Porashuna Thesis

1
Table of Contents
Chapter 1:
Introduction
1.1
1.2
1.3
1.4
Epilogue
7
Common Application of MPLS
Planning the MPLS migration Path
Constrains using traditional network (IP/Frame Rela)
8
14
16
1.5
1.6
Link3 IP Network Coverage

Problem of IP Network
18
20
Chapter 2:
Label Distribution Protocol (LDP)
2.1
2.2
2.3
2.4
2.5
2.6
2.7
Chapter 3:
Link3 IP Network
MPLS benefits
MPLS Architecture
MPLS Configuration Task
LDP needed
Configure MPLS mandatory part
Configure MPLS optional part
24
25
25
26
27
28
28
Traffic Engineering
3.1
3.2
3.3
3.4
3.5
3.6
3.7
Chapter 4:
4.1
4.1.1
4.2
4.3
4.4
4.4.1
4.5
4.6
4.7
4.8
MPLS Traffic Engineering

The Problem of IGP (OSPF) shortage path
MPLS TE required Link stat protocol
Traffic Engineering
Minimum Traffic Engineering Configuration
Unequal-cost load balancing
Verify Tunnel Setup
37
38
39
39
40
42
43
MPLS VPN (Layer 2 and Layer 3)

Introduction
Link3 IP Network diagram
Necessity of MPLS
Possible services
47
Benefits of MPLS
Link3 Network diagram after implementing MPLS
MPLS VPN Architecture and Terminology
MPLS VPN Routing Model
Virtual Routing and Forwarding Table
MPLS VPN Control Plan Operation
45
45
46
48
49
50
50
51
51
2
4.9
MPLS VPN Data Plan Operation
4.10
Advantage of having chosen this Network
4.11 Turning up MPLS VPN Services
4.11.1Customer Order form
4.11.2Figure of Customer MPLS implementation
52
52
53
53
54
2.11.3Customer Deployment of MPLS VPN

CE and PE Router Configuration
54
57
4.12
Chapter 5:
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
Virtual Private LAN Service (VPLS)

Introduction
VPN to VPLS
Other L2VPN and VPLS
IP VPNs and Ethernet VPLS Services
Benefits and Limitations of VPLS
Requirements for VPLS
VPLS vs. IPVPN
Basic VPLS Configuration
Hierarchical VPLS
Conclusion
67
68
69
70
71
73
74
76
78
80
Chapter 6: Pseudo wire

6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
6.10
6.11
6.11
Introduction
Supported transport type
Like to like any to any
Layer 2 VPN model
Pseudo Wire reference model
Requirements for AToM
Benefits of using AToM
Any transport over MPLS
Establishing AToM Pseudo wires
Basic VPLS configuration
QoS with AToM
Conclusion
82
83
83
84
85
86
88
89
91
93
93
101
Chapter 7: Implementing QoS in MPLS network

7.1
7.2
7.3
7.4
Client]
Introduction to QoS
Problem define
82
83
83
84
7.2.1 Problem definition

7.2.2 Network diagram
Constraints of solving the problem using IP network
85
Solution provided through MPLS network
86
7.4.1 Scenario-1 [Implementing QoS in IP/MPLS network for
91
7.4.2 Scenario-2 [ End-to-End QoS in MPLS network ]
93
3
7.5
loss
Common QoS Parameters[Bandwidth,Delay,Jitter & Packet

7.5.1 QoS Requirements [for Voice, Video and Data ]
101
7.5.2 QoS Service Models [ Best Effort, Int Serv , Diffserv.]
86
7.5.3 Classification & Marking
91
7.5.4 Queuing / Scheduling
93
7.6
Traffic Policing and Shaping
7.7
Others
7.7.1 Details Sample Configuration and Implementation of MPLS
QoS in Uniform Mode and Short Pipe Mode Operation
91
7.8
Conclusion
Chapter 8. How MPLS VPN reduces the customer hardware

cost
8.1
Introduction
8.2
Cost effectiveness
8.2.1 Centralized control
Case Study
8.3.1 Case-1
8.3.1.1 Traditional IP/VPN connectivity
8.3.1.2 MPLS VPN Connectivity
8.3.1.3 Cost benefits analysis
A practical Case
8.3.2.1 Point-to-Point connectivity with Optical Fiber
8.3.2.2 Regular VPN solution:
8.3.2.3 MPLS VPN:
Case-2
8.3.3.1 Traditional Leased Line Solution
8.3.3.3 Cost benefits analysis.
Case-3
8.3.4.2 MPLS VPN connectivity
Practical Case-2
8.3
8.3.2
8.3.3
8.3.4
8.3.5
Epilogue
This paper is assimilated with the intention to provide the foundation
knowledge base and a practical guideline to migrate traditional IP network to
MPLS network. The paper has been developed keeping in mind the
intermediate to advanced level network administrators who are already
administering traditional multi-hop IP based networks.
The paper is organized in topic-wise chapters. Each chapter contains an
introduction to an MPLS concept, the advantages this feature provides,
reasons and/or conditions under which migration is logical and beneficial,
followed by an example depicting the steps required to migrate a generic
arbitrary non-MPLS based scenario to the optimum MPLS based scenario.
Chapter-1 Introduction
1.1 Introduction of Multi protocol Level Switching
(MPLS)
Demand for data communication has been increasing exponentially in
Bangladesh. Before 2000, few organizations had the capability to connect
multiple office locations spread across the country over MAN or WAN. As the
telecommunication sector grew, and made available means to provide data
access across cities, a few intrepid local Internet Service Providers decided to
extend their networks across the nation. As a result, a number of ISPs also
became Data Communication Service Provides.
These service providers grew their networks driven by market demand, on
ad-hoc basis. The largest consumer of this expanding network is Banking
and Non-Banking Financial Institutions, followed by large (in Bangladesh
context) enterprises.
Some small organizations and individuals with
technology leader mindset also subscribe to this network service. The
service provider and the consumers require different functionalities and
service from the network.
Under the competitive scenario of the service provider market, the network
providers primary requirements from their network are to have flexibility to
introduce new services as and when required, scalability to grow to meet
customer demands, and optimize traffic flow so that the most expensive
resource Intercity bandwidth is utilized to its fullest. Banks and nonbanking financial institutions, and large enterprises require a high level of
security across their network without compromising Quality of Service (QoS).
(See Figure -1)
Figure 1.1: Network service subscription by segment
The hardware required to establish secure IPSec VPN tunnels across multiple
branches are immense. In most cases, it is difficult for the end-user or the
service provider to bear such costs economically. MPLS, with its inherent
secure VPN tunneling methods that are maintained within the providers
infrastructure, eliminate the need for such expensive hardware to be
deployed at the consumers end. Thus, the larger the end-user network, the
cheaper it is for the end-user when MPLS is used.
While only a few service providers in Bangladesh have the right platform to
scale up to an MPLS based network, most are willing to make the investment
required in order to reap the benefits of MPLS and to keep the competitive
advantage in the market.
1.2:Common Applications of MPLS

Backhauling
Mobile phone operators can use MPLS to optimize their RAN backhaul
network interconnecting their BTS.
Inter Provider Connections
Customers availing Internet/Data connectivity services from multiple vendors
across cities or countries may wish to establish their own MPLS VPN network.
In such cases, inter-provider MPLS networks may be needed.
MPLS for the Enterprise
MPLS can act as an alternative to Frame Relay, ATM, and other similar
services. In addition to the features of these network technologies, MPLS can
provide all the benefits that are usually reserved for Ethernet networks, such
as MPLS VPN (Layer 2 and 3). Enterprises can use MPLS to create virtual
clear channel circuits across multi-vendor IP network.
QoS Support
Optimize Voice traffic, ensure business critical applications get allocated
bandwidth whenever required without dedicating the bandwidth to the
application indefinitely, identify and troubleshoot network bottlenecks, and
deploy Pseudowire applications.
Traffic Engineering
Modifying routing patterns to provide efficient mapping of traffic streams to
network resources in order to minimize network congestions and improve
network performance.
Any transport over MPLS

Any Transport over MPLS (AToM) allows service providers who offer Layer 2
(L2) connectivity to expand service offerings by connecting Ethernet, ATM,
Frame Relay, Serial/PPP and TDM networks through an MPLS backbone. AToM
is Cisco's implementation of Virtual Private Wire Service (VPWS) for IP/MPLS
networks. AToM is a scalable architecture based on label switching that
allows multiplexing of connections. It is also standards-based open
architecture and can be extended to other transport types.
Virtual Private LAN service
VPLS is basically needed for Ethernet based multipoint services. Few
advanced applications like ERP, VOIP, instant messaging, and network based
meeting and network based video conference needed peer to peer data
communications. The requirement for reliable peer-to-peer communication is
relatively easy to support within Ethernet switched campus networks, which
is inherently multipoint service architecture. However, this requirement
is more difficult to support in traditional WAN networks, such as Frame Relay
or ATM, which are based on a hub-and-spoke service architecture.
Furthermore, these traditional WAN technologies tend to impose bandwidth
limitations that constrain the future growth of these peer-to-peer
applications. For example, Frame Relay is typically available at speeds of T-1
(E-1), and ATM is rarely available at speeds above OC-3 (STM-1).VPLS is a
multipoint L2 VPN technology that allows multiple sites to be connected over
a simulated Ethernet broadcast domain that is supported across a provider
provisioned IP/MPLS network. In other words, VPLS delivers multipoint Layer
2 connectivity over a Layer 3 network architecture. VPLS evolved as a logical
extension of Ethernet over MPLS (EoMPLS), which was developed to enable
point-to-point Ethernet-based L2 VPN services.At a basic level, VPLS can be
defined as a group of Virtual Switch Instances (VSIs) that are interconnected
using EoMPLS circuits in a full mesh topology to form a single, logical bridge.
In concept, a VSI is similar to the bridging function found in IEEE 802.1q
bridges in that a frame is switched based upon the destination MAC and
membership in a Layer 2 VPN (a virtual LAN or VLAN). If the destination
address is unknown, or is a broadcast or multicast address, the frame is
flooded to all ports associated with the VSI, where a port, in the context of
VPLS, is an EoMPLS VC pseudo wire.
Description of a Traditional Non-MPLS IP Network:
Internet Services Provider business took off in 1996 in Bangladesh. At that
time, every single ISP implemented static network architecture that was
simple and non-scalable. Network administrators started experimenting with
dynamic routing protocols such as OSPF, EIGRP, IS-IS, etc. circa 2003. Within
a short time, OSPF took the popularity lead over EIGRP and IS-IS.
In 2005, SDNP a UN funded project established BDIX with support from

SANOG (South Asia Network Operation Group). BDIX functioned as a local
bypass exchange portal for all traffic destined for the Internet. Traffic from
each member ISP could now be screened for destinations amongst other
members, or otherwise. Based on the destination, traffic could then be sent
to BDIX to be distributed locally, or sent upstream to the Internet via VSAT.
This saved a significant amount of very expensive VSAT bandwidth.
Around the same time, ISPs started to implement BGP between BDIX and
VSAT in order to achieve
Figure 2 shows a simplified network diagram that is applied in most ISPs in
Bangladesh.
Figure:1. 2: Common ISP network scenario in

Bangladesh
It is clear from Figure 2 that each router is considered as core and edge at
the same time. There is no clear demarcation between Provider-End (PE)
router and Provider (P) router i.e. there is no distinction between the core
network and the edge network. The use of non-scalable hardware also
compounds the complications involved in migrating such network into an
MPLS ready network.
Thus, as this paper will continue to reveal, the first steps in the migration
process will be to identify and replace non-scalable hardware with
appropriate, scalable, and MPLS capable hardware, followed by restructuring
the present network architecture to a core/edge or PE/P based network

architecture.
This prevalent scenario in Bangladesh is because of the common tendency to
start as a pure ISP in Dhaka, and then expanding on an ad-hoc basis based
on the growing demands from the Banking industry in Bangladesh. It is
worth mentioning here that before 2003, other than few multinational banks
having their own VSAT based network, no bank had online banking. Bank
services grew simultaneously with ISPs capability to connect more and more
remote locations. At the same time, the ISPs grew based on the revenue
generated from the banks that went online. In many ways, growth in the
Banking industry in Bangladesh has a symbiotic affect on the ISP industry
growth, and vice-versa.
Comparing MPLS with existing IP core and IP/ATM technologies,
MPLS has many advantages and benefits:
The performance characteristics of layer 2 networks
in MPLS networks, AToM provides point-to-point connectivity for
several media encapsulations, including Ethernet, Frame Relay, and
ATM. Its ultimate goal is to enable new services at lower costs and
complexity when compared with alternative technologies. AToM is
provided as part of the Unified VPN Suite of leading-edge VPN
technologies available over the widest breadth of routers.
The connectivity and network services of layer 3 networks
One of the main benefits of Multi protocol Label Switching (MPLS) is
enabling virtual private network (VPN) connectivity over a public
packet-switching infrastructure. The first VPN offering with MPLS
provided connectivity at Layer 3 and is defined in the Internet
Engineering Task Force (IETF) standards, namely with RFC 2547.
Service providers need to extend VPN connectivity to Layer 2 to
enable new data services offerings, save costs, and integrate multi
service functionality and offer it with Layer 3 VPN on a unified core
network.
Improves the price/performance of network layer routing
Normally circuit switching or TDM is costly. ISP provider can not
provide the circuit switching. In respect of Bangladesh Telcos are
providing circuit switching or TDM circuit in E1 base. Service
providers are taking lease from them which are not cost effective
solution. In MPLS, service providers can provide corporate customers
10
with an optical-speed data network to connect multiple corporate

sites within a specific metro region. The corporate customers are
connected typically with Ethernet to the desktops, enabling the
service providers to aggregate the traffic, privately, over a virtual
LAN (VLAN) interface and transport it to other locations across the
network. This service is not as much costly as TDM/Circuit switching.
In this way, service provider can save the cost of the customers
connectivity.
Improved scalability
AToM is a scalable architecture based on label switching that allows
multiplexing of connections. It is also standards-based open
architecture and can be extended to other transport types.
Improves the possibilities for traffic engineering
The Multi protocol Label Switching (MPLS) Traffic Engineering (TE)
Scalability Enhancement feature improves scalability performance
for large numbers of traffic engineering tunnels. These
improvements allow an increase in the number of TE tunnels a router
can support when the router is configured as a tunnel head end.
Additionally, when the router is configured as a tunnel midpoint , the
enhancements reduce the time required to establish large numbers of TE
tunnels.
Supports the delivery of services with QoS guarantees

MPLS QoS implementations use the differentiated services
(DiffServ) model. Routers use three bits, called Experimental bits
for historical reasons, in the MPLS header of each packet transported
across the MPLS network to differentiate the traffic. This allows eight
traffic classes to be implemented; though one is usually reserved for
default traffic class, leaving only seven actual classes. If you want to
offer in-contract/out-of-contract QoS, similar to the DE bit in Frame
Relay or CLP bit in ATM, then only four traffic classes will remain as
one bit is needed for the out-of-contract indication. Four traffic
classes should be enough to cover the needs of most service
providers.
1.3 :Planning the MPLS Migration Path:

Following are the prerequisite to implementing MPLS:
MPLS architecture selection

Hardware selection
Routing protocol selection
11
Hardware Selection:
Hardware plays the vital role in MPLS rollout. All routers and switches do not
support MPLS. There are a number of MPLS services, and not all are
supported by most MPLS compatible routers or switches.
The primary consideration in selecting the hardware is traffic utilization. It is
best to select the routers and switches based on the core networks traffic
flow.
At Link3, all routers and switches are from Cisco. Our core network is based
on the Cisco 7206-VXR with NPEG1 and Cisco Catalyst 3550. At the edges,
we use Cisco 3662 and Cisco 3640 routers and Cisco Catalyst 2950 and 2960
switches.
Link3 Technologies Ltd MPLS Diagram
It is crucial for the network architect to select the appropriate hardware in
order to support the desired MPLS services/applications that will be
implemented within the network. The Internet has sufficient compatibility
references. For example, in order to implement MPLS Layer 2 VPN and Layer
3 VPN from every PoP, Cisco 7200-VXR or higher ranges must be used. With
Huawei and Maipu, lower series can support MPLS Layer 2 and Layer 3 VPN.
While designing the Link3 MPLS network, it was assumed that customers will
require both MPLS Layer 2 and Layer3 in few major cities, and only Layer3 in
remaining cities. Thus, Cisco 7206-VXR was used only where both MPLS L3
and L2 VPN are required. Cisco 3600 series routers were used in the
remaining PoPs as core routers.
MPLS architecture selection:

In MPLS network designs, routers are categorized into two groups. One is
Label Switched Router (LSR) (aka P for Provider) and other one is Label
Edge Router (LER) (aka PE for Provider Edge). One PE router to another PE
router path is called LSP or Label Switch Path. It is crucial to understand the
topological position and function of each type of router in order to
understand the architecture of MPLS. A P router is an LSR that functions as a
transit router of the core network. The P router is typically connected to one
or more PE Routers.
12
Figure 1.3: MPLS architecture
An LSR is capable of understanding MPLS labels and of receiving and

transmitting a labeled packet on a data link. Three kinds of LSRs exist in an
MPLS network:
Ingress LSR Ingress LSR receive a packet that is not labeled yet, insert a
label (stack) in front of the packet, and send it on a data link.
Egress LSR Egress LSRs receive labeled packets, remove the label(s), and
send them on a data link. Ingress and egress LSR are edge LSR.
Intermediate LSR Intermediate LSR receive an incoming labeled packet,
perform an operation on it, switch the packet, and send the packet on the
correct data link.
An LSR can do the three operations: pop, push, or swap.
1.4 :Routing Protocol Selection:

To make LDP neighbor, MPLS can use any IGP protocol which is existing in the
network but to do the MPLS traffic Engineering we need to use either OSPF or
IS-IS. This document describes a common practice on how the existing
metric of Interior Gateway Protocols (IGP) can be used as an alternative
metric to the Traffic Engineering (TE) metric for Constraint Based Routing of
Multiprotocol Label Switching (MPLS) Traffic Engineering tunnels. Interior
Gateway Protocol (IGP) routing protocols (OSPF and IS-IS) as well as
Multiprotocol Label Switching (MPLS) signaling protocols (RSVP-TE and CRLDP) have been extended (as specified in [ISIS-TE], [OSPF-TE], [RSVP-TE] and
[CR-LDP]) in order to support the Traffic Engineering (TE) functionality as
defined in [TE-REQ].
13
These IGP routing protocol extensions currently include advertisement of a

single additional MPLS TE metric to be used for Constraint Based Routing of
TE tunnels.
However, the objective of traffic engineering is to optimize the use and the
performance of the network. So it seems relevant that TE tunnel placement
may be optimized according to different optimization criteria. For example,
some Service Providers want to perform traffic engineering of different
classes of service separately so that each class of Service is transported on a
different TE tunnel. One example motivation for doing so is to apply different
fast restoration policies to the different classes of service. Another example
motivation is to take advantage of separate Constraint Based Routing in
order to meet the different Quality of Service (QoS) objectives of each Class
of Service.
Depending on QoS objectives one may require either (a)
enforcement by Constraint Based Routing of different bandwidth constraints
for the different classes of service as defined in [DS-TE], or (b) optimizing on
a different metric during Constraint Based Routing or (c) both. This document
discusses how optimizing on a different metric can be achieved during
Constraint Based Routing.
We will now describe the common usage of MPLS in ISP scenarios. Here we
will describe mostly how we can shift an IP Network to MPLS network, and
what the benefits will be. We have taken the help of Link3s network to do
the lab simulations.
1.5: Constrains
(IP/Frame relay)
using
traditional
network
We are going to begin discussing MPLS not with the technology itself, but
with many of the problems it is designed to fix in service provider networks.
A few of the problems are discussed below.
Problem 1:
14
Figure 1.4: four POPs are connected to

