Mpls Services

6,047 views

Published on

Mpls Services

Published in: Technology, News & Politics
12 Comments
47 Likes
Statistics
Notes
No Downloads
Views
Total views
6,047
On SlideShare
0
From Embeds
0
Number of Embeds
65
Actions
Shares
0
Downloads
0
Comments
12
Likes
47
Embeds 0
No embeds

No notes for slide
  • Mpls Services

    1. 1. MPLS Services Kristof De Brouwer
    2. 2. Agenda <ul><li>MPLS Concepts </li></ul><ul><li>MPLS Components </li></ul><ul><li>MPLS VPN </li></ul><ul><li>MPLS Service Provider Example </li></ul><ul><li>Enterprise MPLS </li></ul><ul><li>Summary </li></ul>
    3. 3. MPLS <ul><li>“ MPLS is like having Paris Hilton as your girlfriend. </li></ul><ul><li>The concept is fantastic, but in reality the experience might not be what you expected. </li></ul><ul><li>But… we’re still willing to give it a go as long as we can understand/handle her behaviour” </li></ul>
    4. 4. MPLS Concepts © 2003 Cisco Systems, Inc. All rights reserved. MPLS Concepts
    5. 5. MPLS concepts <ul><li>MPLS: Multi Protocol Label Switching </li></ul><ul><li>Packet forwarding is done based on labels </li></ul><ul><li>Labels assigned when the packet enters the network </li></ul><ul><li>Labels inserted between layer 2 and layer 3 headers </li></ul><ul><li>Separates ROUTING from FORWARDING </li></ul><ul><ul><li>Routing uses IP addresses </li></ul></ul><ul><ul><li>Forwarding uses Labels </li></ul></ul>
    6. 6. IP Routing 171.69 Packets Forwarded Based on IP Address Data Address Prefix 128.89 171.69 1 1 I/F … Address Prefix 128.89 171.69 0 1 … 0 1 I/F 128.89 0 1 128.89.25.4 Data Address Prefix 128.89 0 … … I/F Data Data 128.89.25.4 128.89.25.4 128.89.25.4 Route Update
    7. 7. Operation <ul><li>Traditional routing </li></ul><ul><ul><li>Each router holds entire routing table and forwards to next hop (destination based routing) </li></ul></ul><ul><ul><li>Routes on L3 Destination address </li></ul></ul><ul><li>MPLS combines L3 routing with label swapping and forwarding </li></ul><ul><li>MPLS Forwarding </li></ul><ul><ul><li>Label imposed at ingress router. </li></ul></ul><ul><ul><li>All forwarding decisions then made on label only </li></ul></ul><ul><ul><li>Tag stripped at egress </li></ul></ul>
    8. 8. Label Header Label 1 2 3 4 5 6 7 8 EXP S TTL Bit 2 3 4 1 Byte Label EXP S TTL Label Value (20 bits) Class of Service (3 bits) Bottom of Stack (1 bit) Time to Live
    9. 9. Label Encapsulation PPP Ethernet Frame Relay Label IP header Label Label IP Header IP Header Data ATM Header Label Data ATM Header Packet over SONET/SDH Ethernet Frame Relay PVC ATM PVC’s Subsequent cells Data Data Data IP Header FRAME
    10. 10. Label Stacking <ul><li>Arrange labels in a stack </li></ul><ul><li>Inner labels can be used to designate services </li></ul><ul><ul><li>VPN Label </li></ul></ul><ul><li>Outer label used to route/switch the MPLS packets in the network </li></ul><ul><ul><li>- IGP Label </li></ul></ul><ul><li>Allows building services such as: </li></ul><ul><ul><li>MPLS VPNs </li></ul></ul><ul><ul><li>Traffic engineering and fast re-route </li></ul></ul><ul><ul><li>VPNs over traffic engineered core </li></ul></ul><ul><ul><li>Any transport over MPLS </li></ul></ul>Inner Label Outer Label IP Header TE Label IGP Label VPN Label
    11. 11. MPLS Components © 2003 Cisco Systems, Inc. All rights reserved.
