Professional Documents
Culture Documents
Mpls L2/L3 Virtual Private Networks (VPNS) : An Sponsored Tutorial
Mpls L2/L3 Virtual Private Networks (VPNS) : An Sponsored Tutorial
Dave Christophe
IP/MPLS Forum Education WG Chair
Director, Solutions Marketing
Alcatel-Lucent
• Layer 2 VPNs
• Overview
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt Frame Relay
• Virtual Private LAN Services – VPLS
• Introduction to Multi-Service Interworking
over MPLS
• Interworking History and Definition
• Multi-Service Interworking of Ethernet over MPLS
• Migration Scenarios and Benefits
• Summary
Slide 3 Copyright © 2008 IP/MPLS Forum
Introduction to the IP/MPLS Forum
Best of the
packet-
switched
and
circuit-switched Enhancement and
Layer 2 and Layer 3 VPNs
worlds scalability of IP
GMPLS
Photonics
Slide 8 Copyright © 2008 IP/MPLS Forum
Virtual Private Networks
Corporate Public
Storage Facility
Headquarters
Network
Home Remote
office office
L2TP
VPWS Point to multipoint
ATM 2 VC
GRE/UTI/L2TPv3 3 IP Tunnel
IP 3 RFC 4364 / VR
IP 3 IPsec
FR or IPsec L3 L2
Which one to choose?
ATM MPLS MPLS
Point-to-multipoint 2 2 √ √
Multi-protocol √ 2 2 √
QoS and CoS √ 2 √ √
Low latency √ 2 √ √
Security √ √ √ √
SLAs √ 2 √ √
PWE3
• Pt-to-Pt circuits
• Encapsulations
ATM
FR
Ethernet
PPP/HDLC
TDM
SONET/SDH
• IP Traffic P/
PE
• Enterprise outsource wide-area PE 3 P2
network routing to Service Provider CE
CE 2
CE 3 VPN A
• Pt-to-pt (Typically a full mesh) CE
VPN B
Frame DSL/ATM
Relay
PPP/HDLC
eBGP eBGP
AS 1 AS 3
AS 2
AS 2
eBGP eBGP
PE P P PE
VPN A VPN A
CE CE
Backbone
• Requirements:
Support for overlapping, private IP address space
Different customers run different IGPs (i.e. RIP, OSPF, IS-IS)
• Solution:
VPN network layer is terminated at the edge (PE)
• PE routers use plain IP with CE routers
CE: Customer Edge router RFC 4364 obsoletes RFC 2547 and is
PE: Provider Edge router updated by RFC 4577 & RFC 4684
P: Provider router not directly attached to a CE Copyright © 2008 IP/MPLS Forum
Slide 24
BGP/MPLS IP VPN
Key Characteristics
PE P P PE
VPN A VPN A
CE CE
Backbone
VRF-A VPN A
VPN A P P
CE PE PE CE 10.1.2.0/24
10.1.1.0/24
Site 1 Site 4
VPN X VPN Y
Site 2 Site 3
VRF
Site-1 Site-2
P1 P2
VPN-A CE PE1 PE2 CE VPN-A
OSPF eBGP
Site-1 Site-2
VPN-B CE CE VPN-B
MP-iBGP session
VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24
PE2 PE3
VPN X CE CE VPN Y
PE1 P P PE4
VPN A
CE
Backbone CE VPN Y
CE
VPN X
VRFs at PE1 will VRFs at PE4 will
import routes from import routes from CE
VPN A
VPN-A and VPN-X VPN-A and VPN-Y
PE2 PE3
VPN X VPN Y
PE1 PE4
VPN A
IGP(VPN-A)
VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24
VPN A VPN A
PE P P PE
10.1.1.0/24 CE CE 10.1.2.0/24
• VPN-IPv4 Address
VPN-IPv4 is a globally unique, 96bit routing prefix
00 00 ASN nn
ASN:nn
• Autonomous System Number (ASN) assigned by Internet
Assigned Number Authority (IANA)
00 01 IP address nn
IP-address:nn
• Use only if the MPLS/VPN network uses a private AS number
00 02 BGP-AS4 nn
BGP-AS4:nn
• 4-byte Autonomous System Number (BGP-AS4)
nn: assigned number administered by Enterprise
Slide 36 Copyright © 2008 IP/MPLS Forum
VPN Route Distribution
BGP with Multiprotocol Extensions
MED: Multi_Exit_Disc
Slide 38 Copyright © 2008 IP/MPLS Forum
IGP Label Distribution
P1 IGP P2
PE1 PE2
MPLS backbone
Global routing table Global routing table
Destination Next Hop Label Destination Next Hop Label
PE2 P1 25 PE1 P2 33
P2 P1 28 P1 P2 38
P1 interface POP P2 interface POP
P P
