Professional Documents
Culture Documents
Table of Contents
Chapter 1:
Introduction
1.1
1.2
1.3
1.4
Epilogue
7
Common Application of MPLS
Planning the MPLS migration Path
Constrains using traditional network (IP/Frame Rela)
8
14
16
1.5
1.6
18
20
Chapter 2:
2.1
2.2
2.3
2.4
2.5
2.6
2.7
Chapter 3:
Link3 IP Network
MPLS benefits
MPLS Architecture
MPLS Configuration Task
LDP needed
Configure MPLS mandatory part
Configure MPLS optional part
24
25
25
26
27
28
28
Traffic Engineering
3.1
3.2
3.3
3.4
3.5
3.6
3.7
Chapter 4:
4.1
4.1.1
4.2
4.3
4.4
4.4.1
4.5
4.6
4.7
4.8
37
38
39
39
40
42
43
45
45
46
48
49
50
50
51
51
2
4.9
MPLS VPN Data Plan Operation
4.10
Advantage of having chosen this Network
4.11 Turning up MPLS VPN Services
4.11.1Customer Order form
4.11.2Figure of Customer MPLS implementation
52
52
53
53
54
54
57
4.12
Chapter 5:
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
67
68
69
70
71
73
74
76
78
80
Introduction
Supported transport type
Like to like any to any
Layer 2 VPN model
Pseudo Wire reference model
Requirements for AToM
Benefits of using AToM
Any transport over MPLS
Establishing AToM Pseudo wires
Basic VPLS configuration
QoS with AToM
Conclusion
82
83
83
84
85
86
88
89
91
93
93
101
Introduction to QoS
Problem define
82
83
83
84
91
7.4.2 Scenario-2 [ End-to-End QoS in MPLS network ]
93
3
7.5
loss
101
7.5.2 QoS Service Models [ Best Effort, Int Serv , Diffserv.]
86
7.5.3 Classification & Marking
91
7.5.4 Queuing / Scheduling
93
7.6
Traffic Policing and Shaping
7.7
Others
7.7.1 Details Sample Configuration and Implementation of MPLS
QoS in Uniform Mode and Short Pipe Mode Operation
91
7.8
Conclusion
Introduction
8.2
Cost effectiveness
8.2.1 Centralized control
Case Study
8.3.1 Case-1
8.3.1.1 Traditional IP/VPN connectivity
8.3.1.2 MPLS VPN Connectivity
8.3.1.3 Cost benefits analysis
A practical Case
8.3.2.1 Point-to-Point connectivity with Optical Fiber
8.3.2.2 Regular VPN solution:
8.3.2.3 MPLS VPN:
Case-2
8.3.3.1 Traditional Leased Line Solution
8.3.3.2 MPLS VPN Connectivity
8.3.3.3 Cost benefits analysis.
Case-3
8.3.4.1 Traditional IP/VPN connectivity
8.3.4.2 MPLS VPN connectivity
8.3.4.3 Cost benefits analysis.
Practical Case-2
8.3
8.3.2
8.3.3
8.3.4
8.3.5
Epilogue
This paper is assimilated with the intention to provide the foundation
knowledge base and a practical guideline to migrate traditional IP network to
MPLS network. The paper has been developed keeping in mind the
intermediate to advanced level network administrators who are already
administering traditional multi-hop IP based networks.
The paper is organized in topic-wise chapters. Each chapter contains an
introduction to an MPLS concept, the advantages this feature provides,
reasons and/or conditions under which migration is logical and beneficial,
followed by an example depicting the steps required to migrate a generic
arbitrary non-MPLS based scenario to the optimum MPLS based scenario.
Chapter-1 Introduction
1.1 Introduction of Multi protocol Level Switching
(MPLS)
Demand for data communication has been increasing exponentially in
Bangladesh. Before 2000, few organizations had the capability to connect
multiple office locations spread across the country over MAN or WAN. As the
telecommunication sector grew, and made available means to provide data
access across cities, a few intrepid local Internet Service Providers decided to
extend their networks across the nation. As a result, a number of ISPs also
became Data Communication Service Provides.
These service providers grew their networks driven by market demand, on
ad-hoc basis. The largest consumer of this expanding network is Banking
and Non-Banking Financial Institutions, followed by large (in Bangladesh
context) enterprises.
Some small organizations and individuals with
technology leader mindset also subscribe to this network service. The
service provider and the consumers require different functionalities and
service from the network.
Under the competitive scenario of the service provider market, the network
providers primary requirements from their network are to have flexibility to
introduce new services as and when required, scalability to grow to meet
customer demands, and optimize traffic flow so that the most expensive
resource Intercity bandwidth is utilized to its fullest. Banks and nonbanking financial institutions, and large enterprises require a high level of
security across their network without compromising Quality of Service (QoS).
(See Figure -1)
The hardware required to establish secure IPSec VPN tunnels across multiple
branches are immense. In most cases, it is difficult for the end-user or the
service provider to bear such costs economically. MPLS, with its inherent
secure VPN tunneling methods that are maintained within the providers
infrastructure, eliminate the need for such expensive hardware to be
deployed at the consumers end. Thus, the larger the end-user network, the
cheaper it is for the end-user when MPLS is used.
While only a few service providers in Bangladesh have the right platform to
scale up to an MPLS based network, most are willing to make the investment
required in order to reap the benefits of MPLS and to keep the competitive
advantage in the market.
It is clear from Figure 2 that each router is considered as core and edge at
the same time. There is no clear demarcation between Provider-End (PE)
router and Provider (P) router i.e. there is no distinction between the core
network and the edge network. The use of non-scalable hardware also
compounds the complications involved in migrating such network into an
MPLS ready network.
Thus, as this paper will continue to reveal, the first steps in the migration
process will be to identify and replace non-scalable hardware with
appropriate, scalable, and MPLS capable hardware, followed by restructuring
10
11
Hardware Selection:
Hardware plays the vital role in MPLS rollout. All routers and switches do not
support MPLS. There are a number of MPLS services, and not all are
supported by most MPLS compatible routers or switches.
The primary consideration in selecting the hardware is traffic utilization. It is
best to select the routers and switches based on the core networks traffic
flow.
At Link3, all routers and switches are from Cisco. Our core network is based
on the Cisco 7206-VXR with NPEG1 and Cisco Catalyst 3550. At the edges,
we use Cisco 3662 and Cisco 3640 routers and Cisco Catalyst 2950 and 2960
switches.
Link3 Technologies Ltd MPLS Diagram
It is crucial for the network architect to select the appropriate hardware in
order to support the desired MPLS services/applications that will be
implemented within the network. The Internet has sufficient compatibility
references. For example, in order to implement MPLS Layer 2 VPN and Layer
3 VPN from every PoP, Cisco 7200-VXR or higher ranges must be used. With
Huawei and Maipu, lower series can support MPLS Layer 2 and Layer 3 VPN.
While designing the Link3 MPLS network, it was assumed that customers will
require both MPLS Layer 2 and Layer3 in few major cities, and only Layer3 in
remaining cities. Thus, Cisco 7206-VXR was used only where both MPLS L3
and L2 VPN are required. Cisco 3600 series routers were used in the
remaining PoPs as core routers.
12
13
1.5: Constrains
(IP/Frame relay)
using
traditional
network
We are going to begin discussing MPLS not with the technology itself, but
with many of the problems it is designed to fix in service provider networks.
A few of the problems are discussed below.
Problem 1:
14
Figure 4 shows four POPs: Dhaka, Chittagong, Sylhet, and Khulna. At each of
these POPs, the routers are connected to ATM switches that are fully meshed,
creating the core service network.
Another way to represent the service provider network is to show the POP
locations connected to a cloud, as illustrated in Figure 5 which is logical for
the service provider network compare to figure 4. Here Link3 trying to
demonstrate the problem faced when integrating ATM and IP based routers.
IP and ATM were developed separately and without much regard for each
other. The ATM switches are only concerned with moving traffic based on
VPI/VCI values of which the IP based POP routers are unaware. POP routers
are layer3 devices, concerned with forwarding packets based on routing
table.
Problem 2: (Scalability)
Second problem experienced by the service providers is scalability. To allow
for the maximum redundancy and optimum routing, a full mesh of virtual
circuits (VCs) must be created, resulting in an overlay.
In Figure 6, the four POP routers are connected together in full mesh of VCs.
Notice that for four routers, six VCs are required. If two more POP routers are
added, as shown in figure 4, a total of 15 VCs are required to provide full
mesh connectivity.
15
In the real word scenario the overlay problem is the big problem, in which
the routers are connected in a full mesh through virtual circuits, is that
officially it is not scalable.
Not only are there scalability problems with the number of VCs required
implementing a full mesh, but there are also scalability problems associated
with the routing protocols in use in the network. As more and more VCs are
created, more and more routers must form adjacencies with one another to
ensure redundancy. All of these routers must exchange routing table updates
with every routers, thus creating a great deal of traffic that is merely
updating routing tables.
16
Early 2001 Link3 started ISP business with IP based network in between
Dhaka only. Day by day link3 increasing their network from one city to
another and currently Link3 covered all of the major cities and all divisions.
Link3 has the largest IP backbone and the network with most resilience & redundancy in
Bangladesh.[Ref: 2.2]
17
Link3 using dynamic routing protocol OSPF to interconnect POPs. Link3 got
two /19 class C IP address and also using 12 bits class B private IP address in
the network.
Figure 1.8: Link3 coverage IP network.
18
In IP network, we can use IPSec tunnel for the security. Now a days
most of the customers want to deploy their network with failover. In
this scenario, all remote branches are connected to head quarter with
redundant links. One is primary and other one is secondary.
But when one of the branch is connected to head quarter with only
primary link when primary link of the head office got down then this
branch could not connect to the head office through the branch
connectivity is okay.
19
20
In MPLS, there are 3 bits for Class of service by which we can maintain the quality of
service.
MPLS header
Label 20 bits
Cos (3 bits)
S (1 bit)
TTL (8bits)
21
22
23
24
25
Two LSRs (Label Switched Routers) which use LDP to exchange label mapping
information are known as LDP peers and they have an LDP session between them.
26
1500
Ethernet header =
Ethernet tailer =
LDP header =
14
4
MPLS TE header =
27
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Banani_P
!