    12. 12. MPLS Components <ul><li>Edge Label Switching Routers (ELSR or PE) </li></ul><ul><ul><li>Label previously unlabeled packets - at the beginning of a Label Switched Path (LSP) </li></ul></ul><ul><ul><li>Strip labels from labeled packets - at the end of an LSP </li></ul></ul><ul><li>Label Switching Routers (LSR or P) </li></ul><ul><ul><li>Forward labeled packets based on the information carried by labels </li></ul></ul>
    13. 13. MPLS Components LSR LSR LSR LSR ELSR ELSR P Network (Provider Control) PE CE CE PE ELSR ELSR C Network (Customer Control) C Network (Customer Control) P
    14. 14. Label Distribution Protocol (LDP) <ul><li>Defined in RFC 3036 and 3037 </li></ul><ul><li>Used to distribute labels in a MPLS network </li></ul><ul><li>Forwarding Equivalence Class (FEC) </li></ul><ul><ul><li>How packets are mapped to LSPs </li></ul></ul><ul><li>Advertise labels per FEC </li></ul><ul><ul><li>Reach destination a.b.c.d with label x </li></ul></ul><ul><li>Neighbor discovery </li></ul><ul><ul><li>UDP and TCP Ports </li></ul></ul><ul><ul><li>UDP port for LDP Hello messages = 646 </li></ul></ul><ul><ul><li>TCP port for establishing LDP session connections = 646 </li></ul></ul>
    15. 15. TDP and LDP <ul><li>Tag Distribution Protocol </li></ul><ul><ul><li>Pre-cursor to LDP </li></ul></ul><ul><ul><li>Used for Cisco tag switching </li></ul></ul><ul><li>TDP and LDP supported on the same box </li></ul><ul><ul><li>Per neighbor/link basis </li></ul></ul><ul><ul><li>Per target basis </li></ul></ul>
    16. 16. Control and Forward Plane Separation MPLS Process Route Updates/ Adjacency Label Bind Updates/ Adjacency IP Traffic MPLS Traffic Control Plane Data Plane LFIB Routing Process RIB LIB FIB
    17. 17. MPLS: Forwarding
    18. 18. MPLS: Forwarding Existing routing protocols (e.g. OSPF, IGRP) establish routes
    19. 19. MPLS: Forwarding Label Distribution Protocol (e.g., LDP) establishes label to routes mappings
    20. 20. MPLS: Forwarding Label Distribution Protocol (e.g., LDP) creates LFIB entries on LSRs IN OUT I/F MAC Null - E0/0 aa-00-bb Null - E0/1 aa-00-cc IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc IN OUT I/F MAC 64 POP S0/0 aa-00-bb 65 POP S0/1 aa-00-cc
    21. 21. MPLS: Forwarding Ingress edge LSR receives packet, performs Layer 3 value-added services, and “label” packets IN OUT I/F MAC Null - E0/0 aa-00-bb Null - E0/1 aa-00-cc IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc IN OUT I/F MAC 64 POP S0/0 aa-00-bb 65 POP S0/1 aa-00-cc
    22. 22. MPLS: Forwarding LSRs forward labelled packets using label swapping IN OUT I/F MAC Null - E0/0 aa-00-bb Null - E0/1 aa-00-cc IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc IN OUT I/F MAC 64 POP S0/0 aa-00-bb 65 POP S0/1 aa-00-cc
    23. 23. MPLS: Forwarding Edge LSR at egress removes remaining label * and delivers packet * Pentulimate hop popping actually occurs. There may may not necessarily be a label in the packet at the ultimate or egress LSR. IN OUT I/F MAC Null - E0/0 aa-00-bb Null - E0/1 aa-00-cc IN OUT I/F MAC 16 32 S0/0 aa-00-bb 18 27 S0/0 aa-00-cc IN OUT I/F MAC 32 64 S0/0 aa-00-bb 27 18 S0/1 aa-00-cc IN OUT I/F MAC 64 POP S0/0 aa-00-bb 65 POP S0/1 aa-00-cc
    24. 24. MPLS MPLS VPN
    25. 25. Virtual Networks Virtual Private Networks Virtual Dialup Networks Virtual LANs Overlay VPN Peer-to-Peer VPN Layer-2 VPN Layer-3 VPN Access lists (Shared router) Split routing (Dedicated router) MPLS/VPN X.25 F/R ATM GRE IPSec Virtual Network Models
