en MPLS
    12. 12. Label Switched Router TypesLabel Switched Routers Diseños de Red Basados en MPLS
    13. 13. The Process of MPLS ForwardingMPLS Forwarding Diseños de Red Basados en MPLS
    14. 14. Identify Applications that Use MPLS
    15. 15. Identify MPLS as an Application-drivenTechnologyMPLS Applications Diseños de Red Basados en MPLS
    16. 16. Identify MPLS as an Application-drivenTechnology (Cont.)Unicast IP Routing Diseños de Red Basados en MPLS
    17. 17. Identify MPLS as an Application-drivenTechnology (Cont.)MPLS Traffic Engineering Diseños de Red Basados en MPLS
    18. 18. Identify MPLS as an Application-drivenTechnology (Cont.)MPLS TE Example • Some traffic from the upper (overutilized) path should be moved to the lower path. Diseños de Red Basados en MPLS
    19. 19. Identify MPLS as an Application-drivenTechnology (Cont.)Quality of Service Diseños de Red Basados en MPLS
    20. 20. Identify MPLS as an Application-drivenTechnology (Cont.)Virtual Private Networks Diseños de Red Basados en MPLS
    21. 21. Identify MPLS as an Application-drivenTechnology (Cont.)VPN Example Diseños de Red Basados en MPLS
    22. 22. Identify MPLS as an Application-drivenTechnology (Cont.)Layer 2 MPLS VPN Diseños de Red Basados en MPLS
    23. 23. Identify MPLS as an Application-drivenTechnology (Cont.)Layer 2 MPLS VPN Example Diseños de Red Basados en MPLS
    24. 24. VPN TechnologiesOverview
    25. 25. VPN TerminologyThe Components of a Generic VPN Diseños de Red Basados en MPLS
    26. 26. Overlay VPN  Traditional VPN implementations were all based on the overlay paradigm: The service provider sells physical-layer connectivity, or virtual circuits, or L2/L3 tunnels between customer sites as a replacement for dedicated point-to-point links. Diseños de Red Basados en MPLS
    27. 27. Overlay VPN (Cont.)Example of Implementing anOverlay VPN Diseños de Red Basados en MPLS
    28. 28. Peer-to-Peer VPN  The overlay VPN paradigm has a number of drawbacks (need to establish point-to-point links or VCs between customer sites).  To overcome this drawback and provide optimum data transport, the peer-to-peer concept was introduced. Diseños de Red Basados en MPLS
    29. 29. Peer-to-Peer VPN (Cont.)  In a peer-to-peer VPN, the service provider participates in the customer routing, accepting customer routes, transporting them across the service provider backbone, and finally propagating them to other customer sites. Diseños de Red Basados en MPLS
    30. 30. Peer-to-Peer VPN (Cont.)The Move from Overlay to Peer-to-Peer • Customers and service provider peer directly using the same OSI-layer protocol - IP Diseños de Red Basados en MPLS
    31. 31. The Major Categories of VPNBenefits of the VPN Paradigms Diseños de Red Basados en MPLS
    32. 32. The Major Categories of VPN (Cont.)Drawbacks of the VPN Paradigms Diseños de Red Basados en MPLS
    33. 33. MPLS BackboneBenefits of deploy an MPLSBackbone • VPNs can utilize virtually any VPN technology (Layer 3 MPLS VPNs, Frame Relay, ATM, TDM, leased line) on the edge of the backbone. • All virtual VPN technologies use a single underlying MPLS backbone to forward VPN packets, frames or cells. Diseños de Red Basados en MPLS
    34. 34. MPLS Layer 2 and Layer 3 VPN MPLS-based VPNs can provide VPN functionality using OSI Layers 2 and 3: Layer 3 MPLS VPN is a peer-to-peer model where the MPLS VPN backbone and the VPN are exchanging Layer 3 routing information, and Layer 3 packets are transmitted across an MPLS-enabled IP backbone. Layer 2 MPLS VPN is an Overlay model where Layer 2 frames or cells are transmitted across and MPLS-enabled IP backbone. Diseños de Red Basados en MPLS