!
ip domain name link3.net
ip name-server 203.76.96.4
ip name-server 203.76.96.5
ip name-server 203.76.127.4
!
ip cef
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching tdp router-id Loopback0 force
(we use mpls ldp router-id ., but it is showing tag-switching tdp, it is IOS issue in cisco,
other vendor router shows mpls ldp)
!
interface FastEthernet0/0
description To Gulshan FON
ip address 203.76.111.130 255.255.255.252
ip flow ingress
ip ospf cost 1
load-interval 30
duplex full
mpls label protocol ldp
mpls traffic-eng tunnels
28
tag-switching mtu 9196
tag-switching ip
ip rsvp bandwidth
interface GigabitEthernet0/2
description To Banani PE
ip address 203.76.104.29 255.255.255.252
media-type rj45
negotiation auto
mpls label protocol ldp
tag-switching mtu 9196
tag-switching ip
!
interface GigabitEthernet0/3
description To Banani 2nd P
ip address 203.76.104.21 255.255.255.252
media-type rj45
negotiation auto
mpls label protocol ldp
tag-switching mtu 9196
tag-switching ip
note : here tag-switching = mpls
To monitor MPLS whether it is working or not , you have to use the following commands
Banani_P#show mpls ldp parameters
Protocol version: 1
Downstream label generic region: min label: 16; max label: 100000
Session hold time: 180 sec; keep alive interval: 60 sec
Discovery hello: holdtime: 15 sec; interval: 5 sec
Discovery targeted hello: holdtime: 90 sec; interval: 10 sec
Downstream on Demand max hop count: 255
29
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
IP
Tunnel Operational
GigabitEthernet0/2
Yes (ldp)
No
Yes
GigabitEthernet0/3
Yes (ldp)
No
Yes
FastEthernet0/0
Yes (ldp)
Yes
Yes
FastEthernet2/0
Yes (ldp)
Yes
Yes
FastEthernet3/0
Yes
No
No
FastEthernet4/0
Yes (ldp)
No
Yes
FastEthernet5/0
Yes (ldp)
Yes
Yes
FastEthernet6/0
Yes (ldp)
No
Yes
30
LDP Id: 203.76.127.196:0
FastEthernet2/0 (ldp): xmit/recv
LDP Id: 203.76.127.194:0
FastEthernet4/0 (ldp): xmit/recv
LDP Id: 203.76.127.197:0
FastEthernet5/0 (ldp): xmit/recv
LDP Id: 203.76.127.216:0
FastEthernet6/0 (ldp): xmit/recv
LDP Id: 203.76.127.199:0
If you see the interface is showing xmit/recv that means ,it is ready for transmit and receive
LDP discovery hello packets.
The status of the LDP session is indicated by State: Oper meaning operational.
Banani_P#show mpls ldp binding
tib entry: 10.1.10.8/30, rev 154
local binding: tag: 67
remote binding: tsr: 203.76.127.202:0, tag: 85
remote binding: tsr: 203.76.127.204:0, tag: 59
remote binding: tsr: 203.76.127.196:0, tag: 63
remote binding: tsr: 203.76.127.194:0, tag: 59
remote binding: tsr: 203.76.127.199:0, tag: 64
31
remote binding: tsr: 203.76.127.197:0, tag: 69
remote binding: tsr: 203.76.127.216:0, tag: 70
tib entry: 10.1.10.12/30, rev 156
local binding: tag: 68
remote binding: tsr: 203.76.127.202:0, tag: 86
remote binding: tsr: 203.76.127.204:0, tag: 60
remote binding: tsr: 203.76.127.196:0, tag: 1668
remote binding: tsr: 203.76.127.194:0, tag: 68
remote binding: tsr: 203.76.127.199:0, tag: 65
remote binding: tsr: 203.76.127.197:0, tag: 70
remote binding: tsr: 203.76.127.216:0, tag: 71
Prefix
tag
tag or VC or Tunnel Id
37
Pop tag
203.76.104.24/30
38
285
10.72.1.12/30
39
Bytes tag
switched
9916801
Outgoing
Next Hop
interface
Fa0/0
203.76.111.129
4367957
Fa0/0
203.76.111.129
Pop tag
203.76.111.96/30 3805808
Gi0/3
203.76.104.22
40
Pop tag
203.76.111.104/30 4468002
Fa0/0
203.76.111.129
41
34
203.76.104.12/30 1000792
Fa0/0
203.76.111.129
42
Pop tag
203.76.111.36/30 1323002
Fa6/0
203.76.111.78
43
Pop tag
203.76.104.48/30 1398622
Fa2/0
203.76.111.82
This is MPLS LFIB table. To see the FIB table use the following command
Banani_P# sh ip cef detail
IP CEF with switching (Table Version 369940), flags=0x0
2161 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 172
18863 instant recursive resolutions, 7 used background process
2161 leaves, 277 nodes, 582032 bytes, 123869 inserts, 121708 invalidations
1 load sharing elements, 336 bytes, 1 references
universal per-destination load sharing algorithm, id CE2A2C21
32
3(0) CEF resets, 201915 revisions of existing leaves
Resolution Timer: Exponential (currently 1s, peak 2s)
245711 in-place/0 aborted modifications
refcounts: 75213 leaf, 71168 node
Table epoch: 0 (2161 entries at this epoch)
Adjacency Table has 73 adjacencies
11 IPv4 incomplete adjacencies
68 auto adjacencies refreshed
10.1.10.8/30, version 365088, epoch 0, cached adjacency 203.76.111.58
0 packets, 0 bytes
tag information set
local tag: 67
fast tag rewrite with Fa5/0, 203.76.111.58, tags imposed: {70}
via 203.76.111.58, FastEthernet5/0, 0 dependencies
next hop 203.76.111.58, FastEthernet5/0
valid cached adjacency
tag rewrite with Fa5/0, 203.76.111.58, tags imposed: {70}
33
34
Figure: destination based least-cost routing
35
most of the traffic through the shortest path and rest of the traffic to other path.
The result is no or less congestion.
36
You have to enable TE on the head end to tail end all router in Global mode. In
figure 14, from router R1 to R9 all routers should be configured the below three
command to build the blue TE tunnel.
R1(config)# mpls traffic-eng tunnels
R1(config-if)#mpls traffic-eng tunnels
This command needed on all the routers interface of the entire LSP could pass over.
Should be enabled on R1, R2, R3, R4 and R9 all interface where the traffic pass
through.
Router(config-if)# ip rsvp bandwidth <bw1> <bw2>
[Where BW1 is tunnel reservable
bandwidth and BW2 is the
reservable Bandwidth for Tunnel using sub pool]
This is for rsvp signaling and you have to assign bandwidth how much you want to
reserve for the tunnel. Otherwise if you do not mention the bandwidth, it will take
full interface bandwidth. If it is fast Ethernet, it will take 100Mb. Should be enabled
on R1, R2,R3,R4 and R9 all interface where the traffic pass through.
Configuring IS-IS for Traffic Engineering)
Should be enable on R1,R2,R3,R4 and R9
router isis
mpls traffic-eng level <1 or 2>
mpls traffic-eng router-id loop0
metric-style wide
OR
37
Should be enable on R1, R2, R3, R4 and R9
router ospf <process-id>
mpls traffic-eng area <area>
mpls traffic-eng router-id loopback 0
38
39
40
Delay
41
-Serialization delay
-propagation delay
-Routing delay
Single points of failure: Intermittent Router, CSU/DSU,last mile failure ,ISP and
backbone failures.
Security breaches
42
43
intranet solutions can be run across the MPLS VPN network thus enabling
integration of operations across the country.
Extranet: Companies may prefer to exchange information with other similar
companies to speed up business transactions. The MPLS VPN network is capable of
providing the extranet facility by interconnecting the VPNs, depending on the
customer's requirement.
Internet: Customers preferring a common infrastructure for intranet and Internet
access can have access to the Internet via the MPLS VPN network. However, this will
be only according to the customer's preference.
Multicast: One of the important new features that MPLS VPN offers is multicasting.
This is especially useful for applications such as video conferencing and customer
specific broadcasting.
44
Latest technology - Although the Link3 network is a mature, robust and stable
network, the Link3 operations engineers are continually investigating the latest
technology and industry trends, to ensure that the MPLS VPN remains a world class
service.
The MPLS VPN network also provides Layer 2 Service, which is almost like the
physical leased line. This may be preferred by enterprises who don't want to
outsource the management of their network. Moreover, the MPLS VPN network is
also capable of handling the encryption of data. The customer is free to use
encryption techniques such as Public Key/Private Key encryption, IPsec encryption
etc.
Link3 takes the following steps to successfully compete with XYZ:
Upgrades its core network to be MPLS-enabled
Uses L2 access switches to distribute Ethernet services to its customers
Hires knowledgeable network engineers to train its NOC operators and field staff
Explain to its customers the services it wants to offer
45
P routers: which are routers in the core of the provider network that interface
with either other provider core routers or provider edge routers
46
enable scaling the network to large number of customer VPNs, multiprotocol BGP is
configured between PE routers to carry customer routes.
47
Turning on MPLS in the core of its network, Link3 is able to offer very good security
due to the isolation of VRF routing (for example, only routing inside a VPN is seen
and published to the customer-connected sites). Using an L2access switch to
distribute access to its customers is a very savvy choice. L2 Access Ethernet has an
excellent ROImodel, and advanced QoS can be applied to customer traffic to
guarantee QoS.
Defining the Services That Link3 Wants to Offer
Link3 Technologies Ltd. can define all details of the service deployment in MPLS
VPN Policy. Link3 decides to offer
MPLS VPN services with the following parameters:
L2 access into MPLS VPN
BGP/OSPF/Static is the default protocol for PE-CE connection
VLAN ID will be manual-allocated for customers
IP Addresses for PE-CE connections will be manual-assigned
48
Bandwidth
AB Bank HO
As required
Branch X
128 kbps
Branch Y (CTG)
128 kbps
Branch Z (Sylhet)
128 kbps
49
50
If Link3s customer wants to add more sites to their VPN, this is as easy as adding
additional attachment legs to the exiting service and redeploying the service.
