You are on page 1of 116

MPLS L2/L3

Virtual Private Networks (VPNs)

An IP/MPLS Forum Sponsored Tutorial

Dave Christophe
IP/MPLS Forum Education WG Chair
Director, Solutions Marketing
Alcatel-Lucent

Slide 1 Copyright © 2008 IP/MPLS Forum


MPLS VPN Tutorial Agenda

• Introduction to the IP/MPLS Forum


• Introduction to MPLS and MPLS VPNs
ƒ Defining Layer 2 and 3 VPNs
• Layer 3 MPLS VPN
ƒ Overview
ƒ BGP Review
ƒ RFC 4364 (2547bis) Key Characteristics
ƒ BGP/MPLS VPN Architecture Overview
• VPN Routing and Forwarding (VRF) Tables
• Overlapping VPNs
• VPN Route Distribution
• VPN Packet Forwarding
• Scaling L3 VPNs and Route Reflectors
Slide 2 Copyright © 2008 IP/MPLS Forum
MPLS VPN Tutorial Agenda

• Layer 2 VPNs
• Overview
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt Frame Relay
• Virtual Private LAN Services – VPLS
• Introduction to Multi-Service Interworking
over MPLS
• Interworking History and Definition
• Multi-Service Interworking of Ethernet over MPLS
• Migration Scenarios and Benefits
• Summary
Slide 3 Copyright © 2008 IP/MPLS Forum
Introduction to the IP/MPLS Forum

• IP/MPLS Forum is an international, industry-wide, non-profit


association of service providers, equipment vendors, testing
centers and enterprise users
ƒ Created with the name change of the MFA Forum (Oct 2007)
to reflect renewed focus on driving global industry adoption
of IP/MPLS solutions in the market, by focusing on
standards initiatives for IP/MPLS such as inter carrier
interconnect (ICI), mobile wireless backhaul, and security.
• Objectives: Unify service providers, suppliers and end users on
common vision of IP/MPLS based solutions

Awareness Migration Systems-Level Solutions


• Promote global awareness of • Guide the telecom end • Drive implementation of
the benefits of IP/MPLS user to make the leap standards for IP/MPLS based
• Empower the telecom industry from legacy solutions
to migrate from legacy technologies to • Validate implementations and
technologies to IP/MPLS-based IP/MPLS-based services advance interoperability of
next generation networking standardized IP/MPLS based
solutions
• Deliverables: Technical Specifications, Test Plans, Technical
Tutorials, Collateral Copyright © 2008 IP/MPLS Forum
Slide 4
Introduction to the IP/MPLS Forum

• Current Work Items


ƒ Framework and Reference Architecture for MPLS in Mobile Backhaul Networks
ƒ MPLS Inter-Carrier Interconnect
ƒ Packet Based GMPLS Client to Network Interconnect
ƒ Generic Connection Admission Control (GCAC) Requirements for IP/MPLS Networks
ƒ Layer 2 VPNs using BGP for Auto-discovery & Signaling (BGP L2 VPN)
ƒ MPLS Over Aggregated Interface
ƒ Voice Trunking format over MPLS Technical Tutorials
ƒ TDM Transport over MPLS using AAL1 • Introduction to MPLS ½ and full day
• MPLS L2/L3 VPNs ½ day
The Forum is also planning several • MPLS VPN Security ½ day
industry-driven future Work Items. • Traffic Engineering ½ day
• Service Provider Council • GMPLS ½ day
• Migrating Legacy Services to MPLS ½ day
• Public Interoperability Events • MPLS OAM ½ day
• Technical Tutorials - to broaden • Voice over MPLS ½ day
the understanding of the technology and • Multi-service Interworking over MPLS ½ day
• Multicast in MPLS/VPLS Networks ½ day
benefits of the solutions
• IP/MPLS in the Mobile RAN ½ day
• Next meeting: June 24-26, Vancouver, Canada • MPLS Inter-Carrier Interconnect ½ day
• Please join us! New tutorials based upon demand
ƒ To join the Forum contact Alysia Johnson, Executive Director
E-Mail: ajohnson@ipmplsforum.org
Phone: 510 492-4057

Slide 5 Copyright © 2008 IP/MPLS Forum


Section 1

Introduction to MPLS and MPLS VPNs

Slide 6 Copyright © 2008 IP/MPLS Forum


Why MPLS ?
A Common Control Plane

Best of the
packet-
switched
and
circuit-switched Enhancement and
Layer 2 and Layer 3 VPNs
worlds scalability of IP

Link Resiliency and Path


Protection Metro Ethernet
Services

Differentiated Services Legacy Network


- CoS and QoS Migration

Slide 7 Copyright © 2008 IP/MPLS Forum


MPLS: Addresses many
network needs
End Users
Applications MPLS
L3 VPN &
L2 VPN
Access
MPLS
TE +
IP CoS/QoS
MPLS
Protection
SONET/ & rerouting
SDH

GMPLS
Photonics
Slide 8 Copyright © 2008 IP/MPLS Forum
Virtual Private Networks

Corporate Public
Storage Facility
Headquarters
Network
Home Remote
office office

• VPN (Virtual Private Network) is simply a way of using a public


network for private communications, among a set of users
and/or sites
• Remote Access: Most common form of VPN is dial-up remote
access to corporate database - for example, road warriors
connecting from laptops
• Site-to-Site: Connecting two local networks (may be with
authentication and encryption) - for example, a Service Provider
connecting two sites of the same company over its shared
network Slide 9 Copyright © 2008 IP/MPLS Forum
MPLS, VPNs, and Standards
Many options

L2TP
VPWS Point to multipoint

Layer 2 IP VPNs VPLS using


Tunneling LDP signaling
PWE3 BGP / MPLS VPNs
Point to point VPLS using IPsec
BGP signaling
Layer 3 IPLS PPVPN
RFC 4364 / 2547 bis

Slide 10 Copyright © 2008 IP/MPLS Forum


VPNs
Types, Layers, and Implementations

VPN Type Layer Implementation


Leased Line 1 TDM/SDH/SONET

Frame Relay 2 DLCI

ATM 2 VC

GRE/UTI/L2TPv3 3 IP Tunnel

Ethernet 2 VLAN / VPWS / VPLS

IP 3 RFC 4364 / VR

IP 3 IPsec

Slide 11 Copyright © 2008 IP/MPLS Forum


VPNs
How do they compare?

FR or IPsec L3 L2
Which one to choose?
ATM MPLS MPLS
Point-to-multipoint 2 2 √ √
Multi-protocol √ 2 2 √
QoS and CoS √ 2 √ √
Low latency √ 2 √ √
Security √ √ √ √
SLAs √ 2 √ √

Slide 12 Copyright © 2008 IP/MPLS Forum


MPLS VPNs in the IETF

L2VPN • Layer 2 VPNs

Internet L3VPN • Layer 3 VPNs

PWE3
• Pt-to-Pt circuits
• Encapsulations
ƒ ATM
ƒ FR
ƒ Ethernet
ƒ PPP/HDLC
ƒ TDM
ƒ SONET/SDH

Routing MPLS • Base Technology


Slide 13 Copyright © 2008 IP/MPLS Forum
What are Layer 2 and Layer 3
VPNs?