    35. 35. MPLS Layer 2 and Layer 3 VPN (Cont.)Layer 3 MPLS VPN  Layer 3 MPLS VPNs provide support for IPv4 protocol to be used inside a VPN: The customer routers use a routing protocol (or static route) to exchange routing information with the provider edge routers. The MPLS VPN backbone uses MP-BGP to propagate VPN routing information across the backbone. Diseños de Red Basados en MPLS
    36. 36. MPLS Layer 2 and Layer 3 VPN (Cont.)Layer 2 MPLS VPN  Layer 2 MPLS VPNs provide support for OSI Layer 2 Protocols to be used inside a VPN: Point-to-point Layer 2 connections can be established over MPLS LSPs to provide support for Layer 2 protocols such as Frame Relay, ATM, PPP. Multipoint Layer 2 connections can be established to create virtual LANs across an MPLS backbone. Diseños de Red Basados en MPLS
    37. 37. MPLS Layer 2 and Layer 3 VPN (Cont.) A single IP backbone can do the job of: Internet service provisioning Layer 3 MPLS VPN provisioning Frame Relay trunk or PVC provisioning ATM trunk or PVC provisioning Leased line provisioning TDM provisioning Interworking between different Layer 2 technologies (e.g. Frame Relay  ATM, Ethernet  Frame Relay) Diseños de Red Basados en MPLS
    38. 38. MPLS and Enterprise Networks Diseños de Red Basados en MPLS
    39. 39. Metro Ethernet Designs
    40. 40. Centralized MPLS VPN Design Diseños de Red Basados en MPLS
    41. 41. QinQ VLAN Encapsulation Diseños de Red Basados en MPLS
    42. 42. Distributed MPLS VPN Design Diseños de Red Basados en MPLS
    43. 43. Metro EthernetArquitectura EVCs
    44. 44. Flexible QinQ Introduction Typical Metro Ethernet challenges L2 and L3 services on the same port Flexible service mapping Flexible VLAN matching and manipulation Local VLAN significance VLAN scale H-QoS per VLAN … EVC based Flexible QinQ will meet all the above requirements Diseños de Red Basados en MPLS
    45. 45. ServiceFlex No global VLAN resource needed for xconnect  VLAN Scalability VLAN 6 W S L P M o E VLAN 7 o t a n i m r e T F R V / 3 L L3/VRF termination VLAN 8 Split-horizon option provide “isolation” between sub-interfaces I V S + 0 1 N A L a b o l G S L P M o E / V Bridge-domain is global Bridge-domain 100 [dot1q- F R V / 3 L VLAN which has L2/L3 VLAN 6 service associated tunnel] g n i d r B 2 L VLAN 7 [bpdu transparent | drop] VLAN 9 Have option to add second vlan tag or replace the encap vlan tag Have option to drop or transparently forward CE BPDU L2 and L3 co-exist on the same port Flexible L2/L3 service mapping VLAN local port significance and VLAN Scalability VLAN local port significance H-QoS support on main-interface/sub-interface Diseños de Red Basados en MPLS
    46. 46. Flexible QinQ Overview Service instance One service instance (EFP) can (Ethernet Flow Point) match one or multiple or range Per service features of VLANs at a time EVC L3 VPLS Flexible Flexible EoMPLS VLAN VLAN H-QoS Security tag Tag per VLAN matching rewrite Local connect (P2P) Local Bridging (MP) Flexible VLAN tag manipulation, pop/push/translate Flexible L2/L3 service mapping, one or groups of EFPs can map• VLAN local port significance to same EVC• Two VLAN tag aware• Flexible VLAN tag matching(combination of up to two tag) Diseños de Red Basados en MPLS
    47. 47. Parent VLAN priority Flexible QinQ - EVC Control Point CLI shape average bandwidth shape Child averageinterface <type><slot/port> service instance <id> ethernet <evc-name> ID is per interface scope. evc-name is global unique in the network. All service instances should have the same evc-name if they are mapped to same EVC <match criteria commands> VLAN tags, MAC, CoS, Ethertype <rewrite commands>  VLAN tags pop/push/translation <forwarding commands> L2 P2P or MP <feature commands> QoS, ACL, etc Interface service instance X service instance Y sub-interface Per Sub-interface Per Port Per EVC Per Port Per EVC Features (L3) Features Features Layer 2 Services Bridging (VPLS via SVI) xconnect (EoMPLS) L3 VRF Local Connect Diseños de Red Basados en MPLS