ANNEX 1
CE ROUTER CONFIGURATION
MPLS Layer 3 VPN:
Router CE1: Bank A HO
interface FastEthernet1/0
description Connected To ISP-A
ip address 10.31.32.1 255.255.255.252
Router CE3: Bank A Br-1
interface FastEthernet1/0
description Connected To ISP-A
ip address 10.31.32.5 255.255.255.252
Router CE2: Bank A Br-2
interface FastEthernet1/0
description Connected To ISP-A
ip address 10.31.32.9 255.255.255.252
MPLS Layer 2 VPN:
Router CE4: Bank B DC
interface FastEthernet0/0
description Connected To DR through ISP-A
ip address 10.32.33.1 255.255.255.252
Router CE5: Bank B DR
interface FastEthernet0/0
description Connected To DC through ISP-A
ip address 10.32.33.2 255.255.255.252
51
PE ROUTER CONFIGURATION
Router PE1:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
ip cef
mpls ip
mpls ldp router-id loopback0 force
interface FastEthernet1/0
description Connected to P
ip address 10.20.30.2 255.255.255.252
mpls ip
mpls label protocol ldp
mpls mtu 9196
Router ospf 10
network 10.10.10.10 0.0.0.0 area 0
network 10.20.30.0 0.0.0.3 area 0
Router PE2:
interface Loopback0
ip address 12.12.12.12 255.255.255.255
ip cef
mpls ip
mpls ldp router-id loopback0 force
interface FastEthernet0/0
description Connected to P
ip address 10.20.30.6 255.255.255.252
mpls ip
52
mpls label protocol ldp
mpls mtu 9196
Router ospf 10
network 12.12.12.12 0.0.0.0 area 0
network 10.20.30.4 0.0.0.3 area 0
MPLS Layer 3 VPN:
Router PE1:
ip vrf Bank_A_HO
rd 2:11
route-target export 2:12
route-target import 2:11
ip vrf Bank_A_Br
rd 2:10
route-target export 2:11
route-target import 2:12
interface FastEthernet0/0.2
description Connected To Bank A HO - CE1
encapsulation dot1Q 2
ip vrf forwarding Bank_A_HO
ip address 10.31.32.2 255.255.255.252
interface FastEthernet0/0.3
description Connected To Bank A Br-1 - CE3
encapsulation dot1Q 3
ip vrf forwarding Bank_A_Br
ip address 10.31.32.6 255.255.255.252
router bgp 64512
53
no synchronization
bgp log-neighbor-changes
neighbor 11.11.11.11 remote-as 64512
neighbor 11.11.11.11 update-source Loopback0
neighbor 11.11.11.11 next-hop-self
neighbor 12.12.12.12 remote-as 64512
neighbor 12.12.12.12 update-source Loopback0
neighbor 12.12.12.12 next-hop-self
no auto-summary
address-family vpnv4
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community both
neighbor 12.12.12.12 activate
neighbor 12.12.12.12 send-community both
exit-address-family
address-family ipv4 vrf Bank_A_HO
redistribute connected
no auto-summary
no synchronization
exit-address-family
address-family ipv4 vrf Bank_A_Br
redistribute connected
no auto-summary
no synchronization
exit-address-family
Router P:
54
router bgp 64512
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.10 remote-as 64512
neighbor 10.10.10.10 update-source Loopback0
neighbor 10.10.10.10 next-hop-self
neighbor 12.12.12.12 remote-as 64512
neighbor 12.12.12.12 update-source Loopback0
neighbor 12.12.12.12 next-hop-self
no auto-summary
address-family vpnv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community both
neighbor 12.12.12.12 activate
neighbor 12.12.12.12 send-community both
exit-address-family
Router PE2:
ip vrf Bank_A_Br
rd 2:10
route-target export 2:11
route-target import 2:12
interface FastEthernet1/0.2
description Connected To Bank A Br-2 - CE2
encapsulation dot1Q 2
ip vrf forwarding Bank_A_Br
ip address 10.31.32.10 255.255.255.252
55
router bgp 64512
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.10 remote-as 64512
neighbor 10.10.10.10 update-source Loopback0
neighbor 10.10.10.10 next-hop-self
neighbor 11.11.11.11 remote-as 64512
neighbor 11.11.11.11 update-source Loopback0
neighbor 11.11.11.11 next-hop-self
no auto-summary
address-family vpnv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community both
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 send-community both
exit-address-family
address-family ipv4 vrf Bank_A_Br
redistribute connected
no auto-summary
no synchronization
exit-address-family
MPLS Layer 2 VPN:
Router PE1:
interface FastEthernet0/0.4
description Connected To Bank B DC
encapsulation dot1Q 4
56
mpls l2transport route 12.12.12.12 4
Router PE2:
interface FastEthernet1/0.4
description Connected To Bank B DR
encapsulation dot1Q 4
mpls l2transport route 10.10.10.10 4
57
Chapter 5:
5.1 Introduction
VPLS is a type of layer 2 VPN that supports the connection of multiple sites in a
single bridged domain over a managed IP/Multi-protocol Label Switching (MPLS)
network. In a VPLS, the Ethernet LAN at each customer site is extended as far as the
edge of the provider network. The provider network then emulates the function of a
LAN switch or bridge to connect the entire customer LANs to create a single bridged
(Ethernet) LAN.
Many network managers wish to connect their geographically isolated locations with
any-to-any, full-mesh service. This is difficult for service providers to achieve with
existing IP network. Virtual Private LAN Service (VPLS) has emerged to meet this
need. VPLS uses Multiprotocol Label Switching (MPLS) to offer multipoint Ethernet
connectivity over a mesh of logical circuits or tunnels, with the added benefits of
Traffic Engineering (TE), resilience, and failover. VPLS enables carriers and service
providers to offer managed Ethernet VPN services easily and cost effectively. From
the service providers point of view, use of IP/MPLS routing protocols and procedures
instead of the Spanning Tree Protocol, and MPLS labels instead of VLAN IDs,
significantly improves the scalability of the VPLS service.
58
VPLS technology began in mid-2001, when various service providers that were
evaluating the possibility of deploying Metro Ethernet services. They correctly noted
that Ethernet switching technologies developed up to that point were deficient in
providing network services that could support the SLA characteristics comparable to
existing traditional WAN services, such as Frame Relay, T-1/E-1 and ATM.
These service providers required a technology that could support multipoint data
services (transparent LAN services) over an infrastructure that provided traffic
engineering, high availability, and OAM (Operations, Administration, and
Maintenance) characteristics similar to their existing services. The obvious
technology direction to investigate was MPLS, and specifically EoMPLS.
In mid-2001, several drafts that described VPLS were submitted to the IETF by
various authors and sponsors. By the end of that year, there were at least five
different VPLS drafts submitted to the IETF. For VPLS to be seriously adopted, it
would be necessary for these different drafts to be united and distilled into a single
draft. The next 12 months the different VPLS draft authors worked hard to find
common ground for a single draft. In July 2002, a unified draft was submitted to IETF
that consolidated most, but not all, of the VPLS IETF drafts. As of late 2003, there
are two different VPLS IETF drafts.
Perhaps the most significant difference between these two drafts is the mechanisms
they recommend for auto discovery and signaling. It remains to be seen if and when
59
this difference will be resolved. Significant progress has been made over the past
two years in the development of VPLS standards. Evidence of this progress is that
independent testing labs have conducted several interoperability demonstrations of
VPLS. [Ref: 5.2]
60
On the other hand virtual private LAN service (VPLS) over a carrier Ethernet network
provides a WAN that is configured like a LAN. Customers maintain complete control
over their routing, and since all the customer routers in the VPLS are part of the
same subnet (LAN), the result is a simplified IP addressing plan, especially when
compared to a mesh constructed from many separate point-to-point connections.
The service provider also have benefits from reduced complexity to manage the
VPLS service since it has no awareness or participation in the customers IP
addressing space and routing.
Metro connectivity - they are ideal for connecting multiple sites within
a Metro area, and can be deployed as an alternative or complement to
traditional LAN-to-LAN services.
Cost effective - VPLS allows service providers to benefit from Ethernet's
low cost, simplicity and ubiquity without sacrificing scalability,
reliability, traffic engineering and SLAs provided by MPLS. Not
demanding on PE routers - VPLS is less demanding for PE routers, as
they do not have to maintain multiple private routing tables, one for
each customer's network.
Multi protocol - they can handle legacy traffic such as SNA or IPX as
well as IP traffic, and so are better suited to customers who depend on
legacy protocols to operate their businesses.
61
Although the CE device can be either a router or a switch, there are some potential
issues that should be considered. Using Ethernet switches as the CE device allows
multiple MAC addresses to be supported per site. However, this could create
scalability problems unless the service provider implements MAC limiting per
customer. Also, a mal-functioning CE switch could flood the service provider's
network with runaway broadcast and multicast traffic. Using a router as the CE
device places a limit of one MAC address per site and provides a clean service
demarcation between customer and service provider. It also eliminates the
possibility of unnecessary broadcast and multicast traffic. As most customers
already use routers to connect multiple sites together, VPLS enables them reduce
the management overhead of managing connections on a per site basis.
Ethernet VPNs based on VPLS do have some limitations, including the following:
62
63
CEAny Ethernet devices
PECisco 7600 Series Router or later
Following E-series routers by Juniper support VPLS with E-series interface
module:
E320 router
ERX-1440 router
ERX-1410 router
ERX-710 router
ERX-705 router
ERX-310 router
which reduces
64
No need for the service provider to train technicians to deal with customer
routing issues
Fig: 5.5 Sample network with IPVPN and with VPLS with MPLS Backbone
65
PE1 (config-if-fastethernet0)# mpls ip
PE1 (config-if-fastethernet0)# mpls vpls a
PE1 (config-if-fastethernet0)#exit
PE1 (config)# interface fastethernet 1
PE1 (config-if-fastethernet1)# mpls ip
PE1 (config-if-fastethernet1)# mpls vpls b
PE1 (config-if-fastethernet1)# exit
PE1 (config-ospf)#exit
PE1 (config)# mpls ldp
PE1 (config-ldp)# router-id 1.1.1.1
PE1 (config-ldp)# transport-address 1.1.1.1
PE1 (config-ldp)#exit
For PE2
PE2 (config)# mpls ip
PE2 (config)# mpls vpls a
PE2 (config-vpls)# vpn-id 100
PE2 (config-vpls)# peer 1.1.1.1
PE2 (config-vpls)# peer 3.3.3.3
PE2 (config-vpls)# exit
PE2 (config)# mpls vpls b
PE2 (config-vpls)# vpn-id 200
PE2 (config-vpls)# peer 1.1.1.1
PE2 (config-vpls)# peer 3.3.3.3
PE2 (config-vpls)# exit
PE2 (config)# interface loopback0
PE2 (config-if-loopback0)# ip address 2.2.2.2 255.255.255.255
PE2 (config-if-loopback0)# exit
PE2 (config)# interface fastethernet 0
PE2 (config-if-fastethernet0)# mpls ip
PE2 (config-if-fastethernet0)# mpls vpls a
PE2 (config-if-fastethernet0)#exit
PE2 (config)# interface fastethernet 1
PE2 (config-if-fastethernet1)# mpls ip
PE2 (config-if-fastethernet1)# mpls vpls b
PE2 (config-if-fastethernet1)# exit
66
PE2 (config-ospf)# network 2.2.2.2 0.0.0.0 area 0
PE2 (config-ospf)#exit
PE2 (config)# mpls ldp
PE2 (config-ldp)# router-id 2.2.2.2
PE2 (config-ldp)# transport-address 2.2.2.2
PE2 (config-ldp)#exit
For PE3
PE3 (config)# mpls ip
PE3 (config)# mpls vpls a
PE3 (config-vpls)# vpn-id 100
PE3 (config-vpls)# peer 1.1.1.1
PE3 (config-vpls)# peer 2.2.2.2
PE3 (config-vpls)# exit
PE3 (config)# mpls vpls b
PE3 (config-vpls)# vpn-id 200
PE3 (config-vpls)# peer 1.1.1.1
PE3 (config-vpls)# peer 2.2.2.2
PE3 (config-vpls)# exit
PE3 (config)# interface loopback0
PE3 (config-if-loopback0)# ip address 3.3.3.3 255.255.255.255
PE3 (config-if-loopback0)# exit
PE3 (config)# interface fastethernet 0
PE3 (config-if-fastethernet0)# mpls ip
PE3 (config-if-fastethernet0)# mpls vpls a
PE3 (config-if-fastethernet0)#exit
PE3 (config)# interface fastethernet 1
PE3 (config-if-fastethernet1)# mpls ip
PE3 (config-if-fastethernet1)# mpls vpls b
PE3 (config-if-fastethernet1)# exit
PE3 (config-ospf)#exit
PE3 (config)# mpls ldp
PE3 (config-ldp)# router-id 3.3.3.3
PE3 (config-ldp)# transport-address 3.3.3.3
PE3 (config-ldp)#exit [Ref:5.5]
67
the customer equipment. Hierarchy is introduced by adding another layer in the
access layer toward the customer equipment. H-VPLS has two forms:
H-VPLS with MPLS in the access layer
H-VPLS with dot1q tunneling in the access layer
The N-PE routers are network-facing PE routers, whereas the U-PE routers are userfacing PE routers. The hierarchy provides the benefits of less signaling in the MPLS
core network and less packet replication on the N-PE routers. The U-PE routers have
an aggregation role and do some packet replication and MAC address learning.
