Professional Documents
Culture Documents
BRKRST-1101
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 1
Goals of This Session
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 2
Agenda
Introduction
MPLS Network Components
MPLS VPNs
MPLS Layer-3 VPNs
MPLS Layer-2 VPNs
MPLS QoS
MPLS Traffic Engineering
g g
MPLS Management
Summary
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 3
Introduction
The Business Drivers for MPLS
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 4
Why Multi Protocol Label Switching?
SP/carrier perspective
Reduce costs (CAPEX); consolidate networks
Consolidated network for multiple Layer-2/3 services
Support increasingly stringent SLAs
Handle increasing scale/complexity of IP-based services
Enterprise/end-user
/ perspective
Campus/LAN
N d ffor network
Need t k segmentation
t ti (users,
( applications,
li ti etc.)
t )
WAN connectivity (connecting enterprise networks)
Need for easier configuration of site-to-site
site to site WAN connectivity
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 5
What Is MPLS Technology?
Government
12%
Emerging European
Markets Markets
Service Provider 20% 42%
45%
Enterprise
43%
US and Canada
27%
25 Financials, Transportation,
p and System
y
Integrators are currently biggest
e Customer Base
15
25
10 20
13 13
5 10
9
7
3 3 3
2 2
1 1 1 1 1
0
h
er
t
or
n
al
re
l
gy
IT
t
l
se
M
en
ia
ai
en
rc
tio
rin
at
nc
tic
id
at
ca
nc
et
er
en
al
m
ea
er
nm
ta
ov
C
ra
tu
gr
eu
R
lth
En
rn
na
in
ef
om
es
or
ac
su
te
Pr
er
te
ac
ta
ea
D
Fi
sp
uf
In
gl
ov
In
er
m
nt
I
H
n/
an
an
on
em
nt
G
ar
te
io
/E
Tr
on
Ph
at
st
ia
uc
Sy
ed
Ed
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 10
Enterprise MPLS Drivers
Network segmentation
Network virtualization
Distributed application virtualization
Network realignment/migration
Consolidation of (multiple) legacy networks
Staged network consolidation after company merger/acquisition
Network optimization
Full-mesh and hub-and-spoke connectivity
Traffic Engineering (TE) for bandwidth protection
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 11
Business Drivers
Example Companies
Market Segment Business Drivers
and Organizations
Secure integration of
Investment/retail banks
external network of acquired
Financials Financial service firm
providers
Increased network reliability
Leverage common network
Transportation Airports infrastructure for multiple
airport
i t tenants
t t
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 12
MPLS Technology Framework
End-to-end Services
Core MPLS
MPLS Signaling
g g and Forwarding
g
Network Infrastructure
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 13
MPLS Technology Components
Basic Building Blocks of MPLS
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 14
MPLS Forwarding and Signaling
MPLS Label Forwarding and Signaling
Mechanisms
Core MPLS
MPLS Signaling
g g and Forwarding
g
Network Infrastructure
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 15
Basic Building Blocks
The internals
MPLS labels
Processing of MPLS labels
Exchange of label mapping information
F
Forwarding
di off labeled
l b l d packets
k t
P P
CE PE PE CE
CE CE
PE P P PE
P (Provider)
(P id ) router
t = llabel
b l switching
it hi router
t = core router
t (LSR)
Switches MPLS-labeled packets
PE (Provider Edge) router = edge router (LSR)
I
Imposes and
d removes MPLS llabels
b l
CE (Customer Edge) router
Connects customer network to MPLS network
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 17
MPLS Label and Label Encapsulation
MPLS Label
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
LAN MAC Label Header MAC Header Label Layer 2/L3 Packet
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 18
MPLS Label Operations
Label Imposition (Push) Label Swap Label Swap Label Disposition (PoP)
L1 L1 L2 L2 L3 L3
L2/L3 Packet
P P
CE PE PE CE
CE CE
PE P P PE
Note that,
that in addition LDP
LDP, also other protocols are being used for
label information exchange
Will be discussed later
