Report for Network Subject at my college at May,2017 and we were suppose to present the operation of MPLS inside the core network of the service provider while the costumer is using a VPN connection
MPLS VPN is a family of methods for using multiprotocol label switching (MPLS) to create virtual private networks (VPNs). MPLS VPN is a flexible method to transport and route several types of network traffic using an MPLS backbone.
MPLS VPN is a family of methods for using multiprotocol label switching (MPLS) to create virtual private networks (VPNs). MPLS VPN is a flexible method to transport and route several types of network traffic using an MPLS backbone.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
call for paper 2012, hard copy of journal, research paper publishing, where to publish research paper,
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
UNIT I FUNDAMENTALS & LINK LAYER 9
Building a network – Requirements – Layering and protocols – Internet Architecture – Network software – Performance ; Link layer Services – Framing – Error Detection – Flow control
BETTER SCALABLE ROUTING PROTOCOL FOR HYBRID WIRELESS MESH NETWORKcscpconf
There are many routing approaches have been borrowed from mobile ad hoc network to achieve routing solutions in wireless mesh network. WMN was developed for reliable data communication and load balancing. AODV provides loop-free routes even while repairing broken links. This paper have been proposed an improved hierarchical AODV routing protocol
(IH-AODV), which exhibits better scalability and performance in the network. This IH-AODV protocol has been proposed for improvement in the scaling potential of AODV. MAODV allows
each node in the network to send out multicast data packets, used for multicast traffic. The wireless mesh network architecture provides reduction in installation cost, large scale
deployment, reliability and self management. It is mainly focused on implementing military or specialized civilian applications. Two protocols MAODV and IH-AODV were simulated using NS2 package. Simulation results will demonstrate that, IH-AODV scales well for large network
and other metrics are also better than or comparable to MAODV in hybrid WMNs.
“MPLS is that it’s a technique, not a service.”
The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network,
each router makes an independent forwarding decision for each packet based solely on the packet’s
network-layer header. Thus, every time a packet arrives at a router, the router has to “think through”
where to send the packet next.
Performance Evaluation of a Layered WSN Using AODV and MCF Protocols in NS-2csandit
In layered networks, reliability is a major concern
as link failures at lower layer will have a
great impact on network reliability. Failure at a l
ower layer may lead to multiple failures at the
upper layers which deteriorate the network performa
nce. In this paper, the scenario of such a
layered wireless sensor network is considered for A
d hoc On-Demand Distance Vector (AODV)
and Multi Commodity Flow (MCF) routing protocols. M
CF is
developed using
polynomial time
approximation algorithms for the failure polynomial
. Both protocols are compared in terms of
different network parameters such as throughput, pa
cket loss and end to end delay. It was
shown that the network reliability is better when M
CF protocol is used. It was also shown that
maximizing the min cut of the layered network maxim
izes reliability in the terms of successful
packet transmission of network. Thetwo routing prot
ocolsare implemented in the scenario of
discrete network event simulator NS-2.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
call for paper 2012, hard copy of journal, research paper publishing, where to publish research paper,
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
UNIT I FUNDAMENTALS & LINK LAYER 9
Building a network – Requirements – Layering and protocols – Internet Architecture – Network software – Performance ; Link layer Services – Framing – Error Detection – Flow control
BETTER SCALABLE ROUTING PROTOCOL FOR HYBRID WIRELESS MESH NETWORKcscpconf
There are many routing approaches have been borrowed from mobile ad hoc network to achieve routing solutions in wireless mesh network. WMN was developed for reliable data communication and load balancing. AODV provides loop-free routes even while repairing broken links. This paper have been proposed an improved hierarchical AODV routing protocol
(IH-AODV), which exhibits better scalability and performance in the network. This IH-AODV protocol has been proposed for improvement in the scaling potential of AODV. MAODV allows
each node in the network to send out multicast data packets, used for multicast traffic. The wireless mesh network architecture provides reduction in installation cost, large scale
deployment, reliability and self management. It is mainly focused on implementing military or specialized civilian applications. Two protocols MAODV and IH-AODV were simulated using NS2 package. Simulation results will demonstrate that, IH-AODV scales well for large network
and other metrics are also better than or comparable to MAODV in hybrid WMNs.
“MPLS is that it’s a technique, not a service.”
The fundamental concept behind MPLS is that of labeling packets. In a traditional routed IP network,
each router makes an independent forwarding decision for each packet based solely on the packet’s
network-layer header. Thus, every time a packet arrives at a router, the router has to “think through”
where to send the packet next.