[Ref:5.6]
With MPLS in the access layer, point-to-point virtual circuits will exist between the
N-PEs and U-PEs. We need to disable the default split-horizon behavior on the N-PEs
because an N-PE must forward Layer 2 frames received on the pseudowires from
another N-PE onto the pseudowires toward the U-PEs and vice versa.
68
In H-VPLS with Dot1q Tunneling customer VLANs encapsulated into another VLAN
(the provider VLAN, or P-VLAN), allowing a multi-VLAN switched customer network
to be transparently transported between multiple sites connected to an MPLS
network. This P-VLAN is mapped to one VFI on the N-PE router. If the CE equipment
is a router, configure the Ethernet interface toward the PE router as a trunk
interface by configuring 802.1Q subinterfaces, each with a specific VLAN number. If
the CE equipment is an Ethernet switch, configure the Ethernet interface toward the
PE router as an 802.1Q trunk interface with a certain number of VLANs
5.10 Conclusion
VPLS is one of the most exciting emerging VPN services. It offers enterprise
customers exactly what they need for intersite connectivity: protocol transparency,
scalable and granular bandwidth from 64 Kb/s to 1 Gb/s, fast service activation and
provisioning, and a simplified LAN/WAN boundary. VPLS also enables service
providers to deliver a scalable VPN service offering that can be combined with
Internet access on a consolidated IP/MPLS infrastructure. VPLS has received
widespread industry support from both vendors and service providers
Finally, it is important to remember that VPLS is still a new technology. The use of L2
VPN services based on VPLS technology is still in its childhood. Yet it is complex and
costly. The VPLS functionality from all vendors are based on implementations using
network processors, not application-specific integrated circuits (ASICs), because the
draft standards have only evolve in a period of time that would be less than the
development window for an ASIC implementation.
69
Carry the traffic across an MPLS backbone, which is the Any Transport over
MPLS (AToM) solution.
Both the AToM and L2TPv3 solutions use the same architecture, but the network that
is carrying the service is different. The architecture is based on pseudo wires. The
Layer 2 frames are encapsulated into an IP packet in L2TPv3 and labeled in MPLS.
The result is that the specific Layer 2 serviceits operation and characteristicsis
emulated across a PSN. [Ref: 6.1]
70
71
Various pseudo-wire technologies used in Layer 2 VPN networks:
72
A pseudo wire is a virtual circuit between two PE devices that interconnects two
attachment circuits. We can set it up through manual configuration or automatic
signaling. After establish a pseudo wire between two PE devices, native frames
received from an attachment circuit are encapsulated into pseudo wire PDUs and
sent over pseudo wire to the peering PE. When pseudo wire PDUs arrive at the
receiving PE device, they are changed back into the native form and forwarded to
the corresponding attachment circuit.
Provider (P) devices form the packet-switched core network and are transparent to
CE devices. They are unaware of pseudo wires and pseudo wire traffic, which PE
devices manage. This kind of transparency alleviates the design complexity of the
core network. Therefore, we can optimize the core network for core routing and
packet forwarding performance without being constrained by the complexity of
edge services. This transparency also helps to scale the number of emulated
circuits. We need to provision only the edge devices for new circuits; we can leave
the core devices alone. [Ref: 6.2]
73
PE-
E320 router
ERX-1440 router
ERX-1410 router
ERX-710 router
ERX-705 router
ERX-310 router
A unified network for Layer 2 and Layer 3 VPNs means lower infrastructure
and maintenance costs for the service provider. Using an IP or MPLS
backbone enables the service provider to offer Layer 2 VPN services along
with IP and Layer 3 VPNs in the same network. The service provider can
support VPN traffic with other traffic (e.g. Internet) on a single infrastructure.
Because MPLS uses frames or cells, it can work in IP over ATM networks and
IP over MPLS networks. MPLS is agnostic in its ability to accommodate
protocols. Therefore, service providers can run IP over ATM networks and
incrementally implement MPLS to their network. Adding MPLS to the network
in phases can be a better alternative in many situations than having to make
a complete conversion all at once.
AToM can be combined with QoS and Traffic Engineering to build new revenue
generating services such as virtual leased lines that mimic existing Layer 2
services (ATM, Frame Relay) without compromising the scalability and
flexibility of the MPLS networks on which they run.
74
The following process shows a packet traveling from a CPE router on the left side of
the network (Site 1) across the service provider network, to a CPE router on the
right side (Site 2).
1. Packets flow from Site 1 to PE1 on the edge of the service provider network
through a traditional Layer 2 virtual circuit, in this case a Frame Relay circuit.
2. In the service provider network, an operator configures a label switched path
(LSP) from PE1 to PE2.
3. For AToM, the operator configures:
a. At PE1, a cross-connect between Attachment VC 101 and Emulated
VC1 (shown as VC Label 10 above), and the destination PE to be PE2
b. At PE2, a cross-connect between Emulated VC1 and Attachment VC
201, and the source PE to be PE1
Note: No AToM configuration is required on the P routers.
4. At PE1 the following events then take place:
a. An incoming packet on the PE router is stripped of the layer 2 header.
b. A control word and Emulated VC label [10] are pushed onto the packet.
c. An appropriate network facing interface is selected
75
d. An LSP tunnel label [50] is pushed (for normal MPLS routing through
the cloud)
5. The control word and the emulated virtual circuit label are pertinent only to
the PE routers. The routers within the MPLS backbone (the P routers) do not
use the control word or the virtual circuit label. Instead, the P routers use the
LSP tunnel labels [50 & 90] to move the packet through the MPLS backbone.
A P router does not distinguish AToM traffic from other types of traffic. The
packet is handled just like other packets in the MPLS backbone.
6. The packet is sent through the service provider network to PE2.
7. The following events take place on the egress router PE2.
a. The Emulated VC label [10] is stripped.
b. The control word is processed and stripped.
c. The Layer 2 header is reconstructed for Attachment VC DLCI 201.
d. The packet is sent out the appropriate customer-facing interface.
Note: No tunnel label is present in the network-facing side of the router because
that label was popped by the penultimate P router.
8. PE2 connects to Site 2 through a traditional Layer 2 virtual circuit, in this case
an Frame Relay circuit.
76
Example of AToM deployment.
77
Router(config-if)# encapsulation encapsulation-type
Then enable AToM by specifying the xconnect command on the CE-facing interface,
as follows:
Router(config-if)# xconnect peer-router-id vcid encapsulation mpls
The peer-router-id is the LDP router ID of the remote PE router. The vcid is the
identifier that assign to the pseudo wire. The VCID has to be unique per pair of PE
routers. As soon as we configure this command on the interfaceon both PE routers
the targeted LDP session is established between the two PE routers. The
specification of the MPLS encapsulation is optional, because we can also specify it in
the pseudo wire class. The pseudo wire class is not required on the PE router to
configure AToM, but it is necessary if we need to specify more than just the
encapsulation to be MPLS. In the pseudo wire class, we can specify certain
characteristics of the pseudo wires. Interworking, preferred-path, and sequencing
are such configurable characteristics, besides the encapsulation type. The only
other encapsulation type available besides MPLS is L2TPv3. [Ref: 6.7]
Figure shows a basic example of an AToM network with two PE routers that provide
an AToM service to the two CE routers, CE1 and CE2. The transported Layer 2
protocol is HDLC.
78
mpls ldp router-id Loopback0 force
mpls label protocol ldp
pseudowire-class one
encapsulation mpls
!
interface Serial0/1/0
no ip address
encapsulation hdlc
xconnect 10.200.254.4 100 pw-class one
!
PE2#
!
mpls ldp router-id Loopback0 force
mpls label protocol ldp
pseudowire-class one
encapsulation mpls
!
interface Serial4/0/0
no ip address
encapsulation hdlc
xconnect 10.200.254.1 100 pw-class one
!
The default encapsulation for a serial interface in Cisco IOS is HDLC, so it is normally not
displayed in the configuration.
Verifying AToM on PE1 and PE2
PE1#show mpls l2transport vc 100
Local intf
Local circuit
Dest address
VC ID
Status
79
-------------
-------------------- ---------------
Se0/1/0
HDLC
---------- ----------
10.200.254.4
100
UP
Local circuit
------------- --
Se4/0/0
Dest address
HDLC
VC ID
10.200.254.1
Status
100
UP
80
Tunnel label: 22, next hop point2point
Output interface: Se5/0, imposed label stack {22 24}
Create time: 00:12:23, last status change time: 00:03:51
Signaling protocol: LDP, peer 10.200.254.1:0 up
MPLS VC labels: local 19, remote 24
Group ID: local 0, remote 0
MTU: local 1500, remote 1500
Remote interface description:
Sequencing: receive disabled, send disabled
Sequence number: receive 0, send 0
VC statistics:
packet totals: receive 50, send 64
byte totals: receive 4578, send 6984
packet drops: receive 0, seq error 0, send 0
PE1#show mpls l2transport binding 100
Destination Address: 10.200.254.4, VC ID: 100
Local Label: 24
Cbit: 1, VC Type: HDLC, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV Capabilities: Type 1, Type 2
Remote Label: 19
Cbit: 1, VC Type: HDLC, GroupID: 0
MTU: 1500, Interface Desc: n/a
VCCV Capabilities: Type 1, Type 2
81
MPLS label disposition supported
Distributed processing supported
Control word processing supported
Sequence number processing not supported
VCCV Type 1 processing supported
Edge functionality:
MPLS label imposition supported
Distributed processing supported
Control word processing supported
Sequence number processing not supported
Transport type ATM AAL5
Core functionality:
MPLS label disposition supported
Control word processing supported
Sequence number processing not supported
VCCV Type 1 processing supported
Edge functionality:
Not supported
Transport type ATM CELL
Core functionality:
MPLS label disposition supported
Control word processing not supported
Sequence number processing not supported
VCCV Type 1 processing not supported
Edge functionality:
Not supported
Transport type Eth VLAN
Core functionality:
MPLS label disposition supported
82
Distributed processing supported
Control word processing supported
Sequence number processing not supported
VCCV Type 1 processing supported
Edge functionality:
Not supported
Transport type Ethernet
Core functionality:
MPLS label disposition supported
Distributed processing supported
Control word processing supported
Sequence number processing not supported
VCCV Type 1 processing supported
Edge functionality:
Not supported
!output omitted for brevity
6.12 Conclusion
AToM is a powerful technology that allows service providers to offer Layer 2
connectivity over MPLS networks, thereby increasing revenue opportunities. It does
so by eliminating many of the drawbacks of existing Layer 2 technologies.