ATM network
Figure 4 shows four POPs: Dhaka, Chittagong, Sylhet, and Khulna. At each of
these POPs, the routers are connected to ATM switches that are fully meshed,
creating the core service network.
Figure : 1.5 Four POPs are connected to IP

network cloud.
Another way to represent the service provider network is to show the POP
locations connected to a cloud, as illustrated in Figure 5 which is logical for
the service provider network compare to figure 4. Here Link3 trying to
demonstrate the problem faced when integrating ATM and IP based routers.
IP and ATM were developed separately and without much regard for each
other. The ATM switches are only concerned with moving traffic based on
VPI/VCI values of which the IP based POP routers are unaware. POP routers
are layer3 devices, concerned with forwarding packets based on routing
table.
Problem 2: (Scalability)
Second problem experienced by the service providers is scalability. To allow
for the maximum redundancy and optimum routing, a full mesh of virtual
circuits (VCs) must be created, resulting in an overlay.
In Figure 6, the four POP routers are connected together in full mesh of VCs.
Notice that for four routers, six VCs are required. If two more POP routers are
added, as shown in figure 4, a total of 15 VCs are required to provide full
mesh connectivity.
15
Figure 1.5: Four routers connected to

mesh network.
Figure1. 6: Full mesh with six routers.
In the real word scenario the overlay problem is the big problem, in which
the routers are connected in a full mesh through virtual circuits, is that
officially it is not scalable.
Not only are there scalability problems with the number of VCs required
implementing a full mesh, but there are also scalability problems associated
with the routing protocols in use in the network. As more and more VCs are
created, more and more routers must form adjacencies with one another to
ensure redundancy. All of these routers must exchange routing table updates
with every routers, thus creating a great deal of traffic that is merely
updating routing tables.
1.6 :Link3 IP network coverage:
16
Early 2001 Link3 started ISP business with IP based network in between
Dhaka only. Day by day link3 increasing their network from one city to
another and currently Link3 covered all of the major cities and all divisions.
Link3 has the largest IP backbone and the network with most resilience & redundancy in
Bangladesh.[Ref: 2.2]
17
Link3 using dynamic routing protocol OSPF to interconnect POPs. Link3 got
two /19 class C IP address and also using 12 bits class B private IP address in
the network.
Figure 1.8: Link3 coverage IP network.
18
1.6: Problem of IP network

Before describing Link3 MPLS network, we want to explain the problem of IP
network.
In IP network, we can use IPSec tunnel for the security. Now a days
most of the customers want to deploy their network with failover. In
this scenario, all remote branches are connected to head quarter with
redundant links. One is primary and other one is secondary.
Figure 1.9: Remote offices are connected to head

quarters.
In figure 9, remote branch primary link is connected to head quarter
primary link with IPSEC tunnel and remote branch secondary Link is
connected to head quarter secondary link. When head quarter primary
link goes down and remote branch primary link up then it cannot get
connection to head quarter through primary link. It then would be
connected through secondary link.
But when one of the branch is connected to head quarter with only
primary link when primary link of the head office got down then this
branch could not connect to the head office through the branch
connectivity is okay.
19
Figure1. 10: Remote Branch is connected to head quarter through

primary link only.
In IP network, we are using dynamic routing protocol for redundancy.

But some cases we could not use load sharing or manage the traffic. In
OSPF, we can use load sharing by using cost, for large network it is
very difficult to manage. Even in load sharing method, we could not
configure the traffic management.
Figure 1.11: load sharing by OSPF cost

When the network is simple and using three four routers, then it is very
easy to do load sharing by maintaining OSPF cost in the interface. But if
the network shape is bigger and around 50 routers presence in the
network then it is not an easy game to play for load sharing or load
balancing by OSPF cost.[Ref. 2.5]
Quality of Service is one of the important issues for the ISP. In IP

header there is no byte space for maintain the quality of service.
20
In MPLS, there are 3 bits for Class of service by which we can maintain the quality of
service.
MPLS header
Label 20 bits
Cos (3 bits)
MPLS Header's total size is 32-bits.

Label (20-bit) : This is the label per flow
CoS (3 bits) : Class of Service
Stack bit: Indicate the presence of Label Stack.
TTL (8-bit): Time To Leave.
S (1 bit)
TTL (8bits)
21
Chapter-2 Label Distribution Protocol (LDP)

2.1 Link3 IP Network
Link3s initial IP network, as it started off in 2001, consisted of one router at
each POP interconnecting the backbone and providing customer access at
the same time. This meant that the customer data and backbone data were
overlapping and were often difficult to distinguish or troubleshoot. At times,
rogue customer data affected the entire network. Needless to say, the CPU
loads of the routers were exceptionally high.
Figure 2.1Link3 IP Network

It is simple enough to incorporate redundancy in IP networks; however, it is
not so easy to implement load balancing/sharing.
Some innovative
engineering allows the use of cost in OSPF or declaring variance in EIGRP
to emulate load sharing. Such approaches are not favorable in larger
networks.
Standard IP networks do not support QoS which is another reason to
implement MPLS. Without QoS, meeting customer SLA while providing IP
telephony, www, mail, and various other services over the same network is
impossible.
22
Traditional IP routing protocols are used to distribute Layer 3 routing

information and forwarding decisions are made based on packet headers and
local routing tables. The routing lookups are independently performed at
every router in the network. Sometimes, each and every router may need
full routing information and can be extremely resource hungry. MPLS
leverages both IP routing and CEF switching. MPLS is a forwarding
mechanism in which packets are forwarded based on labels. It is designed to
support multiple applications including Unicast and Multicast IP routing, VPN,
Traffic Engineering, QoS and AToM. The one of the important thing is MPLS
decreases forwarding overhead on core routers. MPLS can support to transit
any protocol through it.
2.2 MPLS Benefits
Separates Control plane & the forwarding plane

Only ingress router needs to look up the network layer & make routing
decision. Other LSRs only swap labels
Source Based routing: e.g. explicit routes in MPLS-TE
Scalability: Hierarchy of Routing (via label stacking)
AnyThing over MPLS (AToM): Labels are common binding between
different Layer 2 technologies like ATM, Ethernet, Frame Relay.
2.3 MPLS Architecture:

MPLS consist of two major components
1. Control plane
2. Data plane
2.4 MPLS architecture: Control plane

Control plane takes care of the routing information exchange and label
exchange between adjacent devices. Control plane build routing table (RIB)
based on routing protocol (OSPF, EIGRP, RIP etc). The label exchange
protocol binds labels to networks learned via a routing protocol. Label
exchange protocol like LDP, TDP (Cisco only) and BGP (used by MPLS VPN).
RSVP is used by MPLS TE to accomplish label exchange.
23
Figure 2.2: Control Plane
2.5 MPLS architecture: data plane

Data plane takes care of forwarding based on either destination addresses or
labels. The data plane is also known as the forwarding plane. The Label
Distribution Protocol (LDP) in the control plane exchanges labels and store
them in the LIB. This information is then used in the data plane to provide
MPLS functionality. A label is added to the IP forwarding table (FIB) to map an
IP prefix to a next hop label. A locally generated label is added to the LFIB
and mapped to a next hop label.
Figure 2.3:Data Plane

(Ref:MPLS 2.2 Implementing Cisco MPLS-LDP)
24
2.6 MPLS configuration Tasks:

To configure MPLS there are two types of tasks:
1. Mandatory
2. Optional
The Mandatory Jobs are
a. To enable CEF switching
b. Configure LDP on every label-enabled interface
The Optional Jobs are
a. Configure MPLS ID
b. Configure MTU size for labeled packets
c. Configure IP TTL propagation
d. Configure conditional label advertising.
NOTE: By default, the TTL field is copied from the IP header and placed in
the MPLS label when a packet enters an MPLS network. If TTL propagation is
disabled, the value in the TTL field of the label is 255. Ensure that all routers
have the TTL propagation either enabled or disabled. If TTL is enabled in
some routers and disabled in others, the result may be that a packet leaving
the MPLS domain will have a larger TTL value than when it entered.
2.7 Benefits of Label Distribution Protocol (LDP)

Label Distribution Protocol (LDP) is a key protocol in the MPLS (Multi Protocol
Label Switching) architecture. In the MPLS network, 2 label switching routers
(LSR) must agree on the meaning of the labels used to forward traffic
between and through them. LDP defines a set of procedures and messages
by which one LSR (Label Switched Router) informs another of the label
bindings it has made. The LSR uses this protocol to establish label switched
paths through a network by mapping network layer routing information
directly to data-link layer switched paths.
25
Two LSRs (Label Switched Routers) which use LDP to exchange label mapping
information are known as LDP peers and they have an LDP session between them.
Figure 2.3: MPLS configuration

In figure 10, MPLS must be configured in all routers and router interfaces that are
under the MPLS domain. The interface where the customer routers are connected
need not be MPLS configured.
2.8 Configuring MPLS Mandatory part:

Configure Cisco express protocol
Router (config)# ip cef
Router (config-if)#mpls ip
Configure LDP or TDP
Router (config-if)#mpls label protocol ldp
You can use this command in global mode then you do not need to configure
in all router interface.
Router (config)# mpls label protocol ldp
2.9 Configure MPLS Optional part:

Configuring MPLS ID
Router (config)# mpls ldp router-id loopback 0 force
Configure MTU size in every router interface where MPLS traffic will be
forwarded
Router (config-if)#mpls mtu 1530
26
Normal MTU size =
1500
Ethernet header =
Ethernet tailer =
LDP header =
14
4
MPLS VPN header =
MPLS TE header =
Total MPLS MTU= 1530 [Ref. 2. ]

Note: In practical configuration I need to configure MPLS MTU 9196 otherwise
few packets are dropped in my network. I could not find
out the reason
behind that. If anyone can find out why MTU need 9196, please mail me at
biddut@link3.net
Configuring IP TTL propagation
Router (config)#mpls ip propagate-ttl
Configuring conditional label distribution
Router (config)# mpls ldp advertise-labels for prefix-access-list to peeraccess-list
for prefix-access-list:
their labels advertised
This parameter specifies which destinations should have
to peer-access-list: This parameter specifies which LSR neighbors should received

label advertisements.
Here showing one of the Link3 routers configuration and monitoring commands to
understand better
This is one of the P (Provider) routers in my network which connects other cities
routers with Dhaka network.
Current configuration: 21586 bytes
!
! Last configuration change at 20:08:07 BDT Thu Jan 22 2009 by link3
! NVRAM config last updated at 18:53:54 BDT Sun Jan 18 2009 by link3
27
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Banani_P
!
!
ip domain name link3.net
ip name-server 203.76.96.4
!
ip cef
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching tdp router-id Loopback0 force
(we use mpls ldp router-id ., but it is showing tag-switching tdp, it is IOS issue in cisco,
other vendor router shows mpls ldp)
!
interface FastEthernet0/0
description To Gulshan FON
ip address 203.76.111.130 255.255.255.252
ip flow ingress
ip ospf cost 1
load-interval 30
duplex full
mpls traffic-eng tunnels
28
tag-switching mtu 9196
tag-switching ip
ip rsvp bandwidth
interface GigabitEthernet0/2
description To Banani PE
ip address 203.76.104.29 255.255.255.252
media-type rj45
negotiation auto
tag-switching ip
!
interface GigabitEthernet0/3
description To Banani 2nd P
ip address 203.76.104.21 255.255.255.252
media-type rj45
negotiation auto
tag-switching ip
note : here tag-switching = mpls
To monitor MPLS whether it is working or not , you have to use the following commands
Banani_P#show mpls ldp parameters
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
29
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
The table describes the significant field in the display.

Banani_P#show mpls interface
Interface
IP
Tunnel Operational
GigabitEthernet0/2
Yes (ldp)
No
Yes
GigabitEthernet0/3
Yes (ldp)
No
Yes
FastEthernet0/0
Yes (ldp)
Yes
Yes
FastEthernet2/0
Yes (ldp)
Yes
Yes
FastEthernet3/0
Yes
No
No
FastEthernet4/0
Yes (ldp)
No
Yes
FastEthernet5/0
Yes (ldp)
Yes
Yes
FastEthernet6/0
Yes (ldp)
No
Yes
IP = yes means it is enable on this interface

Tunnel= yes meaning, tunnel labeling has been enabled on this interface
Operational=yes meaning, labeled packets can be sent over this interface.
Banani_P#show mpls ldp discovery

Local LDP Identifier:
203.76.127.200:0
Discovery Sources:
Interfaces:
GigabitEthernet0/2 (ldp): xmit/recv
LDP Id: 203.76.127.202:0
GigabitEthernet0/3 (ldp): xmit/recv
LDP Id: 203.76.127.204:0
FastEthernet0/0 (ldp): xmit/recv
30
LDP Id: 203.76.127.196:0
LDP Id: 203.76.127.194:0
LDP Id: 203.76.127.197:0
LDP Id: 203.76.127.216:0
LDP Id: 203.76.127.199:0
If you see the interface is showing xmit/recv that means ,it is ready for transmit and receive
LDP discovery hello packets.
Banani_P#show mpls ldp neighbor detail

Peer LDP Ident: 203.76.127.202:0; Local LDP Ident 203.76.127.200:0
TCP connection: 203.76.127.202.19143 - 203.76.127.200.646
State: Oper; Msgs sent/rcvd: 302173/301916; Downstream; Last TIB rev sent 20799
Up time: 24w3d; UID: 8; Peer Id 7;
LDP discovery sources:
GigabitEthernet0/2; Src IP addr: 203.76.104.30
holdtime: 15000 ms, hello interval: 5000 ms
The status of the LDP session is indicated by State: Oper meaning operational.
Banani_P#show mpls ldp binding
tib entry: 10.1.10.8/30, rev 154
local binding: tag: 67
remote binding: tsr: 203.76.127.202:0, tag: 85
31
tib entry: 10.1.10.12/30, rev 156
local binding: tag: 68
Banani_P#show mpls forwarding-table

Local Outgoing
Prefix
tag
tag or VC or Tunnel Id
37
Pop tag
203.76.104.24/30
38
285
10.72.1.12/30
39
Bytes tag
switched
9916801
Outgoing
Next Hop
interface
Fa0/0
203.76.111.129
4367957
Fa0/0
203.76.111.129
Pop tag
203.76.111.96/30 3805808
Gi0/3
203.76.104.22
40
Pop tag
203.76.111.104/30 4468002
Fa0/0
203.76.111.129
41
34
203.76.104.12/30 1000792
Fa0/0
203.76.111.129
42
Pop tag
203.76.111.36/30 1323002
Fa6/0
203.76.111.78
43
Pop tag
203.76.104.48/30 1398622
Fa2/0
203.76.111.82
This is MPLS LFIB table. To see the FIB table use the following command
Banani_P# sh ip cef detail
IP CEF with switching (Table Version 369940), flags=0x0
2161 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 172
18863 instant recursive resolutions, 7 used background process
2161 leaves, 277 nodes, 582032 bytes, 123869 inserts, 121708 invalidations
1 load sharing elements, 336 bytes, 1 references
universal per-destination load sharing algorithm, id CE2A2C21
32
3(0) CEF resets, 201915 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 2s)
245711 in-place/0 aborted modifications
refcounts: 75213 leaf, 71168 node
Table epoch: 0 (2161 entries at this epoch)
Adjacency Table has 73 adjacencies
11 IPv4 incomplete adjacencies
68 auto adjacencies refreshed
10.1.10.8/30, version 365088, epoch 0, cached adjacency 203.76.111.58
0 packets, 0 bytes
tag information set
local tag: 67
fast tag rewrite with Fa5/0, 203.76.111.58, tags imposed: {70}
via 203.76.111.58, FastEthernet5/0, 0 dependencies
next hop 203.76.111.58, FastEthernet5/0
valid cached adjacency
tag rewrite with Fa5/0, 203.76.111.58, tags imposed: {70}
33
Chapter 3: MPLS Traffic Engineering

3.1 : MPLS Traffic Engineering
One of the key business goals of any ISP is to pursue lower bandwidth cost. Since
the cost of raw materials that constitute an ISP and its services are common and
are public, the only way to gain any business advantage and greater market share
is to cut bandwidth cost and to extend that cost savings to the end-user.
Most modern businesses have more than one office, and generally spread over
more than one city. ISPs or data communication service providers usually connect
such offices over their networks in the respective cities. However, the providers
networks depend on Telecom operators backhauling networks for their own
interconnectivity.
These connections are over single or multiple (where
redundancy/greater bandwidth are required) E1 links. These backhauling links are
quite expensive and traffic engineering across such connections make absolute
business sense by optimizing network utilization.
The problems of IP network are:
1. IGPs (OSPF, RIP, EIGRP ) forward the packets based on shortest path or
metric. So, alternate longer and underutilized path will not be used.
2. Flow from multiple sources may go over some common link which causes
congestion.
3. To change IGP metric may have side effects.
34
Figure: destination based least-cost routing
3.2 : The problem with IGP (OSPF) Shortage

path
IGP (OSPF) does not help to reduce congestion. However, traffic engineering in
MPLS can reduce the network congestion and can effectively free up more
bandwidth. Following is an example:
Figure 12 : MPLS shortage path cannot reduce congestion.

In Figure 12, there are two paths to go from A to E. As per mentioned cost all packet
from A to E will take the path A=>B=>E because this is the shortest path. The other
path A=>C=>D=>E is unutilized. Assume A has 40 Mb of traffic for F and 40Mb
of traffic for G. As some links are 45Mbps and some are 155Mbps, so it will get
massive packet loss of approximately 44%. Changing paths will not help. Traffic can
be sent from A to F in one way and A to G in other way.
MPLS Traffic Engineered router A can compute path on properties other than just
minimum cost. MPLS TE will help to perform unequal load balancing by sending
35
most of the traffic through the shortest path and rest of the traffic to other path.
The result is no or less congestion.
3.3 : MPLS TE required Link state protocol

MPLS TE requires either OSPF or IS-IS (IGP) protocol since both the protocols are link
state protocol. MPLS TE computes paths at source and thus the source requires the
entire picture of the network (LSP) to make the routing decision. Thus, a protocol
that can send link information to the entire network is needed. Only link state
protocols flood link information to build a complete network topology. OSPF and IS-IS
have been extended to carry additional information like administrative weight,
available bandwidth and link attributes.
Traffic engineering terminology

The basic TE terminologies are
TE tunnel (LSP) is initiated from the source to destination. The source of TE

tunnel is called Head end and destination of the Tunnel is called Tail end
and all the intermediate LSR (routers) are called Mid Points.
TE tunnel (LSP) is unidirectional not bidirectional
Traffic flow always from Head end to Tail-end
Figure: 13 MPLS TE Terminology
3.5 : Minimum Traffic Engineering Configuration
36
Figure 14: Traffic engineering tunnel configuration
You have to enable TE on the head end to tail end all router in Global mode. In
figure 14, from router R1 to R9 all routers should be configured the below three
command to build the blue TE tunnel.
R1(config)# mpls traffic-eng tunnels
R1(config-if)#mpls traffic-eng tunnels
This command needed on all the routers interface of the entire LSP could pass over.
Should be enabled on R1, R2, R3, R4 and R9 all interface where the traffic pass
through.
Router(config-if)# ip rsvp bandwidth <bw1> <bw2>
[Where BW1 is tunnel reservable
bandwidth and BW2 is the
reservable Bandwidth for Tunnel using sub pool]
This is for rsvp signaling and you have to assign bandwidth how much you want to
reserve for the tunnel. Otherwise if you do not mention the bandwidth, it will take
full interface bandwidth. If it is fast Ethernet, it will take 100Mb. Should be enabled
on R1, R2,R3,R4 and R9 all interface where the traffic pass through.
Configuring IS-IS for Traffic Engineering)
Should be enable on R1,R2,R3,R4 and R9
router isis
mpls traffic-eng level <1 or 2>
mpls traffic-eng router-id loop0
metric-style wide
OR
configuring OSPF for Traffic Engineering
37
Should be enable on R1, R2, R3, R4 and R9
router ospf <process-id>
mpls traffic-eng area <area>
mpls traffic-eng router-id loopback 0
Configuring TE tunnel on head end router (R1 router)

Router(config)# interface tunnel1
(To create tunnel interface)
Router(config-if)# tunnel destination (destination IP)
Router(config-if)# tunnel mode mpls traffic-eng
(Define tunnel mode, it could be IP SEC, GRE or MPLS TE)
Router(config-if)# tunnel mpls traffic-eng bandwidth <bw1>
(This is tunnel bandwidth. Make sure tunnel bandwidth should be equal or
less than interface RSVP bandwidth which you declared in all interface of the LSP)
Router(config-if)# tunnel mpls traffic-eng autoroute announce
(This command shows the tunnel interface into IGP routing table. If you do
not use this command, routing table will not show the tunnel interface into the
routing table.)
Router(config-if)# tunnel mpls traffic-eng path-option 1 explicit name test
Router(config-if)# tunnel mpls traffic-eng path-option 2 dynamic
(You can define the traffic engineering path option, it will take the path
according to your mentioned explicit path, when that path will be down, it will take
the path from dynamic route)
Router R1(config)#ip explicit-path name test
next-address R2 IP ADDRESS
38
Unequal-cost load balancing!