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 21
For your
reference
Some More LDP Details only
MPLS Forwarding
Programming of
g
MPLS forwarding MPLS MPLS
Forwarding Forwarding
Based on LIB info CEF/MFI CEF/MFI
CEF/MFI updates
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 23
MPLS Control and Forwarding Plane
MPLS control plane
Routing
Used for distributing labels RIB Routing Updates/
and building label-switched Process Adjacencies
paths (LSPs)
Typically supported by LDP;
Label Binding
also supported via RSVP LIB MPLS Updates/
and BGP Process Adjacencies
Labels define destination
and service
MPLS forwarding plane
Used for label imposition,
swapping, and disposition MFI FIB
Independent of type of
control plane MPLS Traffic IP Traffic
Forwarding Forwarding
Labels separate forwarding
from IP address-based routing
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 24
IP Packet Forwarding Example
FIB
FIB FIB Address
I/F
Prefix
Address Address
I/F I/F
Prefix Prefix 128.89 0
171.69 1 171.69 1 …
… …
128.89
0
0 128.89.25.4 Data
1 128.89.25.4 Data
1
128.89.25.4 Data 128.89.25.4 Data
171 69
171.69
Packets Forwarded
Based on IP Address
(via RIB lookup)
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 25
Step 1: IP Routing (IGP) Convergence
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out In Address Out Out In Address Out Out
Label Prefix I’face Label Label Prefix I’face Label Label Prefix I’face Label
128.89 1 128.89 0 128.89 0
171.69 1 171.69 1
… … … … … …
0 128.89
0
1
Routing Updates
You Can Reach 171.69 Thru Me 171 69
171.69
(OSPF EIGRP,
(OSPF, EIGRP …))
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 26
Step 2a: LDP Assigns Local Labels
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out In Address Out Out In Address Out Out
Label Prefix I’face Label Label Prefix I’face Label Label Prefix I’face Label
- 128.89 1 4 128.89 0 9 128.89 0 -
- 171.69 1 5 171.69 1
… … … … … … … … … … … …
0 128.89
0
1
171 69
171.69
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 27
Step 2b: LDP Assigns Remote Labels
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out In Address Out Out In Address Out Out
Label Prefix I’face Label Label Prefix I’face Label Label Prefix I’face Label
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
1
Label Distribution
Use Label 7 for 171.69 171 69
171.69
P t
Protocoll (LDP)
(Downstream Allocation)
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 28
Step 3: Forwarding MPLS Packets
MFI/FIB MFI/FIB MFI/FIB
In Address Out Out In Address Out Out In Address Out Out
Label Prefix I’face Label Label Prefix I’face Label Label Prefix I’face Label
- 128.89 1 4 4 128.89 0 9 9 128.89 0 -
- 171.69 1 5 5 171.69 1 7
… … … … … … … … … … … …
0 128.89
0
128.89.25.4 Data
1
9 128.89.25.4 Data
128.89.25.4 Data 4 128.89.25.4 Data 1
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 29
Summary Steps For MPLS Forwarding
O
Once LDP h has received
i d remote
t llabel
b l bi
binding
di
information MPLS forwarding is updated
Label bindings are received from remote LDP peers
MPLS forwarding via MFI
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 30
MPLS Network Protocols
MP-iBGP
OSPF, IS-IS,
P EIGRP, EIGRP P
CE PE PE CE
LDP, RSVP
CE CE
PE P P PE
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 32
MPLS Core Architecture Summary
1a. Existing Routing Protocols (e.g. OSPF, IS-IS)
Establish Reachability to Destination Networks
1b. LDP Establishes
1b E t bli h Label
L b l to
t Destination
D ti ti 4. Edge LSR at
4
Network Mappings Egress Removes
Label and Delivers
Packet
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 33
Summary
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 35
MPLS Technology Framework
End-to-End Data Connectivity Services Across
MPLS Networks (from PE to PE)
End-to-end Services
La er 3 VPNs
Layer-3 La er 2 VPNs
Layer-2
Network Infrastructure
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 36
What Is a Virtual Private Network?