Combining AToM with QoS and Traffic Engineering allows service providers to build
83
value added services such as virtual leased line, transparent LAN, and interworking
on a single, common infrastructure.
84
7.1: Introduction
Quality of Service (QoS) is a set of technologies for managing network traffic in a
cost effective manner to enhance user experiences for home and enterprise
environments.
We may get the following benefits by using QoS technologies:
To measure bandwidth,
To detect changing network conditions (such as congestion or availability of
bandwidth),
To prioritize or throttle traffic.
For example, QoS technologies can be applied to prioritize traffic for
latency-sensitive applications (such as voice or video).
To control the impact of latency-insensitive traffic (such as bulk data
transfers).
Adding Quality of Services (QoS) guarantees for MPLS VPN services by using
DiffServe which is a significant engineering undertaking, but advanced planning will
help us choose the right QoS model for the project.
QoS attempts to solve network traffic performance issues, although QoS is not a
cure-all. To improve network performance, QoS features affect a network by
manipulating the following traffic characteristics:
Bandwidth
Delay
Jitter
Packet loss
Whereas QoS tools improve these characteristics for some flows, the same tools
might degrade
service for other flows. Therefore, before you can intelligently decide to reduce one
packets delay
by increasing another packets delay, you should understand what each type of
application needs.
[ Ref :7.1 & Ref :7. 5]
85
7.2 :
Problem Define
86
Voice
Video
Data
[ Ref :7.1 ]
Congestion control
End-to-End delay constraint routing
Loop free path restoration with QoS and label constrains in MPLS network
It should be supported / traffic engineering oriented MPLS network
Max coverage at minimum cost for multi-domain in IP/ MPLS network
Service provider based IPSec VPN services
[ Ref : 7.5]
87
Scenario-1
In this scenario, the offices of the customer are connected via an ISP(Link3) that
supports QoS. The branch office of the customer is connected via a low-speed link
(512 kbps), while the main office is connected with a higher-speed link (1024 kbps)
for Internet and (3072 kbps) for Data connectivity . The customer uses both IP
phones and TCP/IP-based applications (HTTP, FTP), e-mail, IPSec VPN, MPLS-VPN, to
conduct daily business. Since bandwidth of only 512 kbps is provided to the branch
office would suffer from end-to-end delays. In this example, the customer performs
an appropriate QoS strategy such as TCP and RTP header compression, LLQ, and
prioritization of the various types of traffic. These mechanisms will give voice traffic
a higher priority than HTTP or e-mail traffic. In addition to these measures, the
customer has chosen an ISP that supports QoS in the backbone. The ISP performs
reprioritization for customer traffic according to the QoS policy for the customer, so
that the traffic streams arrive on time at the main office of the customer. This
design guarantees that voice traffic will have high priority and a guaranteed
bandwidth of 128 kbps; FTP and e-mail traffic will receive medium priority and a
bandwidth of 256 kbps; and HTTP traffic will receive low priority and a bandwidth of
64 kbps. The remaining 64 kbps is needed for signaling and other management
traffic.
HO using Voice, video and data,Internet with CTG Branches and Sylhet branches
are simultaneously using these facility.
88
7.4.2 :
[Ref:
7.6]
89
ABBL HO
ABBL Sylhet
Branch
ABBL
Motijheel
ABBL
Dilkusha
Link3 Cloud
[ MPLS backbone
Internet / Intranet ]
Define SLA
Classification, Marking
Low Latency Queuing
Link Fragmentation and
Interleaving
WRED and Shaping
Capacity Planning
DiffServ Backbone
Low Latency Queuing or MDRR
WRED
90
The term bandwidth refers to the number of bits per second that can reasonably be
expected to be delivered across some medium. In some cases, bandwidth equals
the physical link speed, or the clock rate, of the interface. In other cases, bandwidth
is smaller than the actual speed of the link.
Availability of bandwidth is one of the factors that affect the quality of a network.
The maximum available bandwidth is equal to the bandwidth of the slowest link.
The maximum available bandwidth is equal to the bandwidth of the slowest link:
Compression
CAC
Admission
Control)
Queuing
Delay :
91
All packets in a network experience some delay between when the packet is first
sent and when it
arrives at its destination.
Types of delay :
Serialization delay (fixed)
Propagation delay (fixed)
Queuing delay (variable)
Forwarding/processing delay (variable)
Shaping delay (variable)
Network delay (variable)
Codec delay (fixed)
Compression delay (variable)
Together, the types of delay make up the components of the end-to-end delay
experienced by a packet.
Forwarding
IP
Propagation Delay
IP
IP
Queuing Delay
IP
IP
Bandwidth
Serialization
Propagation Delay
[ Ref : 7.4]
92
Processing delay: The time it takes for a router to take the packet from an input
interface, examine it, and put it into the output queue of the output interface..
The processing delay depends on various factors:
CPU speed
CPU utilization
IP switching mode
Router architecture
Configured features on both the input and output interfaces
Queuing delay: The time a packet resides in the output queue of a router.
Queuing delay also depends on the bandwidth of the interface and the queuing
mechanism.
Serialization delay: The time it takes to place the bits on the wire.
This delay is typically inversely proportional to the link bandwidth.
We use the following formula to calculate serialization delay for a packet:
#bits sent
------------Link speed
Propagation delay: The time it takes for the packet to cross the link from
one end to the other.
This time usually depends on the type of media. (For example, satellite links
produce the longest propagation delay because of the high altitudes of
communications satellites.)
Use the following formula to calculate propagation delay:
93
= 004.8 ms
Data
Compress
the Header
IP UDP RTP
Serialization
Advanced Queuing
Data
Compress
the Header
WFQ
CBWFQ
LLQ
Compressed Packet
Stacker
Predictor
Upgrade the link (the best solution but also the most expensive).
94
Forward the important packets first.
Enable reprioritization of important packets.
Compress the payload of Layer 2 frames (it takes time).
Compress IP packet headers.
Assuming that the router being used is powerful enough to make forwarding
decisions rapidly, most queuing and serialization delays are influenced by these
factors:
Average length of the queue
Average length of packets in the queue
Link bandwidth
There are several approaches for accelerating the packet dispatching of delaysensitive flows:
Increase link capacity: Sufficient bandwidth causes queues to shrink so that
packets do not wait long before transmittal. Increasing bandwidth reduces
serialization time. This approach can be unrealistic because of the costs that are
associated with the upgrade.
Prioritize delay-sensitive packets: This approach can be more cost-effective
than increasing link capacity. WFQ, CBWFQ, and LLQ can each serve certain queues
first (a pre-emptive way of servicing queues).
Reprioritize packets: In some cases, important packets need to be reprioritized
when they are entering or exiting a device. For example, when packets leave a
private network to transit an Internet service provider (ISP) network, the ISP may
require that the packets be reprioritized.
Compress payload: Payload compression reduces the size of packets, virtually
increasing link bandwidth. Compressed packets are smaller and take less time to
transmit. Compression uses complex algorithms that add delay. If you are using
payload compression to reduce delay, make sure that the time needed to compress
the payload does not negate the benefits of having less data to transfer over the
link.
Use header compression: Header compression is not as CPU-intensive as
payload compression and is used with other mechanisms to reduce delay. Header
compression is especially useful for voice packets that have a bad payload-toheader ratio (relative large header in comparison to the payload), which is improved
by reducing the header of the packet (RTP header compression).
By minimizing delay, network administrators can also reduce jitter (delay is more
predictable)
[ Ref : 7.4]
QoS Tools That Affect Delay
Type of QoS Tool
Queuing
95
Link fragmentation
and interleaving
Compression
Traffic shaping
Jitter :
Jitter is defined as a variation in the arrival rate (that is, variation in delay through
the network) of packets that were transmitted in a uniform manner.
QoS Tools That Affect Jitter
Type of QoS Tool
Queuing
Compression
Traffic shaping
96
Packet Loss:
The last QoS traffic characteristic is packet loss, or
just loss. Routers
lose/drop/discard packets for many reasons, most of which QoS tools can do nothing
about. For instance, frames that fail the incoming frame check sequence (FCS) are
discardedperiod. However, QoS tools can be used to minimize the impact of
packets lost due to full queues.
A further issue in networks is packet loss. Usually, packet loss occurs when routers
run out of buffer space for a particular interface (output queue). The figure
illustrates the results of packet loss. Packet loss results in loss of information.
Multimedia streams, such as those used in IP telephony or videoconferencing, may
be extremely sensitive to delivery delays and may create unique QoS demands on
the underlying networks. When packets are delivered using the best-effort delivery
model, they may not arrive in order or in a timely manner, or, because of heavy
congestion, they may not arrive at all. The result would be an unclear picture, with
jerky and slow movement and sound that is out of synchronization with the image.
Forwarding
IP
IP
IP
IP
IP
IP
Trail Drop
97
Frame errors: The hardware detected an error in a frame; for example,
cyclic redundancy checks (CRCs), runt, and giant.
Ways to Prevent Packet Loss:
Packet loss is usually the result of congestion on an interface. Most applications that
use TCP experience slowdown because TCP automatically adjusts to network
congestion. Dropped TCP segments cause TCP sessions to reduce their window
sizes. Some applications do not use TCP and cannot handle drops (fragile flows).
IP
Dropper
Data
Advanced Queuing
WRED
WFQ
CBWFQ
LLQ
98
Congestion
[ Ref :7. 4]
QoS Tools That Affect Loss
Type of QoS
Tool
Brief Description
Queuing
99
RED
[ Ref :7.1 ]
QoS Triangle
[ Ref : 7.5]
100
Priority 3Transactional: Use CBWFQ to prioritize transactional traffic flows.
Transactional data (mission-critical)ERP, transactional, and high-priority internal
applications
Example: Database server for banking online transaction.
Priority 2Best-effort: Use CBWFQ to prioritize best-effort traffic flows that are
below
mission-critical and voice.
Example: Best-effort (the default class)Internet browsing
(www, HTTP, HTTPS), e-mail, and unclassified applications,
Priority 1Scavenger (less-than-best-effort): Maximum bandwidth of 100 kbps.
Use WRED to drop these packets whenever the network has a tendency toward
congestion.
Scavenger (less-than-best-effort)FTP, backups, and noncritical
applications
Minimize the number of applications assigned to the transactional
and bulk data classes (three or fewer are recommended).
Bulk data (guaranteed-bandwidth)Streaming video, messaging,
and intranet
Example: Sharing data in layer 2 mode or p2p connection.