Performance Evaluation of a Layered WSN Using AODV and MCF Protocols in NS-2csandit
In layered networks, reliability is a major concern
as link failures at lower layer will have a
great impact on network reliability. Failure at a l
ower layer may lead to multiple failures at the
upper layers which deteriorate the network performa
nce. In this paper, the scenario of such a
layered wireless sensor network is considered for A
d hoc On-Demand Distance Vector (AODV)
and Multi Commodity Flow (MCF) routing protocols. M
CF is
developed using
polynomial time
approximation algorithms for the failure polynomial
. Both protocols are compared in terms of
different network parameters such as throughput, pa
cket loss and end to end delay. It was
shown that the network reliability is better when M
CF protocol is used. It was also shown that
maximizing the min cut of the layered network maxim
izes reliability in the terms of successful
packet transmission of network. Thetwo routing prot
ocolsare implemented in the scenario of
discrete network event simulator NS-2.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
IJERA (International journal of Engineering Research and Applications) is International online, ... peer reviewed journal. For more detail or submit your article, please visit www.ijera.com
It is considered to be the most perfect solution to address the most recently faced problems in present-day networks such as
“Routing, scalability, quality of service engineering management, traffic engineering”
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
Application of N jobs M machine Job Sequencing Technique for MPLS Traffic Eng...CSCJournals
This paper discusses Traffic Engineering with Multi-Protocol Label Switching (MPLS) in an Internet Service Provider’s (ISP) network. In this paper, we first briefly describe MPLS, Constraint-based Routing, MPLS-TE, N jobs M machine Job sequencing technique and how to implement the job sequencing technique for Multi-Protocol Label Switching Traffic Engineering. And also improve the quality of service of the network, using this technique firstly reduce the congestion for traffic engineering; minimize the packet loss in complex MPLS domain. In small network packet loss is negligible. We used NS2 discrete event simulator for simulate the above work. Keywords: Traffic Engineering, Multi-Protocol Label Switching, Constraint based routing, N jobs M machine Job Sequencing Technique, Qos, MPLS-TE.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Mission to Decommission: Importance of Decommissioning Products to Increase E...
VPN Using MPLS Technique
1. Fall 2017
EE 358 Information Theory
Course Project
VPN Routing via MPLS Technique
Ahmad Sameer Mohammad(26), Ahmad Atta Mohammad(30), Hussam Aldeen Ahmad(87), Rafik Hisham(101), Omar
Aldalil(134).
Affiliations (i.e., Electronics and communication department, Alexandria University)
Ahmed3ta@gmail.com
Abstract. Multiprotocol Label Switching (MPLS) networks are the next generation of networks designed to allow
enterprises to create end-to-end circuits across any type of transport medium using any available wide area network
(WAN) technology. Until recent years, enterprises with the need to connect remote offices in locations across the
country were restricted to the limited WAN options that service providers offered—usually frame relay or T1/E1
dedicated links.
MPLS VPNs combine the power of MPLS and the Border Gateway Protocol (BGP) routing protocol. MPLS is used to
forward packets over the provider’s network backbone, and BGP is used for distributing routes over the backbone.
1. Introduction
VPLS, MPLS VPNs, MPLS and VPNs are terms often used interchangeably, but erroneously so. Confusion about
MPLS VPNs stems from the multitudinous words that vendors and marketers often use to describe the same service. So
what actually is an MPLS VPN?
"MPLS" and "VPN" are two different technology types. Multiprotocol Label Switching (MPLS) is a standards-based
technology used to speed up the delivery of network packets over multiple protocols – such as the Internet Protocol (IP),
Asynchronous Transport Mode (ATM) and frame relay network protocols. A virtual private network (VPN) uses shared
public telecom infrastructure, such as the Internet, to provide secure access to remote offices and users in a cheaper way
than an owned or leased line. VPNs are secure because they use tunneling protocols and procedures such as Layer Two
Tunneling Protocol (L2TP). With those definitions understood, an MPLS VPN is a VPN that is built on top of an MPLS
network, usually from a service provider, to deliver connectivity between enterprise office locations. The terms "MPLS
IP VPN," "MPLS VPN" and "MPLS-based VPN" can be used synonymously. Understanding these terms are important
when mastering MPLS VPN fundamentals.
2. 2. Background/Related Work
MPLS Technique:
In this section we will talk about the mechanisms of MPLS and how it works.
First, data carried over MPLS network has one or more MPLS headers applied in order to transport it
across the network. The MPLS header structure is shown in Figure 1.
It contains those fields:
1. A 20-bit label value. MPLS pack-
ets are forwarded on the basis of this
field. This value is used as an index
into the MPLS forwarding table.