VPN is a set of sites or groups which are allowed to communicate
with each other in a secure way
Typically over a shared public or private network infrastructure
VPN is defined by a set of administrative policies
Policies established by VPN customers themselves (DIY)
Policies implemented by VPN service provider (managed/unmanaged)
Different inter-site connectivity schemes possible
Ranging from complete to partial mesh, hub-and-spoke
Sites may be either within the same or in different organizations
VPN can be either intranet or extranet
Site may be in more than one VPN
VPNs may overlap
Not all sites have to be connected to the same service provider
VPN can span multiple providers
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 37
MPLS VPN Example
PE-CE PE-CE
Link Link
P P
CE PE PE CE
VPN
CE CE
PE P P PE
PE-CE
PE CE link
Connect customer network to SP network; layer-2 or layer-3
VPN
Dedicated secure connectivity over shared infrastructure
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 38
MPLS VPN Benefits
SP/carrier perspective
Reduce costs (CAPEX)
Leverage same network for multiple services and customers
Mi t llegacy networks
Migrate t k onto
t single
i l converged
d network
t k
Reduce costs (OPEX)
Easier service enablement; only edge node configuration
Enterprise/end-user perspective
Enables site/campus network segmentation
Allows for dedicated connectivity for users, applications, etc.
Enables easier setup of WAN connectivity
Easier configuration of site-to-site WAN connectivity (for
L3VPN and VPLS); only one WAN connection needed
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 39
MPLS VPN Options
MPLS VPN Models
Layer-2
y VPNs Layer-3
y VPNs
CPE connected to PE via IP-based connection
(over any layer-2 type)
Point-to-Point Multi-Point Static routing
g
Layer-2
L 2 VPN
VPNs Layer-2
L 2 VPN
VPNs PE-CE routing protocol; eBGP, OSPF, IS-IS
CEs peer with PE router
CPE connected to CPE connected to
PE via p2p Layer-2 PE via Ethernet PE routers maintain customer-specific routing
connection (FR, connection (VLAN) tables and exchange customer=specific routing
ATM) information
CEs peer with each
CEs peer with each other via Layer-3 VPN provider’s PE routers are part of
other (IP routing) fully/partial mesh customer routing
via p2p layer-2 VPN Layer-2 VPN
connection connection
CE-CE routing; no CE-CE routing; no
SP involvement SP involvement
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 40
MPLS Layer-3 VPNs
Technology Overview and Applications
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 41
MPLS L3 VPN Overview
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 42
MPLS L3 VPN Technology Components
PE-CE link
Can be any type of layer-2 connection (e.g., FR, Ethernet)
CE configured to route IP traffic to/from adjacent PE router
Variety of routing options; static routes, eBGP, OSPF, IS-IS
CE
VPN 1 VRF Green
PE
CE MPLS Backbone IGP
VPN 2
VRF Blue
P P
CE PE PE CE
VRF VRF
VPN 1
CE CE
VRF VRF
VPN 2
PE P P PE
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 45
VPN Control Plane Processing
BGP advertisement:
VPN-IPv4 Addr = RD:16.1/16
BGP Next-Hop = PE1
Route Target = 100:1
eBGP: Label=42
Label 42 eBGP:
16.1/16 No VPN Routes 16.1/16
IP Subnet P in core (P) nodes P IP Subnet
CE1 PE1 PE2 CE2
VRF
VPN 1 VRF
ip vrf Green
RD 1:100
route-target export 1:100
route-target import 1:100
Make Customer Routes Unique: Processing Steps:
Route Distinguisher (RD): 8-byte field, VRF 1. CE1 redistribute IPv4 route to PE1 via
parameters; unique value assigned by a eBGP.
provider to each VPN to make different VPN
routes unique 2. PE1 allocates VPN label for prefix learnt
from CE1to create unique VPNv4 route
VPNv4 address: RD+VPN IP prefix
Selective Distribute Customer Routes: 3. PE1 redistributes VPNv4 route into MP-
iBGP, it sets itself as a next hop and
Route Target (RT): 8-byte field, VRF relays VPN site routes to PE2
parameter unique value to define the
parameter,
import/export rules for VPNv4 routes 4. PE2 receives VPNv4 route and, via
processing in local VRF (green), it
MP-iBGP: advertises VPNv4*
prefixes + labels redistributes original IPv4 route to CE2.