    26. 26. What is an MPLS-VPN? <ul><li>An IP network infrastructure delivering private network services over a public infrastructure </li></ul><ul><ul><li>Use a layer 3 backbone </li></ul></ul><ul><ul><li>Scalability, easy provisioning </li></ul></ul><ul><ul><li>Global as well as non-unique private address space </li></ul></ul><ul><ul><li>QoS </li></ul></ul><ul><ul><li>Controlled access </li></ul></ul><ul><ul><li>Easy configuration for customers </li></ul></ul>
    27. 27. MPLS-VPN <ul><li>MPLS-VPN is similar in operation to peer model </li></ul><ul><li>Provider Edge routers receive and hold routing information only about VPNs directly connected </li></ul><ul><li>Reduces the amount of routing information a PE router will store </li></ul><ul><li>Routing information is proportional to the number of VPNs a router is attached to </li></ul><ul><li>MPLS is used within the backbone to switch packets (no need of full routing) </li></ul>
    28. 28. MPLS VPN Protocols <ul><li>OSPF/EIGRP/IS-IS </li></ul><ul><ul><li>Used as IGP provides reachability between all Label Switch Routers (PE <-> P <-> PE) </li></ul></ul><ul><li>TDP/LDP </li></ul><ul><ul><li>Distributes label information for IP destinations in core </li></ul></ul><ul><li>MP-BGP4 </li></ul><ul><ul><li>Used to distribute VPN routing information between PE’s </li></ul></ul><ul><li>RIPv2/BGP/OSPF/eiGRP/IS-IS/Static </li></ul><ul><ul><li>Can be used to route between PE and CE </li></ul></ul>
    29. 29. MPLS VPN Label Stack <ul><li>There are at least two labels when using MPLS-VPN </li></ul><ul><li>The first label is distributed by TDP/LDP </li></ul><ul><ul><li>Derived from an IGP route </li></ul></ul><ul><ul><li>Corresponds to a PE address (VPN egress point) </li></ul></ul><ul><ul><li>PE addresses are MP-BGP next-hops of VPN routes </li></ul></ul><ul><li>The second label is distributed MP-BGP </li></ul><ul><ul><li>Corresponds to the actual VPN route </li></ul></ul><ul><ul><li>Identifies the PE outgoing interface or routing table </li></ul></ul>Label 2 L3 Header Data Label 1 L2 Header Frame, e.g. HDLC, PPP, Ethernet
    30. 30. MPLS VPN Connection Model <ul><li>A VPN is a collection of sites sharing a common routing information (routing table) </li></ul><ul><li>A site can be part of different VPNs </li></ul><ul><li>A VPN has to be seen as a community of interest </li></ul><ul><li>Multiple Routing/Forwarding instances (VRF) on PE </li></ul>
    31. 31. MPLS VPN Connection Model <ul><li>A site belonging to different VPNs may or MAY NOT be used as a transit point between VPNs </li></ul><ul><li>If two or more VPNs have a common site, address space must be unique among these VPNs </li></ul>VPN-A VPN-C VPN-B Site-1 Site-3 Site-4 Site-2
    32. 32. Routing Tables <ul><li>PE routers maintain separate routing tables </li></ul><ul><li>Global Routing Table </li></ul><ul><ul><li>All the PE and P routes populated by the VPN backbone IGP (ISIS or OSPF) </li></ul></ul><ul><li>VPN Routing and Forwarding Tables (VRF) </li></ul><ul><ul><li>Routing and Forwarding table associated with one or more directly connected sites (CEs) </li></ul></ul><ul><ul><li>VRF are associated to (sub/virtual/tunnel) interfaces </li></ul></ul><ul><ul><li>Interfaces may share the same VRF if the connected sites may share the same routing information </li></ul></ul>PE CE2 CE1 <ul><li>PE-CE routing </li></ul><ul><li>VPN Backbone IGP (OSPF, ISIS) </li></ul><ul><li>VRF </li></ul><ul><li>Global Routing Table </li></ul>
    33. 33. VRF Table <ul><li>A VRF is the routing and forwarding instance for a set of sites with identical connectivity requirements. </li></ul><ul><li>Data structures associated with a VRF: </li></ul><ul><ul><li>IP routing table </li></ul></ul><ul><ul><li>Cisco Express Forwarding (CEF) forwarding table </li></ul></ul><ul><ul><li>Set of rules and routing protocol parameters (contexts) </li></ul></ul><ul><ul><li>List of interfaces that use the VRF </li></ul></ul><ul><li>Other information associated with a VRF: </li></ul><ul><ul><li>Route Distinguisher (RD) </li></ul></ul><ul><ul><li>Set of import and export route targets </li></ul></ul>