[ Ref : 7.4]
QoS Approaches
Fine-grained approach
flow-based (individual flows)
Coarse-grained approach
aggregated (large number of flows)
Leads to two different QoS Models
[ Ref : 7.5]
7.5.2 :
101
Diffserv
Characteristics
No QoS is applied to packet
Application signal to the network that
they require certain QoS parameters,
must full fill the requirement of RSVP
feature.
The network recognizes classes that
require QoS, must full fill the
requirement of DSCP feature.
Best Effort:
Benefits:
Highly scalable
No special mechanisms required
Drawbacks:
No service guarantees
No service differentiation
Int Serv :
IntServ requires several functions on routers and switches along the path:
Admission control
Classification
Policing
Queuing
Scheduling
Benefits of Int Serv:
Explicit resource admission control (end to end)Per-request policy
admission control (authorization object, policy object)Signaling of dynamic
port numbers (for example, H.323)
Drawbacks of Int Serv:
Continuous signaling because of stateful architectureFlow-based approach
not scalable to large implementations, such as the public Internet (can be made
more scalable when combined with elements of the DiffServ model)
[ Ref :7. 4]
102
It is highly scalable.
It provides many different levels of quality.
7.5.3 :
IP Packet Header
103
Priority
Routine
Priority
Immediate
Flash
Flash Override
Critical
Internetwork Control
Network Control
the implementation of QoS
Flash Overrides (for video
104
The DSCP value is the IP Precedence implemented along with a Delay, Throughput,
and Reliability variable. DSCP is 6 bits in length and functions as the higher order 6
bits of the ToS byte. Therefore, the higher order 3 bits of the ToS byte as well as
DSCP map to IP Precedence. In the implementation of DSCP, the delay and
throughput variables collectively are called the drop probability.
The drop probability bits can be set to three values, as shown in below Table: low
drop (01), medium drop (10), or high drop (11).
Value
0
10
11
Marking is the QoS feature component that colors a packet (frame) so it can be
identified and distinguished from other packets (frames) in QoS treatment.
Commonly used markers:[ Ref : 2 ]
[ Ref : 7.2]
Comparison of Classification and Marking Tools
Tool
Class-Based
marking (CB
marking)
None
Network based
application
recognition
(NBAR)
Statistical information
about traffic mix;
recognition of
applications that use
the dynamic port
Extensive list
None; used in
conjunction with CB
marking
[ Ref :7.1 ]
7.5.4 : Queuing/Scheduling
105
Priority
Queuing
(PQ)
Maximu
m
Number
of
Queues
4
Classification
Capabilities
IP ACL
Input interface
Fragments
Custom
Queuing
(CQ)
16
Weighted
Fair
Queuing
(WFQ)
ClassBased
Weighted
Fair
Queuing
(CBWFQ)
Low
Latency
Queuing
4096
64
N/A
Modified
Deficit
RoundRobin
(MDRR)
IP ACL
Input interface
Fragments
Automatic, based
on
flows.
(Flow
ident
ified
by
source/destination
address and port
numbers,
plus
protocol type.)
IP ACL
NBAR
End
Same
as
CB
marking
Same as CBWFQ
LLQ is a variant of CBWFQ, which
makes
some
queues
priority
queues, always getting served next if
a packet is waiting in that queue. It
also polices traffic.
IP precedence
Similar to CQ, but each queue gets an
exact
percentage
of
bandwidth.Supports LLQ mechanism
as well.
[ Ref :7.1 ]
106
compression,
and
header
LLQ and RTP header compression are used to provide the optimal quality for voice
traffic. CBWFQ and TCP header compression are effective for managing interactive
data traffic.
To avoid congestions, queuing mechanisms are activate dat the hardware buffer of
the outgoing interface
When congestion-management features are being used, packets accumulating at an
interface are placed in software queues according to their assigned priority and the
queuing mechanism configured for the interface. They are then scheduled for
transmission when the hardware buffer of the interface is free to send them. The
router determines the order of packet transmission by controlling which packets are
placed in each queue and how the queues are serviced with respect to each other.
Key queuing algorithms include the following:
FIFO: First in, first out; the simplest algorithm
Priority queuing (PQ): Allows traffic to be prioritized
Round robin: Allows several queues to share bandwidth
Weighted round robin (WRR): Allows sharing of bandwidth with
prioritization
Key queuing algorithms include the following:
FIFO: First in, first out; the simplest algorithm
107
Priority queuing (PQ): Allows traffic to be prioritized
Round robin: Allows several queues to share bandwidth
[ Ref : 7.4]
7.6 :
Traffic policing can be used to control the maximum rate of traffic sent or
received on an interface. Traffic policing is often configured on interfaces at the
edge of a network to limit traffic into or out of the network.
Traffic shaping can be used to control the traffic going out an interface to
match its flow to the speed of the remote target interface and to ensure that the
traffic conforms to policies contracted for it.
Traffic policing and traffic shaping differ in the way that they respond to traffic
violations.
Policing typically drops excess traffic, while shaping typically queues excess traffic.
Policy (It usually drops the extra packet)
Sends conforming traffic and allows bursts
Drops non-conforming traffic (due to lack of tokens)
Provision for Packet re-marking
Shaping ( Since It re-arrange the packet, so no packet will drop whether
the data bigger than the queue size)
Smoothes traffic but increases overall latency
Buffers packets when tokens are exhausted
[ Ref :7. 4]
Comparison of Shaping and Policing Tools:
Policer
or
Shape
r
Tool
Class-Based
policing
policing;
sometimes
called policer)
Class-Based shaping
(CB
just
Policer
Shaper
Interfaces Supported
Per
Subinterface,
and Per VC,
Support
Per
subinterface
Per
subinterface
Frame Relay
Per DLCI
108
[ Ref :7.1 ]
Uniform Mode:
DiffServ tunneling Uniform mode has only one layer of QoS, which reaches
end to end. The ingress PE router (PE1 copies the DSCP from the incoming IP
packet into the MPLS EXP bits of the imposed labels. As the EXP bits travel through
the core, they may or may not be modified by intermediate P routers. In this
example, the P router modifies the EXP bits of the top label. At the egress P router,
you can copy the EXP bits to the EXP bits of the newly exposed label after the PHP.
Finally, at the egress PE router, we can copy the EXP bits to the DSCP bits of the
newly exposed IP packet.
Pipe Mode :
DiffServ tunneling Pipe mode uses two layers of QoS:
An underlying QoS for the data, which remains unchanged when traversing
the core.
A per-core QoS, which is separate from that of the underlying IP packets.
This per-core QoS PHB remains transparent to end users.
When a packet reaches the edge of the MPLS core, the egress PE router classifies
the newly exposed IP packets for outbound queuing based on the MPLS PHB from
the EXP bits of the recently removed label.
Short-Pipe Mode:
DiffServ tunneling Short-Pipe mode uses the same rules and techniques
across the core. The difference is that, at the egress PE router, we classify the newly
exposed IP packets for outbound queuing based on the IP PHB from the DSCP value
of this IP packet.
[ Ref : 7.2 ]
109
7.7 Others:
7.7.1 Sample Configuration and Implementation of MPLS QoS
in Uniform Mode and Short Pipe Mode Operation
The topology that depicts the configuration and implementation of Uniform
and Short Pipe modes is shown in below figure. The network consists of two CE
routers, ABBL-HO-CE and ABBL-Dhan.Br.-CE, belonging to Customer ABBL's VPN .
The SP network consists of two PE routers, JB BTS PE1-AS1 and Concord BTS PE2AS1, connected to ABBL-HO-CE and ABBL-Dhan.Br.-CE, respectively. OSPF PE to CE
has been implemented on these routers, and it is assumed that the VPN has been
configured prior to implementing the QoS parameters.
110
Step 1 :
ABBL-HO-CE Configuration:
ABBL-HO-CE (config)#class-map precedence5
ABBL-HO-CE (config-cmap)#match ip precedence 5
ABBL-HO-CE (config)#class-map precedence3
ABBL-HO-CE (config-cmap)#match ip precedence 3
ABBL-HO-CE (config)#class-map precedence1
ABBL-HO-CE (config-cmap)#match ip precedence 1
111
ABBL-HO-CE (config)#policy-map CEQoS
ABBL-HO-CE (config-pmap)#class precedence5
ABBL-HO-CE (config-pmap-c)#priority
ABBL-HO-CE (config-pmap-c)#class precedence3
ABBL-HO-CE (config-pmap-c)#bandwidth percent 30
ABBL-HO-CE (config-pmap-c)#random-detect
ABBL-HO-CE (config-pmap-c)#class precedence1
ABBL-HO-CE (config-pmap-c)#bandwidth percent 20
ABBL-HO-CE (config)#interface pos 1/1/0
ABBL-HO-CE (config-if)#service-policy output CEQoS
Step 2 :
JB BTS PE1-AS1 IP2MPLS Condition Configuration:
JB BTS PE1-AS1 ingress configuration:
JB BTS PE1-AS1(config)#class-map match-all precedence1
JB BTS PE1-AS1(config-cmap)# match ip precedence 1
JB BTS PE1-AS1(config-cmap)#class-map match-all precedence3
JB BTS PE1-AS1(config-cmap)# match ip precedence 3
JB BTS PE1-AS1(config-cmap)#class-map match-all precedence5
JB BTS PE1-AS1(config-cmap)# match ip precedence 5
JB BTS PE1-AS1(config)#Policy-map ip2mplsin
JB BTS PE1-AS1(config-pmap)#description Marking ingress traffic into QoS-group
JB BTS PE1-AS1(config-pmap)#class precedence5
JB BTS PE1-AS1(config-pmap-c)#set qos-group 5
JB BTS PE1-AS1(config-pmap-c)#class precedence3
JB BTS PE1-AS1(config-pmap-c)#set qos-group 3
112
JB BTS PE1-AS1(config-pmap-c)#class precedence1
JB BTS PE1-AS1(config-pmap-c)#set qos-group 1
JB BTS PE1-AS1(config)#interface pos 0/1
JB BTS PE1-AS1(config-if)#service-policy in ip2mplsin
JB BTS PE1-AS1 Egress configuration:
JB BTS PE1-AS1(config)#class-map qosgroup5
JB BTS PE1-AS1(config-cmap)#match qos-group 5
JB BTS PE1-AS1(config-cmap)#class-map qosgroup3
JB BTS PE1-AS1(config-cmap)#match qos-group 3
JB BTS PE1-AS1(config-cmap)#class-map qosgroup1
JB BTS PE1-AS1(config-cmap)#match qos-group 1
JB BTS PE1-AS1(config)#Policy-map ip2mplsout
JB BTS PE1-AS1(config-pmap)#class qosgroup5
113
JB BTS PE1-AS1(config-if)#service-policy out ip2mplsout
[ Ref : 7.2]