2. Traffic Class (TC) field (3 bits).
Previously known as the EXP bits,
convey the Class of Service to be ap-
plied to the packet. For example, LSRs and LERs can use these bits to determine the queue into which the
packet should be placed. Note that in some cases the MPLS label value also determines the queuing behavior
applied to the packet.
3. Bottom of stack bit (S-bit). MPLS headers can be stacked. The S-bit is set on the header of the MPLS
packet at the bottom of the stack.
4. Time-to-live (TTL) field. This is used to avoid forwarding loops and can also be used for path-tracing.
The value is decremented at each hop and the packet is discarded should the value reach zero.
But actually before dig-
ging into how it works and
how the header is added,
let’s first define the MPLS
network Architecture Fig-
ure 2 and see its compo-
nents.
Figure 2: Very simple MPLS network architecture
Figure 1: MPLS Header
3. 1. Label Edge Router (LER): It exists on the both edges of the network on the entry and exit points of
the network:
a. Ingress Label Edge Router (ILER): It exists at the beginning of an MPLS network and is an en-
try point where the data packet originates from its source. This edge router imposes label
(PUSH) and forward packets to destination through the domain. This ingress edge router ini-
tiates packet-forwarding process in MPLS core network.
b. Egress Label Edge Router (ELER): It exists at the end of an MPLS network and is an exit point
where the data packet reaches its destination. This edge router performs label disposition or
removal (POP) and forwards IP packet to destination. It disposes label from the arrived
packet only when bottom-of-stack indicator identifies if the encountered label is bottom la-
bel of the stack or not.
2. Label Switch Router (LSR): This router receives a labeled packet, swaps it with an outgoing one, and
forwards the new packet to an appropriate interface. Depending on its location in MPLS domain,
this router performs label disposition (removal, POP), label imposition (addition, PUSH) or label
swapping (replacing the top label in a stack with a new outgoing label value). When the data stream
(files or multimedia traffic) arrives from the access network to the MPLS core, it is segregated into
separate FEC in this router. As an acknowledgement of label bindings, LSR creates entries in Label In-
formation Base. This table comprises of I/O ports and I/O port labels indicating the label-FEC map-
ping.
3. Label Switch Path (LSP): LSP is the path which the packet takes to reach its destination through an
MPLS-enabled network. The path is unidirectional so this allows packets to be switched from one
edge to the other by passing through several intermediate switch routers. Every network location
needs LSPs to be established for data transfer. For example, packet data from LER1 traverses among
several intermediate nodes to LER2 using LSP1, then another path LSP2 is set out for packet transfer
to other end directly, which is the shortest path to arrive the destination. However, path switching is
derived from IGP routing information and may diverge from Interior Gateway Protocol preferred
path to the target network.
How MPLS works
As a packet enters ingress router, this ingress LER assigns labels to the packets for data transmission
through the network. The labels in MPLS header are inserted into data packet that has to be transmitted.
These fixed-length labels carry the information; all the subsequent routing switches perform packet for-
warding based only on those labels they never look as far as the IP header.
As each node forwards the packet, it swaps current label for the most appropriate label to the subse-
quent node to route the packet. Finally, the egress router removes the label(s) and forwards the original IP
packet toward its final destination. This mechanism enables very-high-speed packet switching through the
core MPLS domain.
4. VPN
Traditional router-based networks connect customer sites through routers connected via dedicated
point-to-point links (leased lines).VPNs replace dedicated point-to-point links with emulated
point-to-point links that share common infrastructure. Customers use VPNs primarily to reduce their op-
erational costs.
Advantages of VPNs
• Cost savings: Replacing expensive long-distance leased lines with much less expensive dedicated
connection to the service provider (DSL, fiber). And: Offload-
ing support costs
• Scalabil-
ity: Add-
ing a new branch office is fast and simple by adding an additional link to the ISP (adding a site to the
customer VPN).
• Improved security: Use of encryption protocols and authentication
• Better performance: More high-capacity data service options can be used (cheaper bandwidth).
• Flexibility and reliability: Wide spread availability of fiber, DSL, and other broadband options.
And: Using more than one ISP
• Greater access to mobile users: Increases productivity and responsiveness for employees working
from home or on business trips.