I f you have two tunnels , R1=>R2=>R3=>R4 and R1=>R6=>R7=>R4 (from figure
14) you can assign the distribution of the packets to the tunnels. You can send 3
packets to tunnel 0 and 1 packet to tunnel1. Which means 66.66% traffic will go
through tunnel 0 and 33.33% traffic will go by tunnel1 .
Below configuration should be in Head end router which is R1
interface Tunnel0
tunnel destination R4
tunnel mpls traffic-eng bandwidth 3
interface Tunnel1
tunnel destination R4
tunnel mpls traffic-eng bandwidth 1
Router 1# show ip route 192.168.1.4/32 (destination IP subnets)

Routing entry for 192.168.1.4/32
Known via "isis", distance 115, metric 30, type level-2
Redistributing via isis
Last update from 192.168.1.4 on Tunnel0, 00:00:12 ago
Routing Descriptor Blocks:
* 192.168.1.4, from 192.168.1.4, via Tunnel1
Route metric is 30, traffic share count is 1
192.168.1.4, from 192.168.1.4, via Tunnel0
The destination address (192.168.1.4/32) is shown into both the tunnels
and Tunnel1 count is 1 and Tunnel0 count is 3. Which means 1 packet will
go through Tunnel1 and 3 packets will go through into tunnel 0
39
3.7 : Verify Tunnel Setup

Router1 #sh interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Description: JB-Southland-CityCell
Interface is unnumbered. Using address of Loopback0 (203.76.127.194)
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 44/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Note: Tunnel should be up and protocol should be up
Router 1#sh ip route 203.76.127.190
Routing entry for 203.76.127.190/32
Known via "ospf 100", distance 110, metric 130, type intra area
Routing Descriptor Blocks:
* directly connected, via Tunnel0
Note: Tunnel destination IP address should be via configured tunnel
40
Chapter 4: MPLS VPN (Layer 2 and Layer 3)

4.1 Introduction:
VPN technologies has made improvements in addressing concerns about security
and sharing of private information over a public network such as the internet. As a
result more companies are integrating VPN technology into their business models.
Link3 technologies Ltd one of the leading Service provider of Bangladesh is
providing the Internet and Intranet service to its valued user.Link3 has more
corporate clients like Bank, Multinational Company that has many branches across
the country. Therefore they required VPN service which Link3 is providing. Link3 is
providing traditional IP VPN to its customer.
Figure 4.1: Link3 IP Network Diagram

However, significant drawbacks still exist using the current VPN model. The most
common problems associated with VPNs are the following.
IPSec VPN needs router for VPN service.

Memory usage high at router.
Delay
41
-Serialization delay
-propagation delay
-Routing delay
Costly. User required one VPN device for this service.

Tunneling. If the quantity of branches is more than need more tunnel for the
VPN service. N(N-1)/2 tunnel required. Which configuration and maintenance
is complex
Single points of failure: Intermittent Router, CSU/DSU,last mile failure ,ISP and
backbone failures.
Security breaches
Link3 provides site-to-site IP connectivity to an existing customer base. Link3s

infrastructure is all IP based.
Recently, Link3 has been losing customers to a new competitor, XYZ, who is offering
IP MPLS VPN services. Many of Link3s customers have switched to XYZ. Link3 wants
to upgrade its network to offer MPLS VPN services. Link3 decides to upgrade its
network and provide a differentiated MPLS VPN Service to its customers.
4.2 Necessity of Multi Protocol Level Switching (MPLS):

MPLS will be more reliable than IPSec VPNs because there is less complication in the
tunneling and firewall configuration. The cost for the local loops for each choice will
be the same. The MPLS tunneling, through the carrier, will have a price tag
associated with it, but it shouldnt be more than a managed IPSec VPN service from
a carrier or more than the staff required to manage and troubleshoot an IPSec VPN.
MPLS should be more secure than IPSec VPN tunnels, if we dont allow our MPLS
circuits to connect directly to the Internet, which some carriers offer through the
carriers MPLS cloud. For the best security, use MPLS as a private network only. Used
as a private network, MPLS offers the same security as a frame relay network.
However, keep in mind that as with frame relay, data sent over an MPLS network is
not encrypted. QoS may be included with the carriers MPLS offering or it may cost
extra. Either way, with MPLS QoS, we can prioritize certain traffic all the way
through the carriers network. This is great for latency-sensitive applications, like
VoIP.
In effect, any organization looking for a highly secure, low-cost, high bandwidth,
robust networking solution for internetworking between various subunits will
immensely benefit from this cutting edge technology.
42
4.3 Possible services:

The MPLS VPN network provides a common infrastructure for carrying a wide range
of services. Some of the most popular services include:
Multimedia Services: It is possible to distribute voice, video and data across the
MPLS VPN network, just as it's done in a LAN environment. This service facilitates
the exchange of information rapidly between the various sections of the
organization.
Intra Office Voice Calls: The MPLS VPN network is capable of carrying voice calls.
It gives high priority for voice thus ensuring QoS (Quality of service). This presents
huge savings for a company, especially if the volume of intra-office calls is high.
VoIP: The MPLS VPN network can carry VoIP traffic, which may also include the
service providers' VoIP traffic.
Video Conferencing: The MPLS VPN network enables users to set up video
conferencing with certain equipment. This service is especially popular among
enterprises as it saves time and travel costs. Universities can run a virtual campus
through interactive video sessions. Interconnection among Universities can greatly
advance the cause of research and development, as well as academic progress.
Data Transfer: High-speed data transfer is possible across this network. Since this
is a dedicated network, the delay is non-perceptible and error free. This is an ideal
solution to meet all the data transfer requirements of any organization.
E-mail: By setting up e-mail servers across their Internet, companies can transfer
mail using the MPLS VPN network. This eliminates the need for any other type of
official correspondence, while at the same time ensuring prompt delivery of
information which greatly enhances the speed and efficiency of workflow within an
organization.
ERP: Many companies use ERP solutions for online business transactions with peer
companies, dealers, customers, branch offices, factories etc. Working online in this
manner requires highly robust and congestion free networks, which is made
possible by MPLS VPN networks of BSNL.
Access VPN: Employees, while on the move, may require to be constantly in touch
with their organization's database for critical information, including product
catalogue, pricing, marketing material, inventory check etc. Such users can access
their MPLS VPN network through a dial-up Internet account, irrespective of their
location.
Intranet: There is hardly any organization which does not have its own intranet for
work flow management and for meeting their information requirements. Such
43
intranet solutions can be run across the MPLS VPN network thus enabling
integration of operations across the country.
Extranet: Companies may prefer to exchange information with other similar
companies to speed up business transactions. The MPLS VPN network is capable of
providing the extranet facility by interconnecting the VPNs, depending on the
customer's requirement.
Internet: Customers preferring a common infrastructure for intranet and Internet
access can have access to the Internet via the MPLS VPN network. However, this will
be only according to the customer's preference.
Multicast: One of the important new features that MPLS VPN offers is multicasting.
This is especially useful for applications such as video conferencing and customer
specific broadcasting.
4.4 Benefits of Multi Protocol Level Switching (MPLS):

The MPLS VPN network reduces network complexity and cost. Rather than setting
up and managing individual points between each office, customers need to provide
only one connection from their office router to the service provider edge router.
Cost effective solution - Economies of scale and reaching levels of critical mass
have allowed IS to offer exceptionally competitive pricing in an aggressive ICT
market.
Reliability with built-in redundancy - With the use of Internet Solutions fully
meshed MPSL backbone as well as options between multiple access mediums offers
customers both reliability and redundancy.
Monitoring and notification Link3 run a 24x7 On Call support (Call Centre and
NMC) The Call Centre is staffed by a team of skilled engineers . Our state-of-the-art
monitoring tools, not only monitor the Link3 MPLS VPN 24 hours a day, but also our
customers last mile links connecting to the Link3 network. Should any of these
links go down or experience any faults, the Call Centre will notify the customer and
immediately begin the process of fault resolution with the relevant network
provider, continually updating the customer on the progress.
Consolidation of connectivity - With a single local loop connection into the MPLS
network a corporate can gain access to all of Link3 products and services such as
Data Services, the Internet, Security services and Info Connect.
Bandwidth optimization - With more and more customers moving towards
converged networks, the added benefit of different classes of service ensures that
customers are able to certify that their networks are optimized, both from a cost
and bandwidth utilization perspective.
44
Latest technology - Although the Link3 network is a mature, robust and stable
network, the Link3 operations engineers are continually investigating the latest
technology and industry trends, to ensure that the MPLS VPN remains a world class
service.
The MPLS VPN network also provides Layer 2 Service, which is almost like the
physical leased line. This may be preferred by enterprises who don't want to
outsource the management of their network. Moreover, the MPLS VPN network is
also capable of handling the encryption of data. The customer is free to use
encryption techniques such as Public Key/Private Key encryption, IPsec encryption
etc.
Link3 takes the following steps to successfully compete with XYZ:
Upgrades its core network to be MPLS-enabled
Uses L2 access switches to distribute Ethernet services to its customers
Hires knowledgeable network engineers to train its NOC operators and field staff
Explain to its customers the services it wants to offer
Figure 2.2: Illustrates what link3 network would look like.
45
4.4 MPLS VPN Architecture and Terminology

In the MPLS VPN architecture, the edge routers carry customer routing information, providing
optimal routing for traffic belonging to the customer for inter-site traffic. MPLS VPN is an
implementation of the peer-to-peer model; the MPLS VPN backbone and customer sites
exchange Layer 3 customer routing information, and data is forwarded between customer sites
using the MPLS-enabled SP IP backbone.
The MPLS VPN model is very similar to the dedicated PE router model in a peer-to-peer VPN
implementation.
The main components of MPLS VPN architecture are
Customer network: This is usually a customer-controlled domain consisting

of devices or routers spanning multiple sites belonging to the customer.
CE routers: which are routers in the customer network that interface with the
service provider network.
Provider network: which is the provider-controlled domain consisting of

provider edge and provider core routers that connect sites belonging to the
customer on a shared infrastructure. The provider network controls the traffic
routing between sites belonging to a customer along with customer traffic
isolation.
PE routers: which are routers in the provider network that interface or

connect to the customer edge routers in the customer network.
P routers: which are routers in the core of the provider network that interface
with either other provider core routers or provider edge routers
4.5 MPLS VPN Routing Model:

An MPLS VPN implementation is very similar to a dedicated router peer-to-peer
model implementation. From a CE router's perspective, only IPv4 updates, as
well as data, are forwarded to the PE router. The CE router does not need any
specific configuration to enable it to be a part of a MPLS VPN domain. The
only requirement on the CE router is a routing protocol (or a static/default
route) that enables the router to exchange IPv4 routing information with the
connected PE router.
In the MPLS VPN implementation, the PE router performs multiple functions. The PE
router must has the capability be of isolating customer traffic if more than one
customer is connected to the PE router. Each customer, therefore, is assigned an
independent routing table similar to a dedicated PE router in the initial peer-to-peer
discussion
The P routers are only responsible for label switching of packets. They do not carry
VPN routes and do not participate in MPLS VPN routing. The PE routers exchange
IPv4 routes with connected CE routers using individual routing protocol contexts. To
46
enable scaling the network to large number of customer VPNs, multiprotocol BGP is
configured between PE routers to carry customer routes.
4.6 Virtual Routing and Forwarding Table

MPLS uses a unique VRF instance on the provider-edge router for each connected
customer or group of customer sites, allowing customers to use either a global or
private address space in each VPN. Each customer belongs to a particular VPN, so
the only requirement is that the address space be unique within that VPN.
Uniqueness of addresses is not required among VPNs except when two VPNs that
use the same private address space want to communicate with each other.
Each virtual router is associated with:
A virtual IP routing table
A forwarding table derived from the routing table
A set of interfaces that use the derived forwarding table
Rules that control the import and export of routes from and into the VPN routing
table
A set of routing protocols and peers, which provide route information to the VPN
routing table
Router variables associated with the routing protocol used to populate the VPN
routing table
4.7: MPLS VPN Control Plane Operation

Control plane takes care of the routing information exchange and label exchange
between adjacent devices. Control plane build routing table (RIB) based on routing
protocol (OSPF, EIGRP, RIP etc). The label exchange protocol binds labels to
networks learned via a routing protocol. Label exchange protocol like LDP, TDP
(Cisco only) and BGP (used by MPLS VPN). RSVP is used by MPLS TE to accomplish
label exchange.
Figure 4.3: Control Plane Operation
47
4.8 MPLS VPN Data Plane Operation

Data plane takes care of forwarding based on either destination addresses or labels.
The data plane is also known as the forwarding plane. The Label Distribution
Protocol (LDP) in the control plane exchanges labels and store them in the LIB. This
information is then used in the data plane to provide MPLS functionality. A label is
added to the IP forwarding table (FIB) to map an IP prefix to a next hop label. A
locally generated label is added to the LFIB and mapped to a next hop label.
Figure 4.4: Data Plane Operation
4.9 Advantages of Having Chosen This Network:
Turning on MPLS in the core of its network, Link3 is able to offer very good security
due to the isolation of VRF routing (for example, only routing inside a VPN is seen
and published to the customer-connected sites). Using an L2access switch to
distribute access to its customers is a very savvy choice. L2 Access Ethernet has an
excellent ROImodel, and advanced QoS can be applied to customer traffic to
guarantee QoS.
Defining the Services That Link3 Wants to Offer
Link3 Technologies Ltd. can define all details of the service deployment in MPLS
VPN Policy. Link3 decides to offer
MPLS VPN services with the following parameters:
L2 access into MPLS VPN
BGP/OSPF/Static is the default protocol for PE-CE connection
VLAN ID will be manual-allocated for customers
IP Addresses for PE-CE connections will be manual-assigned
48
Turning Up MPLS VPN Service

Customer (AB BANK) Order Form:
March 31, 2009
HO/WONO-120/070/2009
Link3 Technologies Ltd.
BULU Ocean Tower 16th Floor
40 Kemal Attaturk Avenue
Banani,Dhaka
Dear Sir,
Subject: Work Order for Layer2 and Layer 3 Connectivity from AB BL Head
Office to ABBL selected branches.
Please refer to Offer letter dated March 20, 2009 on the above subject and
subsequent discussion and negotiation with us, you are hereby awarded to install
connectivity from ABBL Head Office to ABBL Selected branches.
We shall request submit installation schedule within 7 (seven) days from the date of
receiving the work order.
Branch Name
Bandwidth
AB Bank HO
As required
Branch X
128 kbps
Branch Y (CTG)
128 kbps
Branch Z (Sylhet)
128 kbps
49
Figure 4.5: AB Bank MPLS implementation

Customer Deployment of MPLS VPN
The MPLS VPN Service Policy for this customer is defined below:
BGP/OSPF/Static as PE-CE protocol
Redistribute connected on the CE, redistribute OSPF from the CE
Manual-Allocation VLAN for the L2 access domain
Manual assignment of IP address for the PE-CE connection
Link3 is also offering its customers the option of managed CEs (for example, the
customer premises equipment is owned by the service provider, but is leased by the
customer). Deployment is as follows:
1. Link3 receives an order form with the two sites to be connected and the network
elements closest to sites Sylhet and Chittagong.
2. Link3 selects the MPLS VPN service policy defined for this customer.
3. Link3 selects both sites Sylhet and Chittagong as MPLS VPN hubs.
4. Link3 activates the service.
5. An IP address is allocated for the PE-CE connection (for example, this IP address
is taken out of the IP address pool associated with the PE in this case). This IP
address allocation is performed for both sites.
6. Collects just-in-time configuration from all the network elements that are involved
in the service.
7. Applies the generated IOS CLI Configuration to all the devices participating in the
service.
8. Uploads the configuration to verify that the configuration that got downloaded is
actually present in the network elements. This phase of the service activation is
called Configuration Audit.
9. After a configurable time proceeds with a Functional Routing Audit to verify the
routing information has actually propagated as the customer requested.
50
If Link3s customer wants to add more sites to their VPN, this is as easy as adding
additional attachment legs to the exiting service and redeploying the service.
ANNEX 1
CE ROUTER CONFIGURATION
MPLS Layer 3 VPN:
Router CE1: Bank A HO
description Connected To ISP-A
ip address 10.31.32.1 255.255.255.252
Router CE3: Bank A Br-1
ip address 10.31.32.5 255.255.255.252
Router CE2: Bank A Br-2
ip address 10.31.32.9 255.255.255.252
MPLS Layer 2 VPN:
Router CE4: Bank B DC
description Connected To DR through ISP-A
ip address 10.32.33.1 255.255.255.252
Router CE5: Bank B DR
description Connected To DC through ISP-A
ip address 10.32.33.2 255.255.255.252
51
PE ROUTER CONFIGURATION
Router PE1:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
ip cef
mpls ip
mpls ldp router-id loopback0 force
description Connected to P
ip address 10.20.30.2 255.255.255.252
mpls ip
mpls mtu 9196
Router ospf 10
network 10.10.10.10 0.0.0.0 area 0
network 10.20.30.0 0.0.0.3 area 0
Router PE2:
interface Loopback0
ip address 12.12.12.12 255.255.255.255
ip cef
mpls ip
mpls ldp router-id loopback0 force
description Connected to P
ip address 10.20.30.6 255.255.255.252
mpls ip
52
mpls mtu 9196
Router ospf 10
network 12.12.12.12 0.0.0.0 area 0
network 10.20.30.4 0.0.0.3 area 0
MPLS Layer 3 VPN:
Router PE1:
ip vrf Bank_A_HO
rd 2:11
route-target export 2:12
route-target import 2:11
ip vrf Bank_A_Br
rd 2:10
interface FastEthernet0/0.2
description Connected To Bank A HO - CE1
encapsulation dot1Q 2
ip vrf forwarding Bank_A_HO
ip address 10.31.32.2 255.255.255.252
description Connected To Bank A Br-1 - CE3
ip vrf forwarding Bank_A_Br
ip address 10.31.32.6 255.255.255.252
router bgp 64512
53
no synchronization
bgp log-neighbor-changes
neighbor 11.11.11.11 remote-as 64512
neighbor 11.11.11.11 update-source Loopback0
neighbor 11.11.11.11 next-hop-self
no auto-summary
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community both
exit-address-family
address-family ipv4 vrf Bank_A_HO
redistribute connected
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf Bank_A_Br
no auto-summary
no synchronization
exit-address-family
Router P:
54
router bgp 64512
no synchronization
no auto-summary
exit-address-family
Router PE2:
ip vrf Bank_A_Br
rd 2:10
description Connected To Bank A Br-2 - CE2
ip vrf forwarding Bank_A_Br
ip address 10.31.32.10 255.255.255.252
55
router bgp 64512
no synchronization
no auto-summary
exit-address-family
address-family ipv4 vrf Bank_A_Br
no auto-summary
no synchronization
exit-address-family
MPLS Layer 2 VPN:
Router PE1:
description Connected To Bank B DC
56
mpls l2transport route 12.12.12.12 4
Router PE2:
description Connected To Bank B DR
mpls l2transport route 10.10.10.10 4
57
Chapter 5:
Virtual Private LAN Service (VPLS)
5.1 Introduction
VPLS is a type of layer 2 VPN that supports the connection of multiple sites in a
single bridged domain over a managed IP/Multi-protocol Label Switching (MPLS)
network. In a VPLS, the Ethernet LAN at each customer site is extended as far as the
edge of the provider network. The provider network then emulates the function of a
LAN switch or bridge to connect the entire customer LANs to create a single bridged
(Ethernet) LAN.
Fig: 5.1 VPLS
Many network managers wish to connect their geographically isolated locations with
any-to-any, full-mesh service. This is difficult for service providers to achieve with
existing IP network. Virtual Private LAN Service (VPLS) has emerged to meet this
need. VPLS uses Multiprotocol Label Switching (MPLS) to offer multipoint Ethernet
connectivity over a mesh of logical circuits or tunnels, with the added benefits of
Traffic Engineering (TE), resilience, and failover. VPLS enables carriers and service
providers to offer managed Ethernet VPN services easily and cost effectively. From
the service providers point of view, use of IP/MPLS routing protocols and procedures
instead of the Spanning Tree Protocol, and MPLS labels instead of VLAN IDs,
significantly improves the scalability of the VPLS service.
58
5.2 VPN to VPLS