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 46
VPN Forwarding Plane Processing
IGP VPNv4 IGP VPNv4 IGP VPNv4
IPv4 Label C Label IPv4 Label B Label IPv4 Label A Label IPv4 IPv4
IPv4 P1 P2 IPv4
CE1 Packet PE1 PE2 Packet
CE2
VRF
VPN 1 VRF
ip vrf Green
RD 1:100
route-target export 1:100
route-target import 1:100
Processing Steps:
1. CE2 forwards IPv4 packet to PE2.
2. PE2 imposes pre-allocated
pre allocated VPN label (learned via MP-IBGP)
MP IBGP) to IPv4 packet
received from CE2.
3. PE2 imposes outer IGP label (learned via LDP) and forwards labeled packet to
next-hop P-router P2.
4. P-routers P1 and P2 swap outer IGP label and forward label packet to PE1.
5. Router PE1 strips VPN label and forwards IPv4 packet to CE1.
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 47
Use Case 1: Traffic Separation
Requirement: Need to ensure data separation between Aerospace,
Cosmetics and Financial Services,
Services while leveraging a shared
infrastructure
Solution: Create MPLS VPN for each group
Remote Site 1
Central site - HQ VRF instances
created for each
group at the edge
Financial Cosmetics
Services
Aerospace Cosmetics Financial Services
VPN_Fin
VPN_Fin
VPN_Cos
VPN_Cos
VPN_Aero
MPLS Backbone
Remote Site 3 Remote Site 2
VPN_Aero
VPN_Cos
VPN_Fin
VPN Aero
VPN_Aero
Aerospace Financial
Cosmetics Aerospace
Services
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 48
Use Case 2: Network Integration
Requirement: Need to handle acquired (or divested) companies
Solution: Create MPLS VPN for each acquired company till
appropriate security policies are established
VPN_Acq
Remote Site 2
MPLS Backbone Remote Site 1
VPN_Cos
VPN_Aero
VPN_Fin
VPN_Fin
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 49
Use Case 3: Shared Access to Services
Requirement: To resell information (based on raw data) to other
companies
Solution: Enterprise needs to become an “Information Provider”.
Solution set similar to Service Providers—MPLS VPNs
Company “A”
A Company “B” B and Company “A”A
VRF instances Site 1 Site 2 maybe in the same physical
created for each location for reduced access costs
“subscriber”
“Information Provider XYZ”
company
Company “B”
VPN_A
VPN_A
VPN_B
Company “A”
VPN_A
Site 2
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 50
Use Case 4: Simplify Hub Site Design
Requirement: To ease the scale and design of head-end site
Solution: Implement MPLS Layer 3 VPNs, which reduces the
number of routing peers of the central site
Without MPLS With MPLS
Central Site Central Site
Central site has high
number of routing Central site has
peers – creates a a single routing
complicated peer – enhancing
headend design head-end design
MPLS Backbone
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 51
For your
reference
Enterprise Network Architecture only
Access
Distribution
Core
Internet
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 52
For your
reference
Enterprise Network Segmentation only
End-to-end
Distribution Core
C
Connectivity
ti it
VRF lite configured on VRF lite configured on
Device Separation: VRF
VRF-lite + 802.1Q distribution nodes core nodes
Data Path Separation:
VLANs VLAN mapping
pp g onto 802.1Q VLAN ID
802 1Q VLAN ID
802.1Q
VRFs mapping onto VRFs
End-to-end label
Layer-3 MPLS Distribution nodes
Core nodes forward switched paths (LSPs)
configured as PE routers
VPNs MPLS packets (via LFIB) between distribution
with VRF(s)
nodes (PE routers)
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 53
For your
reference
Option 1: VRF
VRF-lite
lite + 802.1Q only
Layer-2 access
No BGP or MPLS
L2
VRF-lite configured on core v v
and distribution nodes
MPLS labels substituted by
Layerr 3
802.1q tags end-to-end v v
L2
inter-connectivity VPN2
802 1Q
802.1Q
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 54
For your
reference
Option 2: VRF
VRF-lite
lite + GRE only
L2 access
No BGP or MPLS
L2
VRF-lite only configured v v
on distribution nodes
VLANs associated with
Layerr 3
end-to-end GRE tunnels
Many-to-One model
Restricted scalability
Typical for user
user-specific
specific v Multi-VRF
VPN connectivity VPN1 v v
L2