• VPNs based on a Layer 2 (Data Link Layer)


technology and managed at that layer are
defined as Layer 2 VPNs (MPLS, ATM,
Frame Relay)
• VPNs based on tunneling at Layer 3
(Network Layer) are Layer 3 VPNs,
(BGP/MPLS, VR, IPSec)

Slide 14 Copyright © 2008 IP/MPLS Forum


Visually - Layer 2 VPN
CE 3
Layer 2 Link
CE VPN B
PE 1
VPN A
CE PE
CE 1 PE 1 & PE 2
support VPN A
P P1 (and also PE 3 with
Service Provider multi-point VPN)
Network
PE 2
PE

• IP & Legacy Traffic (protocol PE CE 2


neutral) PE 3
• Enterprise manages wide-area CE 5 CE
network routing CE 4
VPN A
CE
• Pt-to-pt (shown) or multi-point CE
services (VPN A: shown with 2nd VPN B VPN A
mouse click)
CE: Customer Edge device
VPN A
PE: Provider Edge router
VPN B
P: Provider router not directly attached to a CE
Slide 15 Copyright © 2008 IP/MPLS Forum
Visually - Layer 3 VPN
BGP/MPLS IP VPN
CE 4
PE 1 CE VPN B
VPN A
CE PE MPLS PE 4
CE 1 PE
PE 1 & PE 2
In a Layer 3 VPN, are BGP peers, and
P support VPN A
CE and PE are Service Provider P1
IGP peers Network
PE 2
PE

• IP Traffic P/
PE
• Enterprise outsource wide-area PE 3 P2
network routing to Service Provider CE
CE 2
CE 3 VPN A
• Pt-to-pt (Typically a full mesh) CE
VPN B

CE: Customer Edge device VPN A


PE: Provider Edge router VPN B
P: Provider router not directly attached to a CE *
Slide 16 Copyright © 2008 IP/MPLS Forum
Section 2

Layer 3 MPLS VPN

Slide 17 Copyright © 2008 IP/MPLS Forum


MPLS VPN Tutorial Agenda

Layer 3 MPLS VPN


ƒ Overview
ƒ BGP Review
ƒ RFC 4364 / 2547bis Key Characteristics
ƒ BGP/MPLS VPN Architecture Overview
• VPN Routing and Forwarding (VRF) Tables
• Overlapping VPNs
• VPN Route Distribution
• VPN Packet Forwarding
• Scaling L3 VPNs and Route Reflectors

Slide 18 Copyright © 2008 IP/MPLS Forum


Layer 3 (BGP/MPLS) VPN
Overview
Extranet or
Internet

Frame DSL/ATM
Relay
PPP/HDLC

ATM Service Provider


Headquarters Attachment Circuit MPLS Network
CE
Ethernet
Data Center

• Cost effective full mesh connectivity between sites


• Utilize multiple VPNs at a site with different routes to control
access
• Facilitates communications in dynamic organization &
business application environments
• Leverages existing access options to preserve investment
and effectively support a range of applications
Slide 19 Copyright © 2008 IP/MPLS Forum
What is BGP?

• BGP is an exterior gateway protocol that allows IP


routers to exchange network reachability information
• BGP published as RFC 1105 in 1989, then after
several updates as BGP-4 in 1995 with RFC 1771,
and now as RFC 4271 (2006)
• Numerous other RFCs and Internet Drafts focus on
various aspects and extensions including multi-
protocol extensions, extended communities,
carrying label information in BGP, etc

Slide 20 Copyright © 2008 IP/MPLS Forum


IGP vs. EGP

• Interior Gateway Protocols


ƒ RIP, OSPF, IS-IS
ƒ Dynamic, some more than others
ƒ Define the routing needed to pass data within a
network
• Exterior Gateway Protocol
ƒ BGP
ƒ Less Dynamic than IGPs
ƒ Defines the routing needed to pass data between
networks

Slide 21 Copyright © 2008 IP/MPLS Forum


External Border Gateway Protocol

eBGP - BGP between border routers in


two different AS’s.

eBGP eBGP
AS 1 AS 3

AS 2

AS: Autonomous System


eBGP: External BGP
Slide 22 Copyright © 2008 IP/MPLS Forum
Internal Border Gateway
Protocol
iBGP - BGP between border routers in the
same AS.
iBGP
AS 3
AS 1

AS 2
eBGP eBGP

Provides a consistent view within the AS


of the routes exterior to the AS.
AS: Autonomous System
eBGP: External BGP
iBGP: Internal BGP Copyright © 2008 IP/MPLS Forum
Slide 23
BGP/MPLS IP VPN (RFC 4364)
Key Characteristics

PE P P PE

VPN A VPN A
CE CE
Backbone

• Requirements:
ƒ Support for overlapping, private IP address space
ƒ Different customers run different IGPs (i.e. RIP, OSPF, IS-IS)
• Solution:
ƒ VPN network layer is terminated at the edge (PE)
• PE routers use plain IP with CE routers

CE: Customer Edge router RFC 4364 obsoletes RFC 2547 and is
PE: Provider Edge router updated by RFC 4577 & RFC 4684
P: Provider router not directly attached to a CE Copyright © 2008 IP/MPLS Forum
Slide 24
BGP/MPLS IP VPN
Key Characteristics

PE P P PE

VPN A VPN A
CE CE
Backbone

• P routers (LSRs) are in the core of the MPLS cloud


• P and PE (LERs) routers run an IGP and a label
distribution protocol
ƒ Labelled VPN packets are transported over MPLS core
• PE routers are MP-iBGP fully meshed
ƒ for dissemination of VPN membership and reachability
information between PEs

Slide 25 Copyright © 2008 IP/MPLS Forum


Virtual Routing and Forwarding
(VRF) Tables

VRF-A VPN A
VPN A P P
CE PE PE CE 10.1.2.0/24
10.1.1.0/24

VPN B Backbone VPN B


10.1.1.0/24 CE VRF-B CE 10.2.1.0/24

• Each VPN needs a separate Virtual routing and


forwarding instance (VRF) in each PE router to
ƒ Provides VPN isolation
ƒ Allows overlapping, private IP address space by different
organizations

Slide 26 Copyright © 2008 IP/MPLS Forum


Virtual Routing and Forwarding
(VRF) PE to CE Router Connectivity

• Protocols used between CE and PE


eBGP
routers to populate VRFs with
CE PE
customer routes
ƒ BGP-4
RIP • Useful in stub VPNs and transit VPNs
CE
ƒ RIPv2
ƒ OSPF
OSPF
ƒ Static routing
CE PE
• Particularly useful in stub VPNs
• Note:
ƒ Customer routes need to be advertised
CE
between PE routers
ƒ Customer routes are not leaked into
backbone IGP
Slide 27 Copyright © 2008 IP/MPLS Forum
Virtual Routing and Forwarding
(VRF)

Site 1 Site 4

VPN X VPN Y

Site 2 Site 3

• A VPN is a collection of sites sharing a common


routing information (routing table)
• A VPN can be viewed as a community of interest
(or Closed User Group)

Slide 28 Copyright © 2008 IP/MPLS Forum


Virtual Routing and Forwarding
(VRF) Overlapping VPNs

Site 1 Site 4 Examples:


VPN Y - Extranet
VPN X
- VoIP Gateway
Site 2 Site 3
VPN A

• A site can be part of different VPNs


• A site belonging to different VPNs may or may not
be used as a transit point between VPNs
• If two or more VPNs have a common site, address
space must be unique among these VPNs

Slide 29 Copyright © 2008 IP/MPLS Forum


VRFs and Route Distribution

VRF
Site-1 Site-2
P1 P2
VPN-A CE PE1 PE2 CE VPN-A
OSPF eBGP

Site-1 Site-2
VPN-B CE CE VPN-B
MP-iBGP session

• Multiple VRFs are used on PE routers


• The PE learns customer routes from attached CEs
• Customer routes are distributed to other PEs with
MP-BGP
• Different IGPs or eBGP supported between PE and
CE peers
• Default forwarding table also exists – public routes
VRF: VPN Routing and Forwarding Table
Slide 30 Copyright © 2008 IP/MPLS Forum
VPN Route Distribution
Route Targets

VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24

VPN B Backbone VPN B


10.1.1.0/24 CE CE 10.2.1.0/24
MP-iBGP session

Route Target attributes:


• “Export” Route Target: Every VPN route is tagged
with one or more route targets when it is exported
from a VRF (to be offered to other VRFs)
• “Import” Route Target: A set of routes targets can be
associated with a VRF, and all routes tagged with at
least one of those route targets will be inserted into
the VRF
Slide 31 Copyright © 2008 IP/MPLS Forum
VPN Route Distribution
Route Targets

PE2 PE3
VPN X CE CE VPN Y
PE1 P P PE4
VPN A
CE
Backbone CE VPN Y
CE
VPN X
VRFs at PE1 will VRFs at PE4 will
import routes from import routes from CE
VPN A
VPN-A and VPN-X VPN-A and VPN-Y

PE2 PE3

VPN X VPN Y

PE1 PE4
VPN A

Slide 32 Copyright © 2008 IP/MPLS Forum


VPN Route Distribution

IGP(VPN-A)
VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24

VPN B Backbone VPN B


10.1.1.0/24 CE CE 10.2.1.0/24
IGP(VPN-B)

How will the PE routers exchange information about VPN


customers and VPN routes between themselves?
Option #1: PE routers run a different routing algorithm for
each VPN
• Scalability problems in networks with a large number
of VPNs
• Difficult to support overlapping VPNs
Slide 33 Copyright © 2008 IP/MPLS Forum
VPN Route Distribution

VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24

VPN B Backbone VPN B


10.1.1.0/24 CE CE 10.2.1.0/24
MP-iBGP

How will the PE routers exchange information about VPN


customers and VPN routes between themselves?

Option #2: BGP/MPLS IP VPN - PE routers run a single


routing protocol to exchange all VPN routes
• Problem: Non-unique IP addresses of VPN customers. BGP
always propagates one route per destination not allowing address
overlap.
Slide 34 Copyright © 2008 IP/MPLS Forum
VPN Route Distribution
VPN-IPv4 Addresses

• VPN-IPv4 Address
ƒ VPN-IPv4 is a globally unique, 96bit routing prefix

Route Distinguisher (RD) IPv4 Address


64 bits 32 bits
Creates a VPN-IPv4 address that is globally IP subnets advertised
unique, RD is configured in the PE for each by the CE routers to
VRF, RD may or may not be related to a site the PE routers
or a VPN

Slide 35 Copyright © 2008 IP/MPLS Forum


VPN Route Distribution
VPN-IPv4 Addresses

Route Distinguisher format

00 00 ASN nn
ƒ ASN:nn
• Autonomous System Number (ASN) assigned by Internet
Assigned Number Authority (IANA)

00 01 IP address nn
ƒ IP-address:nn
• Use only if the MPLS/VPN network uses a private AS number

00 02 BGP-AS4 nn
ƒ BGP-AS4:nn
• 4-byte Autonomous System Number (BGP-AS4)
nn: assigned number administered by Enterprise
Slide 36 Copyright © 2008 IP/MPLS Forum
VPN Route Distribution
BGP with Multiprotocol Extensions

• How are 96-bit VPN-IPv4 routes exchanged


between PE routers?
• BGP with Multiprotocol Extensions (MP-BGP)
was designed to carry such routing
information between peer routers (PE)
ƒ Propagates VPN-IPv4 addresses
ƒ Carries additional BGP route attributes (e.g. route
target) called extended communities

Slide 37 Copyright © 2008 IP/MPLS Forum


VPN Route Distribution
BGP with Multiprotocol Extensions

• A BGP route is described by:


ƒ Standard BGP Communities attributes (e.g. Local
Preference, MED, Next-hop, AS_PATH, Standard
Community, etc.)
ƒ Extended BGP Communities attributes
• Extended Communities
ƒ Route Target (RT)
• Identifies the set of sites the route has to be advertised to
ƒ Route Origin (RO)/Site of Origin
• Identifies the originating site
• Prevents routing loops with multi-homed customer sites

MED: Multi_Exit_Disc
Slide 38 Copyright © 2008 IP/MPLS Forum
IGP Label Distribution

P1 IGP P2
PE1 PE2

MPLS backbone
Global routing table Global routing table
Destination Next Hop Label Destination Next Hop Label
PE2 P1 25 PE1 P2 33
P2 P1 28 P1 P2 38
P1 interface POP P2 interface POP

• All routers (P and PE) run an IGP and a label distribution


protocol
• Each P and PE router has routes for the backbone nodes and a
label is associated to each route
• MPLS forwarding is used within the backbone

Slide 39 Copyright © 2008 IP/MPLS Forum


MP-BGP Route Distribution

update for Net1 update for Net1


Site-1 P P Site-2
VPN-A CE PE1 PE2 CE VPN-A

P P
Site-1 Site-2
VPN-B CE CE VPN-B
update for Net1 update for Net1

VPN-IPv4 update:
Net1:RD1, Next-hop=PE2
VPN-IPv4 updates are translated RO=Site-2, RT=Green
into IPv4 address and inserted Label=10
into the VRF corresponding to “Net1” is the provider’s
the RT value VPN-IPv4 update: autonomous system
Net1:RD2, Next-hop=PE2
RO=Site-2, RT=Yellow
Label=12

Slide 40 Copyright © 2008 IP/MPLS Forum


MP-BGP Route Distribution
Summary

• VPN Routing and Forwarding (VRF) Table


ƒ Multiple routing tables (VRFs) are used on PEs
• VPNs are isolated
• Customer addresses can overlap
ƒ Need for unique VPN route prefix
ƒ PE routers use MP-BGP to distribute VPN routes to each
other
ƒ For security and scalability, MP-BGP only propagates
information about a VPN to other routers that have interfaces
with the same Route Target value
• BGP-MPLS VPN extensions for IPv6 (RFC 4659)

MP-BGP: BGP with Multiprotocol Extensions


Slide 41 Copyright © 2008 IP/MPLS Forum
VPN Packet Forwarding

Backbone
P1 P2
PE1 PE2

Global routing table Global routing table


Destination Next Hop Label Destination Next Hop Label
PE2 P1 25 PE1 P2 33
P2 P1 28 P1 P2 38
P1 interface POP P2 interface POP

PE-to-PE connectivity via LSPs


• All routers (P and PE) run an IGP and a label distribution protocol
• Each P and PE router has routes for the backbone nodes and a
label is associated to each route
• MPLS forwarding is used within the backbone

Slide 42 Copyright © 2008 IP/MPLS Forum


VPN Packet Forwarding
Label Stacking

VRF Green:
Net1, Next-hop: PE2 Backbone
Label 10 P1 P2
PE1 PE2
VRF Yellow:
Net1, Next-hop: PE2
Label 12

Global routing table Global routing table


Destination Next Hop Label Destination Next Hop Label
PE2 P1 25 PE1 P2 33
P2 P1 28 P1 P2 38
P1 interface POP P2 interface POP

• Ingress PE router uses two-level label stack


ƒ VPN label (inner label) assigned by the egress PE router
ƒ Tunnel (IGP) label (top label) identifying the PE router
• Label stack is attached in front of the IP packet that belongs
to a VPN
• The MPLS packet is forwarded across the P routers in the
backbone network
Slide 43 Copyright © 2008 IP/MPLS Forum
VPN Packet Forwarding
Label Stacking