Virtual Private Networks (VPN) have developed rapidly since their introduction in the
early 1980s when they were built using dedicated leased lines. Frame relay, which
was introduced in the 1990s, is today the predominant VPN offering worldwide. After
the introduction of Multi Protocol Label Switching (MPLS) in the late 1990s, a
number of new VPN types were defined. The service providers acceptance of MPLS
as the network convergence technology of choice led to offer easy service delivery
within service providers networks as well as service delivery to the users. The
various types of MPLS-based VPN can be classified in a number of ways. One simple
way is to base the classification on the service being offered to the customer.
Typically this is either a layer 2 [1,2] or a layer 3 point-to point service or multipoint
service. This results in the following interesting VPN types: [Ref: 5.1]
Layer 3 VPNs or Internet Protocol (IP) VPNs; these are often referred to
as Virtual
Private Routed
Networks (VPRN).
Layer 2 point-to-point VPNs, which basically consist of a collection of
separate Virtual Leased Lines (VLL) or Pseudo Wires (PW).
Layer 2 multipoint VPNs, or Virtual Private LAN Services (VPLS).
VPLS technology began in mid-2001, when various service providers that were
evaluating the possibility of deploying Metro Ethernet services. They correctly noted
that Ethernet switching technologies developed up to that point were deficient in
providing network services that could support the SLA characteristics comparable to
existing traditional WAN services, such as Frame Relay, T-1/E-1 and ATM.
These service providers required a technology that could support multipoint data
services (transparent LAN services) over an infrastructure that provided traffic
engineering, high availability, and OAM (Operations, Administration, and
Maintenance) characteristics similar to their existing services. The obvious
technology direction to investigate was MPLS, and specifically EoMPLS.
In mid-2001, several drafts that described VPLS were submitted to the IETF by
various authors and sponsors. By the end of that year, there were at least five
different VPLS drafts submitted to the IETF. For VPLS to be seriously adopted, it
would be necessary for these different drafts to be united and distilled into a single
draft. The next 12 months the different VPLS draft authors worked hard to find
common ground for a single draft. In July 2002, a unified draft was submitted to IETF
that consolidated most, but not all, of the VPLS IETF drafts. As of late 2003, there
are two different VPLS IETF drafts.
Perhaps the most significant difference between these two drafts is the mechanisms
they recommend for auto discovery and signaling. It remains to be seen if and when
59
this difference will be resolved. Significant progress has been made over the past
two years in the development of VPLS standards. Evidence of this progress is that
independent testing labs have conducted several interoperability demonstrations of
VPLS. [Ref: 5.2]
5.3 Other L2VPN and VPLS
Fig: 5.2 L2VPN and VPLS
5.4 IP VPNs and Ethernet VPLS Services

In IP VPN Point to point IPSec tunnels over a public or private Internet connection
build a secure and encrypted network.
60
Fig: 5.3 IP VPN Tunnels
On the other hand virtual private LAN service (VPLS) over a carrier Ethernet network
provides a WAN that is configured like a LAN. Customers maintain complete control
over their routing, and since all the customer routers in the VPLS are part of the
same subnet (LAN), the result is a simplified IP addressing plan, especially when
compared to a mesh constructed from many separate point-to-point connections.
Fig: 5.4 VPLS
The service provider also have benefits from reduced complexity to manage the
VPLS service since it has no awareness or participation in the customers IP
addressing space and routing.
5.5 Benefits and Limitations of VPLS

The main benefits of Ethernet VPN services based on VPLS include the following:
Metro connectivity - they are ideal for connecting multiple sites within
a Metro area, and can be deployed as an alternative or complement to
traditional LAN-to-LAN services.
Cost effective - VPLS allows service providers to benefit from Ethernet's
low cost, simplicity and ubiquity without sacrificing scalability,
reliability, traffic engineering and SLAs provided by MPLS. Not
demanding on PE routers - VPLS is less demanding for PE routers, as
they do not have to maintain multiple private routing tables, one for
each customer's network.
Multi protocol - they can handle legacy traffic such as SNA or IPX as
well as IP traffic, and so are better suited to customers who depend on
legacy protocols to operate their businesses.
61
Private routing domain - they do not require the customer to share

information about their private network's routing domain with the
service provider's PE router.
Simpler CE device - as customer routing information does not need to
be shared with the PE router, the CE can a simpler device such as an
Ethernet switch, bridge or hub.
Separation - VPLS provides a clear separation between the customer's
private network and the service provider's network, particularly when
using routers as the CE device.
Dynamic signaling - they can use MPLS to specify dynamic signaling of
new paths, allowing traffic to be quickly switched to a predetermined
backup path, or to a backup path calculated on the fly.
End-to-end QoS - as VPLS is based on MPLS, traffic engineering can be
used to give different levels of QoS, for example a dedicated service
with guaranteed bandwidth and low latency for VoIP.
Access to IP VPN service - they can be used to carry traffic across the
Metro to access IP VPN services in the backbone, which can be
configured to carry the traffic between multiple Metros.
Easy to manage - they are simpler and less costly to provision and
maintain, leading to a significant reduction in operating costs (Opex).
Metro Ethernet integration - VPLS can be integrated easily with other
Metro Ethernet services such as Internet access, Web services, and
backup and recovery services.
Management integration - they integrate easily with existing Layer 2
services such as Frame Relay and ATM, with the potential to provide a
single infrastructure with future service inter-working.
Although the CE device can be either a router or a switch, there are some potential
issues that should be considered. Using Ethernet switches as the CE device allows
multiple MAC addresses to be supported per site. However, this could create
scalability problems unless the service provider implements MAC limiting per
customer. Also, a mal-functioning CE switch could flood the service provider's
network with runaway broadcast and multicast traffic. Using a router as the CE
device places a limit of one MAC address per site and provides a clean service
demarcation between customer and service provider. It also eliminates the
possibility of unnecessary broadcast and multicast traffic. As most customers
already use routers to connect multiple sites together, VPLS enables them reduce
the management overhead of managing connections on a per site basis.
Ethernet VPNs based on VPLS do have some limitations, including the following:
62
Auto discovery - VPLS does not support automatic discovery of PEs

based on LDP, which is used by VPLS to define how to establish multipoint Ethernet circuits between sites.
Address summarization - VPLS cannot use summarization to cope with
large numbers of MAC addresses, as unlike IP addresses, MAC
addresses do not have any hierarchy.
Scalability - VPLS uses MPLS tunnels to create a fully meshed network
and therefore potentially requires a very large number of individual
connections. [Ref:5.3]
5.6 Requirements for VPLS

VPLS is a service that emulates an Ethernet LAN. The need for VPLS arose because
MPLS VPN is a service that is IP centric. No other Layer 3 traffic can be carried
across the MPLS backbone with this service. Any Transport over MPLS (AToM) allows
carrying all Layer 3 protocols as AToM carries the Layer 2 frames across the MPLS
backbone; thus, AToM is not limited to carrying IP. The disadvantage of AToM is that
it is point-to-point. Between each pair of PE routers is a pseudowire (two LSPs, one
for each direction) that carries the Layer 2 frames. Metro Ethernet networks have
seen a tremendous rise in popularity in the past few years because Ethernet is
cheap, flexible, omnipresent, and easy to provision.
If a customer wants to connect his Ethernet segments from different sites across an
MPLS backbone from a service provider, he could use the EoMPLS service, but that
would connect the segments in a point-topoint fashion. If the different Ethernet
sites are located in proximity, the customer could connect them by deploying an
Ethernet switch between the segments. The Ethernet switch would forward the
unicast frames and replicate the packets to different outgoing ports for the
forwarding of multicast and broadcast frames. If the different sites are not in close
proximity, a switch could not be put directly between the different sites to
interconnect the sites at Layer 2. VPLS would provide that functionality by
emulating an Ethernet LAN or acting as a logical bridge over MPLS. The VPLS service
that runs over MPLS emulates an Ethernet switch that has different ports leading to
the different Ethernet sites. A port can be a physical Ethernet port or a pseudowire.
[Ref:5.4]
Hardware requirement:
63
CEAny Ethernet devices
PECisco 7600 Series Router or later
Following E-series routers by Juniper support VPLS with E-series interface
module:
E320 router
ERX-1440 router
ERX-1410 router
ERX-710 router
ERX-705 router
ERX-310 router
5.7 VPLS vs. IPVPN

In IPVPN as VPN tunnels are only point to point provider needs to create individual
tunnels for each VPN connection. In full mesh for n numbers of site require n (n-1)/2
number of VPN tunnels. Other hand in VPLS a single connection required for each
site as VPLS is Point to multipoint. In the case of VPLS, customers maintain
complete control over their routing, and since all the customer routers in the VPLS
are part of the same subnet (LAN), the result is a simplified IP addressing plan,
especially when compared to a mesh constructed from many separate point-topoint connections. The service provider also benefits from reduced complexity to
manage the VPLS service since it has no awareness or participation in the
customers IP addressing space and routing. VPLS also offers some additional
advantages:
A transparent, protocol independent service
LAN/WAN Ethernet interface on the customer router,

complexity and total cost of ownership
No Layer 2 protocol conversion between LAN and WAN technologies
No need to train personnel on WAN technologies such as frame relay since

there is no need to design, manage, configure and maintain separate WAN
access equipmen
which reduces
64
Complete customer control over their routing (unlike IP-VPNs), a clear

demarcation of functionality between service provider and customer that
makes troubleshooting easier
No need for the service provider to train technicians to deal with customer
routing issues
Ability to add a new site without configuration of the service providers

equipment or the customer equipment at existing sites
Fig: 5.5 Sample network with IPVPN and with VPLS with MPLS Backbone
5.8 Basic VPLS Configuration

For PE1
PE1(config)# mpls ip
PE1(config)# mpls vpls a
PE1(config-vpls)# vpn-id 100
PE1(config-vpls)# peer 2.2.2.2
PE1(config-vpls)# exit
PE1(config)# mpls vpls b
PE1(config-vpls)# vpn-id 200
PE1(config-vpls)# exit
PE1(config)# interface loopback0
PE1 (config-if-loopback0)# ip address 1.1.1.1 255.255.255.255
PE1 (config-if-loopback0)# exit
PE1 (config)# interface fastethernet 0
65
PE1 (config-if-fastethernet0)# mpls ip
PE1 (config-if-fastethernet0)# mpls vpls a
PE1 (config-if-fastethernet0)#exit
PE1 (config-if-fastethernet1)# mpls vpls b
PE1 (config-if-fastethernet1)# exit
PE1 (config)# router ospf 1

PE1 (config-ospf)# network 1.1.1.1 0.0.0.0 area 0
PE1 (config-ospf)#exit
PE1 (config)# mpls ldp
PE1 (config-ldp)# router-id 1.1.1.1
PE1 (config-ldp)# transport-address 1.1.1.1
PE1 (config-ldp)#exit
For PE2
PE2 (config)# mpls ip
PE2 (config)# mpls vpls a
PE2 (config-vpls)# vpn-id 100
PE2 (config-vpls)# peer 1.1.1.1
PE2 (config-vpls)# exit
PE2 (config)# mpls vpls b
PE2 (config)# interface loopback0
66
PE2 (config-ldp)#exit
For PE3
PE3 (config)# mpls ip
PE3 (config)# mpls vpls a
PE3 (config)# mpls vpls b
PE3 (config)# interface loopback0

PE3 (config-ldp)#exit [Ref:5.5]
5.9 Hierarchical VPLS

With Hierarchical VPLS (H-VPLS), the PE routers are no longer directly attached to
67
the customer equipment. Hierarchy is introduced by adding another layer in the
access layer toward the customer equipment. H-VPLS has two forms:
H-VPLS with MPLS in the access layer
H-VPLS with dot1q tunneling in the access layer
Fig: 5.6 Hierarchical VPLS
The N-PE routers are network-facing PE routers, whereas the U-PE routers are userfacing PE routers. The hierarchy provides the benefits of less signaling in the MPLS
core network and less packet replication on the N-PE routers. The U-PE routers have
an aggregation role and do some packet replication and MAC address learning.
[Ref:5.6]
H-VPLS with MPLS in Access Layer
Fig: 5.7 H-VPLS with MPLS in Access Layer
With MPLS in the access layer, point-to-point virtual circuits will exist between the
N-PEs and U-PEs. We need to disable the default split-horizon behavior on the N-PEs
because an N-PE must forward Layer 2 frames received on the pseudowires from
another N-PE onto the pseudowires toward the U-PEs and vice versa.
H-VPLS with Dot1q Tunneling (QinQ) in Access Layer
68
Fig: 5.8 H-VPLS with Dot1q Tunneling (QinQ) in Access Layer
In H-VPLS with Dot1q Tunneling customer VLANs encapsulated into another VLAN
(the provider VLAN, or P-VLAN), allowing a multi-VLAN switched customer network
to be transparently transported between multiple sites connected to an MPLS
network. This P-VLAN is mapped to one VFI on the N-PE router. If the CE equipment
is a router, configure the Ethernet interface toward the PE router as a trunk
interface by configuring 802.1Q subinterfaces, each with a specific VLAN number. If
the CE equipment is an Ethernet switch, configure the Ethernet interface toward the
PE router as an 802.1Q trunk interface with a certain number of VLANs
5.10 Conclusion
VPLS is one of the most exciting emerging VPN services. It offers enterprise
customers exactly what they need for intersite connectivity: protocol transparency,
scalable and granular bandwidth from 64 Kb/s to 1 Gb/s, fast service activation and
provisioning, and a simplified LAN/WAN boundary. VPLS also enables service
providers to deliver a scalable VPN service offering that can be combined with
Internet access on a consolidated IP/MPLS infrastructure. VPLS has received
widespread industry support from both vendors and service providers
Finally, it is important to remember that VPLS is still a new technology. The use of L2
VPN services based on VPLS technology is still in its childhood. Yet it is complex and
costly. The VPLS functionality from all vendors are based on implementations using
network processors, not application-specific integrated circuits (ASICs), because the
draft standards have only evolve in a period of time that would be less than the
development window for an ASIC implementation.
69
Chapter 6: Pseudo wire

6.1 Introduction
A pseudo wire is a logical connection between two provider edge (PE) devices that
connects two pseudo-wire end-services. The pseudo wires carry the customer Layer
2 traffic from edge to edge across the packet-switched backbone network. The
pseudo wire is a connection between the PE routers and emulates a wire that is
carrying Layer 2 frames. Pseudo wires use tunneling.
Two solutions are available for transporting Layer 2 frames across a packet-switched
network (PSN):
Carry the traffic across an MPLS backbone, which is the Any Transport over
MPLS (AToM) solution.
Carry the traffic across an IP backbone, which is the Layer 2 Tunneling

Protocol version 3
(L2TPv3) solution.
Both the AToM and L2TPv3 solutions use the same architecture, but the network that
is carrying the service is different. The architecture is based on pseudo wires. The
Layer 2 frames are encapsulated into an IP packet in L2TPv3 and labeled in MPLS.
The result is that the specific Layer 2 serviceits operation and characteristicsis
emulated across a PSN. [Ref: 6.1]
70
Figure: 6.1 Layer 2 VPNs
6.2 Supported Transport Types

AToM enables the following types of Layer 2 frames and cells to be directed across
an MPLS backbone:
Ethernet, Ethernet VLAN

Frame Relay
ATM Adaption Layer Type-5 (AAL5)
ATM cell relay
Point to Point Protocol (PPP)
High-Level Data Link Control (HDLC)
6.3 Like to like and any to any

Layer 2 VPN is possible with like-to-like attachments circuits (ACs) such as HDLC-toHDLC. It is also possible in AToM to establish pseudo were between different types of
attachment circuits like Ethernet-to-PPP and so on. This function of translating
different Layer 2 encapsulations is also called L2 VPN Interworking. L2 VPN
Interworking, therefore, provides service providers with the ability to interconnect
sites using different transport mediums on a common infrastructure. The common
infrastructure is the MPLS backbone, which facilitates the interworking functionality
of translating between various Layer 2 technologies. The L2 VPN Interworking
feature supports Ethernet, 802.1Q (VLAN), Frame Relay, ATM AAL5, and PPP
attachment circuits over MPLS.
6.4 Layer 2 VPN Model

Virtual Private LAN Service (VPLS) is designed for applications that require
multipoint or broadcast access. It uses Layer 2 architecture to offer multipoint
Ethernet VPNs. Virtual Private Wire Service (VPWS) are only for point-to-point Layer
2 services.
71
Various pseudo-wire technologies used in Layer 2 VPN networks:
Figure: 6.2 Layer 2 VPN Model
6.5 Pseudo Wire Reference Model

A common network reference model can be applied to illustrate the general
properties of pseudo wire and other network components in the pseudo wire
emulation architecture.
Figure: 6.3 Pseudo wire Emulation Network Reference Model
A provider edge (PE) device is in the service provider administrative domain. It

provides pseudo wire emulation service to a customer edge (CE) device that
belongs to the administrative domain of the customer.
One or more attachment circuits are used to connect a CE to the PE. An attachment
circuit can be an Ethernet port, an Ethernet VLAN, a PPP session, a High-Level Data
Link Control (HDLC) link, a Frame Relay data-link connection identifier (DLCI), an
ATM virtual path identifier (VPI)/virtual connection identifier (VCI), and so on.
72
A pseudo wire is a virtual circuit between two PE devices that interconnects two
attachment circuits. We can set it up through manual configuration or automatic
signaling. After establish a pseudo wire between two PE devices, native frames
received from an attachment circuit are encapsulated into pseudo wire PDUs and
sent over pseudo wire to the peering PE. When pseudo wire PDUs arrive at the
receiving PE device, they are changed back into the native form and forwarded to
the corresponding attachment circuit.
Provider (P) devices form the packet-switched core network and are transparent to
CE devices. They are unaware of pseudo wires and pseudo wire traffic, which PE
devices manage. This kind of transparency alleviates the design complexity of the
core network. Therefore, we can optimize the core network for core routing and
packet forwarding performance without being constrained by the complexity of
edge services. This transparency also helps to scale the number of emulated
circuits. We need to provision only the edge devices for new circuits; we can leave
the core devices alone. [Ref: 6.2]
6.6 Requirements for AToM