VPN Terminology
Provider Edge (PE) Devices
Provider Edge (PE) Devices
Provider network (P-network): The service
provider infrastructure used to provide VPN services
Customer network (C-network): The part of the
network still under customer control
Customer site: A contiguous part of the customer
network (can encompass many physical locations)
Provider (P) Core DevicesCustomer Site
Large Customer Site
Customer Premises
Equipment (CPE) or
Router
CPE
RoutVirtual
Other
Customer
Virtual
Customer Site
Large Customer Site
Provider (P) Core Devices
Customer Premises
Equipment (CPE) or
Customer Edge (CE)
Router
CPE Router
Virtual
Circuit 2
Other
Customer
Routers
Virtual
Circuit 1
Figure 3: VPN Simple Model
Figure 4: VPN Terminology
5. VPNs
Overlay VPN Peer-to-Peer VPN
Layer 2 VPN Layer 3 VPN
ACLs
(Shared router)
MPLS VPN
Split routing
(dedicated router)
X.25
Frame Relay
ATM
GRE
DMVPN
IPsec
GET VPN
L2TPv3
SSL VPN
P device: The device in the provider network with no customer connectivity
PE device: The device in the provider network to which the customer devices are connected
CE device: The device in the customer network that links to the provider network (sometimes also
called CPE)
PE-CE link: A link between a PE router and a CE router.
VPN Models
VPN services can be offered based on two major models:
• Overlay model, in which the service provider provides virtual point-to-point links between
customer sites
• Peer-to-peer model, in which the service provider participates in the customer routing
Overlay Implemntation techniques
Overlay Layer 2 VPN
- The service provider establishes Layer 2 VCs between customer sites.
- The customer is responsible for all higher layers.
Overlay layer 3 VPN
The service provider infrastructure appears as point-to-point links to the customer.
The service provider does not see customer routes and is responsible only for providing the point-to-
point transport of customer data.
Layer 3 VPN – IP tunneling
- Routing protocols run directly between customer routers.
- GRE is simple (and quicker).
Figure 5: VPN Models
6. - IPsec provides authentication and security.
Layer 2 VPN – Layer 2 forwarding
- Transparent tunneling of Layer 2 over IP
Over lay Layer 2, VPN is implemented with IP-over-Frame Relay or ATM tunnels:
- The service provider establishes Layer 2 VCs between customer sites.
- The customer is responsible for all higher layers.
Over lay Layer 3, VPN is implemented with IP-over-IP tunnels (GRE):
- Tunnels are established with GRE (Generic Routing Encapsulation).
- Tunnel interfaces are point-to-point.
- Enables dynamic routing and multicast
- Runs GRE over IPsec to secure tunnel payload
Over lay Layer, 3 VPN is implemented with IP-over-IP tunnels (DMVPN):
- Tunnels are established with mGRE.
- Tunnel interfaces are point-to-multipoint.
- Enables dynamic routing and multicast
- Runs mGRE over IPSec to secure tunnel payload
Over lay Layer 3, VPN is implemented with IP-over-IP tunnels (IPSec):
- Tunnels are established with IPsec (tunnel mode).
- Enables static routing (no multicast)
- Secures payload
Over lay Layer 3, L2TPv3 is used as a tunneling mechanism to deploy Layer 2 transparent services
over IP:
- L2TPv3 includes support for multiple Layer 2 encapsulations, including 802.1Q VLAN, QinQ, and
Ethernet.
Over lay Layer 3, SSL VPN enables remote-access connectivity from almost any Internet-enabled
location:
- Easy integration of the SSL VPN gateway into a shared MPLS network
Peer-to-Peer VPNs: Implementation Techniques
- PE-CE routing information is exchanged between CE and PE routers.
Peer-to-Peer VPN: ACLs (Shared Router)
- POP router carries all customer routes.
- Isolation between customers is achieved with the use of ACLs (packet filters) on PE-to-CE interfaces.
Peer-to-Peer VPN: Split Routing (Dedicated Router)
- The P router contains all customer routes.
- Each customer has a dedicated PE router that carries only its routes.
- Isolation between customers is achieved through the lack of routing information on the PE router.
GET VPN:
- Does not use tunnels, behaves almost like transport mode Ipsec
- Large-scale solution accommodating multicast
- Uses group security association and shared encryption key
- Centralized policy and key server with periodic rekeying
MPLS VNP
- CE routers route traffic to PE routers.
7. - Each customer has its own isolated routing table instance on PE router.
- P routers do not have customer route information.
- Label switching is enabled in service provider core.
Benefits of VPN Implementations
Overlay VPN:
- Well-known and easy to implement
- Service provider does not participate in customer routing.
- Customer network and service provider network are well isolated.
Peer-to-peer VPN:
- Guarantees optimum routing between customer sites
- Easier to provision an additional VPN
- Only sites provisioned, not links between them
Drawbacks of VPN Implementations
Overlay VPN:
- Implementing optimum routing requires a full mesh of VCs.
- VCs have to be provisioned manually.
