Professional Documents
Culture Documents
Ina Minei
ina@juniper.net
Disclaimer
The
Topics
VPN basic concepts
2. Hierarchical and recursive
applications
1.
VPNs
Virtual
VPNs
VPN green
Site 2
VPN green
Site 1
Provider network
Site 3
VPN green
Site 4
VPN green
BGP-MPLS VPNs
Goal:
Peer
Terminology
Site 2
CE2
CE3
PE2
Site 1
Site 3
CE1
PE1
PE3
Adding/deleting
Goals
Achieve
intersite connectivity
Privacy
Independent
addressing private
addresses in each VPN.
of forwarding
Distribution
New
of routing information
address type
Forwarding
with MPLS
Operation separation of
forwarding
Operation Constrained
distribution of routing information
1.
2.
3.
4.
The idea:
CE advertises routes to the local PE via
some routing protocol.
The local PE marks these routes with a
particular extended community (route
target) and advertises them in BGP.
The routes are distributed to all remote PE
by BGP.
Remote PE receives BGP routes, filters
them based on the community and
advertises them to the CE.
Site 2
10.2/16
CE2
Customer green
CE1
Site 1
10.1/16
CE4
Site 2
10.1/16
Customer gray
CE3
Site 1
10.2/16
Customer gray
10.1/16 route-target green
10.2/16 route-target green
10.1/16 route-target gray
10.2/16 route-target gray
Site 2
10.2/16
CE2
Customer green
CE1
Site 1
10.1/16
CE4
Site 2
10.1/16
Customer gray
CE3
Site 1
10.2/16
Customer gray
RD1:10.1/16 route-target green
RD2:10.1/16 route-target gray
RD1:10.2/16 route-target green
RD2:10.2/16 route-target gray
How
The
Why MPLS?
VPN-IP
Need
CE4
Site 1
10.1/16
VPN green
CE2
VPN gray
Site 2
10.2/16
10.2.1.1
CE3
10.2.1.1
Site 2
10.2/16
PE1
Label
10.2.1.1
10.1/16 interface to CE1
10.2/16 from PE2
PE2
VPN gray
CE4
Site 1
10.1/16
VPN gray
10.2.1.1
CE2
Site 2
10.2/16
CE3
PE1
10.1/16 interface to CE1
10.2/16 from PE2
VPN green
Label
10.2.1.1
PE2
Site 2
10.2/16
VPN gray
???
VPN labels
The
idea: Use a label to identify the nexthop at the remote PE. Also called VPN
label.
The label is distributed by BGP, along with
the VPN-IP address.
Traffic will carry two labels, the VPN label
and the LSP label.
The remote PE makes the forwarding
decision based on the VPN label.
CE4
Site 1
10.1/16
VPN green
Site 1
10.1/16
CE2
VPN gray
Site 2
10.2/16
10.2.1.1
10.2.1.1
PE1
Label
VPN Label
10.2.1.1
CE3
P
PE2
VPN Label
10.2.1.1
Site 2
10.2/16
VPN gray
CE4
Site 1
10.1/16
VPN gray
CE2
10.2.1.1
P
Site 2
10.2/16
CE3
Site 2
10.2/16
PE2
10.2.1.1 VPN gray
PE1
Label
VPN Label
10.2.1.1
VPN green
VPN Label
10.2.1.1
Routing info
Traffic
CE1
Site 1
10.1/16
CE2
PE3
P
CE3
PE1
(PE2,200) (PE2,100)
Traffic
Site 2
10.2/16
(PE2,3)
Site 2
10.2/16
PE2
LSP to PE2
Routing info
CE1
PE3
if1
Site 1
10.1/16
CE2
10.2/16 nh PE1
PE1
Accept route-target green
Traffic
10.2/16 nh CE2
CE3
if2
Site 2
10.2/16
if3
LSP to PE2
Site 2
10.2/16
PE2
Routing info
PE1
CE1
if1
Site 1
10.1/16
CE2
Site 2
10.2/16
PE3
if4
10.2/16 nh CE2
CE3
if2
if3
LSP to PE2
Site 2
10.2/16
PE2
CE2
CE1
Site 1
10.1/16
if1
if4
10.2.1.1
if2
10.2.1.1
if3
PE1
200
Site 2
10.2/16
(PE2,200) (PE2,100)
1001
100
10.2.1.1
1001
(PE2,3)
PE2
1001
10.2.1.1
10.2.1.1
VRF green
10.2/16
Out: push (1001, 200)
MPLS table
MPLS
BGP
advertises a label along with the VPNIP address. This determines the next-hop
to use when receiving traffic.
Concepts
1.
2.
3.
Scaling properties
Scaling properties
PE
Scaling properties
Can
Route
Intersite connectivity
models
Any-to-any
Hub
Any
and spoke
The
CE3
Site 1
10.1.1/24
HUB
CE1
PE3
P
10.1/16
Accept route-target spoke
10.1.2/24
CE2
PE1
10.1.1/24
Site 2
10.1.2/24
PE2
Introduction
VPN
Introduction - terminology
External
Internal
Use
The
Two scenarios:
No MPLS within the sites within a site, forward based
on IP.
With MPLS within the sites can use MPLS to forward
within a site.
problem:
Requires
EBGP
EBGP
Peer
network 1
20.1/16
R1 ASBR1
ASBR2
R2
CE1
CE2
if2
if4
PE2
if3
if1
PE1
Need
Advertise
Goal
EBGP
ASBR2
Peer
network 1
EBGP
Site 1
Routing info
Traffic
EBGP
20.1/16
ASBR1 nh CE2
ASBR2
ISP green site 2
R2
R1 ASBR1
ISP green site 1
CE2
(PE1,400) (PE1,300)
if2
if4
PE2
VRF green
EBGP
IBGP
Peer
network 1
CE1
(PE1,3) if1
if3
PE1
20.1/16
20.1.1.1
R1 ASBR1
ASBR2
Site 1
R2
Site 2
CE1
CE2
if2
20.1.1.1
20.1/16 nh ASBR1
ASBR1 nh PE2
VRF green
20.1.1.1
if4
if3
PE2
if1
PE1
???