Site-1 Site-2
VPN-B CE CE VPN-B
update for Net1 update for Net1
VPN-IPv4 update:
Net1:RD1, Next-hop=PE2
VPN-IPv4 updates are translated RO=Site-2, RT=Green
into IPv4 address and inserted Label=10
into the VRF corresponding to “Net1” is the provider’s
the RT value VPN-IPv4 update: autonomous system
Net1:RD2, Next-hop=PE2
RO=Site-2, RT=Yellow
Label=12
Backbone
P1 P2
PE1 PE2
VRF Green:
Net1, Next-hop: PE2 Backbone
Label 10 P1 P2
PE1 PE2
VRF Yellow:
Net1, Next-hop: PE2
Label 12
CE1 CE2
PE1 P1 P2 PE2
IP
Packet IP Packet
Tunnel Label (PE2) Tunnel Label (PE2) Tunnel Label (PE2)
VPN Label VPN Label VPN Label
iBGP
2 3 2 3
AS 1 AS 1
iBGP iBGP iBGP iBGP
1 Use redundant
1 Route Reflectors to
Full Mesh
iBGP Route eliminate single
Reflector point of failure
n*(n-1)/2
Layer 2 VPNs
Layer 2 VPNs
• Overview
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt
Frame Relay
• Virtual Private LAN Services – VPLS
• Point-to-Point Service
• Tunnel Label determines path through network
• VC/PW Label identifies VLAN, VPN, or connection
at the end point
Slide 53 Copyright © 2008 IP/MPLS Forum
MPLS Pseudowire
Reference Model
AC AC
CE1 PE1 IP/MPLS Network PE2 CE2
Pseudowire (backward)
Tunnel PW VC Encaps
Header Layer 2 payload
Header Information
1 2 3
• Three Layers of Encapsulation
1) Tunnel Header: Contains information needed to
transport the PDU across the IP or MPLS network
2) Pseudo wire Header (PW): Used to distinguish individual
emulated VCs within a single tunnel
3) Emulated VC Encapsulation: Contains the information
about the enclosed PDU (known as Control Word)
• Tunnel Header determines path through network
• Pseudo wire Header identifies VLAN, VPN, or
connection at the end point
• All services look like a Virtual Circuit to MPLS
network
PDU: Protocol Data Unit Slide 56 Copyright © 2008 IP/MPLS Forum
Encaps Information Field
Ethernet PDU
Encapsulated Ethernet over MPLS over Ethernet Transport
PW
DA” SA” 0x8847 DA SA T 802.1q payload FCS”
Label
Tunnel PW
DA’ SA’ 0x8847 DA SA T 802.1q payload FCS’
Label Label
PE PE
CE CE
Penultimate
Hop LSR
CE CE
PE Provider’s MPLS PE
Last Mile Backbone POP Last Mile
POP
AC AC
CE1 PE1 IP/MPLS Network PE2 CE2
bits 4 11 1 1 8 16
bits 4 4 4 6 16
Control Word
N-to-One Cell Mode Multiple Cell Encapsulation
• 2 modes: Control Word (optional)
AC AC
CE1 PE1 IP/MPLS Network PE2 CE2
AC AC
CE1 PE1 IP/MPLS Network PE2 CE2
6 1 1 4 1 1 1 1
4 1 1 1 1 2 6 16 bits
FR Control Word for
0000 F B D C FRG Length Sequence Number
One-to-One Mode
Layer 2 VPNs
• Overview
• Encapsulation and Label Stacking
• Virtual Private Wire Services – VPWS
• Pt-to-pt Ethernet, Pt-to-pt ATM, Pt-to-pt
Frame Relay
• Virtual Private LAN Services – VPLS
CE
CE PE VPLS-A
PE
VPLS-A
CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B
CE
L2 Access
PE Network VPLS-B
CE
CE
VPLS-A
VPLS-B
CE
CE PE VPLS-A
PE
VPLS-A
CE
CE VPLS-B
VPLS-B
PE L2 Access
z Tunnel LSPs are Network
CE
established between PEs CE
VPLS-B
z Layer 2 VC LSPs are set VPLS-A
up in Tunnel LSPs CE
Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code
CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
IEEE 802.1D bridging code
Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code
CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
Standard IEEE 802.1D Bridging code
• Used to interface with CE facing ports
• Learn MAC addresses and aging
• Might run STP with CEs IEEE 802.1D bridging code
Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code
CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
VPLS Forwarding
• Learns MAC addresses per pseudo-wire (VC LSP)
• Forwarding based on MAC addresses
• Replicates multicast & broadcast frames
• Floods unknown frames IEEE 802.1D bridging code
• Split-horizon for loop prevention IETF VPLS code
Slide 75 Copyright © 2008 IP/MPLS Forum
PE VPLS Code
Attachment
circuit
Bridge VPLS VPLS Bridge
Code Code Code Code
CE Emulated
PE PE
LAN
Segment
VPLS
Code Pseudo-Wires
Bridge
Code PE
• VPLS Signaling
Establishes pseudo-wires per VPLS between relevant PEs
Two signaling protocol options:
IEEE 802.1D bridging code
• LDP – RFC 4762
• BGP – RFC 4761 IETF VPLS code
CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B L2
Access
CE
CE VPLS-A
Distributed PE functions PE
CE
N-PE = PE closer to core network VPLS-A U-PE
U-PE = PE closer to CE
VPLS-B
CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B
Ethernet
Network
CE
PE
CE
VPLS-A VPLS-B
u-PE CE
VPLS-B
u-PE is a L2 PE device for aggregation – VPLS aware
RFC 4761
Slide 78 Copyright © 2008 IP/MPLS Forum
MPLS VPLS
Reference Model
Virtual Private LAN Service (VPLS)
Using Label Distribution Protocol (LDP) Signaling
MTU-s CE
CE PE-rs VPLS-A
PE
VPLS-A
CE
CE Service Provider VPLS-B
MPLS Backbone
VPLS-B
Ethernet
Network
CE
PE
CE
VPLS-A VPLS-B
RFC 4762
Slide 79 Copyright © 2008 IP/MPLS Forum
Virtual Private LAN Services
RFC 4762
B PE2-rs
CE-1
Tunnel LSP
PW-1
MTU-s PE1-rs
Spoke
B B
Layer 2 Hub
Aggregation
Hub VCs
Spoke VCs
Metro
IP / MPLS
ISP Network
IP / MPLS
Core Network
Metro
IP / MPLS
Network
Metro
ISP IP / MPLS
IP / MPLS Network
Core Network
Metro
IP / MPLS
Network
FR 56Kbps
Enterprise perspective:
• Many have an embedded Frame Relay and/or ATM network
• Need to cost effectively scale bandwidth at select sites to
support new business applications
• Maintain a network with mixture of services, bandwidths to
match application needs at specific sites
• Reduce cost, time and risk to address emerging needs
Internet
FR 56Kbps
Carrier Perspective:
• Want a common edge infrastructure to support and
“Interwork” with legacy and new services
• Support all legacy transport technologies and services
• Planning to converge on an IP / MPLS core
• Want to seamlessly introduce Metro Ethernet services and
IP VPNs
Slide 95 Copyright © 2008 IP/MPLS Forum
Interworking
History
Point-to-point tunnels
ATM ATM Encapsulation
ATM
FR FR Encapsulation FR
IP / MPLS
Frame
DSL/ATM Relay
PPP/HDLC
ATM Service Provider 2
100 Mbps
Ethernet Service Provider
MPLS Network ATM
MPLS Network
PE1 PE2 Ethernet AC CE2
General Model
Non- Ethernet
Ethernet MPLS Network
CE1 Network PE1 PE2 Network CE2
AC1 Ethernet AC
MPLS Network
CE1 AC1 PE1 PE2
ATM/FR/…over MPLS
Special Model
Ethernet Service
Attachment Circuits (AC) Attachment Circuit 2
(Native Service over AC) Pseudo Wire (fwd) (Native Service over AC2)
UNI/NNI (Raw or tagged mode) UNI/NNI
PW Processor
PW Processor
NSP (IWF)
NSP (IWF)
FWD
FWD
CE1 CE2
PE1 MPLS Tunnel LSP (backwd) PE2
Bank HQ
Branch B
ATM
FR
ATM Core
FR
PVC A
Branch A PVC B
FR New Branch C
FR
Branch A PVC A
PVC B Pseudo wire B
PVC C Pseudo wire C
Large City
ATM Ethernet
10 Mb Branch C
Branch A
Pseudo wire B
Pseudo wire C
Company
Site A Company
ATM
FR Site B
FR/ATM Interworking Service
VPN C
VPN A
Partner
VPN D
VPN B
Region B Region A
• http://www.ipmplsforum.org
• http://www.ietf.org
• http://www.itu.int
• http://www.mplsrc.com
MPLS L2/L3
Virtual Private Networks Tutorial