VPN2
GRE
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 55
For your
reference
Option 3: Layer-3
Layer 3 MPLS VPNs only
L2 access
Distribution nodes configured
L2
as PE routers with VRFs v v
MP-iBGP
MP iBGP between
distribution nodes
MPLS
MPLS packet forwarding
by core nodes
S
Many-to-nany model
High
g scalability
y
v VRF
VPN1 v v
L2
VPN2
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 56
MPLS Layer-3
Layer 3 VPN Summary
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 57
MPLS Layer-2
y VPNs
Technology Overview and Applications
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 58
L2VPN Options
L2VPN Models
VPWS VPLS
Virtual Private Wire Service Virtual Private LAN Service
Point to Point Point to Multipoint
p
MPLS Core
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 59
Layer-2
Layer 2 VPN Overview
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 60
Any Transport over MPLS Architecture
Based on IETF’s Pseudo-Wire (PW) reference model
PW is a connection (tunnel) between 2 PE devices, which
connects 2 PW end-services
PW connects 2 Attachment Circuits (ACs)
Bi-directional (for p2p connections)
Use of PW/VC label for encapsulation
Customer2 Customer2
Site1 PWES PSN Tunnel PWES Site2
Pseudo Wires
Pseudo-Wires
Customer1 PE PE Customer1
Site1 Site2
PWES PWES
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 61
AToM Technology Components
PE-CE link
Referred to as Attachment Circuit (AC)
Can be any type of layer-2 connection (e.g., FR, Ethernet)
AToM
AT M Forwarding
F di Plane
Pl
2 labels used for encapsulation + control word
Outer tunnel (LDP) label
To get from ingress to egress PE using MPLS LSP
Inner de-multiplexer (VC) label
To identifyy L2 circuit (p
(packet)) encapsulated
p within tunnel label
Control word
Replaces layer-2 header at ingress; used to rebuild layer-2 header at egress
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 62
AToM Control Plane Processing
4 Label Mapping Messages
5 5
3 LDP session
2 2
P P
CE1 PE1 PE2 CE2
Layer-2 Layer-2
Connection Connection
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 63
AToM Forwarding Plane Processing
Tunnel VC Tunnel VC Tunnel VC
L2 Label C Label L2 Label B Label L2 Label A Label L2 L2
Layer-2 P1 P2 Layer-2
CE1 Packet PE1 PE2 Packet
CE2
Processing Steps:
1. CE2 forwards layer-2 packet to PE2.
2. PE2 imposes VC (inner) label to layer-2 packet received from CE2 and
optionally a control word as well (not shown).
3. PE2 imposes tunnel outer label and forwards packet to P2.
4. P2 and P1 router forwards packet using outer (tunnel) label.
5. Router PE2 strips tunnel label and, based on VC label, layer-2 packet is
forwarded to customer interface to CE1, after VC label is removed
In case control word is used, new layer-2 header is generated first.
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 64
Use Case: L2 Network Interconnect
Requirement: Need to create connectivity between remote customer
sites currently interconnected via Frame Relay WAN connectivity
sites, connectivity.
Only point-to-point connectivity required.
Solution: Interconnect AToM PW between sites, enabling
transparent Frame Relay WAN connectivity.
VC1 – Connects DLCI 101
to DLCI 201
Directed LDP
Label Exchange for VC1 – Label 10
PE2
PE1 101 10 50 101 10 90
DLCI 201
DLCI 101
Neighbor
N i hb LDP–
LDP Neighbor
N i hb LDP–
LDP
CPE Router, Label 50 Label 90 CPE Router,
FRAD FRAD
MPLS
Backbone
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 65
Virtual Private LAN Service Overview
MPLS
WAN
Site3
CE
PE-CE link
Referred to as Attachment Circuit (AC)
Ethernet VCs are either port mode or VLAN ID
n-PE n-PE
CE CE
PW
Tunnel LSP PW
CE CE
PW
CE CE
Red VSI Red VSI
Blue VSI Directed LDP Blue VSI
G
Green VSI S
Session
i Between
B t Green VSI
Participating PEs CE
Full Mesh of PWs
Between VSIs
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 68
Use Case: VPLS Network Interconnect
Requirement: Need to create full-mesh connectivity between
separate metro networks.
networks
Solution: Use VPLS to create transparent bridge layer-2 Ethernet
connectivity between ethernet networks.