AToM is the Cisco name for the Layer 2 transport service over an MPLS backbone.
The customer routers interconnect with the service provider routers at Layer 2
(Ethernet, High-Level Data Link Control [HDLC], PPP, ATM, or Frame Relay). This
eliminates the need for the legacy network from the service provider carrying these
kinds of traffic and integrates this service into the MPLS network that already
transports the MPLS VPN traffic.
AToM is an open standards-based architecture that uses the label switching
architecture of MPLS and can be integrated into any network that is running MPLS.
The advantage to the customer is that they do not need to change anything. Their
routers that are connecting to the service provider routers can still use the same
Layer 2 encapsulation type as before and do not need to run an IP routing protocol
to the provider edge routers as in the MPLS VPN solution. As such, the move from
the legacy network that is running ATM or Frame Relay to the network that is
running AToM is completely transparent to the customer.
The service provider does not need to change anything on the provider (P) routers
in the core of the MPLS network. The intelligence to support AToM sits entirely on
the PE routers. As such, the core and edge technologies (MPLS and AToM,
respectively) are decoupled. The core label switching routers (LSRs) only switch
labeled packets, whereas the edge LSRs impose and dispose of labels on the Layer
2 frames. This is similar to the MPLS VPN solution, in which the P routers switch only
labeled packets and the PE routers need the intelligence to impose and dispose of
labels on the IP VPN traffic from the customers. [Ref: 6.3]
Hardware requirement:
73
PE-
Cisco 7600 Series Router or later [Ref: 6.4]
Following E-series routers by Juniper support VPLS with E-series

interface module:
E320 router
ERX-1440 router
ERX-1410 router
ERX-710 router
ERX-705 router
ERX-310 router
6.7 Benefits of Using AToM

MPLS AToM has the following benefits.[Ref: 6.5]
A unified network for Layer 2 and Layer 3 VPNs means lower infrastructure
and maintenance costs for the service provider. Using an IP or MPLS
backbone enables the service provider to offer Layer 2 VPN services along
with IP and Layer 3 VPNs in the same network. The service provider can
support VPN traffic with other traffic (e.g. Internet) on a single infrastructure.
Customer sites are independent of the service provider backbone, so

problems on a customer network will not affect the backbone. The service
provider backbone is more reliable when it is separate from the customer
network.
Because MPLS uses frames or cells, it can work in IP over ATM networks and
IP over MPLS networks. MPLS is agnostic in its ability to accommodate
protocols. Therefore, service providers can run IP over ATM networks and
incrementally implement MPLS to their network. Adding MPLS to the network
in phases can be a better alternative in many situations than having to make
a complete conversion all at once.
Upgrading to AToM is transparent to the customer. Because the service

provider network is separate from the customer network, the service provider
can upgrade to AToM without disruption of service to the customer. The
customers assume that they are using a traditional Layer 2 backbone.
AToM can be combined with QoS and Traffic Engineering to build new revenue
generating services such as virtual leased lines that mimic existing Layer 2
services (ATM, Frame Relay) without compromising the scalability and
flexibility of the MPLS networks on which they run.
74
6.8 Any Transport over MPLS

Figure shows how a packet travels from Site 1 to Site 2 in a VPN, using the IP/MPLS
backbone. [Ref: 6.6]
Figure: 6.4 Packets Transported across an IP_MPLS Backbone
The following process shows a packet traveling from a CPE router on the left side of
the network (Site 1) across the service provider network, to a CPE router on the
right side (Site 2).
1. Packets flow from Site 1 to PE1 on the edge of the service provider network
through a traditional Layer 2 virtual circuit, in this case a Frame Relay circuit.
2. In the service provider network, an operator configures a label switched path
(LSP) from PE1 to PE2.
3. For AToM, the operator configures:
a. At PE1, a cross-connect between Attachment VC 101 and Emulated
VC1 (shown as VC Label 10 above), and the destination PE to be PE2
b. At PE2, a cross-connect between Emulated VC1 and Attachment VC
201, and the source PE to be PE1
Note: No AToM configuration is required on the P routers.
4. At PE1 the following events then take place:
a. An incoming packet on the PE router is stripped of the layer 2 header.
b. A control word and Emulated VC label [10] are pushed onto the packet.
c. An appropriate network facing interface is selected
75
d. An LSP tunnel label [50] is pushed (for normal MPLS routing through
the cloud)
5. The control word and the emulated virtual circuit label are pertinent only to
the PE routers. The routers within the MPLS backbone (the P routers) do not
use the control word or the virtual circuit label. Instead, the P routers use the
LSP tunnel labels [50 & 90] to move the packet through the MPLS backbone.
A P router does not distinguish AToM traffic from other types of traffic. The
packet is handled just like other packets in the MPLS backbone.
6. The packet is sent through the service provider network to PE2.
7. The following events take place on the egress router PE2.
a. The Emulated VC label [10] is stripped.
b. The control word is processed and stripped.
c. The Layer 2 header is reconstructed for Attachment VC DLCI 201.
d. The packet is sent out the appropriate customer-facing interface.
Note: No tunnel label is present in the network-facing side of the router because
that label was popped by the penultimate P router.
8. PE2 connects to Site 2 through a traditional Layer 2 virtual circuit, in this case
an Frame Relay circuit.
6.9 Establishing AToM Pseudowires

Typically, two types of LDP sessions are involved in establishing AToM pseudowires.
They are the nontargeted LDP session and the targeted LDP session. The
nontargeted LDP session that is established through LDP basic discovery between a
PE router and its directly connected P routers is used to distribute tunnel labels. The
label distribution and management of tunnel labels pertains to the deployment
model of the underlying MPLS network. It can be some combination of downstream
on-demand or unsolicited label advertisement, independent or ordered control, and
conservative or liberal label retention. Neither pseudowire emulation nor AToM
dictates any particular label distribution and management mode for tunnel labels. In
some MPLS deployment scenarios, tunnel LSPs are set up through Resource
Reservation Protocol Traffic Engineering (RSVP-TE) instead of nontargeted LDP
sessions.
The other type of LDP sessions are established through LDP extended discovery
between PE routers. These sessions are known as targeted LDP sessions because
they send periodic Targeted Hello messages to each other. Targeted LDP sessions in
the context of pseudowire emulation distribute pseudowire labels. IETF documents
on pseudowire emulation over MPLS specify the use of downstream unsolicited label
advertisement. In Cisco IOS Software, AToM uses independent label control and
liberal label retention to improve performance and convergence time on pseudowire
signaling.
76
Example of AToM deployment.
Figure: 6.5 AToM Deployment Model.JPG
The following steps explain the procedures of establishing an AToM pseudowire:

1. A pseudowire is provisioned with an attachment circuit on PE1.
2. PE1 initiates a targeted LDP session to PE2 if none already exists. Both PE
routers receive LDP Keepalive messages from each other and complete the
session establishment. They are ready to exchange pseudowire label bindings.
3. When the attachment circuit state on PE1 transitions to up, PE1 allocates a local
pseudowire label corresponding to the pseudowire ID that is provisioned for the
pseudowire.
4. PE1 encodes the local pseudowire label into the Label TLV and the pseudowire ID
into the FEC TLV. Then it sends this label binding to PE2 in a Label Mapping
message.
5. PE1 receives a Label Mapping message from PE2 and decodes the pseudowire
label and pseudowire ID from the Label TLV and FEC TLV.
6. PE2 performs Steps 1 through 5 independently.
7. After PE1 and PE2 exchange the pseudowire labels and validate interface
parameters for a particular pseudowire ID, the pseudowire with that pseudowire
ID is considered established.
If one attachment circuit on one PE router goes down, a Label Withdraw message is
sent to the peering PE router to withdraw the pseudowire label that it previously
advertised.
6.10 The Basic VPLS Configuration:

The basic configuration for AToM is pretty straightforward. First select the
encapsulation type of the customer-facing (CE-facing) interface on the PE with the
following command:
77
Router(config-if)# encapsulation encapsulation-type
Then enable AToM by specifying the xconnect command on the CE-facing interface,
as follows:
Router(config-if)# xconnect peer-router-id vcid encapsulation mpls
The peer-router-id is the LDP router ID of the remote PE router. The vcid is the
identifier that assign to the pseudo wire. The VCID has to be unique per pair of PE
routers. As soon as we configure this command on the interfaceon both PE routers
the targeted LDP session is established between the two PE routers. The
specification of the MPLS encapsulation is optional, because we can also specify it in
the pseudo wire class. The pseudo wire class is not required on the PE router to
configure AToM, but it is necessary if we need to specify more than just the
encapsulation to be MPLS. In the pseudo wire class, we can specify certain
characteristics of the pseudo wires. Interworking, preferred-path, and sequencing
are such configurable characteristics, besides the encapsulation type. The only
other encapsulation type available besides MPLS is L2TPv3. [Ref: 6.7]
Figure shows a basic example of an AToM network with two PE routers that provide
an AToM service to the two CE routers, CE1 and CE2. The transported Layer 2
protocol is HDLC.
Figure: 6.5 AToM Example for HDLC
Basic AToM Configuration of PE1 and PE2

PE1#
!
78
mpls ldp router-id Loopback0 force
pseudowire-class one
encapsulation mpls
!
interface Serial0/1/0
no ip address
encapsulation hdlc
xconnect 10.200.254.4 100 pw-class one
!
PE2#
!
mpls ldp router-id Loopback0 force
pseudowire-class one
encapsulation mpls
!
interface Serial4/0/0
no ip address
encapsulation hdlc
xconnect 10.200.254.1 100 pw-class one
!
The default encapsulation for a serial interface in Cisco IOS is HDLC, so it is normally not
displayed in the configuration.
Verifying AToM on PE1 and PE2
PE1#show mpls l2transport vc 100
Local intf
Local circuit
Dest address
VC ID
Status
79
-------------
-------------------- ---------------
Se0/1/0
HDLC
---------- ----------
10.200.254.4
100
UP
PE1#show mpls l2transport vc 100 detail

Local interface: Se0/1/0 up, line protocol up, HDLC up
Destination address: 10.200.254.4, VC ID: 100, VC status: up
Output interface: Et0/0/0, imposed label stack {19 23}
Preferred path: not configured
Default path: active
Tunnel label: 23, next hop 10.200.200.2
Create time: 01:11:35, last status change time: 00:03:31
Signaling protocol: LDP, peer 10.200.254.4:0 up
MPLS VC labels: local 24, remote 19
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
VC statistics:
packet totals: receive 54, send 44
byte totals: receive 4964, send 4483
packet drops: receive 0, send 0
PE2#show mpls l2transport vc 100
Local intf
Local circuit
------------- --
--------------------- --------------- ----- ----- --- -------
Se4/0/0
Dest address
HDLC
VC ID
10.200.254.1
Status
100
PE2#show mpls l2transport vc 100 detail

Local interface: Se4/0/0 up, line protocol up, HDLC up
Destination address: 10.200.254.1, VC ID: 100, VC status: up
Preferred path: not configured
Default path: active
UP
80
Tunnel label: 22, next hop point2point
Output interface: Se5/0, imposed label stack {22 24}
Create time: 00:12:23, last status change time: 00:03:51
Signaling protocol: LDP, peer 10.200.254.1:0 up
MPLS VC labels: local 19, remote 24
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Sequence number: receive 0, send 0
VC statistics:
packet totals: receive 50, send 64
byte totals: receive 4578, send 6984
packet drops: receive 0, seq error 0, send 0
PE1#show mpls l2transport binding 100
Destination Address: 10.200.254.4, VC ID: 100
Local Label: 24
Cbit: 1, VC Type: HDLC, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV Capabilities: Type 1, Type 2
Remote Label: 19
Cbit: 1, VC Type: HDLC, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV Capabilities: Type 1, Type 2
Verifying AToM Features

PE1#show mpls l2transport hw-capability interface serial 0/1/0
Interface Serial0/1/0
Transport type FR DLCI
Core functionality:
81
MPLS label disposition supported
Distributed processing supported
Control word processing supported
Sequence number processing not supported
VCCV Type 1 processing supported
Edge functionality:
MPLS label imposition supported
Transport type ATM AAL5
Core functionality:
Edge functionality:
Not supported
Transport type ATM CELL
Core functionality:
Control word processing not supported
VCCV Type 1 processing not supported
Edge functionality:
Not supported
Transport type Eth VLAN
Core functionality:
82
Edge functionality:
Not supported
Transport type Ethernet
Core functionality:
Edge functionality:
Not supported
!output omitted for brevity
6.11 QoS with AToM

In the case of AToM, the same QoS classification and marking mechanisms are used.
For example, based on type of service of the Attachment VC, the MPLS EXP field can
be set to a higher priority that allows better delivery of Layer 2 frames across the
MPLS network. Layer 2 QoS, such as the 802.1P field in the IP header, can be easily
mapped to MPLS EXP to translate quality of service from Layer 2 to MPLS, thereby
providing bandwidth, delay and jitter guarantees. In the case of Frame Relay and
ATM, the EXP values can be set by reference to the DE (Discard Eligible) bit marking
in the Frame header and to the CLP (Cell Loss priority) bit marking in the ATM cell
header.
6.12 Conclusion
AToM is a powerful technology that allows service providers to offer Layer 2
connectivity over MPLS networks, thereby increasing revenue opportunities. It does
so by eliminating many of the drawbacks of existing Layer 2 technologies.
Combining AToM with QoS and Traffic Engineering allows service providers to build
83
value added services such as virtual leased line, transparent LAN, and interworking
on a single, common infrastructure.
CHAPTER- 7: Implementing QoS in MPLS

Network
84
7.1: Introduction
Quality of Service (QoS) is a set of technologies for managing network traffic in a
cost effective manner to enhance user experiences for home and enterprise
environments.
We may get the following benefits by using QoS technologies:
To measure bandwidth,
To detect changing network conditions (such as congestion or availability of
bandwidth),
To prioritize or throttle traffic.
For example, QoS technologies can be applied to prioritize traffic for
latency-sensitive applications (such as voice or video).
To control the impact of latency-insensitive traffic (such as bulk data
transfers).
Adding Quality of Services (QoS) guarantees for MPLS VPN services by using
DiffServe which is a significant engineering undertaking, but advanced planning will
help us choose the right QoS model for the project.
QoS attempts to solve network traffic performance issues, although QoS is not a
cure-all. To improve network performance, QoS features affect a network by
manipulating the following traffic characteristics:
Bandwidth
Delay
Jitter
Packet loss
Whereas QoS tools improve these characteristics for some flows, the same tools
might degrade
service for other flows. Therefore, before you can intelligently decide to reduce one
packets delay
by increasing another packets delay, you should understand what each type of
application needs.
[ Ref :7.1 & Ref :7. 5]
85
7.2 :
Problem Define
Different types of end-user traffic require different performance

characteristics on a network. Users might legitimately complain about the
performance of their applications, and the performance issues may be related to the
network. Of course, most end users will believe the network is responsible for
performance problems, whether it is or not! Reasonable complaints include the
following:
My application is slow. Which might occur due to Congestion, Bottleneck
My file takes too long to transfer now. It might be depends on Media Type
The video freezes. It might be caused for lack of bandwidth.
The phone call has so much delay we keep talking at the same time, not
knowing whether the
other person has paused. It might be caused by jitter.
I keep losing calls. It might be lack of proper bandwidth utilization.
In some cases, the root problem can be removed, or at least its impact lessened, by
implementing
QoS features.
[ Ref :7.1 ]
[NB: All the above problem will be clarified by using a common

diagram (Figure : 7.4.1) in the MPLS Solution section]
86
7.2.1 : Problem Definition

Traffic Behavior with No QoS
Type of Traffic
Voice
Video
Data
Behavior Without QoS

Voice is hard to understand.
Voice breaks up, sounds choppy.
Delays make interacting difficult; callers do not know when
other party has
finished talking.
Calls are disconnected.
Picture displays erratically; jerky movements.
Audio not in sync with video.
Movement slows down.
Data arrives after it is no longer useful.
Customer waiting for customer care agent, who waits for a
screen to display.
Erratic response times frustrate users, who may give up or
try later.
[ Ref :7.1 ]
7.3 : Constraints of solving the problem using IP

network
Congestion control
End-to-End delay constraint routing
Loop free path restoration with QoS and label constrains in MPLS network
It should be supported / traffic engineering oriented MPLS network
Max coverage at minimum cost for multi-domain in IP/ MPLS network
Service provider based IPSec VPN services
[ Ref : 7.5]
87
7.4 : Solution provided through MPLS network

7.4.1 :
Scenario-1
In this scenario, the offices of the customer are connected via an ISP(Link3) that
supports QoS. The branch office of the customer is connected via a low-speed link
(512 kbps), while the main office is connected with a higher-speed link (1024 kbps)
for Internet and (3072 kbps) for Data connectivity . The customer uses both IP
phones and TCP/IP-based applications (HTTP, FTP), e-mail, IPSec VPN, MPLS-VPN, to
conduct daily business. Since bandwidth of only 512 kbps is provided to the branch
office would suffer from end-to-end delays. In this example, the customer performs
an appropriate QoS strategy such as TCP and RTP header compression, LLQ, and
prioritization of the various types of traffic. These mechanisms will give voice traffic
a higher priority than HTTP or e-mail traffic. In addition to these measures, the
customer has chosen an ISP that supports QoS in the backbone. The ISP performs
reprioritization for customer traffic according to the QoS policy for the customer, so
that the traffic streams arrive on time at the main office of the customer. This
design guarantees that voice traffic will have high priority and a guaranteed
bandwidth of 128 kbps; FTP and e-mail traffic will receive medium priority and a
bandwidth of 256 kbps; and HTTP traffic will receive low priority and a bandwidth of
64 kbps. The remaining 64 kbps is needed for signaling and other management
traffic.
HO using Voice, video and data,Internet with CTG Branches and Sylhet branches
are simultaneously using these facility.
88
Figure 7.4.1: IP/MPLS Network diagram for client
7.4.2 :
Scenario-2 : End-to-End QoS in MPLS network
End-to-End QoS = Enterprise QoS + Service Provider QoS
[Ref:
7.6]
89
Arab Bangladesh Bank

Intranet / Internet Connectivity through
Link3 MPLS backbone
ABBL HO
ABBL Sylhet
Branch
ABBL
Motijheel
ABBL
Dilkusha
QoS Campus Access
Speed and Duplex settings

Classification and Trust on IP
Phone and Access Switch
Multiple Queues on Switch
ports.
Priority Queuing for VoIP
Link3 Cloud
[ MPLS backbone
Internet / Intranet ]
QoS Campus Distribution
Layer 3 Policing , Marking

Multiple Queues on Switch Ports.
Priority Queuing for VoIP
WRED within Data Queue for
Congestion Avoidance
QoS WAN Edge

QoS Service Provider Cloud
Define SLA
Classification, Marking
Low Latency Queuing
Link Fragmentation and
Interleaving
WRED and Shaping
Capacity Planning
DiffServ Backbone
Low Latency Queuing or MDRR
WRED
Figure & Schema 7.4.2 : Client (internet/intranet) connectivity through provider

MPLS backbone
Deploying End-to-End QoS

Service level agreements (SLAs) define the basis of understanding between the two
parties for delivery of the service itself. An SLA should contain clauses that define a
specified level of service, support options, security options, incentive awards for
service levels exceeded, or penalty provisions for services not provided. Before
instituting such agreements with customers, IT service departments need to provide
an adequate level of quality for these services. IT departments will try to improve
quality of service (QoS), and the SLAs serve to keep quality at the agreed level and
guarantee the QoS to the customer.
[ Ref : 7.3 & Ref : 7.4]
7.5 : Common QoS Parameters:

Bandwidth:
90
The term bandwidth refers to the number of bits per second that can reasonably be
expected to be delivered across some medium. In some cases, bandwidth equals
the physical link speed, or the clock rate, of the interface. In other cases, bandwidth
is smaller than the actual speed of the link.
Availability of bandwidth is one of the factors that affect the quality of a network.
The maximum available bandwidth is equal to the bandwidth of the slowest link.
The maximum available bandwidth is equal to the bandwidth of the slowest link:
Figure 7.5.3 : Maximum Bandwidth calculation