ASBR2
CE2
IP
20.1.1.1
CE1
ASBR1
IP
20.1.1.1
MPLS
20.1.1.1
MPLS
20.1.1.1
IP
20.1.1.1
R1 ASBR1
ASBR2
IP
R2
CE1
CE2
if2
if4
if3
PE2
if1
PE1
MPLS
20.1.1.1
MPLS
IP
20.1/16
R1 ASBR1
ASBR2
Site 1
R2
Site 2
LDP
D = PE1,label = 400
CE2
CE1
if1
PE1
CE-PE protocol
D=ASBR1, nh = CE1
ASBR2
Site 1
R2
Site 2
CE1
CE2
if1
PE2
PE1
CE-PE protocol
D=ASBR1, nh = CE1
R1 ASBR1
ASBR2
Site 1
R2
Site 2
CE1
CE2
if1
PE2
PE1
R1 ASBR1
ASBR2
Site1
R2
Site 2
CE1 20.1.1.1
CE2
20.1.1.1
if2
20.1/16 nh ASBR1
ASBR1, nh PE2,2001
if4
PE2
if3
400
if1
PE1
2001
1001
1001
20.1.1.1
20.1.1.1
20.1.1.1
VRF green
0
20.1.1.1
New concepts
The
When
ASBR2
ASBR1
IP
20.1.1.1
MPLS
20.1.1.1
MPLS
20.1.1.1
IP
20.1.1.1
20.1/16 nh ASBR1
R1 ASBR1
ASBR2
Site 2
MPLS
Site 1
MPLS
R2
CE1
CE2
if2
if4
if3
PE2
if1
PE1
MPLS
ASBR2
ASBR2
MPLS
CE2
MPLS
ASBR1
MPLS
CE1
ASBR1
In
Need
Site 1
Routing info
Traffic
ASBR1
R1
R2
Site 2
Site 1
CE2
CE1
LDP
D = PE1,label = 400
ASBR1
R1
R2
Site 2
Site 1
CE2
CE1
MPLS
PE2
if1
PE1
ASBR1
R1
R2
Site 2
Site 1
CE2
CE1
if1
PE1
ASBR2
Site 1
CE2
(CE2, 500)
Site 2
LDP
p
po
CE1
2,
E
(C
In 4001, out 2001
if1
PE2
PE1
ASBR2-to-CE2 discussion
Requires
One
The
Site 2
CE2
ASBR1, 0
LDP
ASBR1
R1
1,3
R
B
S
(A 1
Site
ASBR1:push 0, 100
(AS
BR
ASBR1, nh ASBR1, 0 1,100
)
ASBR1, push 100
if1
PE2
PE1
CE1
ASBR1
R1
R2
Site 2
Site 1
CE2
ASBR1:push 0, 100
CE1
In 3001
EBGP inet labeled-unicast if1 out push (0, 100)
ASBR1:nh CE1, 3001
PE2
PE1
ASBR1
Site 1
CE2
(CE2, 500)
Site 2
LDP
p
po
2,
E
(C
In 4001, out 2001
CE1
MPLS
PE2
20.1/16 nh ASBR1
500
CE2
20.1.1.1
4001
100
20.1.1.1
CE1
0
20.1.1.1
4001
20.1.1.1
PE2
PE1
2001
20.1.1.1
ASBR1
if1
3001
20.1.1.1
1001
1001
20.1.1.1
20.1.1.1
Can
LDP
ASBR1
R1
(ASBR1, 5000)
Site)2
LDP
BR
S
(A
4
1,
0
00
R2
1,3
R
B
S
(A 1
Site
CE2
(AS
BR
1,1
00)
CE1
if1
PE2
PE1
PE4
Blue site 1
Red site 2
Blue site 2
VPN-provider-green site 1
VPN-provider-green site 2
PE3
R1
R2
Site 2
CE2
Transit provider
Site 1
CE1
MPLS
PE2
PE1
problem:
Want
The
solution:
Let
Red site 1
PE3
LSP
Site 1
Routing info
Traffic
Red site 1
PE4
Site 1
CE2
(CE2, 500)
Site 2
LDP
p
po
2,
E
(C
In 4001, out 2001
CE1
MPLS
PE2
PE3
Red site 1
IBGP inet-vpn
PE4
10.1/16
Site 2
Site 1
CE1
PE1
PE3
What
Useful
VPN
if:
Sites in different AS
Red site 1
Blue site 1
VPN-provider-green
PE2
Red site 2
Blue site 2
VPN-provider-gray
PE1
The
solutions:
Discussed
PE2
Blue site 1
Red site 2
Blue site 2
scaling issues:
The
Requires
Blue site 1
Red site 2
Blue site 2
EBGP
IBGP
PE2
IBGP
ASBR1
ASBR2
PE1
No
Still
Requires
PEs.
Option C
Red site 1
Blue site 1
Red site 2
Blue site 2
VPN-provider-gray (site 1)
VPN-provider-green (site 2)
PE3
R1
PE4
AS2
R2
Transit provider
AS1
AS3
CE1 (ASBR1)
CE2 (ASBR4)
PE2 (ASBR3)
PE1 (ASBR2)
The abstraction
Red site 1
Red site 1
PE3
LSP
Option C
Looks
The
Thank you!
Please send comments to
ina@juniper.net