- Bandwidth must be provisioned on a site-to-site basis.
- Overlay VPNs always incur encapsulation overhead (GRE or IPsec).
Peer-to-peer VPN:
- The service provider participates in customer routing. Filters should be applied to customer
links.
- The service provider becomes responsible for customer convergence.
- PE routers carry all routes from all customers.
- A secure environment must be provided for customers.
- Complex configuration
- The service provider needs detailed IP routing knowledge.
8. 3. MPLS VPN
Why MPLS VPN
In the MPLS VPN model, the best features of the overlay and point-to-point models are implemented.
An MPLS-enabled core and edge network provides a very fast and efficient data switching environ-
ment based on MPLS labels.
PE routers exchange routing information with customer CE routers and use separate isolated routing
tables for each customer. Special routing protocol contexts are used for route exchange between PE and
CE routers.
Routes are then exchanged between PE devices using the Multiprotocol BGP (MP-BGP) routing algo-
rithm. For scalability reasons, service provider core routers do not have any customer routing information.
PE routers label packets with MPLS labels and P routers use these labels for fast label-switching packets.
9. a. Implementation
MPLS Architecture
In the MPLS VPN architecture, the edge routers carry customer routing information, providing optimal routing for
traffic that belongs to the customer for inter-site traffic. The MPLS-based VPN model also accommodates customers
who use overlapping address spaces, unlike the traditional peer-to-peer model, in which optimal routing of customer
traffic required the provider to assign IP addresses to each of its customers (or the customer to implement Network Ad-
dress Translation [NAT]) to avoid overlapping address spaces.
MPLS VPN is an implementation of the peer-to-peer model; the MPLS VPN backbone and customer sites exchange
Layer 3 customer routing information, and data is forwarded between customer sites using the MPLS-enabled service
provider IP backbone.
The MPLS VPN domain, like the traditional VPN, consists of the customer network and the provider network. The
MPLS VPN model is very similar to the dedicated provider edge (PE) router model in a peer-to-peer VPN implementa-
tion. However, instead of deploying a dedicated PE router per customer, customer traffic is isolated on the same PE rout-
er that provides connectivity into the service provider network for multiple customers.
In the MPLS VPN implementation, the PE router performs multiple functions. The PE router must first be capable of
isolating customer traffic if more than one customer is connected to the PE router. Each customer, therefore, is assigned
an independent routing table (virtual routing table or virtual routing and forwarding [VRF] table) similar to a dedicated
PE router in the initial peer-to-peer discussion. Routing across the service provider backbone is performed using a rout-
ing process in the global routing table. P routers provide label switching between PE routers and are unaware of VPN
routes. CE routers in the customer network are not aware of the P routers, and thus the internal topology of the service
provider network is transparent to the customer. And to enable scaling the networkto a large number of customer VPNs,
Multiprotocol Border Gateway Protocol (MP-BGP) isconfigured between PE routers to carry customer routes.
Figure 6: Simple VPN Architecture
The P routers are responsible only for label switching of packets. They do not carry VPN routes and do not participate
in MPLS VPN routing. The PE routers exchange IPv4 routes with connected CE routers using individual routing proto-
col contexts. To enable scaling the network to a large number of customer VPNs, Multiprotocol Border Gateway Proto-
col (MP-BGP) is configured between PE routers to carry customer routes.
10. Virtual Routing and Forwarding tables (VRFs)
The global routing table (or forwarding in case of
Layer 2 switching) is not the same as the VRF as the
global interface includes only the IPV4 or IPV6 infor-
mation (or MAC addresses per interface in case of
Layer 2 switching) and only one global
routing table can exist in a single router.
The VRFs instead can contain more infor-
mation as explained next and more than one
VRF can coexist in the same router.
The VRF contains an IP routing table that is analo- gous to the global IP
routing table, a Cisco Express Forwarding
table, a list of interfaces that are part of the
VRF, and a set of rules defining routing
protocol exchange with attached CE routers (routing protocol contexts). In addition, the VRF also contains VPN identifi-
ers and VPN membership information (route distinguisher [RD] and route target [RT] are covered in the next section).
The interface that is part of the VRF must support Cisco Express Forwarding switching. The number of interfaces that
can be bound to a VRF is limited only by the number of interfaces on the router, and a single interface (logical or physi-
cal) can be associated with only one VRF.
In the MPLS VPN routing model, the PE router provides isolation between customers using VRFs. However, this in-
formation must be carried between PE routers to enable data transfer between customer sites via the MPLS VPN back-
bone. The PE router must be capable of implementing processes that enable overlapping address spaces in connected
customer networks.