Bandwidth max = min (10 Mbps, 256 kbps, 512 kbps, 100 Mbps) = 256
kbps
The best way to increase bandwidth is to increase the link capacity to accommodate
all applications and users, with some extra bandwidth to spare.
Another option is to classify traffic into quality of service (QoS) classes and
prioritize it according to importance.
QoS Tools That Affect Bandwidth :Type of QoS Tool
How It Affects Bandwidth
Compression
Compresses either payload or headers, reducing overall number

of bits TCP Header, Payload stacker and Predictor in Data link
layer
required to transmit the data
CAC
Admission
Control)
Queuing
(Call Reduces overall load introduced into the network by rejecting

new
voice and video calls
Can be used to reserve minimum amounts of bandwidth for
particular
types of packets
[ Ref :7.1 ]
Delay :
91
All packets in a network experience some delay between when the packet is first
sent and when it
arrives at its destination.
Types of delay :
Serialization delay (fixed)
Propagation delay (fixed)
Queuing delay (variable)
Forwarding/processing delay (variable)
Shaping delay (variable)
Network delay (variable)
Codec delay (fixed)
Compression delay (variable)
Together, the types of delay make up the components of the end-to-end delay
experienced by a packet.
Forwarding
IP
Propagation Delay
IP
IP
Queuing Delay
IP
IP
Bandwidth
Serialization
Propagation Delay
Figure 7.5.4 : End -to -End Delay
[ Ref : 7.4]
92
Processing delay: The time it takes for a router to take the packet from an input
interface, examine it, and put it into the output queue of the output interface..
The processing delay depends on various factors:
CPU speed
CPU utilization
IP switching mode
Router architecture
Configured features on both the input and output interfaces
Queuing delay: The time a packet resides in the output queue of a router.
Queuing delay also depends on the bandwidth of the interface and the queuing
mechanism.
Serialization delay: The time it takes to place the bits on the wire.
This delay is typically inversely proportional to the link bandwidth.
We use the following formula to calculate serialization delay for a packet:
#bits sent
------------Link speed
Propagation delay: The time it takes for the packet to cross the link from
one end to the other.
This time usually depends on the type of media. (For example, satellite links
produce the longest propagation delay because of the high altitudes of
communications satellites.)
Use the following formula to calculate propagation delay:
93
Figure 7.5.5: Propagation delay

Suppose, for instance, that the point topoint link between R1 and R2 is 1000
kilometers (1,000,000 meters) long. The propagation delay would be as follows:
10,000 meters
= 004.8 ms
Ways to reduce Delay:

TCP Header Compression
RTP Header Compression
cRTP
Data
Compress
the Header
IP UDP RTP
Serialization
Advanced Queuing
Data
Compress
the Header
WFQ
CBWFQ
LLQ
Compressed Packet
Stacker
Predictor
Figure 7.5.6: Reduce delay in router interface
Upgrade the link (the best solution but also the most expensive).
94
Forward the important packets first.
Enable reprioritization of important packets.
Compress the payload of Layer 2 frames (it takes time).
Compress IP packet headers.
Assuming that the router being used is powerful enough to make forwarding
decisions rapidly, most queuing and serialization delays are influenced by these
factors:
Average length of the queue
Average length of packets in the queue
Link bandwidth
There are several approaches for accelerating the packet dispatching of delaysensitive flows:
Increase link capacity: Sufficient bandwidth causes queues to shrink so that
packets do not wait long before transmittal. Increasing bandwidth reduces
serialization time. This approach can be unrealistic because of the costs that are
associated with the upgrade.
Prioritize delay-sensitive packets: This approach can be more cost-effective
than increasing link capacity. WFQ, CBWFQ, and LLQ can each serve certain queues
first (a pre-emptive way of servicing queues).
Reprioritize packets: In some cases, important packets need to be reprioritized
when they are entering or exiting a device. For example, when packets leave a
private network to transit an Internet service provider (ISP) network, the ISP may
require that the packets be reprioritized.
Compress payload: Payload compression reduces the size of packets, virtually
increasing link bandwidth. Compressed packets are smaller and take less time to
transmit. Compression uses complex algorithms that add delay. If you are using
payload compression to reduce delay, make sure that the time needed to compress
the payload does not negate the benefits of having less data to transfer over the
link.
Use header compression: Header compression is not as CPU-intensive as
payload compression and is used with other mechanisms to reduce delay. Header
compression is especially useful for voice packets that have a bad payload-toheader ratio (relative large header in comparison to the payload), which is improved
by reducing the header of the packet (RTP header compression).
By minimizing delay, network administrators can also reduce jitter (delay is more
predictable)
[ Ref : 7.4]
QoS Tools That Affect Delay
Type of QoS Tool
How It Affects Delay
Queuing
Enables you to order packets so that delay-sensitive

packets leave their queues more quickly than delayinsensitive packets.
95
Link fragmentation
and interleaving
Because routers do not preempt a packet that is currently

being transmitted, LFI breaks larger packets into smaller
fragments before sending them.Smaller delay-sensitive
packets can be sent after a single smaller fragment,instead
of having to wait for the larger original packet to be
serialized.
Compression
Compresses either payload or headers, reducing overall

number of bits required to transmit the data. By requiring
less bandwidth, queues shrink,which reduces delay. Also
serialization delays shrink, because fewer bits are required.
Compression also adds some processing delay.
Traffic shaping
Artificially increases delay to reduce drops inside a Frame

Relay or ATM network.
[ Ref :7.1 ]
Jitter :
Jitter is defined as a variation in the arrival rate (that is, variation in delay through
the network) of packets that were transmitted in a uniform manner.
QoS Tools That Affect Jitter
Type of QoS Tool
Queuing
Link fragmentation and

interleaving
Compression
Traffic shaping
How It Affects Jitter

Enables you to order packets so that delay-sensitive
packets leave their queues more quickly than delayinsensitive packets.
Because routers do not preempt a packet that is
currently being transmitted, LFI breaks larger packets
into smaller fragments before sending them. Smaller
delay-sensitive packets can be sent after a single
smaller fragment, instead of having to wait for the larger
original packet to be serialized.
Compresses either payload or headers, reducing overall
number of bits required to transmit the data. By
requiring less bandwidth, queues shrink, which reduces
delay. Also serialization delays shrink, because fewer
bits are required. Compression also adds some
processing delay.
Artificially increases delay to reduce drops inside a
Frame Relay or ATM network.
[ Ref :7.1 ]
96
Packet Loss:
The last QoS traffic characteristic is packet loss, or
just loss. Routers
lose/drop/discard packets for many reasons, most of which QoS tools can do nothing
about. For instance, frames that fail the incoming frame check sequence (FCS) are
discardedperiod. However, QoS tools can be used to minimize the impact of
packets lost due to full queues.
A further issue in networks is packet loss. Usually, packet loss occurs when routers
run out of buffer space for a particular interface (output queue). The figure
illustrates the results of packet loss. Packet loss results in loss of information.
Multimedia streams, such as those used in IP telephony or videoconferencing, may
be extremely sensitive to delivery delays and may create unique QoS demands on
the underlying networks. When packets are delivered using the best-effort delivery
model, they may not arrive in order or in a timely manner, or, because of heavy
congestion, they may not arrive at all. The result would be an unclear picture, with
jerky and slow movement and sound that is out of synchronization with the image.
Forwarding
IP
IP
IP
IP
IP
IP
Trail Drop
Figure 7.5.7 : Packet loss in a router interface

Tail drops occur when the output queue is full. Tail drops are common and happen
when a link is congested.
Many other types of drops occur, usually the result of router congestion, that are
uncommon and may require a hardware upgrade(such as, input drop, ignore,
overrun, frame errors).
Routers might also drop packets for other, less common reasons:
Input queue drop: The main CPU is busy and cannot process packets (the
input queue is full).
Ignore: The router runs out of buffer space.
Overrun: The CPU is busy and cannot assign a free buffer to the new
packet.
97
Frame errors: The hardware detected an error in a frame; for example,
cyclic redundancy checks (CRCs), runt, and giant.
Ways to Prevent Packet Loss:
Packet loss is usually the result of congestion on an interface. Most applications that
use TCP experience slowdown because TCP automatically adjusts to network
congestion. Dropped TCP segments cause TCP sessions to reduce their window
sizes. Some applications do not use TCP and cannot handle drops (fragile flows).
IP
Dropper
Data
Advanced Queuing
WRED
WFQ
CBWFQ
LLQ
Figure 7.5.8: Prevent Packet Loss in router interface

Upgrade the link (the best solution but also the most expensive).
Guarantee enough bandwidth to sensitive packets.
Prevent congestion by randomly dropping less important packets before
congestion occurs.
These approaches can be taken to prevent drops in sensitive applications:
Increase link capacity to ease or prevent congestion.
Guarantee enough bandwidth and increase buffer space to accommodate
bursts of traffic from fragile flows. LLQ is the mechanism available in Cisco IOS QoS
software that can both guarantee bandwidth and provide prioritized forwarding for
drop-sensitive applications.
Prevent congestion by dropping lower-priority packets before congestion
occurs. Use weighted random early detection (WRED) to start dropping lowerpriority packets before congestion occurs.
In this scenario, the customer connected via the WAN suffers from packet loss
as a result of interface congestion. This behavior results in poor voice quality and
slow data traffic. An upgrade of the WAN link is not considered an option. A number
of actions must be taken to solve this problem and restore network quality.
98
Congestion
FTP Traffic, Voice
Figure7.5.9: Interface congestion

Problem: Interface congestion causes TCP and voice packet drops, resulting in
slowing FTP traffic and jerky speech quality.
Conclusion: Congestion avoidance and queuing can help.
Solution: Use WRED and LLQ.
Congestion-avoidance techniques monitor network traffic loads in an effort to
anticipate and avoid congestion at common network and internetwork bottlenecks
before it becomes a problem. These techniques are designed to provide preferential
treatment for premium (priority) traffic when there is congestion while concurrently
maximizing network throughput and capacity utilization and minimizing packet loss
and delay. WRED is one of the Cisco IOS QoS congestion-avoidance features.
The WRED algorithm provides for congestion avoidance on network interfaces by
providing buffer management and allowing TCP traffic to throttle back before buffers
are exhausted. The use of WRED helps avoid tail drops and global synchronization
issues, maximizing network utilization and TCP-based application performance.
There is no such congestion avoidance for User Datagram Protocol (UDP)-based
traffic, such as voice traffic. In case of UDP-based traffic, methods such as queuing
and compression techniques help to reduce and even prevent UDP packet loss. As
the figure indicates, congestion avoidance combined with queuing can be a very
powerful tool for avoiding packet drops.
[ Ref :7. 4]
QoS Tools That Affect Loss
Type of QoS
Tool
Brief Description
Queuing
Implementing longer queues increases delay, but avoids loss.
99
RED
Implementing RED drops packets randomly as queues approach

the point of being full, slowing some TCP connections. This
reduces overall load, shortening the congested queue, while
affecting only some users response times.
[ Ref :7.1 ]
QoS Triangle
Figure 7.5.10: QoS Triangle
[ Ref : 7.5]
7.5.1 : QoS Requirements for Voice, Video, and

Data
QoS requirements and high-level recommendations for voice, video, and data
are outlined in the following sections.
Using the traffic classes defined QoS policies could be mandated based on
the following priorities (with 5 being the highest and 1 the lowest):
Priority 5Voice: Use LLQ to always give voice priority.
Example : Voice (Delay sensitive)
Priority 4Mission-critical: Use CBWFQ to prioritize critical-class traffic flows
Example:Video (Bandwidth intensive)
100
Priority 3Transactional: Use CBWFQ to prioritize transactional traffic flows.
Transactional data (mission-critical)ERP, transactional, and high-priority internal
applications
Example: Database server for banking online transaction.
Priority 2Best-effort: Use CBWFQ to prioritize best-effort traffic flows that are
below
mission-critical and voice.
Example: Best-effort (the default class)Internet browsing
(www, HTTP, HTTPS), e-mail, and unclassified applications,
Priority 1Scavenger (less-than-best-effort): Maximum bandwidth of 100 kbps.
Use WRED to drop these packets whenever the network has a tendency toward
congestion.
Scavenger (less-than-best-effort)FTP, backups, and noncritical
applications
Minimize the number of applications assigned to the transactional
and bulk data classes (three or fewer are recommended).
Bulk data (guaranteed-bandwidth)Streaming video, messaging,
and intranet
Example: Sharing data in layer 2 mode or p2p connection.
[ Ref : 7.4]
QoS Approaches
Fine-grained approach
flow-based (individual flows)
Coarse-grained approach
aggregated (large number of flows)
Leads to two different QoS Models
[ Ref : 7.5]
7.5.2 :
QoS Service Models
101
Identifying Methods for Implementing QoS

Model
Best Effort
Int Serv
Diffserv
Characteristics
No QoS is applied to packet
Application signal to the network that
they require certain QoS parameters,
must full fill the requirement of RSVP
feature.
The network recognizes classes that
require QoS, must full fill the
requirement of DSCP feature.
Best Effort:
Benefits:
Highly scalable
No special mechanisms required
Drawbacks:
No service guarantees
No service differentiation
Int Serv :
IntServ requires several functions on routers and switches along the path:
Admission control
Classification
Policing
Queuing
Scheduling
Benefits of Int Serv:
Explicit resource admission control (end to end)Per-request policy
admission control (authorization object, policy object)Signaling of dynamic
port numbers (for example, H.323)
Drawbacks of Int Serv:
Continuous signaling because of stateful architectureFlow-based approach
not scalable to large implementations, such as the public Internet (can be made
more scalable when combined with elements of the DiffServ model)
[ Ref :7. 4]
RSVP(Resource Reservation Protocol):

Is carried in IPprotocol ID 46
Can use both TCP and UDP port 3455
Is a signaling protocol and works in conjunction with existing routing
protocols
Requests QoS parameters from all devices that are between the source and
the destination
Is intended to provide divergent performance requirements for multimedia
applications:Rate-sensitive trafficDelay-sensitive traffic
DiffServ QoS Model

Key benefits of DiffServ include:
102
It is highly scalable.
It provides many different levels of quality.
DiffServ also has these drawbacks:

No absolute guarantee of service quality can be made.
It requires a set of complex mechanisms to work in concert throughout
the network.
[ Ref : 7.4]
MPLS DiffServ Architecture

MPLS does NOT define new QoS architectures
MPLS QoS uses Differentiated Services (DiffServ) architecture defined for IP
QoS (RFC 2475)
MPLS DiffServ is defined in RFC3270
[ Ref : 7.5]
7.5.3 :
Classification and Marking
Classification is the process of identifying and categorizing traffic into classes,

typically based upon:
Incoming interface
IP precedence
DSCP
Source or destination address
Application
[ Ref :7. 4]
Classification is the most fundamental QoS building block.
Without classification, all packets are treated the same.
The below diagram shows the IPv4 packet header with an 8-bit type of service (ToS)
field.
The ToS field was conventionally used to provide QoS in IP networks.
However, since the advent of the Diff-Serv model, it has been replaced by the
implementation of IP Precedence or DSCP values.
IP Packet Header
103
Figure7.5.11 : IP Packet Header

[ Ref : 7.2]
The higher order 3 bits in the TOS field, shown in above diagram, map to the IP
Precedence value assigned to the IP packet. The predefined values used to identify
the IP Precedence are shown in below figure.
Table 7.5.1: IP Precedence Values

IP Precedence Value
Binary Value
0
000
1
001
2
010
3
011
4
100
5
101
6
110
7
111
The most important values for IP Precedence in
are the Critical (for VoIP traffic or Real-time traffic),
traffic), and Flash priorities (for best-effort traffic).
Priority
Routine
Priority
Immediate
Flash
Flash Override
Critical
Internetwork Control
Network Control
the implementation of QoS
Flash Overrides (for video
104
The DSCP value is the IP Precedence implemented along with a Delay, Throughput,
and Reliability variable. DSCP is 6 bits in length and functions as the higher order 6
bits of the ToS byte. Therefore, the higher order 3 bits of the ToS byte as well as
DSCP map to IP Precedence. In the implementation of DSCP, the delay and
throughput variables collectively are called the drop probability.
The drop probability bits can be set to three values, as shown in below Table: low
drop (01), medium drop (10), or high drop (11).
Table 7.5.2 : Drop Probability Values in DSCP

Drop Probability
Low drop
Medium drop
High drop
Value
0
10
11
Marking is the QoS feature component that colors a packet (frame) so it can be
identified and distinguished from other packets (frames) in QoS treatment.
Commonly used markers:[ Ref : 2 ]
[ Ref : 7.2]
Comparison of Classification and Marking Tools
Tool
Class-Based
marking (CB
marking)
Other Functions Besides

Class and Mark
None
Fields That Can Be

Examined for
Classification
IP ACLs
Any markable fields
Input interface
MAC addresses
All NBAR-enabled
fields
Fields That Can Be

Marked
IP precedence
DSCP
802.1P CoS
ISL Priority
ATM CLP
Frame Relay DE
MPLS Experimental
QoS Group
Network based
application
recognition
(NBAR)
Statistical information
about traffic mix;
recognition of
applications that use
the dynamic port
Extensive list
None; used in
conjunction with CB
marking
[ Ref :7.1 ]
7.5.4 : Queuing/Scheduling
105
QoS queuing tools provide us with a variety of queuing methods. Queuing

tools define a number of queues.
Comparison of Queuing Tools:
Tool
Priority
Queuing
(PQ)
Maximu
m
Number
of
Queues
4
Classification
Capabilities
Queue Service Algorithm/

Result of Algorithm
IP ACL
Input interface
Fragments
Strict service; always serves higherpriority queue over lower queue.
Custom
Queuing
(CQ)
16
Weighted
Fair
Queuing
(WFQ)
ClassBased
Weighted
Fair
Queuing
(CBWFQ)
Low
Latency
Queuing
4096
64
N/A
Modified
Deficit
RoundRobin
(MDRR)
IP ACL
Input interface
Fragments
Automatic, based
on
flows.
(Flow
ident
ified
by
source/destination
address and port
numbers,
plus
protocol type.)
IP ACL
NBAR
End
Serves a configured number of bytes

per queue, per round-robin pass
through the queues. Result: Rough
percentage of the bandwidth given to
each queue under load.
Each flow uses a different queue.