    34. 34. IGP and label distribution in the backbone <ul><li>All routers (P and PE) run an IGP and label distribution protocol </li></ul><ul><li>Each P and PE router has routes for the backbone nodes and a label is associated to each route </li></ul><ul><li>MPLS forwarding is used within the core </li></ul>PE1 PE2 P1 P2 LFIB for PE-1 LFIB for P1 LFIB for P2 LFIB for PE2 CE2 CE1 CE4 CE3 19 18 17 IN OUT Next Hop Dest POP S0/0 P1 65 P1 P2 50 P1 PE2 67 65 50 IN OUT Next Hop Dest POP S3/0 PE1 POP E0/2 P2 34 P2 PE2 39 38 34 IN OUT Next Hop Dest 67 P1 PE1 POP E0/1 P1 POP P1 PE2 18 36 44 IN OUT Next Hop Dest 39 P2 PE1 65 P2 P2 38 P2 P1
    35. 35. VPN Routing and Forwarding Table <ul><li>Multiple routing tables (VRFs) are used on PEs </li></ul><ul><li>Each VRF contain customer routes </li></ul><ul><li>Customer addresses can overlap </li></ul><ul><li>VPNs are isolated </li></ul><ul><li>Multi-Protocol BGP (MP-BGP) is used to propagate these addresses + labels between PE routers only </li></ul>PE1 PE2 P1 P2 MP-iBGP session CE2 CE1 CE4 CE3
    36. 36. MPLS VPN Requirements <ul><li>VPN services allow </li></ul><ul><ul><li>Customers to use the overlapping address space </li></ul></ul><ul><ul><li>Isolate customer VPNs – Intranets </li></ul></ul><ul><ul><li>Join VPNs - Extranets </li></ul></ul><ul><li>MPLS-VPN backbone MUST </li></ul><ul><ul><li>Distinguish between customer addresses </li></ul></ul><ul><ul><li>Forward packets to the correct destination </li></ul></ul>PE1 PE2 P1 P2 MP-iBGP session CE2 CE1 CE4 CE3
    37. 37. VPN Address Overlap <ul><li>BGP propagates ONE route per destination </li></ul><ul><ul><li>Standard path selection rules are used </li></ul></ul><ul><li>What if two customers use the same address? </li></ul><ul><li>BGP will propagate only one route - PROBLEM !!! </li></ul><ul><li>Therefore MP-BGP must DISTINGUISH between customer addresses </li></ul>PE1 PE2 P1 P2 MP-iBGP session CE2 CE1 CE4 CE3
    38. 38. VPN Address Overlap <ul><li>When PE router receives VPN routes from MP-BGP how do we know what VRF to place route in? </li></ul><ul><li>How do we distinguish overlapping addresses between two VPNs </li></ul>PE1 PE2 P1 P2 MP-iBGP session CE2 CE1 CE4 CE3
    39. 39. VPN Components <ul><li>VRF Tables </li></ul><ul><ul><li>Hold customer routes at PE </li></ul></ul><ul><li>Route-Distinguisher </li></ul><ul><ul><li>Allows MP-BGP to distinguish between identical customer routes that are in different VPNs </li></ul></ul><ul><li>Route-Targets </li></ul><ul><ul><li>Used to import and export routes between different VRF tables (creates Intranets and Extranets) </li></ul></ul><ul><li>Route-maps </li></ul><ul><ul><li>Allows finer granularity and control of importing exporting routes between VRFs instead of just using route-target </li></ul></ul>
    40. 40. Route Distinguisher <ul><li>To differentiate 10.0.0.0/8 in VPN-A from 10.0.0.0/8 in VPN-B </li></ul><ul><li>Configured as ASN:YY or IPADDR:YY </li></ul><ul><ul><li>Almost everybody uses ASN </li></ul></ul><ul><li>Purely to make a route unique </li></ul><ul><ul><li>Unique route is now RD:IPaddr (96 bits) </li></ul></ul><ul><ul><li>So customers don’t see each others routes </li></ul></ul>ip vrf red rd 1:1 route-target export 1:1 route-target import 1:1
    41. 41. Route Target <ul><li>To control policy about who sees what routes </li></ul><ul><li>64-bit quantity (2 bytes type, 6 bytes value) </li></ul><ul><li>Carried as an extended community </li></ul><ul><li>Typically written as ASN:YY </li></ul><ul><li>Each VRF ‘imports’ and ‘exports’ one or more RTs </li></ul><ul><ul><li>Exported RTs are carried in VPNv4 BGP </li></ul></ul><ul><ul><li>Imported RTs are local to the box </li></ul></ul>ip vrf red rd 1:1 route-target export 1:1 route-target import 1:1