P routers switch the packet


based on the
Tunnel Label (top label)

CE1 CE2

PE1 P1 P2 PE2

IP
Packet IP Packet
Tunnel Label (PE2) Tunnel Label (PE2) Tunnel Label (PE2)
VPN Label VPN Label VPN Label

IP Packet IP Packet IP Packet

Egress PE router removes top


label,
PE1 router receives normal IP
uses inner label to select
packet from CE1 router.
which VPN/CE to forward the
PE router does “IP Longest Match” packet to.
from VRF, finds iBGP next hop PE2
Inner label is removed and
and imposes a stack of labels
packet sent to CE2 router

Slide 44 Copyright © 2008 IP/MPLS Forum


VPN Packet Forwarding
Penultimate Hop Popping

Penultimate Hop Popping


P routers switch the packet
based on the P2 is the penultimate hop
Tunnel Label (top label) for the BGP next-hop
P2 removes the top label
CE1 This has been requested CE2
through LDP by PE2
PE1 P1 P2 PE2
IP
Packet IP Packet
Tunnel Label (PE2) Tunnel Label (PE2) VPN Label
VPN Label VPN Label
IP Packet
IP Packet IP Packet

PE2 receives packet with the


PE1 router receives normal IP label corresponding to the
packet from CE1 router. outgoing VRF
PE router does “IP Longest Match” One single lookup
from VRF, finds iBGP next hop PE2 Label is popped and packet
and imposes a stack of labels sent to CE2 router

Slide 45 Copyright © 2008 IP/MPLS Forum


Core Routers (P Routers)

• Not involved in MP-BGP


• Does not make routing decision based on
VPN addresses
• Forwards packet based on the top label value

• P routers do not need to carry VPN routing


information or Internet routing information,
thus providing better network scalability

Slide 46 Copyright © 2008 IP/MPLS Forum


Scaling BGP/MPLS VPNs

• Scalability of BGP/MPLS VPNs


ƒ Expanding the MPLS core network
• Without impact on the VPN services, e.g. adding P
routers (LSRs), new or faster links
ƒ Label stacking
• Allows reducing the number of LSPs in the network
core and avoiding LSP exhaustion
ƒ VPN Route Distribution
• Route Reflectors

Slide 47 Copyright © 2008 IP/MPLS Forum


Scaling BGP/MPLS VPNs
Route Reflectors

iBGP
2 3 2 3
AS 1 AS 1
iBGP iBGP iBGP iBGP
1 Use redundant
1 Route Reflectors to
Full Mesh
iBGP Route eliminate single
Reflector point of failure
n*(n-1)/2

BGP Route Reflectors


• Existing BGP technique, can be used to scale VPN route
distribution
ƒ PEs don’t need full mesh of BGP connections, only
connect to RRs
ƒ By using multiple RRs, no one box needs to have all VPN
routes
• Each edge router needs only the information for the VPNs it
supports
ƒ Directly connected VPNs
RR: Route Reflector
Slide 48 Copyright © 2008 IP/MPLS Forum
Section 3

Layer 2 VPNs

Slide 49 Copyright © 2008 IP/MPLS Forum


MPLS VPN Tutorial Agenda

Layer 2 VPNs
• Overview
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt
Frame Relay
• Virtual Private LAN Services – VPLS

Slide 50 Copyright © 2008 IP/MPLS Forum


MPLS L2 VPN Market Drivers
What can we conclude?

• Layer 3 IP is not the only traffic


ƒ Still a lot of legacy SNA, IPX, etc
ƒ Large enterprises have legacy protocols
• Layer 3 IP VPNs are not the whole answer
ƒ IP VPNs cannot handle legacy traffic
• Layer 2 legacy traffic widely deployed

Need for Layer 2 and Layer 3 VPNs to


support the broad range of applications

Slide 51 Copyright © 2008 IP/MPLS Forum


MPLS Layer 2 VPNs

• Point-to-point Layer 2 solutions


ƒ Virtual Private Wire Services - VPWS
ƒ Similar to ATM / FR services, uses tunnels and connections
(LSPs)
ƒ Customer gets connectivity only from provider
ƒ Ongoing work to encapsulate Ethernet, ATM, FR, TDM,
SONET, etc
• Multi-point Layer 2 solutions
ƒ Virtual Private LAN Services - VPLS
ƒ Virtual Private LAN Services aka Transparent LAN Service
(TLS)
ƒ Ethernet Metro VLANs / TLS over MPLS
ƒ Independent of underlying core transport
ƒ Ethernet encapsulation for transport over MPLS (RFC 4448)
ƒ Two approaches to signaling (RFC 4761 & RFC 4762)

Slide 52 Copyright © 2008 IP/MPLS Forum


Virtual Private Wire Service (VPWS)

Customer Site A Customer Site B


VC/PW Demux
Tunnel
VC/PW Demux
Customer Site C Customer Site D
Service Provider
MPLS Backbone

• Point-to-Point Service
• Tunnel Label determines path through network
• VC/PW Label identifies VLAN, VPN, or connection
at the end point
Slide 53 Copyright © 2008 IP/MPLS Forum
MPLS Pseudowire
Reference Model

Native Emulated Service

Pseudowire (PW) (forward)

MPLS Tunnel LSP (forward)

AC AC
CE1 PE1 IP/MPLS Network PE2 CE2

MPLS Tunnel LSP (backward)

Pseudowire (backward)

ATM, Ethernet , FR, IP, TDM, etc


AC: Attachment Circuit Attachment Circuit (AC)
CE: Customer Edge - Same at each end
PE: Provider Edge
Slide 54 Copyright © 2008 IP/MPLS Forum
Pseudowire Emulation Edge-to-
Edge (PWE3)
• Requirements for PWE3 (RFC 3916):
ƒ Base requirements for Pseudowire Emulation Edge-to-Edge
(PWE3) WG
• PWE3 Architecture (RFC 3985):
ƒ Describes architecture for Pseudowire Emulation Edge-to-Edge
Emulation of services (such as Frame Relay, ATM, Ethernet
TDM and SONET/SDH) over packet switched networks (PSNs)
using IP or MPLS
ƒ Architectural framework for pseudowires (PWs), defines
terminology, specifies the various protocol elements and
functions
• Pseudowire Set-up and Maintenance using LDP
(RFC 4447)
Slide 55 Copyright © 2008 IP/MPLS Forum
MPLS Point-to-Point Services
Label Stacking

Tunnel PW VC Encaps
Header Layer 2 payload
Header Information
1 2 3
• Three Layers of Encapsulation
1) Tunnel Header: Contains information needed to
transport the PDU across the IP or MPLS network
2) Pseudo wire Header (PW): Used to distinguish individual
emulated VCs within a single tunnel
3) Emulated VC Encapsulation: Contains the information
about the enclosed PDU (known as Control Word)
• Tunnel Header determines path through network
• Pseudo wire Header identifies VLAN, VPN, or
connection at the end point
• All services look like a Virtual Circuit to MPLS
network
PDU: Protocol Data Unit Slide 56 Copyright © 2008 IP/MPLS Forum
Encaps Information Field

bits 0-3 4-7 8-9 10-15 16-31

Reserved Flags FRG Length Sequence Number


FRG: Fragmentation
Generic Control Word

• Layer 2 header fields may be discarded at ingress


• Control word carries “flag” bits depending on encapsulation
ƒ (FR: FECN, BECN, C/R, DE, ATM: CLP, EFCI, C/R, etc)
• Length required when padding small frames on links which
have a minimum frame size
• Sequence number is optional. It is used to detect out of order
delivery of frames.
bits 0-3 4-7 8-15 16-31