Queues with lower volume and higher
IP precedence get more service; high
volume, low precedence flows get less
service.
Service algorithm not published;
results in set percentage bandwidth
for each queue under load.
Same
as
CB
marking
Same as CBWFQ
LLQ is a variant of CBWFQ, which
makes
some
queues
priority
queues, always getting served next if
a packet is waiting in that queue. It
also polices traffic.
IP precedence
Similar to CQ, but each queue gets an
exact
percentage
of
bandwidth.Supports LLQ mechanism
as well.
[ Ref :7.1 ]
106
The basic queuing mechanism is FIFO. Other queuing mechanisms provide

additional granularity to serve voice and business-critical traffic. Such traffic types
should receive sufficient bandwidth to support their application requirements. Voice
traffic should receive prioritized forwarding, and the least important traffic should
receive whatever unallocated bandwidth remains. A variety of mechanisms are
available in Cisco IOS QoS software that provide bandwidth priority to specific
classes of traffic:
Weighted fair queuing (WFQ)
Class-based weighted fair queuing (CBWFQ)
Low latency queuing (LLQ)
Optimizing link usage by compressing the payload of frames (virtually) increases
link bandwidth. Compression, however, also increases delay because of the
complexity of compression algorithms. Using hardware compression can accelerate
packet payload compression. Stacker and Predictor are two compression algorithms
available in Cisco IOS software.
Another link efficiency mechanism is header compression. This mechanism is
especially effective in networks where most packets carry small amounts of data
(that is, where the payload-to-header ratio is small). Typical examples of header
compression are TCP header compression and Real-Time Transport Protocol (RTP)
header compression
[NB:Payload compression is always end-to-end
compression is hop-by-hop compression. ]
compression,
and
header
LLQ and RTP header compression are used to provide the optimal quality for voice
traffic. CBWFQ and TCP header compression are effective for managing interactive
data traffic.
To avoid congestions, queuing mechanisms are activate dat the hardware buffer of
the outgoing interface
When congestion-management features are being used, packets accumulating at an
interface are placed in software queues according to their assigned priority and the
queuing mechanism configured for the interface. They are then scheduled for
transmission when the hardware buffer of the interface is free to send them. The
router determines the order of packet transmission by controlling which packets are
placed in each queue and how the queues are serviced with respect to each other.
Key queuing algorithms include the following:
FIFO: First in, first out; the simplest algorithm
Priority queuing (PQ): Allows traffic to be prioritized
Round robin: Allows several queues to share bandwidth
Weighted round robin (WRR): Allows sharing of bandwidth with
prioritization
Key queuing algorithms include the following:
FIFO: First in, first out; the simplest algorithm
107
Priority queuing (PQ): Allows traffic to be prioritized
Round robin: Allows several queues to share bandwidth
[ Ref : 7.4]
7.6 :
Policing and Shaping
Traffic policing can be used to control the maximum rate of traffic sent or
received on an interface. Traffic policing is often configured on interfaces at the
edge of a network to limit traffic into or out of the network.
Traffic shaping can be used to control the traffic going out an interface to
match its flow to the speed of the remote target interface and to ensure that the
traffic conforms to policies contracted for it.
Traffic policing and traffic shaping differ in the way that they respond to traffic
violations.
Policing typically drops excess traffic, while shaping typically queues excess traffic.
Policy (It usually drops the extra packet)
Sends conforming traffic and allows bursts
Drops non-conforming traffic (due to lack of tokens)
Provision for Packet re-marking
Shaping ( Since It re-arrange the packet, so no packet will drop whether
the data bigger than the queue size)
Smoothes traffic but increases overall latency
Buffers packets when tokens are exhausted
[ Ref :7. 4]
Comparison of Shaping and Policing Tools:
Policer
or
Shape
r
Tool
Class-Based
policing
policing;
sometimes
called policer)
Class-Based shaping
(CB
just
Policer
Shaper
Frame Relay traffic shaping

(FRTS)
Shaper
Interfaces Supported
Per
Subinterface,
and Per VC,
Support
All that are supported by

Cisco Express Forwarding
(CEF)
All that are supported by
CEF
Per
subinterface
Per
subinterface
Frame Relay
Per DLCI
108
[ Ref :7.1 ]
MPLS QoS Operating modes

MPLS network support of DiffServ specification defines the following tunneling
modes:
Uniform
Pipe
Short-Pipe
Uniform Mode:
DiffServ tunneling Uniform mode has only one layer of QoS, which reaches
end to end. The ingress PE router (PE1 copies the DSCP from the incoming IP
packet into the MPLS EXP bits of the imposed labels. As the EXP bits travel through
the core, they may or may not be modified by intermediate P routers. In this
example, the P router modifies the EXP bits of the top label. At the egress P router,
you can copy the EXP bits to the EXP bits of the newly exposed label after the PHP.
Finally, at the egress PE router, we can copy the EXP bits to the DSCP bits of the
newly exposed IP packet.
Pipe Mode :
DiffServ tunneling Pipe mode uses two layers of QoS:
An underlying QoS for the data, which remains unchanged when traversing
the core.
A per-core QoS, which is separate from that of the underlying IP packets.
This per-core QoS PHB remains transparent to end users.
When a packet reaches the edge of the MPLS core, the egress PE router classifies
the newly exposed IP packets for outbound queuing based on the MPLS PHB from
the EXP bits of the recently removed label.
Short-Pipe Mode:
DiffServ tunneling Short-Pipe mode uses the same rules and techniques
across the core. The difference is that, at the egress PE router, we classify the newly
exposed IP packets for outbound queuing based on the IP PHB from the DSCP value
of this IP packet.
[ Ref : 7.2 ]
109
7.7 Others:
7.7.1 Sample Configuration and Implementation of MPLS QoS
in Uniform Mode and Short Pipe Mode Operation
The topology that depicts the configuration and implementation of Uniform
and Short Pipe modes is shown in below figure. The network consists of two CE
routers, ABBL-HO-CE and ABBL-Dhan.Br.-CE, belonging to Customer ABBL's VPN .
The SP network consists of two PE routers, JB BTS PE1-AS1 and Concord BTS PE2AS1, connected to ABBL-HO-CE and ABBL-Dhan.Br.-CE, respectively. OSPF PE to CE
has been implemented on these routers, and it is assumed that the VPN has been
configured prior to implementing the QoS parameters.
110
Figure7.7.12: MPLS QoS Configuration Topology

[ Ref : 7.2]
Step 1 :
ABBL-HO-CE Configuration:
ABBL-HO-CE (config)#class-map precedence5
ABBL-HO-CE (config-cmap)#match ip precedence 5
111
ABBL-HO-CE (config)#policy-map CEQoS
ABBL-HO-CE (config-pmap)#class precedence5
ABBL-HO-CE (config-pmap-c)#priority
ABBL-HO-CE (config-pmap-c)#class precedence3
ABBL-HO-CE (config-pmap-c)#bandwidth percent 30
ABBL-HO-CE (config-pmap-c)#random-detect
ABBL-HO-CE (config-pmap-c)#class precedence1
ABBL-HO-CE (config-pmap-c)#bandwidth percent 20
ABBL-HO-CE (config)#interface pos 1/1/0
ABBL-HO-CE (config-if)#service-policy output CEQoS
Step 2 :
JB BTS PE1-AS1 IP2MPLS Condition Configuration:
JB BTS PE1-AS1 ingress configuration:
JB BTS PE1-AS1(config)#class-map match-all precedence1
JB BTS PE1-AS1(config-cmap)# match ip precedence 1
JB BTS PE1-AS1(config-cmap)#class-map match-all precedence3
JB BTS PE1-AS1(config-cmap)#class-map match-all precedence5
JB BTS PE1-AS1(config)#Policy-map ip2mplsin
JB BTS PE1-AS1(config-pmap)#description Marking ingress traffic into QoS-group
JB BTS PE1-AS1(config-pmap)#class precedence5
JB BTS PE1-AS1(config-pmap-c)#set qos-group 5
JB BTS PE1-AS1(config-pmap-c)#class precedence3
112
JB BTS PE1-AS1(config-pmap-c)#class precedence1
JB BTS PE1-AS1(config)#interface pos 0/1
JB BTS PE1-AS1(config-if)#service-policy in ip2mplsin
JB BTS PE1-AS1 Egress configuration:
JB BTS PE1-AS1(config)#class-map qosgroup5
JB BTS PE1-AS1(config-cmap)#match qos-group 5
JB BTS PE1-AS1(config-cmap)#class-map qosgroup3
JB BTS PE1-AS1(config-cmap)#class-map qosgroup1
JB BTS PE1-AS1(config)#Policy-map ip2mplsout
JB BTS PE1-AS1(config-pmap)#class qosgroup5
JB BTS PE1-AS1(config-pmap-c)#set mpls experimental topmost 5

JB BTS PE1-AS1(config-pmap-c)#priority
JB BTS PE1-AS1(config-pmap-c)#Police 10000000 1000000
JB BTS PE1-AS1(config-pmap-c)#class qosgroup3
JB BTS PE1-AS1(config-pmap-c)#bandwidth 10000
JB BTS PE1-AS1(config-pmap-c)#random-detect
JB BTS PE1-AS1(config-pmap-c)#class qosgroup1
JB BTS PE1-AS1(config-pmap-c)#bandwidth 10000
JB BTS PE1-AS1(config-pmap-c)#random-detect
JB BTS PE1-AS1(config-if)#interface pos 0/0
113
JB BTS PE1-AS1(config-if)#service-policy out ip2mplsout
[ Ref : 7.2]
Step 3 :
Bulu BTS P1-AS1 MPLS2MPLS Condition Configuration :
Bulu BTS P1-AS1 ingress configuration:
Bulu BTS P1-AS1(config)#class-map mplsexp3
Bulu BTS P1-AS1(config-cmap)#match mpls experimental 3
Bulu BTS P1-AS1(config-cmap)#policy-map mpls2mplsin
Bulu BTS P1-AS1(config-pmap)#class mplsexp3
Bulu BTS P1-AS1(config-pmap-c)#set qos-group 3
Bulu BTS P1-AS1(config-pmap-c)#interface pos 0/0
Bulu BTS P1-AS1(config-if)#service-policy input mpls2mplsin
Bulu BTS P1-AS1 Egress configuration:
Bulu BTS P1-AS1(config)#class-map qosgroup3
Bulu BTS P1-AS1(config-cmap)#match qos-group 3
Bulu BTS P1-AS1(config-cmap)#policy-map mpls2mplsout
Bulu BTS P1-AS1(config-pmap)#class qosgroup3
Bulu BTS P1-AS1(config-pmap-c)#set mpls experimental topmost 1
Bulu BTS P1-AS1(config)#interface pos 0/1
Bulu BTS P1-AS1(config-if)#service-policy output mpls2mplsout
Step 4 :
Concord BTS PE2-AS1 MPLS2IP Condition Configuration :
Concord BTS PE2-AS1 ingress configuration
Concord BTS PE2-AS1(config)#class-map match-all mplsexp5
114
Concord BTS PE2-AS1(config-cmap)#match mpls experimental 5
Concord BTS PE2-AS1(config-cmap)#class-map mplsexp1
Concord BTS PE2-AS1(config-cmap)#match mpls experimental 1
Concord BTS PE2-AS1(config-cmap)#policy-map mpls2ipin
Concord BTS PE2-AS1(config-pmap)#class mplsexp5
Concord BTS PE2-AS1(config-pmap-c)#set qos-group 5
Concord BTS PE2-AS1(config-pmap-c)#class mplsexp1
Concord BTS PE2-AS1(config-pmap-c)#set qos-group 1
Concord BTS PE2-AS1(config-pmap-c)#interface pos 0/0
Concord BTS PE2-AS1(config-if)#service-policy input mpls2ipin
Concord BTS PE2-AS1 Egress configuration:
Concord BTS PE2-AS1(config)#class-map qosgroup5
Concord BTS PE2-AS1(config-cmap)#match qos-group 5
Concord BTS PE2-AS1(config-cmap)#class-map qosgroup1
Concord BTS PE2-AS1(config-cmap)#match qos-group 1
Concord BTS PE2-AS1(config-cmap)#policy-map mpls2ipout
Concord BTS PE2-AS1(config-pmap)#class qosgroup5
Concord BTS PE2-AS1(config-pmap-c)#set ip precedence 5
Concord BTS PE2-AS1(config-pmap-c)#class qosgroup1
Concord BTS PE2-AS1(config-pmap-c)#set ip precedence 1
Concord BTS PE2-AS1(config)#interface pos 0/1
Concord BTS PE2-AS1(config-if)#service-policy output mpls2ipout
Step 5 :
Verification of Uniform Mode Operation :
ABBL-HO-CE#show policy-map interface pos 1/1/0 out | include packets
queue limit 11632 (packets)
115
100000 packets, 5000000 bytes--------------class precedence5
Mean queue depth: 0 packets
28 packets, 2352 bytes-------------------class class-default
28 packets, 2352 bytes
JB BTS PE1-AS1#show policy-map interface pos 0/1 in | include packets
JB BTS PE1-AS1#show policy-map interface pos 0/0 out | include packets
100000 packets, 5400000 bytes--------------class qosgroup5
Queue-limit: 8192 packets (default)
Current queue-depth: 0 packets, Maximum queue-depth: 0 packets
conformed 100000 packets, 5400000 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
0 packets, 0 bytes
116

Bulu BTS P1-AS1#show policy-map interface pos 0/0 in | include packets
100000 packets, 5000000 bytes--------------class mplsexp3
Bulu BTS P1-AS1#show policy-map interface pos 0/1 out | include packets
Concord BTS PE2-AS1#show policy-map interface pos 0/0 in | include packets
Concord BTS PE2-AS1#show policy-map interface pos 0/1 out | include packets
0 packets, 0 bytes
ABBL-Dhan.Br.-CE Configuration and Verification :
class-map match-all precedence1
match ip precedence 1
117
policy-map verify
class precedence5
police 10000000 1000000 1000000 conform-action transmit exceed-action drop
class precedence1
interface POS1/0/0
ip address 172.16.2.1 255.255.255.0
service-policy input verify
ABBL-Dhan.Br.-CE#show policy-map interface pos1/0/0 in | include packets

conformed 100000 packets, 5000000 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
conformed 100000 packets, 5000000 bytes; action: transmit
exceeded 0 packets, 0 bytes; action: drop
0 packets, 0 bytes
0 packets, 0 bytes
ABBL-HO-CE Final Configuration for Uniform Mode Implementation:
policy-map CEQoS
118
class precedence5
priority
class precedence3
bandwidth percent 30
random-detect
class precedence1
policy-map verify
class precedence5
class precedence1
interface pos 1/1/0
service-policy output CEQoS
JB BTS PE1-AS1 and Concord BTS PE2-AS1 Final Configurations for Uniform
Mode Implementation :
JB BTS PE1-AS1configuration
class-map match-all qosgroup50
match qos-group 50
match qos-group 10
119
match qos-group 3
match qos-group 1
match qos-group 5
class-map match-all mplsexp5
match mpls experimental 5
policy-map ip2mplsin
class precedence5
set qos-group 5
class precedence3
set qos-group 3
class precedence1
set qos-group 1
policy-map mpls2ipin
class mplsexp5
set qos-group 50
120
class mplsexp1
set qos-group 10
policy-map mpls2ipout
class qosgroup50
set precedence 5
class qosgroup10
set precedence 1
policy-map ip2mplsout
class qosgroup5
set mpls experimental topmost 5
priority
class qosgroup3
bandwidth 10000
random-detect
lass qosgroup1
bandwidth 10000
random-detect
interface POS0/0
description connection to P1
service-policy input mpls2ipin
service-policy output ip2mplsout
interface POS0/1
ip vrf forwarding VPNA
121
service-policy input ip2mplsin
service-policy output mpls2ipout
Concord BTS PE2-AS1configuration

match qos-group 30
match qos-group 10
match qos-group 50
match qos-group 1
match qos-group 5
class precedence5
122
set qos-group 50
class precedence3
set qos-group 30
class precedence1
set qos-group 10
policy-map mpls2ipin
class mplsexp5
set qos-group 5
class mplsexp1
set qos-group 1
policy-map mpls2ipout
class qosgroup5
set precedence 5
class qosgroup1
set precedence 1
class qosgroup50
priority
class qosgroup30
bandwidth 10000
random-detect
class qosgroup10
bandwidth 10000
123
random-detect
interface POS0/0
service-policy input mpls2ipin
interface POS0/1
service-policy output mpls2ipout
Bulu BTS P1-AS1 Final Configuration for Uniform Mode Implementation :
match qos-group 2
match qos-group 3
match qos-group 1
class-map match-any mplsexp3
policy-map mpls2mplsin
class mplsexp3
set qos-group 3
policy-map mpls2mplsout
class qosgroup3
124
interface POS0/0
description connection to PE1-AS1
ip address 10.10.10.2 255.255.255.252
service-policy input mpls2mplsin
service-policy output mpls2mplsout
interface POS0/1
description connection to Concord BTS PE2-AS1
service-policy input mpls2mplsin
service-policy output mpls2mplsout
ABBL-Dhan.Br.-CE Final Configuration for Uniform Mode Implementation :

policy-map CEQoS
class precedence5
priority
class precedence3
random-detect
125
class precedence1
lass-map match-all precedence1
policy-map verify
class precedence5
class precedence1
interface pos 1/1/0
service-policy output CEQoS
Implementing Short Pipe Mode :

JB BTS PE1-AS1 and Concord BTS PE2-AS1 Configurations for Short Pipe
Mode :
JB BTS PE1-AS1 configuration
match qos-group 3
match qos-group 1
match qos-group 5
126
class precedence5
set qos-group 5
class precedence3
set qos-group 3
class precedence1
set qos-group 1
class qosgroup5
priority
class qosgroup3
bandwidth 10000
random-detect
class qosgroup1
bandwidth 10000
127
random-detect
interface POS0/0
interface POS0/1
Concord BTS PE2-AS1 configuration

match qos-group 30
match qos-group 10
match qos-group 50
class precedence5
set qos-group 50
class precedence3
128
set qos-group 30
class precedence1
set qos-group 10
class qosgroup50
priority
class qosgroup30
bandwidth 10000
random-detect
class qosgroup10
bandwidth 10000
random-detect
interface POS0/0
interface POS0/1
[ Ref :7. 2]
129
7.8 : Conclusion
In this paper we propose an efficient QoS scheme for MPLs VPN services to meet
user peak demand. In this scheme, customers are guaranteed a minimal service
however they can exceed their contracted bandwidth and then they are charged for
their out of profile traffics.
Improving QoS guarantees will help service providers differentiate themselves from
their competitors. A few simple planning steps listed below will ensure that service
providers are on the right track.
Figure out what customers actually need. Copying competitor's models will
not provide any advantage.
Design QoS offering based on the expected traffic flows of services.
130
Chapter 8. How MPLS VPN reduces the customer hardware cost.

THE CHALLENGES OF SERVICE PROVIDER (Link3 Technologies Ltd.)
8.1
Introduction
The landscape of the network Service Provider is rapidly changing. As competition

increases, customer retention becomes more of a challenge and profitability can suffer. Link3
Technologies Ltd need a cost-effective way to retain and grow their customer base, increase
profitability and deliver differentiated services that customers want and are willing to pay for.
Virtual Private Network (VPN) gives Link3 the opportunity to attract subscribers with
service offerings that the subscriber will need for years to come. However, the limitations of
first-generation VPN equipment make it difficult for Link3 to deploy managed VPN services
profitably and to scale delivery to meet increasing demand.
L2 Access into MPLS VPN
In more and more cases, Link3 utilize L2 Ethernet switches to distribute their services to
customers. L2 Access Domain can be in an aggregation or ring topology
Using Ethernet switches to distribute service to customers is one of the most cost-effective ways
to deliver services. Link3 Technologies Ltd can handle L2 Access Domain with aggregation or
ring topologies. Link3 seamlessly allocates VLANs for customers and maps the VLAN to a
MPLS VPN at the PE level.
MPLS based VPNs reduce customer networking complexity, costs and totally do
away with the requirement of in-house technical work force. Rather than setting up and
managing individual point-to-point circuits between each office using pair of Leased Lines,
MPLS VPN customers need to provide only one connection from their office routable device to a
service provider edge router.
Statistical sharing of infrastructure enables the service provider to offer the connectivity
for lower price, resulting in lower operational costs for the end customers.
8.2
Cost effectiveness
MPLS technology offers businesses the performance of traditional VPNs but is far more cost
effective. As the intelligence resides in the MPLS network core, there is no need for any
expensive VPN appliances to be located on the customer premises. Because MPLS allows
service providers to create new virtual private networks without having to install new hardware,
it significantly reduces the cost of implementation, which in turn reduces the overall cost of
VPNs.
Despite the obvious advantages of rolling out an MPLS solution, many mid-sized businesses
would naturally have cost concerns about the implementation. New IT projects often promote the
131
perception that hidden infrastructure and indirect management costs will arise. A natural
resolution to this would be to consider a hosted MPLS solution.
Deploying MPLS via a managed, hosted model has two immediate advantages for IT managers.
Firstly, a reduction in costs - businesses can benefit from the latest technologies without the high
cost of ownership and resource associated with maintaining and supporting systems in-house.
Secondly, increased security - by connecting to the Internet via a state-of-the-art data centres,
businesses will automatically have a secure and resilient connection through a single firewall, as
well as dedicated resources in place to detect and eliminate security vulnerabilities.
A managed solution also allows a company to enjoy the related benefits of dealing with one
vendor. Focusing on a single IT vendor allows a company to consolidate its IT spend and
develop a higher service relationship with this one vendor. The total cost of ownership of the
MPLS solution can therefore be managed and driven down. [Ref. 8.7]
8.2.1 Centralized control

MPLS can dramatically reduce network complexity and cost through centralized control. Rather
than setting up and managing individual points between each office, customers need to provide
only one connection from their office router to the service provider. This central control
effectively removes the need for additional trained manpower. Additional benefits can be realized
through this central management as a business is given greater control of Internet usage. [Ref.
8.5]
132
8.3
Case Study:
Here I am describing some customer benefits of how MPLS VPN reduces the customer
hardware cost.
8.3.1 Case-1
We assume that ABC Transportation Ltd has 5 ticket counters and a head office. Each
counter has one PC and one PC at Head Office. All the counters need to connect to Head Office
for their private data connectivity. They will use a database in the Head Office. To accomplish
this goal they want a secured solution with minimum cost.
I am providing details information for ABC Transportation Ltd. how the company will be
benefited from MPLS VPN network and reduce the cost.