Customer A1 Customer A1
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 69
Layer-2
Layer 2 VPN Summary
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 70
MPLS QoS
Q
Technology Overview and Applications
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 71
MPLS Technology Framework
MPLS Qos Support for Traffic Marking and
Classification to Enable Differentiated Services
3 Layer-3
y VPNs 3 Layer-2
y VPNs
Network Infrastructure
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 72
Why MPLS QoS?
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 73
MPLS QoS Operations
EXP DSCP
Layer-2
Layer 2 Header MPLS Header Layer 3 Header
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 74
For your
reference
MPLS Uniform Mode only
CE CE
PE P P PE
MPLS MPLS
EXP 3 EXP 2
MPLS MPLS MPLS
EXP 3 EXP 3 EXP 2
IP IP IP IP IP IP
DSCP DSCP DSCP DSCP DSCP DSCP
3 3 3 3 2 2
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 75
For your
reference
MPLS Pipe Mode only
CE CE
PE P P PE
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 76
For your
reference
MPLS Short Pipe Mode only
CE CE
PE P P PE
MPLS MPLS
EXP 3 EXP 2
MPLS MPLS MPLS
EXP 3 EXP 3 EXP 2
IP IP IP IP IP IP
DSCP DSCP DSCP DSCP DSCP DSCP
3 3 3 3 3 3
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 77
MPLS QoS Summary
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 78
MPLS Traffic Engineering
g g
Technology Overview and Applications
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 79
MPLS Technology Framework
Traffic Engineering Capabilities for Bandwidth
Management and Network Failure Protection
3 Layer-3
y VPNs 3 Layer-2
y VPNs
Network Infrastructure
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 80
Why Traffic Engineering?
OC-3 OC-3
Router A Router E
DS3
Router G
OC-3
OC-3 DS3
Router C
DS3 Router D
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 82
How MPLS TE Solves the Problem
Router A sees all links
Node Next-Hop
Next Hop Cost
B B 10 Router A computes paths on
C C 10 properties other than just
D C 20 shortest cost; creation of 2
E B 20 t
tunnels
l
F Tunnel 0 30
G Tunnel 1 30 No link oversubscribed!
Router B Router F
OC-3 OC-3
Router A Router E
DS3
Router G
OC-3
OC-3 DS3
Router C
DS3 Router D
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 83
How MPLS TE Works
Link information distribution*
Head end
ISIS-TE
IP/MPLS OSPF-TE
database
Not required if using off-line
path computation
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public http://www.cisco.com/go/mpls 85
Path Calculation
Find shortest
path to R8
with 8Mbps TE nodes can perform
IP/MPLS constraint based routing
constraint-based
R1
Constraints and topology
15 3
5 R8 database as input to path
10
computation
t ti
10 8
10
Shortest-path-first algorithm
10
ignores links not meeting
constraints
TE
Tunnel can be signaled once a
Topology path is found
p
database
Not required if using offline
path computation
n Link
Li k with
ith insufficient
i ffi i t bandwidth
b d idth
n Link with sufficient bandwidth
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public http://www.cisco.com/go/mpls 86
For your
reference
TE LSP Signaling only
EXPLICIT_ROUTE
RECORD_ROUTE (PATH/RESV) Input Out Label,
SESSION_ATTRIBUTE (PATH) Label Interface
17 16, 0
TE LSP
LFIB populated using
RSVP labels allocated by
RESV messages
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public http://www.cisco.com/go/mpls 87
MPLS TE FRR
FRR—Link
Link Protection
Router A Router B Router D Router E
Router X Router Y
Router C
Primary tunnel: A → B → D → E
Backup tunnel: B → C → D (preprovisioned)
Recovery = ~ 50 ms
*Actual Time Varies—Well Below 50 ms in Lab Tests,
Can Also Be Higher
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 88
Use Case 1: Tactical TE Deployment
Requirement: Need to handle scattered congestion points
in the network
Solution: Deploy MPLS TE on only those nodes that face
congestion
MPLS Traffic Engineering Bulk of Traffic Flow
Tunnel Relieves Congestion Points e.g. Internet Download
Internet
Service Provider
Backbone
Oversubscribed
Shortest Links
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 89
Use Case 2: 1-Hop
1 Hop Tunnel Deployment
Requirement: Need protection only—minimize packet loss lots of
bandwidth in the core
Solution: Deploy MPLS fast reroute for less than 50ms failover time
with 1-hop primary TE tunnels and backup tunnel for each
Service Provider
Backbone
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 90
MPLS TE Summary
MPLS TE can be used to implement traffic engineering
to enable enhanced network availability,
availability utilization
utilization, and
performance
Enhanced network availability can be implemented via
MPLS TE Fast Re-Route (FRR)
Link, node, and path protection
Automatically route around failed links/nodes; like SONET APS
Better network bandwidth utilization can be implemented
via creation of MPLS TE tunnels using explicit routes
Route on the non-shortest path
MPLS TE can be used for capacity planning by creation
of bandwidth-specific tunnels with explicit paths through
the network
Bandwidth management across links and end-to-end paths
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 91
MPLS Management
g
Technology Overview and Applications
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 92
MPLS Technology Framework
MPLS Management Using SNMP MPLS MIB and
MPLS OAM Capabilities
3 MPLS Signaling
g g and Forwarding
g
Network Infrastructure
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 93
What’s
What s Needed for MPLS management?