    42. 42. Multi-Protocol BGP <ul><li>Propagates VPN routing information </li></ul><ul><ul><li>Customer routes held in VPN Routing and Forwarding tables (VRFs) </li></ul></ul><ul><li>Only runs on Provider Edge </li></ul><ul><ul><li>P routers are not aware of VPN’s only labels </li></ul></ul><ul><li>PEs are fully meshed </li></ul><ul><ul><li>Using Route Reflectors or direct peerings between PE routers </li></ul></ul>
    43. 43. Route-Target and Route-Distinguisher <ul><li>MP-BGP prepends an Route Distinguisher (RD) to each VPN route in order to make it unique </li></ul><ul><li>MP-BGP assign a Route-Target (RT) to each VPN route to identify VPN it belongs to (or CUG) </li></ul><ul><ul><li>Route-Target is the colour of the route </li></ul></ul>x x VPN-IPv4 update: RD1:X , Next-hop=PE1 RT=RED , Label=10 update X PE1 PE2 P1 P2 MP-iBGP session update X VPN-IPv4 update: RD2:X , Next-hop=PE1 RT=ORANGE , Label=12 update X update X VPN-IPv4 updates are translated into IPv4 address and inserted into the VRF corresponding to the RT value CE2 CE1 CE4 CE3
    44. 44. Route Propagation through MP-BGP <ul><li>When a PE router receives an MP-BGP VPN route: </li></ul><ul><ul><li>It checks the route-target value to VRF route-targets </li></ul></ul><ul><ul><li>If match then route is inserted into appropriate VRF </li></ul></ul><ul><ul><li>The label associated with the VPN route is stored and used to send packets towards the destination </li></ul></ul>x x VPN-IPv4 update: RD1:X , Next-hop=PE1 RT=RED , Label=10 update X PE1 PE2 P1 P2 MP-iBGP session update X VPN-IPv4 update: RD2:X , Next-hop=PE1 RT=ORANGE , Label=12 update X update X VPN-IPv4 updates are translated into IPv4 address and inserted into the VRF corresponding to the RT value CE2 CE1 CE4 CE3
    45. 45. MPLS VPN Operation P P PE PE PE CE CE CE CE PE RR RR MP-BGP between PE router to distribute routes between VPNs IGP (OSPF,ISIS) used to establish reachability to destination networks. Label Distribution Protocol establishes mappings to IGP addresses CE-PE dynamic routing (or static) populate the VRF routing tables Customer routes placed into separate VRF tables at each PE = RT? = RT? Import routes into VRF if route-targets match (export = import) RD + RD + RD + RD + RD + VPN labels, RTs VPN labels, RTs
    46. 46. MPLS VPN Forwarding Example PE P P PE CE CE PE PE CE CE Push VPN Label (Red Route) Push IGP Label (Green PE Router) Swap IGP Label (From LFIB) POP IGP Label (Pentultimate Hop) Pop VPN Label (Red Route)
    47. 47. MPLS MPLS Service Provider Example
    48. 49. Customer Edge interface Loopback0 ip address 7.0.0.1 255.255.255.255 no ip directed-broadcast interface Ethernet0/0 bandwidth 50000 ip address 192.168.0.1 255.255.255.252 no ip directed-broadcast delay 1 ! interface Ethernet1/0 bandwidth 10000 ip address 192.168.0.5 255.255.255.252 no ip directed-broadcast delay 100 ! ! router eigrp 100 network 7.0.0.0 network 192.168.0.0 eigrp stub connected no auto-summary
    49. 50. Provider Edge 1 ip vrf cisco_1 rd 100:1 route-target export 100:1 route-target import 100:1 ! interface Ethernet0/0 bandwidth 50000 ip vrf forwarding cisco_1 ip address 192.168.0.2 255.255.255.252 no ip directed-broadcast delay 1 ! router eigrp 10 network 7.0.0.0 network 10.0.0.0 no auto-summary ! router eigrp 100 ! address-family ipv4 vrf cisco_1 redistribute bgp 65001 metric 100000 100 255 255 1500 network 192.168.0.0 no auto-summary autonomous-system 100 eigrp log-neighbor-changes exit-address-family !