Reserved Version Reserved Channel Type

Control Word for PW Associated Channel


RFC 4385 Slide 57 Copyright © 2008 IP/MPLS Forum
LDP - Label Mapping Message

Label Mapping Message Length


Message ID
FEC TLV
Label TLV
Label Request Message ID TLV
LSPID TLV (optional)
Traffic TLV (optional)

FEC: Forwarding Equivalence Class


TLV: Type-Length-Value Copyright © 2008 IP/MPLS Forum
Slide 58
New VC FEC Element Defined

VC TLV C VC Type VC Info Length


Group ID
VC ID
Interface Parameters
• Virtual Circuit FEC Element
ƒ C - Control Word present
ƒ VC Type - FR, ATM, Ethernet, HDLC, PPP, ATM cell
ƒ VC Info Length - length of VCID field
ƒ Group ID - user configured - group of VCs representing
port or tunnel index
ƒ VC ID - used with VC type to identify unique VC
ƒ Interface Parameters - Specific I/O parameters
Slide 59 Copyright © 2008 IP/MPLS Forum
Layer 2 Encapsulation PWE3
PWE3 Work

• Ethernet / 802.1q VLAN


• RFC 4448
• ATM AAL5 and ATM cell
• RFC 4717
• Frame Relay
• RFC 4619
• PPP/HDLC
• RFC 4618
• TDM
• RFC 4553
• Pseudowire Set-up and Maintenance using LDP
• RFC 4447

Slide 60 Copyright © 2008 IP/MPLS Forum


Ethernet Encapsulation
for Transport over MPLS

Original Ethernet frame

Preamble DA SA 802.1q L payload FCS

DA’ SA’ 0x8847


Tunnel PW Ethernet Ethernet FCS’
Header Header header payload

Ethernet PDU
Encapsulated Ethernet over MPLS over Ethernet Transport

• Ingress device strips the Ethernet preamble and FCS


• Raw or Tagged mode
• Optional Control Word 0000 Reserved Sequence #
• New MPLS Ethernet header (type 0x8847) and new FCS is
added to MPLS Ethernet packet
RFC 4448 Slide 61 Copyright © 2008 IP/MPLS Forum
Life of a Frame
Ethernet over Ethernet MPLS

PW
DA” SA” 0x8847 DA SA T 802.1q payload FCS”
Label

Tunnel PW
DA’ SA’ 0x8847 DA SA T 802.1q payload FCS’
Label Label

DA SA T 802.1q payload FCS


DA SA T 802.1q payload FCS

PE PE
CE CE

Penultimate
Hop LSR
CE CE
PE Provider’s MPLS PE
Last Mile Backbone POP Last Mile
POP

Slide 62 Copyright © 2008 IP/MPLS Forum


ATM Service Transport with a PW
Reference Model

Native Emulated ATM Service

Pseudowire (PW) (forward)

MPLS Tunnel LSP (forward)

AC AC
CE1 PE1 IP/MPLS Network PE2 CE2

ATM Service MPLS Tunnel LSP (backward) ATM Service


UNI or NNI UNI or NNI
Pseudowire (backward)

AC: Attachment Circuit


CE: Customer Edge
PE: Provider Edge
Slide 63 Copyright © 2008 IP/MPLS Forum
ATM AAL5 Encapsulation for
Transport over MPLS
4 octets 4 octets 4 octets
Tunnel PW Control
AAL5 CPCS-PDU
Header Header word

bits 4 11 1 1 8 16

Rsvd T E C U Length Sequence Number*


* optional
ATM Control Word
• 2 modes:
ƒ PDU Frame Mode – encapsulates PDU payload, pad and
trailer
ƒ SDU Frame Mode – encapsulates PDU payload (shown above)
• Ingress reassembles AAL5 frames
• SDU Frame mode required control word includes:
ƒ T = Transport type bit identifies whether packet contains an
AAL5 payload or ATM admin cell
ƒ E = EFCI bit - Explicit Forward Congestion Indication
ƒ C = CLP bit - Cell Loss Priority
ƒ U = Command / Response bit PDU: Protocol Data Unit
RFC 4717 Slide 64 Copyright © 2008 IP/MPLS Forum
ATM Cell Mode Encapsulation
for Transport over MPLS
4 octets 4 octets 4 octets 52 octets 52 octets
Tunnel PW Control ATM cell #1 ATM cell #2

Header Header word minus FCS minus FCS

bits 4 4 4 6 16

0000 Flags Res Length Sequence Number

Control Word
N-to-One Cell Mode Multiple Cell Encapsulation
• 2 modes: Control Word (optional)

ƒ One-to-One Cell Mode - maps VPI VCI PTI C


one ATM VCC (or VPC) to one PW ATM Payload (48 bytes)
ƒ N-to-One Cell Mode - maps one or “ “
more ATM VCCs (or VPCs) to one VPI VCI PTI C
PW (shown above); only required
ATM Payload (48 bytes)
mode for ATM support “ “
• Ingress performs no reassembly
• Control word is optional: If used, Flag and Length bits are not
used
RFC 4717 Slide 65 Copyright © 2008 IP/MPLS Forum
Frame Relay Encapsulation for
Transport over MPLS
Native Emulated Frame Relay Service

Pseudowire (PW) (forward)

MPLS Tunnel LSP (forward)

AC AC
CE1 PE1 IP/MPLS Network PE2 CE2

One Bi-directional MPLS Tunnel LSP (backward)


One Bi-directional
FR VC
Pseudowire (backward) FR VC

• Frame Relay (FR) Transport Service application


• Two Mapping modes:
ƒ One-to-one mapping: One FR VC mapped to a pair of unidirectional PWs
(shown above)
ƒ Many-to-one or port mode mapping: Many FR VCs mapped to a pair of
Unidirectional PWs
Slide 66 Copyright © 2008 IP/MPLS Forum
Frame Relay Encapsulation for
Transport over MPLS
Native Emulated Frame Relay Service

Pseudowire (PW) (forward)

MPLS Tunnel LSP (forward)

AC AC
CE1 PE1 IP/MPLS Network PE2 CE2

Many Bi-directional MPLS Tunnel LSP (backward)


Many Bi-directional
FR VCs FR VCs
Pseudowire (backward)
• Two Mapping modes:
ƒ One-to-One Mapping: One FR VC mapped to a pair of
unidirectional PWs
ƒ Many-to-One or Port Mode Mapping: Many FR VCs mapped to a
pair of Unidirectional PWs (shown above)
Slide 67 Copyright © 2008 IP/MPLS Forum
Frame Relay Encapsulation for
Transport over MPLS

DLCI C/R EA DLCI FECN BECN DE EA Frame Relay Header

6 1 1 4 1 1 1 1

Frame Relay frame


Q.922
payload FCS
Header

4 octets 4 octets 4 octets


Tunnel PW Control
Frame Relay PDU
Header Header word

4 1 1 1 1 2 6 16 bits
FR Control Word for
0000 F B D C FRG Length Sequence Number
One-to-One Mode

• F = FECN (Forward Explicit Congestion Notification)


• B = BECN (Backward Explicit Congestion Notification)
• D = DE (Discard Eligibility Indicator)
• C = C/R (Command / Response Field)
RFC 4619 Slide 68 Copyright © 2008 IP/MPLS Forum
MPLS VPN Tutorial Agenda

Layer 2 VPNs
• Overview
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt
Frame Relay
• Virtual Private LAN Services – VPLS

Slide 69 Copyright © 2008 IP/MPLS Forum


MPLS VPLS
Reference Model

CE
CE PE VPLS-A
PE
VPLS-A
CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B