What’s needed beyond the basic MPLS CLI?
CLI used for basic configuration and trouble shooting (show commands)
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 94
For your
reference
MPLS Operations Lifecycle only
Exte
sed Operatiions
Monitor the network
ernal-Focus
Network Service
Node/link failure detection Configuration
and Planning
Configuration
and Planning
sed Operatio
ernal-Focus
Provision new services and
maintain existing services Network
Monitoring
Service
Monitoring
ons
Monitor service Ongoing Tactical Operations
End-to-end monitoring
g
Linked to customer SLAs
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 95
MPLS MIBs and OAM
Management Feature Key Functionality
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 96
LDP Event Monitoring Using LDP Traps
Interface Shutdown (E1/0 on PE1) LDP Session Down (PE1 – P01)
Time = t: Received SNMPv2c Trap from pe1: Time = t: Received SNMPv2c Trap from pe1:
sysUpTimeInstance = 8159606 sysUpTimeInstance = 8159606
snmpTrapOID.0 = mplsLdpSessionDown snmpTrapOID.0 = mplsLdpSessionDown
mplsLdpSessionState.<index> = nonexistent(1) mplsLdpSessionState.<index> = nonexistent(1)
mplsLdpSessionDiscontinuityTime.<index> = 8159605
mplsLdpSessionDiscontinuityTime.<index> = 8159605
mplsLdpSessionStatsUnknownMesTypeErrors.<index>
i i = 0
mplsLdpSessionStatsUnknownMesTypeErrors.<index> = 0
mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
ifIndex.5 = 5
ifIndex.5 = 5
Interface goes down LDP session goes down
Time = t+1: Received SNMPv2c Trap from pe1:
sysUpTimeInstance = 8159906 Time = t+1: Received SNMPv2c Trap from p01:
snmpTrapOID 0 = linkDown
snmpTrapOID.0 sysUpTimeInstance = 8160579
ifIndex.5 = 5 snmpTrapOID.0 = mplsLdpSessionDown
ifDescr.5 = Ethernet1/0 mplsLdpSessionState.<index> = nonexistent(1)
PE1
ifType.5 = ethernetCsmacd(6)
locIfReason.5 = administratively down
PE1
mplsLdpSessionDiscontinuityTime.<index> = 8160579
mplsLdpSessionStatsUnknownMesTypeErrors.<index> = 0
P1 P1
mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
Time = t+2:LDP
Received
session SNMPv2c Trap from p01: ifIndex 5 = 5
ifIndex.5 LDP session
sysUpTimeInstance = 8160579
snmpTrapOID.0 = mplsLdpSessionDown
mplsLdpSessionState.<index> = nonexistent(1)
mplsLdpSessionDiscontinuityTime.<index> = 8160579
mplsLdpSessionStatsUnknownMesTypeErrors.<index> = 0
mplsLdpSessionStatsUnknownTlvErrors.<index> = 0
ifIndex.5 = 5
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 97
Validation of PE
PE-PE
PE MPLS Connectivity
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 98
Automated MPLS OAM
Automatic MPLS OAM probes between PE routers
Automatic discovery of PE targets via BGP next-hop discovery
Automatic discovery of all available LSP paths for PE targets via LSP
multi-path trace
Scheduled LSP pings to verify LSP path connectivity
3 consecutive LSP ping failures result in SNMP Trap notification
PE1 - MPLS OAM Probe PE3
PE2 - MPLS OAM Probe
PE3 - MPLS OAM Probe
P1 P2
PE1 PE2
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 99
MPLS Management Summary
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 100
Summaryy
Final Notes and Wrap Up
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 101
Summary and Key Takeaways
It’s all about labels…
Label-based forwarding and IP protocol extensions for label exchange
Best of both worlds…L2-type forwarding and L3 control plane