The PE router must also learn these routes from attached customer networks and propagate this information using the
shared provider backbone. This is done by the association of an RD per virtual routing table on a PE router.
MP-BGPV4
The next design decision to be made is the choice of the routing protocol running between PE routers. Given that the
total number of customer routes is expected to be very large, the only well-known protocol with the required scalability
is Border Gateway Protocol version 4 (BGP4). In fact, BGP4 is used in the MPLS VPN architecture to transport custom-
er routes directly between PE routers. MPLS VPN architecture differs in an important way from traditional peer-to-peer
VPN solutions: MPLS VPNs support overlapping customer address spaces.
MP-BGP is also responsible for the assignment of a VPN label. Packet forwarding in an MPLS VPN mandates that
the router specified as the next hop in the incoming BGP update is the same router that assigns the VPN label. An MP-
BGP session between PE routers in a single BGP AS is called a Multiprotocol Internal Border Gateway Protocol (MP-
IBGP) session and follows rules as in the implementation of IBGP with regards to BGP attributes. If the VPN extends
beyond a single AS, VPNv4 routes will be exchanged between autonomous systems at the AS boundaries using a Multi-
protocol External Border Gateway Protocol (MP-EBGP) session.
Route Distinguisher
With the deployment of a single routing protocol (that is, BGP4) exchang-
ing all customer routes between PE routers, an important issue arises: how
can BGP4 propagate several identical prefixes, belonging to different cus-
tomers, between PE routers? The only solution to this dilemma is the expan-
sion of customer IP prefixes with a unique prefix that makes them
unique even if they had previously overlapped. A 64- bit prefix
Figure 7: Explaining VRFs
Figure 8: RD Header
11. called the route distinguisher (RD) is used in MPLS VPNs to convert non-unique 32-bit customer addresses into 96-bit
unique addresses that can be transported between PE routers.
An RD is a 64-bit unique identifier that is prepended to the 32-bit customer prefix or route learned from a CE router,
which makes it a unique 96-bit address that can be transported between the PE routers in the MPLS domain. Thus, a
unique RD is configured per VRF on the PE router. The resulting address, which is 96 bits total (32-bit customer prefix
plus 64-bit unique identifier or RD), is called a VPNv4 address.
VPNv4 addresses are exchanged only between PE routers; they are never used between CE routers. Between PE rout-
ers, BGP must therefore support the exchange of traditional IPv4 prefixes and the exchange ofVPNv4 prefixes. A BGP
session between PE routers is therefore called a Multiprotocol Border Gateway Protocol (MP-BGP) session. The format
of an RD is shown in the figure. An RD can be of two formats. If the provider does not have a BGP autonomous system
(AS) number, the IP address format can be used, and if the provider does have an AS number, the AS number format can
be used.
RD process flow
- Step 1: The CE router sends an IPv4 routing update to the PE router
- Step 2: The PE router prepends a 64-bit RD to the IPv4 routing update, resulting in a globally unique 96-bit VPNv4 prefix.
- Step 3: The VPNv4 prefix is propagated via an MP-IBGP session to other PE routers.
- Step 4: The receiving PE routers strip the RD from the VPNv4 prefix, resulting in an IPv4 prefix. RD is used to match the proper VRF routing
table.
- Step 5: The IPv4 prefix is forwarded to other CE routers within an IPv4 routing update.
Route Target (RT)
Route targets (RTs) were introduced into the MPLS VPN architecture to support identifying a site that participates in
more than one VPN. RTs are additional identifiers used in the MPLS VPN that identify the VPN membership of the
routes learned from that particular site. RTs are implemented by the use of extended BGP communities in which the
higher-order 16 bits of the BGP extended community (64 total bits) is encoded with a value corresponding to the VPN
membership of the specific site. When a VPN route learned from a CE router is injected into VPNv4 BGP, a list of VPN
route target extended community attributes is associated with it.
When implementing complex VPN topologies, such as extranet VPN, Internet access VPNs, network management
VPN, and so on, using MPLS VPN technology, the RT plays a pivotal role. A single prefix can be associated to more
than one export route target when propagated across the MPLS VPN network. The RT can, as a result, be associated to
sites that might be a member of more than one VPN.
VPN Label
The VPN label (4 bytes) is assigned for each prefix that is learned from the IGP process of the connected CE router
within a VRF by the MP-BGP process of the PE router. MP-BGP running in the service provider MPLS domain thus
carries the VPNv4 prefix (IPv4 prefix with prepended RD) in addition to the BGP route target extended community.