    48. 48. Flexible QinQ Configuration – flexible frame matching Single tagged frame encapsulation dot1q {any | “<vlan-id>[,<vlan-id>[-<vlain-id>]]”} Vlan tag can be single, multiple or range or any (1-4096). Double tagged frame (only look up to 2 tags if receive more than 2 tagged frames) encapsulation dot1q <vlan-id> second-dot1q {any | “<vlan-id>[,<vlan-id>[-<vlain-id>]]”} First vlan tag must be unique, second vlan tag can be any, unique, range or multiple Default tag encapsulation dot1q default Match all frames tagged or untagged that are not matched by other more specific service instances untagged encapsulation untagged Match no tagged frames One service instance can match one, multiple or range of VLANs simplify configuration and operation, improve performance, more scale Diseños de Red Basados en MPLS
    49. 49. Flexible QinQ Configuration –flexible encapsulation rewriteRouter(config-if-srv)#[no] rewrite ingress tag … symmetric push {dot1q <vlan-id> | dot1q <vlan-id> second-dot1q <vlan-id>}  add 1 or 2 tag pop {1 | 2}  remove outer 1 or 2 tag translate  translate vlan tag 1-to-1 dot1q <vlan-id> 2-to-1 dot1q <vlan-id> 1-to-2 dot1q <vlan-id> second-dot1q <vlan-id> 2-to-2 dot1q <vlan-id> second-dot1q <vlan-id>“symmetric” – any rewrite on ingress, do the reverse rewrite on egress. For example,“rewrite ingress tag push dot1q 100 symmetric” =“rewrite ingress tag push dot1q 100” +“rewrite egress tag pop 1”Note, we only support “rewrite ingress” with “symmetric” keyword. Not support “rewrite egress” configuration. “symmetric” is MUST configuration, not optional Diseños de Red Basados en MPLS
    50. 50. Flexible QinQ Configuration –flexible service mapping/forwarding Service instance (Ethernet Flow Point) connect test gig1/0/0 10 gig1/0/1 20 EVC Local Connect, including hair pinning xconnect … EoMPLS xconnect vfi … VPLS EoMPLS BD Local Bridging bridge-domain 100 [split-horizon]  put multiple EFPs into one global VLAN for L2 bridging  split-horizon option to enable/disable bridging between EFPs interface vlan 100 xconnect … or ip address …  L2/L3 service associated to bridge-domain (global VLAN) Diseños de Red Basados en MPLS
    51. 51. EVC Infrastructure Overview EFP – Ethernet Flow Point EVC – Ethernet Virtual Circuit L3 subI/F Multipoint EVC Routing EoMPLS PW VPLS Bridging EoMPLS PW P2P EVC VLAN xlate EoMPLS PW 1:1, 2:2 1:2 X Bridging Multipoint EVC P2P EVC EFPs: VLAN (802.1q/802.1ad) EFPs: VLAN (802.1q/QinQ) Diseños de Red Basados en MPLS
    52. 52. Hardware
    53. 53. Cisco ASR9000 Aggregation Service Router 6 and 10 slot chassis 1+1 RSP, SSO, NSR 180 Gbps per slot, Tbps fabrics. IOS XR Operating System, microkernel EVC Framework (up to 32K EFPs per slot) HQoS (up to 256K queues per slot) High 10GE density (up to 24x10GE per Diseños de Red Basados en MPLS
    54. 54. Cisco Metro 3600X Access Switches Advanced Access 24xGE+2x10GE Redundant Power Supplies (AC/DC) 65Mpps EVC Framework (4000 EFPs) MPLS, MPLS TE, EoMPLS, MPLS VPNs HQoS on all ports 4K Egress Queues Diseños de Red Basados en MPLS
    55. 55. Cisco Metro 3800X Switch Router  Advanced Access  24xGE+2x10GE  Redundant Power Supplies (AC/DC)  65Mpps  EVC Framework (16000 EFPs)  MPLS, MPLS TE, EoMPLS, VPLS, MPLS VPNs  HQoS on all ports  32K Egress Queues Diseños de Red Basados en MPLS
    56. 56. Thank youCarlos Nicasiocarlos.nicasio@la.logicalis.com
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×