Key
K application
li ti off MPLS iis tto iimplement
l t VPN services
i
Secure and scalable layer 2 and 3 VPN connectivity
L2/L3VPN s
L2/L3VPN’s
Key Features
s
There’s
There s a need for optimized network availability and
performance
Node/link protection, pro-active connectivity validation
Bandwidth traffic engineering and QoS traffic prioritization
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 104
Q and A
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 105
Cisco Live 2009 MPLS Sessions
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 106
Terminology Reference
Terminology Description
AC Attachment Circuit
Circuit. An AC Is a Point
Point-to-Point,
to Point Layer 2 Circuit Between a CE and a PE
PE.
AS Autonomous System (a Domain)
CoS Class of Service
ECMP Equal Cost Multipath
IGP Interior Gateway Protocol
LAN Local Area Network
LDP Label Distribution Protocol, RFC 3036.
LER Label Edge Router
Router. An Edge LSR Interconnects MPLS and non-MPLS Domains
Domains.
LFIB Labeled Forwarding Information Base
LSP Label Switched Path
LSR Label Switching Router
NLRI Network Layer Reachability Information
P Router An Interior LSR in the Service Provider's Autonomous System
An LER in the Service Provider Administrative Domain that Interconnects the Customer
PE Router
Network and the Backbone Network.
PSN Tunnel Packet Switching Tunnel
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 107
Terminology Reference
Terminology Description
A Pseudo
Pseudo-Wire
Wire Is a Bidirectional “Tunnel"
Tunnel" Between Two Features on a
Pseudo-Wire
Switching Path.
PWE3 Pseudo-Wire End-to-End Emulation
QoS Quality of Service
RD R t Distinguisher
Route Di ti i h
RIB Routing Information Base
RR Route Reflector
RT Route Target
RSVP-TE Resource Reservation Protocol based Traffic Engineering
VPN Virtual Private Network
VFI Virtual Forwarding Instance
VLAN Virtual Local Area Network
VPLS Virtual Private LAN Service
VPWS Virtual Private WAN Service
VRF Virtual Route Forwarding Instance
VSI Virtual Switching Instance
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 108
Recommended Reading
http://www.cisco.com/go/mpls
http://www.ciscopress.com
MPLS and VPN Architectures—
Jim Guichard, Ivan Papelnjak—Cisco Press®
Traffic Engineering with MPLS—
Ei O
Eric Osborne,
b Aj
Ajay Si
Simha—Cisco
h Ci P
Press
Layer 2 VPN Architectures—
Wei Luo
Luo, Carlos Pignataro
Pignataro, Dmitry Bokotey
Bokotey,
Anthony Chan—Cisco Press
MPLS QoS—Santiago
QoS Santiago Alvarez-Cisco
Alvarez Cisco Press
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 110
Complete Your Online
Session Evaluation
Give us your feedback and you
could win fabulous prizes
prizes.
Winners announced daily.
Receive 20 Passport points for
each session evaluation you
complete.
Complete your session evaluation
online now ((open a browser
through our wireless network to
access our portal) or visit one of
the Internet stations throughout
the Convention Center.
Don’t forget
f to activate your
Cisco Live Virtual account for access to
all session material, communities, and
on-demand and live activities throughout
the
h year. AActivate
i your account at the
h
Cisco booth in the World of Solutions or visit
www.ciscolive.com.
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 111
BRKRST-1101 © 2009 Cisco Systems, Inc. All rights reserved. Cisco Public 112