    50. 51. Provider Edge 1 router bgp 65001 bgp log-neighbor-changes bgp confederation identifier 65003 neighbor 7.0.0.4 remote-as 65001 neighbor 7.0.0.4 update-source Loopback0 ! address-family ipv4 redistribute eigrp 100 neighbor 7.0.0.4 activate neighbor 7.0.0.4 next-hop-self neighbor 7.0.0.4 send-community extended default-metric 10000 no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 7.0.0.4 activate neighbor 7.0.0.4 next-hop-self neighbor 7.0.0.4 send-community extended exit-address-family ! address-family ipv4 vrf cisco_1 redistribute eigrp 100 maximum-paths ibgp 2 no auto-summary no synchronization exit-address-family
    51. 52. Provider Edge 2 ip vrf cisco_2 rd 100:2 route-target export 100:1 route-target import 100:1 ! interface Ethernet0/0 bandwidth 10000 ip vrf forwarding cisco_2 ip address 192.168.0.6 255.255.255.252 no ip directed-broadcast delay 100 ! interface Ethernet1/0 ip address 10.0.0.5 255.255.255.252 no ip directed-broadcast tag-switching ip ! router eigrp 10 network 7.0.0.0 network 10.0.0.0 no auto-summary !
    52. 53. Provider Edge 2 router eigrp 100 ! address-family ipv4 vrf cisco_2 redistribute bgp 65001 metric 100000 100 255 255 1500 network 192.168.0.0 no auto-summary autonomous-system 100 eigrp log-neighbor-changes exit-address-family ! router bgp 65001 no synchronization bgp log-neighbor-changes bgp confederation identifier 65003 neighbor 7.0.0.4 remote-as 65001 neighbor 7.0.0.4 update-source Loopback0 neighbor 7.0.0.4 next-hop-self neighbor 7.0.0.4 send-community both no auto-summary ! address-family vpnv4 neighbor 7.0.0.4 activate neighbor 7.0.0.4 next-hop-self neighbor 7.0.0.4 send-community both exit-address-family ! address-family ipv4 vrf cisco_2 redistribute eigrp 100 maximum-paths ibgp 2 no auto-summary no synchronization exit-address-family
    53. 54. Provider router bgp 65001 no bgp default route-target filter bgp log-neighbor-changes bgp confederation identifier 65003 bgp confederation peers 1 65002 neighbor iBGP peer-group neighbor iBGP remote-as 65001 neighbor iBGP update-source Loopback0 neighbor 7.0.0.2 peer-group iBGP neighbor 10.0.0.34 remote-as 65002 ! address-family ipv4 neighbor iBGP activate neighbor iBGP route-reflector-client neighbor iBGP send-community both neighbor 7.0.0.2 peer-group iBGP neighbor 7.0.0.3 peer-group iBGP neighbor 7.0.0.5 peer-group iBGP neighbor 7.0.0.6 peer-group iBGP neighbor 10.0.0.34 activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor iBGP activate neighbor iBGP route-reflector-client neighbor iBGP send-community both neighbor 7.0.0.2 peer-group iBGP neighbor 7.0.0.3 peer-group iBGP neighbor 7.0.0.5 peer-group iBGP neighbor 7.0.0.6 peer-group iBGP neighbor 10.0.0.34 activate neighbor 10.0.0.34 send-community extended exit-address-family
    54. 55. MPLS Enterprise
    55. 56. The Enterprise Perspective <ul><li>The benefit of MPLS/VPN is that “nothing special” is required of the CE router… </li></ul><ul><ul><li>Configure preferred IGP configured on CE/PE link </li></ul></ul><ul><ul><li>SP propagates those routes to other CE routers in the VPN </li></ul></ul><ul><li>So the Enterprise can sit back and relax… </li></ul><ul><li>In reality, there are a few “finer details” to explore  </li></ul><ul><ul><li>PE-CE Routing Protocols </li></ul></ul><ul><ul><li>Load Sharing </li></ul></ul><ul><ul><li>Backdoor links </li></ul></ul><ul><ul><li>Multi-homing </li></ul></ul>