Step 3 :
Bulu BTS P1-AS1 MPLS2MPLS Condition Configuration :
Bulu BTS P1-AS1 ingress configuration:
Bulu BTS P1-AS1(config)#class-map mplsexp3
Bulu BTS P1-AS1(config-cmap)#match mpls experimental 3
Bulu BTS P1-AS1(config-cmap)#policy-map mpls2mplsin
Bulu BTS P1-AS1(config-pmap)#class mplsexp3
Bulu BTS P1-AS1(config-pmap-c)#set qos-group 3
Bulu BTS P1-AS1(config-pmap-c)#interface pos 0/0
Bulu BTS P1-AS1(config-if)#service-policy input mpls2mplsin
Bulu BTS P1-AS1 Egress configuration:
Bulu BTS P1-AS1(config)#class-map qosgroup3
Bulu BTS P1-AS1(config-cmap)#match qos-group 3
Bulu BTS P1-AS1(config-cmap)#policy-map mpls2mplsout
Bulu BTS P1-AS1(config-pmap)#class qosgroup3
Bulu BTS P1-AS1(config-pmap-c)#set mpls experimental topmost 1
Bulu BTS P1-AS1(config)#interface pos 0/1
Bulu BTS P1-AS1(config-if)#service-policy output mpls2mplsout
Step 4 :
Concord BTS PE2-AS1 MPLS2IP Condition Configuration :
Concord BTS PE2-AS1 ingress configuration
Concord BTS PE2-AS1(config)#class-map match-all mplsexp5
114
Concord BTS PE2-AS1(config-cmap)#match mpls experimental 5
Concord BTS PE2-AS1(config-cmap)#class-map mplsexp1
Concord BTS PE2-AS1(config-cmap)#match mpls experimental 1
Concord BTS PE2-AS1(config-cmap)#policy-map mpls2ipin
Concord BTS PE2-AS1(config-pmap)#class mplsexp5
Concord BTS PE2-AS1(config-pmap-c)#set qos-group 5
Concord BTS PE2-AS1(config-pmap-c)#class mplsexp1
Concord BTS PE2-AS1(config-pmap-c)#set qos-group 1
Concord BTS PE2-AS1(config-pmap-c)#interface pos 0/0
Concord BTS PE2-AS1(config-if)#service-policy input mpls2ipin
Concord BTS PE2-AS1 Egress configuration:
Concord BTS PE2-AS1(config)#class-map qosgroup5
Concord BTS PE2-AS1(config-cmap)#match qos-group 5
Concord BTS PE2-AS1(config-cmap)#class-map qosgroup1
Concord BTS PE2-AS1(config-cmap)#match qos-group 1
Concord BTS PE2-AS1(config-cmap)#policy-map mpls2ipout
Concord BTS PE2-AS1(config-pmap)#class qosgroup5
Concord BTS PE2-AS1(config-pmap-c)#set ip precedence 5
Concord BTS PE2-AS1(config-pmap-c)#class qosgroup1
Concord BTS PE2-AS1(config-pmap-c)#set ip precedence 1
Concord BTS PE2-AS1(config)#interface pos 0/1
Concord BTS PE2-AS1(config-if)#service-policy output mpls2ipout
Step 5 :
Verification of Uniform Mode Operation :
ABBL-HO-CE#show policy-map interface pos 1/1/0 out | include packets
queue limit 11632 (packets)
115
100000 packets, 5000000 bytes--------------class precedence5
100000 packets, 5000000 bytes--------------class precedence3
queue limit 2326 (packets)
Mean queue depth: 0 packets
100000 packets, 5000000 bytes--------------class precedence1
queue limit 697 (packets)
28 packets, 2352 bytes-------------------class class-default
28 packets, 2352 bytes
queue limit 2791 (packets)
JB BTS PE1-AS1#show policy-map interface pos 0/1 in | include packets
100000 packets, 4600000 bytes--------------class precedence5
100000 packets, 4600000 bytes--------------class precedence3
100000 packets, 4600000 bytes--------------class precedence1
JB BTS PE1-AS1#show policy-map interface pos 0/0 out | include packets
100000 packets, 5400000 bytes--------------class qosgroup5
Queue-limit: 8192 packets (default)
Current queue-depth: 0 packets, Maximum queue-depth: 0 packets
conformed 100000 packets, 5400000 bytes; actions:
exceeded 0 packets, 0 bytes; actions:
100000 packets, 5400000 bytes--------------class qosgroup3
Queue-limit: 1024 packets (default)
Current queue-depth: 0 packets, Maximum queue-depth: 0 packets
100000 packets, 5400000 bytes--------------class qosgroup1
Queue-limit: 1024 packets (default)
Current queue-depth: 0 packets, Maximum queue-depth: 0 packets
0 packets, 0 bytes
116
Queue-limit: 16384 packets (default)
117
policy-map verify
class precedence5
police 10000000 1000000 1000000 conform-action transmit exceed-action drop
class precedence1
police 10000000 1000000 1000000 conform-action transmit exceed-action drop
interface POS1/0/0
ip address 172.16.2.1 255.255.255.0
service-policy input verify
118
class precedence5
priority
class precedence3
bandwidth percent 30
random-detect
class precedence1
bandwidth percent 20
class-map match-all precedence1
match ip precedence 1
class-map match-all precedence5
match ip precedence 5
policy-map verify
class precedence5
police 10000000 1000000 1000000 conform-action transmit exceed-action drop
class precedence1
police 10000000 1000000 1000000 conform-action transmit exceed-action drop
interface pos 1/1/0
service-policy output CEQoS
service-policy input verify
JB BTS PE1-AS1 and Concord BTS PE2-AS1 Final Configurations for Uniform
Mode Implementation :
JB BTS PE1-AS1configuration
class-map match-all qosgroup50
match qos-group 50
class-map match-all qosgroup10
match qos-group 10
class-map match-all qosgroup3
119
match qos-group 3
class-map match-all qosgroup1
match qos-group 1
class-map match-all qosgroup5
match qos-group 5
class-map match-all precedence1
match ip precedence 1
class-map match-all precedence3
match ip precedence 3
class-map match-all precedence5
match ip precedence 5
class-map match-all mplsexp5
match mpls experimental 5
class-map match-all mplsexp1
match mpls experimental 1
policy-map ip2mplsin
class precedence5
set qos-group 5
class precedence3
set qos-group 3
class precedence1
set qos-group 1
policy-map mpls2ipin
class mplsexp5
set qos-group 50
120
class mplsexp1
set qos-group 10
policy-map mpls2ipout
class qosgroup50
set precedence 5
class qosgroup10
set precedence 1
policy-map ip2mplsout
class qosgroup5
set mpls experimental topmost 5
priority
class qosgroup3
set mpls experimental topmost 3
bandwidth 10000
random-detect
lass qosgroup1
set mpls experimental topmost 1
bandwidth 10000
random-detect
interface POS0/0
description connection to P1
service-policy input mpls2ipin
service-policy output ip2mplsout
interface POS0/1
ip vrf forwarding VPNA
121
service-policy input ip2mplsin
service-policy output mpls2ipout
122
set qos-group 50
class precedence3
set qos-group 30
class precedence1
set qos-group 10
policy-map mpls2ipin
class mplsexp5
set qos-group 5
class mplsexp1
set qos-group 1
policy-map mpls2ipout
class qosgroup5
set precedence 5
class qosgroup1
set precedence 1
policy-map ip2mplsout
class qosgroup50
set mpls experimental topmost 5
priority
class qosgroup30
set mpls experimental topmost 3
bandwidth 10000
random-detect
class qosgroup10
set mpls experimental topmost 1
bandwidth 10000
123
random-detect
interface POS0/0
description connection to P1
service-policy input mpls2ipin
service-policy output ip2mplsout
interface POS0/1
ip vrf forwarding VPNA
service-policy input ip2mplsin
service-policy output mpls2ipout
Bulu BTS P1-AS1 Final Configuration for Uniform Mode Implementation :
class-map match-all qosgroup2
match qos-group 2
class-map match-all qosgroup3
match qos-group 3
class-map match-all qosgroup1
match qos-group 1
class-map match-any mplsexp3
match mpls experimental 3
policy-map mpls2mplsin
class mplsexp3
set qos-group 3
policy-map mpls2mplsout
class qosgroup3
124
set mpls experimental topmost 1
interface POS0/0
description connection to PE1-AS1
ip address 10.10.10.2 255.255.255.252
service-policy input mpls2mplsin
service-policy output mpls2mplsout
interface POS0/1
description connection to Concord BTS PE2-AS1
service-policy input mpls2mplsin
service-policy output mpls2mplsout
priority
class precedence3
bandwidth percent 30
random-detect
125
class precedence1
bandwidth percent 20
lass-map match-all precedence1
match ip precedence 1
class-map match-all precedence5
match ip precedence 5
policy-map verify
class precedence5
police 10000000 1000000 1000000 conform-action transmit exceed-action drop
class precedence1
police 10000000 1000000 1000000 conform-action transmit exceed-action drop
interface pos 1/1/0
service-policy output CEQoS
service-policy input verify
126
class-map match-all precedence1
match ip precedence 1
class-map match-all precedence3
match ip precedence 3
class-map match-all precedence5
match ip precedence 5
policy-map ip2mplsin
class precedence5
set qos-group 5
class precedence3
set qos-group 3
class precedence1
set qos-group 1
policy-map ip2mplsout
class qosgroup5
set mpls experimental topmost 5
priority
class qosgroup3
set mpls experimental topmost 3
bandwidth 10000
random-detect
class qosgroup1
set mpls experimental topmost 1
bandwidth 10000
127
random-detect
interface POS0/0
description connection to P1
service-policy output ip2mplsout
interface POS0/1
ip vrf forwarding VPNA
service-policy input ip2mplsin
128
set qos-group 30
class precedence1
set qos-group 10
policy-map ip2mplsout
class qosgroup50
set mpls experimental topmost 5
priority
class qosgroup30
set mpls experimental topmost 3
bandwidth 10000
random-detect
class qosgroup10
set mpls experimental topmost 1
bandwidth 10000
random-detect
interface POS0/0
description connection to P1
service-policy output ip2mplsout
interface POS0/1
ip vrf forwarding VPNA
service-policy input ip2mplsin
[ Ref :7. 2]
129
7.8 : Conclusion
In this paper we propose an efficient QoS scheme for MPLs VPN services to meet
user peak demand. In this scheme, customers are guaranteed a minimal service
however they can exceed their contracted bandwidth and then they are charged for
their out of profile traffics.
Improving QoS guarantees will help service providers differentiate themselves from
their competitors. A few simple planning steps listed below will ensure that service
providers are on the right track.
Figure out what customers actually need. Copying competitor's models will
not provide any advantage.
Design QoS offering based on the expected traffic flows of services.
130
8.1
Introduction
8.2
Cost effectiveness
MPLS technology offers businesses the performance of traditional VPNs but is far more cost
effective. As the intelligence resides in the MPLS network core, there is no need for any
expensive VPN appliances to be located on the customer premises. Because MPLS allows
service providers to create new virtual private networks without having to install new hardware,
it significantly reduces the cost of implementation, which in turn reduces the overall cost of
VPNs.