Diagram of ABC Transportation Ltds private data connectivity using traditional IP/VPN
network
133
Figure-8.1: Traditional IP/VPN connectivity

For this type of data connectivity if we use traditional IP/VPN network the installation
and maintenance cost will be higher. For example, they need a VPN device in each site which is
very expensive for this company. For this network ABC Transportation Ltd also need minimum
one support engineer for maintenance the VPN devices.
The following table represents traditional IP/VPN costing (approx) for ABC Transportation Ltd.
Location
Device
Price/device Link cost
Total
Shaymoly-HO
Zywall-5
20000/-
12000/-
32000/-
Kolabagan
Zywall-2
11000/-
12000/-
23000/-
Kallayanpur
Zywall-2
11000/-
12000/-
23000/-
Gabtoly
Zywall-2
11000/-
12000/-
23000/-
Mohakhali
Zywall-2
11000/-
12000/-
23000/-
Sayedabad
Zywall-2
11000/-
12000/-
23000/-
Total
------------
75000/-
72000/-
147000/-
Technical Support personnels salary minimum 10000/Considering the above scenario, if customer prefers to deploy VPN supported routers rather than
VPN Boxes, there will be a sharp rise in the deployment cost. As a routers cost is significantly
higher than regular VPN Box.
134

Diagram of ABC Transportation Ltds private data connectivity using MPLS VPN network
Figure-8.2: MPLS VPN Connectivity

By using MPLS VPN network we can reduce the cost for ABC Transportation Ltd for
their private data connectivity. Host computer from each counter can be directly connected to the
nearest MPLS PE router installed by Link3 Technologies Ltd. For this MPLS VPN network ABC
Transportation Ltd will not required any VPN device because MPLS has its own VPN technique
which is configured by the service provider. Also the necessity for the support personnel will be
eliminated. As any kind of VPN related problems will be solved by Link3 technologies Ltd.
135
The following table represents MPLS VPN costing (approx) for ABC Transportation Ltd.
Location
Device
Price/device
Link cost
Total
Shaymoly-HO
N/A
N/A
12000/-
12000/-
Kolabagan
N/A
N/A
12000/-
12000/-
Kallayanpur
N/A
N/A
12000/-
12000/-
Gabtoly
N/A
N/A
12000/-
12000/-
Mohakhali
N/A
N/A
12000/-
12000/-
Sayedabad
N/A
N/A
12000/-
12000/-
Total
------------
---------------
72000/-
72000/-
Technical Support personnels salary will be eliminated

Based on the above two types of technological implementation for ABC Transportation
Ltd we could derive the following information regarding cost analysis.
Comparison
Traditional IP/VPN
(Amount in Taka )
MPLS VPN
(Amount in Taka)
Hardware Resource
75000
Link Cost
72000
72000
Human Resource
10000
From the above information ABC Transportation Ltd will be benefited from MPLS VPN
network by reducing additional hardware cost.
136
Note that in the above solution with MPLS connectivity, a customer who is willing to
impose more security in their data communication, cost benefit would not be what has been
mentioned.
In such cases the solution would not be beneficiary from customers financial perspective
as they have to invest for the VPN supported equipments (e.g. Routers) and maintenance
engineers in their end.
8.3.2 A practical Case:

LAB AID Diagnostics asked for a quotation for Intranet connectivity between their
Gulshan office to Dhanmondi Office. Their requirements were as follows:
LAN extend in two location

File sharing between the offices
Secured data connectivity.
Preferred requirement: Same IP segment in both Offices.
Link3 Technologies Ltd came up with three proposals. They were as follows.
8.3.4.3
Point-to-Point connectivity with Optical Fiber
Figure-8.3: Point-to-Point connectivity with Optical Fiber

With this solution, the Lab Aid would have had a direct Optical Fiber link between their two
locations which would have been on a rental basis. This would have fulfilled all their
requirements including preferred same subnet address as the link would be directly terminated to
their Office LAN switch in each location.
137
Cost offered for such deployment is as follows.

One Time Installation
SL
01
Items
Client Will Pay
Installation Cost
BDT 20,000.00
Free to Use
Fiber Optics Equipment & Other

02
[It will remain Link3s property]

Total
BDT 20,000.00
Monthly Charge for Internet

Places
Bandwidth
Amount
BDT 35,000.00
8.3.4.4 Regular VPN solution:
Figure-8.4: Regular VPN Connectivity

In this case, the network solution was offered with two VPN boxes in two of their
locations which would be providing secure branch to branch connectivity over Link3s IP
backbone.
For the VPN boxes, the proposal was submitted as on rental basis.
138
Proposal cost is as follows.

SL
Items
Client Will Pay
01
Installation Cost
BDT 20,000.00
02
Zywall-2 (1 Pair)
BDT 40,000.00
Free to Use

03

Total
BDT 60,000.00

Places
Intranet Bandwidth
Amount
512kbps(2 site)
BDT 24,000.00
8.3.2.3 MPLS VPN:
In this solution, LabAid was offered with a Layer-2 MPLS VPN connectivity in
between their two branches over the MPLS backbone of Link3 Technologies
Ltd. In this case the link would directly terminate in the Office LAN switch in
each location.
This solution was fulfilling all of LabAids requirements inclusive of same IP
subnet in the LANs offering a better costing than the previous two solutions.
139
Cost proposal for this solution is as follows.

SL
01
Items
Client Will Pay
Installation Cost
BDT 20,000.00
Free to Use

02

Total
BDT 20,000.00

Places
Bandwidth
Amount
512kbps(2 site)
BDT 32,000.00
Response of LabAid:
Considering all the proposals LadAid decided to finalize the contract with Link3
Technologies Ltd. Using MPLS Layer-2 VPN solution.
Their present customer feedback was quite positive in terms of service and solution.
Under these circumstances, we could realize that MPLS Layer-2 VPN solution
provided to LabAid was undoubtedly a good one from both technical and financial
aspects.
The client chooses MPLS offer over first 2 offers (point-to-point & Regular VPN
solution) as they realize following parts:
Future expansion of point-to-point system required same financial and physical

involvance.
The regular VPN offer included complex network management and required
expensive client end equipments.
For future planning both of these solutions required either financial or high
end client equipments.
140
Where MPLS layer 2 technology didnt required any high end equipments in client
end, no complex network solution involvance for client and left a good possibility of
farther expansion of network in low cost.
8.3.3
Case-2
We assume that PQS Textile Ltd has 2 office one in Dhaka and another in Chittagong.
Their requirements are as follows:
LAN extend in two location

File sharing between the offices
Secured data connectivity.
Same IP segment for both Offices.
I am providing details information for PQS Textile Ltd. how the company will be
8.3.3.1 Traditional Leased Line Solution

Diagram of PQS Textile Ltds private data connectivity using traditional IP/VPN network
Figure-8.6: Traditional Leased Line Connectivity

For this type of data connectivity if we use Leased Line Solution the installation and
maintenance cost will be higher. For example, they need one pair of E1 to Ethernet converter and
knowledgeable support personnel regarding leased line solutions. Also the costing of the leased
line will be significantly high.
141
This Leased Line solution can get bandwidth up to 2048 Kbps. If necessary to increase
bandwidth it will be need another Leased Line along with extra equipment set.
142
The following table represents Leased Line Solution costing (approx) for PQS Textile
Ltd.
Location
Device
Price/device Leased line cost

Per 2 Mb
Dhaka Office
E1 to Ethernet Converter
50000/-
Total
150000/Chittagong Office
50000/-
Total
------------
100000/-
150000/-
250000/-
Technical Support personnels salary minimum 15000/-

Diagram of PQS Textile Ltds private data connectivity using MPLS network

Deployment of MPLS technology can reduce the cost of intranet connectivity for PQS
Textile Ltd. No need to E1 to Ethernet converter. LAN switch from each office can be directly
connected to the nearest PE router switch installed by Link3 Technologies Ltd. Link3 use
EoMPLS (Ethernet over MPLS) for secure Point-to-Point L2 connectivity. The security feature
which was implemented by the MPLS technology configured by Link3 technologies Ltd. Also
the necessity for the support personnel will be eliminated.
If necessary to increase bandwidth no need to deploy extra E1 equipment.
143
The following table represents MPLS Point-to-Point costing (approx) for PQS Textile Ltd.
Location
Dhaka
Device
Price/device
N/A
Point-to-Point
Link Cost
Per 2 Mb
Total
150000/Chittagong
N/A
Total
------------
N/A
150000/-
150000/-
Technical Support personnels salary will be eliminated

Based on the above two types of technological implementation for PQS Textile Ltd we
could derive the following information regarding cost analysis.
Comparison
Leased Line Solution

(Amount in Taka )
MPLS
(Amount in Taka)
Hardware Resource
100000
Link Cost
150000
150000
Human Resource
15000
From the above information PQS Textile Ltd will be benefited from MPLS network and
reduces the hardware cost.
144
8.3.4 Case-3
We assume that XYZ Company Ltd has 5 Branch offices and a head office. All branches
including Head office need to communicate with every other branch. To accomplish this goal
they want a secured solution with minimum cost.
I am providing details information for XYZ Company Ltd how the company will be

Diagram of XYZ Company Ltds private data connectivity using traditional IP/VPN network
Figure-8.7: Traditional IP/VPN connectivity
145
For this type of data connectivity if we use traditional IP/VPN network the installation and
maintenance cost will be higher. For example, they required a high end VPN device for each site
which is very expensive for this company. The costing information is stated in the following
table.
Table: Traditional IP/VPN costing summary of XYZ Company Ltd.
Location
Device
Price/device
Link
Total
cost
Motijheel Head Office
Netscreen103
46000/-
12000/-
58000/-
Savar Office
Netscreen003
29000/-
12000/-
41000/-
Gazipur Office
Netscreen003
29000/-
12000/-
41000/-
Dhanmondi Office
Netscreen003
29000/-
12000/-
41000/-
Banani Office
Netscreen003
29000/-
12000/-
41000/-
Gulshan Office
Netscreen003
29000/-
12000/-
41000/-
Total
------------
191000/-
72000/-
263000/-
146
8.3.4.2
MPLS VPN connectivity
Diagram for XYZ Company Ltd private data connectivity using MPLS VPN network
Figure-8.7: MPLS VPN connectivity

Deployment of MPLS VPN technology can reduce the cost of intranet connectivity for XYZ
Company Ltd. A routable device can replace the VPN boxes at each location. The security
feature which was implemented by the VPN box will be replaced by the MPLS VPN technology
configured by Link3 technologies Ltd.
147
Table: MPLS VPN costing summary of XYZ Company Ltd.

Location
Device Name
Price/device
Link cost
Total
Motijheel Head Office
Routable Device
7000/-
12000/-
19000/-
Savar Office
Routable Device
7000/-
12000/-
19000/-
Gazipur Office
Routable Device
7000/-
12000/-
19000/-
Dhanmondi Office
Routable Device
7000/-
12000/-
19000/-
Banani Office
Routable Device
7000/-
12000/-
19000/-
Gulshan Office
Routable Device
7000/-
12000/-
19000/-
Total Cost
------------
42000/-
72000/-
114000/-

Based on the above two types of technological implementation for XYZ Company Ltd we could
derive the following information regarding cost analysis.
Comparison
Traditional IP/VPN
(Amount in Taka )
MPLS VPN
(Amount in Taka)
Hardware Resource
191000
42000
Link Cost
72000
72000
From the above information XYZ Company Ltd will be benefited from MPLS VPN network and
reduces the hardware cost.
148
8.3.5
Practical Case-2:
Considering another example of our value added customer AB Bank Ltd. who had been in our
network using Traditional IPSec VPN. Now they have shifted their technologies to MPLS using
Link3 network. The reasons behind these shifting were;
1)
While they were expending their network technologies in IPSec VPN they come to
notice that they were requiring much higher end routing equipments. The solution was
becoming much more expensive in days progression. So they come to use MPLS where
they didnt needed to upgrade their technical equipments to expands their network as
routing processes were being processed at Link3 MPLS network equipments. So the
customer found it financially viable where they didnt needed to purchase new or higher
end equipments to be a part of more secured and new technology.
2) Customers observation as well notice increment of data transaction, data processing and
network latency. High value of data transaction required higher processing of data and
causing higher latency in network with IPSec VPN. Other then getting high end
equipments with the existing IPSec VPN network Link3 lead them to MPLS where they
didnt need to change any existing equipments to increase their network performances.
Link3 Technologies Ltds MPLS network is handling their higher data transaction and
processing them with a lower latency. So on clients behalf it was a huge relief as there
were no purchase of new equipments to get into a better performing network.
3) Due to redundancy network client has his own opportunity to choose network IPs.
So this case study leads us to one conclusion that MPLS technology is taking off a burden of
customer when they require higher expansion of network with more security and getting acting
authority by no means of new financial investment or replacement on equipments.
149
Ref :1 MPLS 2.2 ,Implementing Cisco MPLS ,Student Guide
[CISCO PRESS]
Ref :2 MPLS Study Guide
bY : James Reagan
Ref :3 tRAFFIC eNGINEERING WITH mpls
By : Eric Osborne , Ajay Sinha
Ref :5 Training Meterials of South Asia network operation group 2007
By : Rezwan Jamal
Ref :6 www.link3.net
4.1
IP Solution CenterMPLS VPN

By : Cisco System
4.2
MPLS Configuration on Cisco IOS Software

By Lancy Lobo, - CCIE No. 4690, Umesh Lakshman
4.3
FAT Pipe MPVPN

[ WHITE PAPERS]
4.4
www.link3.net
4.5
www.cisco.com
5.1
VPLS Technical Tutorial By J. Witters, J. De Clercq, S. Khandekar Alcatel
5.2
5.3
Cisco IOS MPLS Virtual Private LAN Service (VPLS) By Cisco

http://victor-traub.com/vpls.aspx
5.4
MPLS Fundamentals By Luc De Ghein
5.5
MPLS Configuration on Cisco IOS Software by Lancy Lobo
5.6
5.7
www.cisco.com
5.8
www.alcatel-lucent.com
5.9
www.juniper.net
5.10
www.huawei.com
150
6.1
MPLS Configuration on Cisco IOS Software By Lancy Lobo
6.2
MPLS Configuration on Cisco IOS Software By Lancy Lobo
6.3
6.4
Ref-MPLS Fundamentals By Luc De Ghein

www.cisco.com
6.5
Ref-Cisco Any Transport over MPLS By Cisco Press
6.6
Ref-Cisco Any Transport over MPLS By Cisco Press
6.7
6.8
Layer 2 VPN Architectures By Wei Luo
6.9
www.alcatel-lucent.com
6.10
www.juniper.net
7.1
IP Telephony Self-Study ,Cisco QOS,Exam Certification Guide, Second Edition,

By Wendell Odom, CCIE No. 1624 and Michael J. Cavanaugh, CCIE No.
4516)
[Ref: 1]
7.2
MPLS Configuration on Cisco IOS Software ,

By Lancy Lobo, - CCIE No. 4690, Umesh Lakshman
[Ref :2]
CCNP ISCW, Official Exam Certification Guide,
By Brian Morgan , CCIE no. 4865 and Neil Lovering,CCIE no. 1772
[Ref :3]
7.3
7.4
CCNP ONT, Official Exam Certification Guide

By Brian Morgan , CCIE no. 4865 and Neil Lovering,CCIE no. 1772
[Ref :4]
7.5
www.cisco.com
7.6
www.link3.net
[Ref :5]
[Ref :6]
8.1
http://www.securitytechnet.com/
8.2
http://www.juniper.net
8.3
www.mitel.com/netsolutions
8.4
www.qou.edu ICTC By: Eng. Saada Al-Shalabi
8.5
http://www.bsnl.in
8.6
http://www.sancharnet.in
8.7
http://www.link3.net

Porashuna Thesis

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Porashuna Thesis

Uploaded by

Copyright:

Available Formats

1

Link3 IP Network Coverage

Label Distribution Protocol (LDP)

MPLS Traffic Engineering

MPLS VPN (Layer 2 and Layer 3)

2.11.3Customer Deployment of MPLS VPN

Virtual Private LAN Service (VPLS)

Chapter 6: Pseudo wire

Chapter 7: Implementing QoS in MPLS network

7.2.1 Problem definition

Common QoS Parameters[Bandwidth,Delay,Jitter & Packet

Chapter 8. How MPLS VPN reduces the customer hardware

Figure 1.1: Network service subscription by segment

1.2:Common Applications of MPLS

Any transport over MPLS

In 2005, SDNP a UN funded project established BDIX with support from

Figure:1. 2: Common ISP network scenario in

the present network architecture to a core/edge or PE/P based network

with an optical-speed data network to connect multiple corporate

Supports the delivery of services with QoS guarantees

1.3 :Planning the MPLS Migration Path:

MPLS architecture selection

MPLS architecture selection:

Figure 1.3: MPLS architecture

An LSR is capable of understanding MPLS labels and of receiving and

1.4 :Routing Protocol Selection:

These IGP routing protocol extensions currently include advertisement of a

Figure 1.4: four POPs are connected to

Figure : 1.5 Four POPs are connected to IP

Figure 1.5: Four routers connected to

Figure1. 6: Full mesh with six routers.

1.6 :Link3 IP network coverage:

1.6: Problem of IP network

Figure 1.9: Remote offices are connected to head

Figure1. 10: Remote Branch is connected to head quarter through

In IP network, we are using dynamic routing protocol for redundancy.

Figure 1.11: load sharing by OSPF cost

Quality of Service is one of the important issues for the ISP. In IP

MPLS Header's total size is 32-bits.

Chapter-2 Label Distribution Protocol (LDP)

Figure 2.1Link3 IP Network

Traditional IP routing protocols are used to distribute Layer 3 routing

2.2 MPLS Benefits

Separates Control plane & the forwarding plane

2.3 MPLS Architecture:

2.4 MPLS architecture: Control plane

Figure 2.2: Control Plane

2.5 MPLS architecture: data plane

Figure 2.3:Data Plane

2.6 MPLS configuration Tasks:

2.7 Benefits of Label Distribution Protocol (LDP)

Figure 2.3: MPLS configuration

2.8 Configuring MPLS Mandatory part:

2.9 Configure MPLS Optional part:

Normal MTU size =

MPLS VPN header =

Total MPLS MTU= 1530 [Ref. 2. ]

This parameter specifies which destinations should have

to peer-access-list: This parameter specifies which LSR neighbors should received

The table describes the significant field in the display.

IP = yes means it is enable on this interface

Banani_P#show mpls ldp discovery

Banani_P#show mpls ldp neighbor detail

Banani_P#show mpls forwarding-table