A simple MPLS-oriented approach to MPLS VPN packet forwarding across the MPLS VPN backbone would be to
label the customer packet with the label assigned by Label Distribution Protocol (LDP) for the egress PE router. The core
routers consequently would never see the customer IP packet; instead, the core routers would see just a labeled packet
targeted toward the egress PE router. The core routers would perform simple label-switching operations, eventually de-
livering the customer packet to the egress PE router. Unfortunately, the customer IP packet would contain no VPN or
VRF information that could be used to perform VRF lookup on the egress PE router. The egress PE router would not
know which VRF to use for packet lookup and would need to drop the packet.
An MPLS label stack can be used to tell the egress PE router what to do with the VPN packet. When using the label
stack, the ingress PE router labels the incoming IP packet with two labels. The top label in the stack is the LDP label for
the egress PE router; this label guarantees that the packet will traverse the MPLS VPN backbone and arrive at the egress
PE router. The second label in the stack is assigned by the egress PE router, and tells how to forward the incoming VPN
12. packet. The second label could point directly toward an outgoing interface, in which case the egress PE router would
perform label lookup only on the VPN packet. The second label could also point to a VRF, in which case the egress PE
router would first perform a label lookup to find the target VRF, and then perform an IP lookup within the VRF.
IGP scoop
The next hops on PE routers must not be advertised in the BGP process but must be learned from the IGP for MPLS
VPN implementation. The VPN label is depicted by the entries VI and V2 in the figure.
The designers of MPLS VPN technology were faced with these routing requirements:
• CE routers should not be MPLS VPN-aware; CE routers should run standard IP routing software.
• PE routers must support MPLS VPN services and traditional Internet services.
To make the MPLS VPN solution scalable, P routers must not participate in customer VPN routing. P routers use only
label switching.
Traffic flow
Penultimate hop popping (PHP) is the
removal of the top label in the stack on
the hop prior to the egress router. PHP
can be performed in frame-based MPLS
networks. In these networks, the last P router in
the label-switched path (LSP) tunnel pops the LDP
label (as previously requested by the egress
PE router through LDP), and the PE
router receives a labeled packet that con-
tains only the VPN label. In most cases, a
single label lookup performed on that
packet in the egress PE router is enough
to forward the packet toward the CE
router. The full IP lookup through the
forwarding information base (FIB) is performed only once, in the ingress PE router, even without PHP.
Summary
An MP-BGP update exchange between PE routers contains these elements:
• VPNv4 address
• Extended BGP communities (for example, RTs are required)
• Label used for VPN packet forwarding
• Mandatory BGP attributes (for example, AS path). Optionally, the MP-BGP update can contain any other BGP at-
tribute, such as local preference, multi-exit discriminator (MED), or standard BGP community.
The PE routers receiving MP-BGP updates import the incoming VPNv4 routes into their VRFs based on RTs attached
to the incoming routes and based on import RTs configured in the VRFs. The VPNv4 routes installed in the VRFs are
converted to IPv4 routes and then propagated to the CE routers.
The RTs that are attached to a route and the import RTs that are configured in the VRF direct the propagation of the
routes to the CE router. Incoming VPNv4 routes are imported into VRFs on the receiving PE router only if at least one
RT attached to the route matches at least one import RT that is configured in the VRF.
Figure 9: MPLS Backbone Traffic flow
13. b. Simulation Scenarios and Testbeds
Requirements
(a) GNS3 Simulator to implement and run MPLS L3
VPN
(b) 4GB RAM, in minimum, installed in the laptop/ PC
running GNS3
(c) Cisco IOS Image c7200
(d) configuring all the networks with scalability in
mind
Figure 10:the MPLS L3VPN Topology implemented
using GNS3
All configurations are written in the Global Configu-
ration Mode
Configure a loopback interface to use later as
router id
PE Router (R2):
interface Loopback0
ip address 2.2.2.2 255.255.255.255
P Router (R3):
interface Loopback0
ip address 3.3.3.3 255.255.255.255
PE Router (R4):
interface Loopback0
ip address 4.4.4.4 255.255.255.255
Customer Router (R1) 1st
bransh
interface Loopback0