CE
L2 Access
PE Network VPLS-B
CE
CE
VPLS-A
VPLS-B

Creates an emulated Ethernet LAN Segment across a wide-area network


for a set of users

RFC 4664, RFC 4026


Slide 70 Copyright © 2008 IP/MPLS Forum
Virtual Private LAN Services

• Defines an Ethernet (IEEE 802.1D) learning bridge


model over MPLS Ethernet PWs
• Defines the PE function for an MPLS VPLS network
• Creates a layer 2 broadcast domain for a closed group
of users
• MAC address learning and aging on a per LSP basis
• Packet replication across LSPs for multicast,
broadcast, and unknown unicast traffic
• Hierarchical VPLS for scalability

Slide 71 Copyright © 2008 IP/MPLS Forum


MPLS VPLS
Reference Model
Emulates LAN Segment across a wide-area network

CE
CE PE VPLS-A
PE
VPLS-A

CE
CE VPLS-B

VPLS-B

PE L2 Access
z Tunnel LSPs are Network
CE
established between PEs CE
VPLS-B
z Layer 2 VC LSPs are set VPLS-A
up in Tunnel LSPs CE

z Customer Virtual Private LANs are tunnelled VPLS-B


through MPLS network
z Core MPLS network acts as a LAN switch
Slide 72 Copyright © 2008 IP/MPLS Forum
VPLS Internal PE Architecture

Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code

CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
IEEE 802.1D bridging code

IETF VPLS code

Emulated LAN instance

Slide 73 Copyright © 2008 IP/MPLS Forum


PE Bridging Code

Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code

CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
Standard IEEE 802.1D Bridging code
• Used to interface with CE facing ports
• Learn MAC addresses and aging
• Might run STP with CEs IEEE 802.1D bridging code

• Used to interface with VPLS IETF VPLS code


• Might run STP between PEs
Slide 74 Copyright © 2008 IP/MPLS Forum
PE VPLS Code

Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code

CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
VPLS Forwarding
• Learns MAC addresses per pseudo-wire (VC LSP)
• Forwarding based on MAC addresses
• Replicates multicast & broadcast frames
• Floods unknown frames IEEE 802.1D bridging code
• Split-horizon for loop prevention IETF VPLS code
Slide 75 Copyright © 2008 IP/MPLS Forum
PE VPLS Code

Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code

CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
• VPLS Signaling
ƒ Establishes pseudo-wires per VPLS between relevant PEs
ƒ Two signaling protocol options:
IEEE 802.1D bridging code
• LDP – RFC 4762
• BGP – RFC 4761 IETF VPLS code

• VPLS Discovery (Manual, LDP, BGP, DNS)


Slide 76 Copyright © 2008 IP/MPLS Forum
MPLS VPLS
Reference Model – Distributed PE Functions
U-PE
CE
CE N-PE VPLS-A
PE
VPLS-A

CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B L2
Access
CE
CE VPLS-A
Distributed PE functions PE
CE
N-PE = PE closer to core network VPLS-A U-PE
U-PE = PE closer to CE
VPLS-B

• Provide flexibility to distribute VPLS functionality


ƒ Ex: U-PE might provide L2 aggregation and L2 functions such as MAC
address learning and flooding and have limited L3 functions; N-PE might
provide discovery, PE-PE signaling and establish tunnels/PWs/VCs
• Reduce solution cost: low cost L2 aggregation devices and utilize
embedded equipment N-PE: Network-Facing PE
U-PE: User-Facing PE
RFC 4664, RFC 4026
Slide 77 Copyright © 2008 IP/MPLS Forum
MPLS VPLS
Reference Model
Virtual Private LAN Service (VPLS)
Using BGP for Auto-Discovery and Signaling
u-PE CE
CE PE VPLS-A
PE
VPLS-A

CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B
Ethernet
Network
CE
PE
CE
VPLS-A VPLS-B

u-PE CE

VPLS-B
u-PE is a L2 PE device for aggregation – VPLS aware

RFC 4761
Slide 78 Copyright © 2008 IP/MPLS Forum
MPLS VPLS
Reference Model
Virtual Private LAN Service (VPLS)
Using Label Distribution Protocol (LDP) Signaling
MTU-s CE
CE PE-rs VPLS-A
PE
VPLS-A

CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B
Ethernet
Network
CE
PE
CE
VPLS-A VPLS-B

• MTU-s: bridging capable access device MTU-s CE


• PE-rs: routing and bridging capable PE
VPLS-B
MTU-s: Multi Tenant Unit Switch

RFC 4762
Slide 79 Copyright © 2008 IP/MPLS Forum
Virtual Private LAN Services
RFC 4762

B PE2-rs
CE-1
Tunnel LSP
PW-1
MTU-s PE1-rs
Spoke
B B

Layer 2 Hub
Aggregation

Redundant Spoke B PE3-rs


CE-2 CE-3

• Reduce signaling and packet replication to allow large scale


deployment of VPLS - Hub and spoke
• Uses single spoke PW for each VPLS service between edge MTU-s
and VPLS aware PE-rs devices
• Redundant spoke to avoid single point of failure
MTU-s: bridging capable access device
PE-rs: routing and bridging capable PE
B = Virtual VPLS (Bridge) Instance
Slide 80 Copyright © 2008 IP/MPLS Forum
VPLS Scalability
Parameters

• Number of MAC Addresses


• Number of replications
• Number of LSPs
• Number of VPLS instances
• Number of LDP peers
• Number of PEs

Slide 81 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Signaling Overhead – Flat Topology

• Architecture has a direct impact on the Signaling


Overhead (control plane)

Slide 82 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Signaling Overhead – Hierarchical Topology

• Architecture has a direct impact on the Signaling


Overhead (control plane)

Hub VCs

Spoke VCs

Slide 83 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Replication Overhead – Flat Topology

• Architecture has a direct impact on Replication


Overhead (forwarding plane)

Slide 84 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Replication Overhead – Hierarchical Topology

• Architecture has a direct impact on Replication


Overhead (forwarding plane)

Slide 85 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Adding a New Site – Flat Topology

• Architecture affects Provisioning & Signaling


between all nodes

Slide 86 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Adding a New Site – Hierarchical Topology

• Architecture affects Provisioning & Signaling


between all nodes

Slide 87 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Inter-Metro Service

• Architecture has a direct impact on ability to offer


Inter-Metro Service

Metro
IP / MPLS
ISP Network
IP / MPLS
Core Network
Metro
IP / MPLS
Network

Slide 88 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
Inter-Metro Service

• Architecture has a direct impact on ability to offer


Inter-Metro Service

Metro
ISP IP / MPLS
IP / MPLS Network
Core Network

Metro
IP / MPLS
Network

Slide 89 Copyright © 2008 IP/MPLS Forum


VPLS Scalability
FIB Size

• VPLS FIB size depends on the type of Service


Offering:
ƒ Multi-protocol Inter-connect service
• Mimics the DSL Tariff Model
• Customers are charged per site per block of MAC
addresses
ƒ Router Inter-connect
• One MAC address per site
• Same Network Design principles apply for
ƒ MAC FIB Size of VPLS Service and,
ƒ Route Table Size of Virtual Private Routed Network
(VPRN) Service

FIB: Forwarding Information Base


Slide 90 Copyright © 2008 IP/MPLS Forum
IETF Layer 2 VPNs
RFC 4665

• Service requirements for L2 VPNs


ƒ Virtual Private Wire Services (VPWS) - point-to-
point VPNs
ƒ Virtual Private LAN services (VPLS) - multipoint-to-
multipoint VPNs
ƒ Service Provider and Enterprise Views’
• Checklist of requirements to help evaluate
how an approach satisfies specific
requirements
• Service Level Specification (SLS)
Slide 91 Copyright © 2008 IP/MPLS Forum
Section 4