    56. 57. Enterprise MPLS Capabilities <ul><li>Segmentation </li></ul><ul><ul><li>User Groups </li></ul></ul><ul><li>Convergence </li></ul><ul><ul><li>Multiple Network Infrastructures </li></ul></ul><ul><li>Centralisation </li></ul><ul><ul><li>Minimise operational complexity </li></ul></ul><ul><li>Virtualisation </li></ul><ul><ul><li>Reduce capital resources </li></ul></ul>
    57. 58. Closed User Group – Full Mesh <ul><li>Simple Intranet, CE can be a switch or a router </li></ul><ul><li>All locations/VLAN of user group fully peered </li></ul><ul><li>Only Finance routes seen </li></ul><ul><li>VLAN maps to VRF </li></ul>Enterprise MPLS-VPN VRF Finance Site 1 Finance Site 2 Finance Site 3 VLAN 205 F F F F F F F F F F F F F F F F F F
    58. 59. Common User Group – Partial Mesh <ul><li>Basic Extranet </li></ul><ul><li>Routes can be imported directly into corresponding VRF </li></ul><ul><li>No NAT necessary – Enterprise will have unique addressing </li></ul><ul><li>Import granularity can be very fine </li></ul><ul><ul><li>Single host address can be imported as Extranet route </li></ul></ul>Design Site A (DA) Design Site B (DB) Engineering Site B (EB) Engineering Site A (EA) VRF Enterprise MPLS-VPN D D D D D D D D D D EB EB EB EB EA EA EB EB DA DA DA E E E E E E E E E E DA DA DA
    59. 60. Branch to HQ – Hub and Spoke <ul><li>Forces all branches through the Central HQ </li></ul><ul><li>Spokes cannot communicate directly </li></ul><ul><li>Appropriate security screening can be applied </li></ul><ul><li>Firewalls can be used with NAT to ensure correct return path </li></ul>Enterprise MPLS-VPN VRF Bank Branch 1 Bank Branch 2 VRF S1 S2 X S3 S2 X S3 X VRF Bank Branch 3 S1h S2h S3h S2h S1h S2h S3h S1h S3h Hub IN Spoke OUT Central HQ Optional Firewall NAT to X BGP/OSPF/RIP routing BGP/OSPF/RIProuting S3 S3 S1 S2 S1 X
    60. 61. Per Group Internet Access Enterprise MPLS-VPN VRF Marketing Sales Legal Gateway 1 Gateway 2 Gateway 3 Internet Internet Internet Legal Only Legal/Sales & Marketing Backup Sales and Marketing <ul><li>Choose appropriate Internet Gateway per group requirements </li></ul><ul><li>Use other gateways as backup in case of failure </li></ul><ul><li>Gateways can provide different service attributes/levels </li></ul><ul><ul><li>Speed of access </li></ul></ul><ul><ul><li>Type of Content accessed </li></ul></ul><ul><ul><li>Address translation if required </li></ul></ul>M M M D 1 L D 3 L S M D 2 I I S M D 1 S S S S D 1 L L L L D 3
    61. 62. Summary <ul><li>Nearly every major Service Provider utilises MPLS </li></ul><ul><li>Many large enterprises have deployed or are evaluating MPLS within their network </li></ul><ul><li>A large subset of MPLS capabilities such as L2/L3VPNs, Traffic Engineering and integrated QoS is applicable for Service Providers & Enterprises alike </li></ul><ul><ul><li>The difference is who has the control of services offered </li></ul></ul><ul><li>Enterprises can use MPLS to </li></ul><ul><ul><li>Segregate company functions/operating units </li></ul></ul><ul><ul><li>Provide differentiated QoS </li></ul></ul><ul><ul><li>Provide specific data paths (TE or L2VPN) </li></ul></ul><ul><ul><li>Virtualise service functions such as firewalls </li></ul></ul>
    62. 63. Q & A

    ×