ip address 1.1.1.1 255.255.255.255
Customer Router (R5) 2nd
bransh
interface Loopback0
ip address 5.5.5.5 255.255.255.255
Configure IP addresses:
R2:
interface GigabitEthernet0/0
ip address 192.168.23.2 255.255.255.0
interface GigabitEthernet1/0
ip address 192.168.12.2 255.255.255.0
R1:
interface GigabitEthernet0/0
ip address 192.168.12.1 255.255.255.0
interface GigabitEthernet0/0
ip address 192.168.45.5 255.255.255.0
R3:
interface GigabitEthernet0/0
ip address 192.168.23.3 255.255.255.0
interface GigabitEthernet1/0
ip address 192.168.34.3 255.255.255.0
R4:
interface GigabitEthernet0/0
ip address 192.168.45.4 255.255.255.0
interface GigabitEthernet1/0
ip address 192.168.34.4 255.255.255.0
R5:
interface GigabitEthernet0/0
ip address 192.168.45.5 255.255.255.0
:Configure LDP
R2(config)#mpls ldp router-id Loopback0
R3(config)#mpls ldp router-id Loopback0
R4(config)#mpls ldp router-id Loopback0
Enabling MPLS on interfaces connected in the
ISP network:
R2:
interface GigabitEthernet0/0
mpls ip
R3:
interface GigabitEthernet1/0
mpls ip
interface GigabitEthernet0/0
mpls ip
R4:
interface GigabitEthernet1/0
mpls ip
14. Configure backbone network IGP
R2:
router ospf 1
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 192.168.23.0 0.0.0.255 area 0
R3:
router ospf 1
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 192.168.23.0 0.0.0.255 area 0
network 192.168.34.0 0.0.0.255 area 0
R4:
router ospf 1
log-adjacency-changes
network 4.4.4.4 0.0.0.0 area 0
network 192.168.34.0 0.0.0.255 area 0
Configure MP-BGP for vpnv4 route exchange be-
tween PE routers
R4:
router bgp 1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
R2:
router bgp 1
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 1
neighbor 4.4.4.4 update-source Loopback0
no auto-summary
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
Configure Customer VRFs:
On both R2 and R4 (the provider edges):
ip vrf customer1
rd 100:1
route-target export 1:100
route-target import 1:100
Associating the VRFs with customer interfaces:
R2:
interface GigabitEthernet1/0
ip vrf forwarding customer1
ip address 192.168.12.2 255.255.255.0
R4:
interface GigabitEthernet0/0
ip vrf forwarding customer1
ip address 192.168.45.4 255.255.255.0
Setting Up Routing For the Client
R5:
router eigrp 100
network 5.0.0.0
network 192.168.45.0
no auto-summary
R1:
router eigrp 100
network 1.0.0.0
network 192.168.12.0
no auto-summary
Redistribute EIGRP into BGP
router bgp 1
address-family ipv4 vrf customer1
redistributing the eigrp routes to bgp:
redistribute eigrp 100
exit-address-family
Redistribute BGP into EIGRP
router eigrp 1
address-family ipv4 vrf customer1
redistribute bgp 1 metric 1 1 1 1 1
network 192.168.12.0
no auto-summary
autonomous-system 100
exit-address-family
R4
Redistribute BGP into EIGRP
router eigrp 1
address-family ipv4 vrf customer1
redistribute bgp 1 metric 1 1 1 1 1
network 192.168.45.0
no auto-summary
autonomous-system 100
exit-address-family
Redistribute EIGRP into BGP
router bgp 1
address-family ipv4 vrf customer1
redistribute eigrp 100
exit-address-family
15. 4. Conclusions
The most scalable method of exchanging customer routes across a provider network is the use of an MP-BGP
between PE routers.
RDs transform non-unique 32-bit addresses into 96-bit unique addresses.
RTs are used to identify VPN membership in overlapping topologies.
• In MPLS VPNs:
CE routers run standard routing protocols to the PE routers.
PE routers provide the VPN routing and services via MP-BGP.
P routers do not participate in VPN routing, and only provide core IGP backbone routing to the PE routers.
• PE routers forward packets across the MPLS VPN backbone using label
5. Future Work
a. VPNv6 on the MPLS:
In this overview we only used the IPv4 of the traffic data, the implementation of IPv6 on the same way
can be more challenging
b. Layer 2 MPLS VPN:
We worked only on the Layer 3 MPLS VPN, and we look forward to see the results on the Layer 2
MPLS VPN.
c. Other vendors VPN MPLS:
At the start Cisco Studying material were available, so we only worked on the environment that is suit-
able for Cisco, also other vendors can be tricky to find academic material for, we are keen to see the
differences of other vendors in concept and implementation.
d. Security point of view:
We didn’t study the subject from the security perspective, so it would be a great benefit to study it se-
curity-wise.
6. References
[1] Cicso SPNGN1, SPNGN2, SPCORE material
[2] MPLS Enabled applications, Third edition.
[3] MPLS Virtual Private Networks, Luca Cittadini, Giuseppe Di Battista, Maurizio Patrignani..
[4] Implementation of MPLS L3VPN using GNS3, Akashy, Pooja Ahlawat