Despite the obvious advantages of rolling out an MPLS solution, many mid-sized businesses
would naturally have cost concerns about the implementation. New IT projects often promote the
131
perception that hidden infrastructure and indirect management costs will arise. A natural
resolution to this would be to consider a hosted MPLS solution.
Deploying MPLS via a managed, hosted model has two immediate advantages for IT managers.
Firstly, a reduction in costs - businesses can benefit from the latest technologies without the high
cost of ownership and resource associated with maintaining and supporting systems in-house.
Secondly, increased security - by connecting to the Internet via a state-of-the-art data centres,
businesses will automatically have a secure and resilient connection through a single firewall, as
well as dedicated resources in place to detect and eliminate security vulnerabilities.
A managed solution also allows a company to enjoy the related benefits of dealing with one
vendor. Focusing on a single IT vendor allows a company to consolidate its IT spend and
develop a higher service relationship with this one vendor. The total cost of ownership of the
MPLS solution can therefore be managed and driven down. [Ref. 8.7]
132
8.3
Case Study:
Here I am describing some customer benefits of how MPLS VPN reduces the customer
hardware cost.
8.3.1 Case-1
We assume that ABC Transportation Ltd has 5 ticket counters and a head office. Each
counter has one PC and one PC at Head Office. All the counters need to connect to Head Office
for their private data connectivity. They will use a database in the Head Office. To accomplish
this goal they want a secured solution with minimum cost.
I am providing details information for ABC Transportation Ltd. how the company will be
benefited from MPLS VPN network and reduce the cost.
133
Device
Total
Shaymoly-HO
Zywall-5
20000/-
12000/-
32000/-
Kolabagan
Zywall-2
11000/-
12000/-
23000/-
Kallayanpur
Zywall-2
11000/-
12000/-
23000/-
Gabtoly
Zywall-2
11000/-
12000/-
23000/-
Mohakhali
Zywall-2
11000/-
12000/-
23000/-
Sayedabad
Zywall-2
11000/-
12000/-
23000/-
Total
------------
75000/-
72000/-
147000/-
Technical Support personnels salary minimum 10000/Considering the above scenario, if customer prefers to deploy VPN supported routers rather than
VPN Boxes, there will be a sharp rise in the deployment cost. As a routers cost is significantly
higher than regular VPN Box.
134
135
The following table represents MPLS VPN costing (approx) for ABC Transportation Ltd.
Location
Device
Price/device
Link cost
Total
Shaymoly-HO
N/A
N/A
12000/-
12000/-
Kolabagan
N/A
N/A
12000/-
12000/-
Kallayanpur
N/A
N/A
12000/-
12000/-
Gabtoly
N/A
N/A
12000/-
12000/-
Mohakhali
N/A
N/A
12000/-
12000/-
Sayedabad
N/A
N/A
12000/-
12000/-
Total
------------
---------------
72000/-
72000/-
Traditional IP/VPN
(Amount in Taka )
MPLS VPN
(Amount in Taka)
Hardware Resource
75000
Link Cost
72000
72000
Human Resource
10000
From the above information ABC Transportation Ltd will be benefited from MPLS VPN
network by reducing additional hardware cost.
136
Note that in the above solution with MPLS connectivity, a customer who is willing to
impose more security in their data communication, cost benefit would not be what has been
mentioned.
In such cases the solution would not be beneficiary from customers financial perspective
as they have to invest for the VPN supported equipments (e.g. Routers) and maintenance
engineers in their end.
Link3 Technologies Ltd came up with three proposals. They were as follows.
8.3.4.3
137
Items
Installation Cost
BDT 20,000.00
Free to Use
BDT 20,000.00
Bandwidth
Amount
BDT 35,000.00
138
Items
01
Installation Cost
BDT 20,000.00
02
Zywall-2 (1 Pair)
BDT 40,000.00
Free to Use
BDT 60,000.00
Intranet Bandwidth
Amount
512kbps(2 site)
BDT 24,000.00
In this solution, LabAid was offered with a Layer-2 MPLS VPN connectivity in
between their two branches over the MPLS backbone of Link3 Technologies
Ltd. In this case the link would directly terminate in the Office LAN switch in
each location.
This solution was fulfilling all of LabAids requirements inclusive of same IP
subnet in the LANs offering a better costing than the previous two solutions.
139
Cost proposal for this solution is as follows.
Items
Installation Cost
BDT 20,000.00
Free to Use
BDT 20,000.00
Bandwidth
Amount
512kbps(2 site)
BDT 32,000.00
Response of LabAid:
Considering all the proposals LadAid decided to finalize the contract with Link3
Technologies Ltd. Using MPLS Layer-2 VPN solution.
Their present customer feedback was quite positive in terms of service and solution.
Under these circumstances, we could realize that MPLS Layer-2 VPN solution
provided to LabAid was undoubtedly a good one from both technical and financial
aspects.
The client chooses MPLS offer over first 2 offers (point-to-point & Regular VPN
The regular VPN offer included complex network management and required
expensive client end equipments.
For future planning both of these solutions required either financial or high
end client equipments.
140
Where MPLS layer 2 technology didnt required any high end equipments in client
end, no complex network solution involvance for client and left a good possibility of
farther expansion of network in low cost.
8.3.3
Case-2
We assume that PQS Textile Ltd has 2 office one in Dhaka and another in Chittagong.
Their requirements are as follows:
I am providing details information for PQS Textile Ltd. how the company will be
benefited from MPLS VPN network and reduce the cost.
141
This Leased Line solution can get bandwidth up to 2048 Kbps. If necessary to increase
bandwidth it will be need another Leased Line along with extra equipment set.
142
The following table represents Leased Line Solution costing (approx) for PQS Textile
Ltd.
Location
Device
Dhaka Office
E1 to Ethernet Converter
50000/-
Total
150000/Chittagong Office
E1 to Ethernet Converter
50000/-
Total
------------
100000/-
150000/-
250000/-
143
The following table represents MPLS Point-to-Point costing (approx) for PQS Textile Ltd.
Location
Dhaka
Device
Price/device
E1 to Ethernet Converter
N/A
Point-to-Point
Link Cost
Per 2 Mb
Total
150000/Chittagong
E1 to Ethernet Converter
N/A
Total
------------
N/A
150000/-
150000/-
MPLS
(Amount in Taka)
Hardware Resource
100000
Link Cost
150000
150000
Human Resource
15000
From the above information PQS Textile Ltd will be benefited from MPLS network and
reduces the hardware cost.
144
8.3.4 Case-3
We assume that XYZ Company Ltd has 5 Branch offices and a head office. All branches
including Head office need to communicate with every other branch. To accomplish this goal
they want a secured solution with minimum cost.
I am providing details information for XYZ Company Ltd how the company will be
benefited from MPLS VPN network and reduce the cost.
145
For this type of data connectivity if we use traditional IP/VPN network the installation and
maintenance cost will be higher. For example, they required a high end VPN device for each site
which is very expensive for this company. The costing information is stated in the following
table.
Table: Traditional IP/VPN costing summary of XYZ Company Ltd.
Location
Device
Price/device
Link
Total
cost
Motijheel Head Office
Netscreen103
46000/-
12000/-
58000/-
Savar Office
Netscreen003
29000/-
12000/-
41000/-
Gazipur Office
Netscreen003
29000/-
12000/-
41000/-
Dhanmondi Office
Netscreen003
29000/-
12000/-
41000/-
Banani Office
Netscreen003
29000/-
12000/-
41000/-
Gulshan Office
Netscreen003
29000/-
12000/-
41000/-
Total
------------
191000/-
72000/-
263000/-
146
8.3.4.2
Diagram for XYZ Company Ltd private data connectivity using MPLS VPN network
147
Device Name
Price/device
Link cost
Total
Routable Device
7000/-
12000/-
19000/-
Savar Office
Routable Device
7000/-
12000/-
19000/-
Gazipur Office
Routable Device
7000/-
12000/-
19000/-
Dhanmondi Office
Routable Device
7000/-
12000/-
19000/-
Banani Office
Routable Device
7000/-
12000/-
19000/-
Gulshan Office
Routable Device
7000/-
12000/-
19000/-
Total Cost
------------
42000/-
72000/-
114000/-
Traditional IP/VPN
(Amount in Taka )
MPLS VPN
(Amount in Taka)
Hardware Resource
191000
42000
Link Cost
72000
72000
From the above information XYZ Company Ltd will be benefited from MPLS VPN network and
reduces the hardware cost.
148
8.3.5
Practical Case-2:
Considering another example of our value added customer AB Bank Ltd. who had been in our
network using Traditional IPSec VPN. Now they have shifted their technologies to MPLS using
Link3 network. The reasons behind these shifting were;
1)
While they were expending their network technologies in IPSec VPN they come to
notice that they were requiring much higher end routing equipments. The solution was
becoming much more expensive in days progression. So they come to use MPLS where
they didnt needed to upgrade their technical equipments to expands their network as
routing processes were being processed at Link3 MPLS network equipments. So the
customer found it financially viable where they didnt needed to purchase new or higher
end equipments to be a part of more secured and new technology.
2) Customers observation as well notice increment of data transaction, data processing and
network latency. High value of data transaction required higher processing of data and
causing higher latency in network with IPSec VPN. Other then getting high end
equipments with the existing IPSec VPN network Link3 lead them to MPLS where they
didnt need to change any existing equipments to increase their network performances.
Link3 Technologies Ltds MPLS network is handling their higher data transaction and
processing them with a lower latency. So on clients behalf it was a huge relief as there
were no purchase of new equipments to get into a better performing network.
3) Due to redundancy network client has his own opportunity to choose network IPs.
So this case study leads us to one conclusion that MPLS technology is taking off a burden of
customer when they require higher expansion of network with more security and getting acting
authority by no means of new financial investment or replacement on equipments.
149
Ref :1 MPLS 2.2 ,Implementing Cisco MPLS ,Student Guide
[CISCO PRESS]
Ref :2 MPLS Study Guide
bY : James Reagan
Ref :3 tRAFFIC eNGINEERING WITH mpls
By : Eric Osborne , Ajay Sinha
Ref :5 Training Meterials of South Asia network operation group 2007
By : Rezwan Jamal
Ref :6 www.link3.net
4.1
4.2
4.3
4.4
www.link3.net
4.5
www.cisco.com
5.1
5.2
5.3
5.4
5.5
5.6
5.7
www.cisco.com
5.8
www.alcatel-lucent.com
5.9
www.juniper.net
5.10
www.huawei.com
150
6.1
6.2
6.3
6.4
6.5
6.6
6.7
6.8
6.9
www.alcatel-lucent.com
6.10
www.juniper.net
7.1
7.2
7.3
7.4
7.5
www.cisco.com
7.6
www.link3.net
[Ref :5]
[Ref :6]
8.1
http://www.securitytechnet.com/
8.2
http://www.juniper.net
8.3
www.mitel.com/netsolutions
8.4
8.5
http://www.bsnl.in
8.6
http://www.sancharnet.in
8.7
http://www.link3.net