Introduction to Multi-Service Interworking

Slide 92 Copyright © 2008 IP/MPLS Forum


MPLS VPN Tutorial Agenda

Introduction to Multi-Service Interworking


over MPLS
• Interworking History and Definition
• Multi-Service Interworking of Ethernet over MPLS
• Migration Scenarios and Benefits

Slide 93 Copyright © 2008 IP/MPLS Forum


Why Interwork?
New business
applications driving
increase in bandwidth Internet

ATM OC-12 Ethernet 1 Gbps


ATM DS3
Carrier(s)
L2 vs. L3 service
preference FR DS3 Network
FR F-T1

FR 56Kbps

Enterprise perspective:
• Many have an embedded Frame Relay and/or ATM network
• Need to cost effectively scale bandwidth at select sites to
support new business applications
• Maintain a network with mixture of services, bandwidths to
match application needs at specific sites
• Reduce cost, time and risk to address emerging needs

Slide 94 Copyright © 2008 IP/MPLS Forum


Why Interwork?

Internet

ATM OC-12 Ethernet 1 Gbps


ATM DS3
Carrier
MPLS
FR DS3 Network FR F-T1

FR 56Kbps

Carrier Perspective:
• Want a common edge infrastructure to support and
“Interwork” with legacy and new services
• Support all legacy transport technologies and services
• Planning to converge on an IP / MPLS core
• Want to seamlessly introduce Metro Ethernet services and
IP VPNs
Slide 95 Copyright © 2008 IP/MPLS Forum
Interworking
History

• The Frame Relay Forum defined the Network


Interworking function between Frame Relay and
ATM in the FRF.5 document finalized in 1994
• The Frame Relay Forum defined the Service
interworking function between Frame Relay and
ATM in the FRF.8.2 document finalized in 2004
• Why define FR and ATM interworking?
ƒ ATM cores with FR/ATM access services deployed
ƒ ATM and Frame Relay circuits are point-to-point
ƒ Both data links have services that are somewhat similar
(ie. FR to AAL5) in nature even though the signaling is
different
Slide 96 Copyright © 2008 IP/MPLS Forum
Interworking Function - IWF
Network vs Service IWF

Network Interworking Service Interworking


Frame Relay Service - FRS Frame Relay Service - FRS Frame Relay Service ATM (AAL5) Service

IWF ATM IWF FR IWF ATM

Emulated FR Service Translated FR to ATM Service

• Network Interworking is used when one • Service Interworking is required to


protocol is “tunneled” across another “translate” one protocol to another
“intermediary” network / protocol protocol – used between two unlike
• The Network Interworking (IWF) function protocols
“terminates” and “encapsulates” the • The Service Interworking function
protocol over a Pt-to-Pt connection “translates” the control information
• Service at end points has to be the same transparently by an interworking
function (IWF)
• Services at the end points are not the
same
Slide 97 Copyright © 2008 IP/MPLS Forum
MPLS Network Interworking
IETF PWE3 Pt-to-Pt Encapsulation

Point-to-point tunnels
ATM ATM Encapsulation
ATM

FR FR Encapsulation FR
IP / MPLS

Ethernet Ethernet Encapsulation Ethernet

Service has to be pt-to-pt between like services: ATM to ATM,


FR to FR, Ethernet to Ethernet, etc

Slide 98 Copyright © 2008 IP/MPLS Forum


MPLS Multi-Service Interworking
Reference Model

Native Emulated Service (ATM, Ethernet , FR or IP)

Pseudo Wire (PW) (forward)

MPLS Tunnel LSP (forward)

IWF IP/MPLS Network IWF CE2


CE1
PE1 PE2
MPLS Tunnel LSP (backward)

Pseudo Wire (backward)

Use different virtual or physical connections


PE: Provider Edge (Ex: ATM, Ethernet, FR, etc) at each end
CE: Customer Edge Attachment Circuit (AC)
IWF: Interworking Function
Multi-Service: Services are ATM, Ethernet, FR and IP
Slide 99 Copyright © 2008 IP/MPLS Forum
Multi-Service Interworking
Native Emulated Service (ATM, Ethernet , FR or IP)
Pseudo Wire (PW) (forward)
MPLS Tunnel LSP (forward)

CE1 IWF IP/MPLS Network IWF CE2


MPLS Tunnel LSP (backward)
PE1 PE2
Pseudo Wire (backward)
Use different virtual or physical connections
(Ex: ATM, Ethernet, FR, etc) at each end
Attachment Circuit (AC)
• Multi-Service Interworking of Ethernet over MPLS
• Multi-Service Interworking of IP over MPLS
ƒ MFA Forum Multi-Service Interworking – IP over MPLS Implementation Agreement 16.0

• Frame Relay and ATM Service Interworking over MPLS


ƒ MFA Forum Multi-Service Interworking – Frame Relay and ATM Service Interworking over
MPLS Implementation Agreement 15.0

• Fault Management for Multi-Service Interworking


ƒ MFA Forum Fault Management for Multi-Service Interworking over MPLS Implementation
Agreement 13.0
Slide 100 Copyright © 2008 IP/MPLS Forum
Multi-Service Interworking -
Ethernet over MPLS

Frame
DSL/ATM Relay
PPP/HDLC
ATM Service Provider 2
100 Mbps
Ethernet Service Provider
MPLS Network ATM

• Ubiquitous Ethernet- • Characteristics


Service offering requires ƒ Native Service: Ethernet
that different UNI/NNIs are ƒ Consistent service definitions
supported – Ethernet as across technology boundaries
well as ATM, FR, PPP, … ƒ Point-to-Point and Multipoint
ƒ SPs expand their existing ƒ Independence from CE
Ethernet UNI/NNI offering protocol processing (address
resolution, L3-protocols,…)
MFA Forum Multi-Service Interworking – Ethernet
over MPLS Implementation Agreement 12.0 Slide 101 Copyright © 2008 IP/MPLS Forum
Models for Ethernet Interworking
Ethernet Service
Ethernet over MPLS

MPLS Network
PE1 PE2 Ethernet AC CE2
General Model

Non- Ethernet
Ethernet MPLS Network
CE1 Network PE1 PE2 Network CE2
AC1 Ethernet AC

MPLS Network
CE1 AC1 PE1 PE2

ATM/FR/…over MPLS
Special Model

CE1 AC1 PE1 MPLS Network PE2 CE2


(ATM/FR/…)
MFA Forum Multi-Service Interworking – Ethernet Copyright © 2008 IP/MPLS Forum
over MPLS Implementation Agreement 12.0 Slide 102
Interworking Reference Model

Ethernet Service
Attachment Circuits (AC) Attachment Circuit 2
(Native Service over AC) Pseudo Wire (fwd) (Native Service over AC2)
UNI/NNI (Raw or tagged mode) UNI/NNI

MPLS Tunnel LSP (fwd)

PW Processor
PW Processor

NSP (IWF)
NSP (IWF)

FWD
FWD

CE1 CE2
PE1 MPLS Tunnel LSP (backwd) PE2

Pseudo Wire (backwd)


(Raw or tagged mode) NSP: Native Service Processing
Ethernet/FR/ATM/PPP • Encapsulation Mapping AC <-> PW • Ethernet
for Non-Ethernet: • Traffic Management Interworking • ATM: RFC 2684-B
• Bridged Interface • PVC Management Interworking • FR: RFC 2427-B
• Routed Interface with • PPP: RFC 2878
MFA Forum Multi-Service Interworking – Ethernet
bridged encapsulation over MPLS Implementation Agreement 12.0
Slide 103 Copyright © 2008 IP/MPLS Forum
Multi-Service Interworking of
Ethernet over MPLS - Observations
• Interworking is a local function to the PE
ƒ PE only needs to implement procedures for those interfaces it
supports (e.g. PE with ATM: RFC2684 bridged only)
ƒ PE only needs to support PW of type Ethernet –
irrespective of the other end. Set of translations limited to (to/from)
Ethernet
ƒ AC configuration local to the PE
ƒ AC termination on PE supports VPLS (and VPWS) – MAC-addresses
are visible to the PE
• CPE uses bridged encapsulation (native Service is Ethernet)
ƒ Implicit support for any L3 Network protocol
ƒ ARP resolution done by both end CPEs – no handling of protocol
specific address resolution required
ƒ Integrated Routing and Bridging for Frame-Relay AC, IRB/Routed
Bridge Encapsulation for ATM AC
ƒ Required configuration changes for CE devices that have routed
interfaces
• Consider hidden complexities, e.g. IP-routing protocols behave
differently over broadcast & non-broadcast media
Slide 104 Copyright © 2008 IP/MPLS Forum
Ethernet Service Instance (ESI)

• Ethernet Service Instance CE


AC
“Association of two or ESI UNI
MEF:
more AC over which
EVC
an Ethernet Service is CE
offered to a given
customer”
ESI
• Corresponding concepts
ƒ ESI can correspond to CE
CE
VPLS/VPWS (IETF L2VPN
WG), S-VLAN (IEEE Mapping at Ethernet ATM/ PPP/HDLC
802.1ad) an AC (per ESI) Interface FR VC Interface
ƒ Note: MEF EVC Port based 9 9 9
associates a set of UNI, (untagged only)
while ESI associates a Port based 9 9 9
set of AC (tagged & untagged)
• Multiple Mappings
VLAN mapping 9 NS NS
options at individual AC
to the corresponding VLAN bundling 9 NS NS
Service Instance NS: Not specified in this version
MFA Forum Multi-Service Interworking – Ethernet Slide 105 Copyright © 2008 IP/MPLS Forum
over MPLS Implementation Agreement 12.0
Ethernet Service Interworking
Encapsulation Formats
EoMPLS

CE1 AC1 PE1 MPLS Network PE2 CE1


(ATM/FR/…)

Native Ethernet Native Ethernet


Ethernet VLAN Ethernet VLAN
Bridged Ethernet Any
Bridged Ethernet
over ATM (RFC 2684-B) - to -
Any
over ATM (RFC 2684-B)
Bridged Ethernet Bridged Ethernet
over FR (RFC 2427-B) over FR (RFC 2427-B)
Bridged Ethernet over Bridged Ethernet over
HDLC/PPP HDLC/PPP
(RFC 2878) (RFC 2878)
MFA Forum Multi-Service Interworking – Ethernet
over MPLS Implementation Agreement 12.0 Slide 106 Copyright © 2008 IP/MPLS Forum
Multi-Service Interworking of
Ethernet over MPLS Summary
• Layer 2 Service Interworking is critically
important to Ethernet WAN services
ƒ Limited Ethernet footprint
ƒ Leverages installed base of ATM/Frame Relay, and
HDLC copper based circuits
• General Interworking Model
ƒ Concept of Ethernet Service Instance
ƒ Local Termination of the AC – keep complexities low
• Standards Evolution to support comprehensive
service interworking
ƒ Ethernet OAM standards work (ITU, IEEE)

Slide 107 Copyright © 2008 IP/MPLS Forum


Enterprise Network Today

Bank HQ
Branch B

ATM
FR

ATM Core

FR
PVC A
Branch A PVC B

FRF.8.2 Service interworking is a key enabler


• Connecting branch offices with low-speed FR access to the
Headquarter with a high-speed ATM connection

Slide 108 Copyright © 2008 IP/MPLS Forum


Network Migration Scenario 1:
- ATM/FR Interworking over MPLS
Bank HQ
Branch B
ATM
FR
PE MPLS Core PE

FR New Branch C
FR

Branch A PVC A
PVC B Pseudo wire B
PVC C Pseudo wire C

Enables graceful traffic migration from ATM to MPLS core


• Preserves existing ATM and FR service SLAs and revenues
• Transparent to Enterprise
• Enables service provider MPLS network investment for new
FR/ATM endpoints

Slide 109 Copyright © 2008 IP/MPLS Forum


Network Migration Scenario 2:
- Ethernet or IP Interworking over MPLS
Bank HQ Ethernet or IP Service
Branch B
Ethernet
GigE FR
PE PE
MPLS Core

Large City
ATM Ethernet
10 Mb Branch C
Branch A
Pseudo wire B
Pseudo wire C

Introduce Ethernet connectivity to existing ATM/FR infrastructure


• Cost effectively scale bandwidth at select sites to support new business
applications
• Graceful migration of legacy ATM/FR service to Ethernet services
• Ethernet and IP pt-pt (shown) and multipoint (Ethernet only) VPN services

Slide 110 Copyright © 2008 IP/MPLS Forum


Benefits of Multi-Service
Interworking over MPLS
Bank HQ
Ethernet or IP Service Branch B
Ethernet FR, ATM,
PPP/HDLC
PE PE
MPLS Core

Company
Site A Company
ATM
FR Site B
FR/ATM Interworking Service

Carrier Benefits Enterprise Benefits


• Increases addressable market • Cost effectively scale bandwidth
• Lowers capital expenses to support new applications
• Increases flexibility • Flexible support for sites with
different access technologies
• Preserves revenues from legacy
services • Seamless integration of new
sites on to network
Enables a smooth, cost effective evolution for
both Enterprises and Carriers to new services
Slide 111 Copyright © 2008 IP/MPLS Forum
Summary

Slide 112 Copyright © 2008 IP/MPLS Forum


MPLS VPNs Summary

VPN C
VPN A
Partner
VPN D

VPN B

Region B Region A

• Layer 2 and Layer 3 VPNs each address specific


needs (traffic types, business applications, CPE
investment, level of Service Provider participation in
routing, etc)
• Both are standards based and widely deployed
• Solutions today include a combination of Layer 2
and Layer 3 VPNs

Slide 113 Copyright © 2008 IP/MPLS Forum


MPLS as a Service Enabler

Layer 2 Legacy Layer 3 Existing


VPNs Services VPNs TDM / Voice

SERVICE VPLS FR / ATM IP VPNs


IP-VPNS TDM / Voice
VPWS

SERVICE MPLS (QoS, TE, FRR)


ENABLER

SDH / SONET Other


TRANSMISSION

VPLS = Virtual Private LAN Services


VPWS = Virtual Private Wire Services
L3 IP VPN = BGP/MPLS VPN RFC4364
Slide 114 Copyright © 2008 IP/MPLS Forum
For More Information. . .

• http://www.ipmplsforum.org
• http://www.ietf.org
• http://www.itu.int
• http://www.mplsrc.com

For questions, utilize the IP/MPLS Forum Message Board


Website: http://www.ipmplsforum.org/board/

Slide 115 Copyright © 2008 IP/MPLS Forum


Thank you for attending the

MPLS L2/L3
Virtual Private Networks Tutorial

Please visit the IP/MPLS Forum Booth in the Exhibit Area

Slide 116 Copyright © 2008 IP/MPLS Forum