MPLS

What‟s in it for Research & Education Networks?
John Jamison University of Illinois at Chicago November 17, 2000
1

Juniper Networks Product Family

Sept 2000 M10 Sept 2000 M5 Nov 1999 M20 Mar 2000 M160

Sept 1998 M40

2

Juniper Networks Research and Education Customers
            

MCI Worldcom – vBNS/vBNS+ Department of Energy – ESnet DANTE - TEN-155 (Pan-European Research & Education Backbone) NYSERNet – New York State Education & Research Network Georgia Tech – SOX GigaPoP

University of Illinois – NCSA (National Center for Supercomputing Applications)

University of California, San Diego SDSC (San Diego Supercomputer Center)
University of Southern California, Information Sciences Institute Indiana University Stanford University University of California, Davis California Institute of Technology North Carolina State University University of Alaska University of Hiroshima, Japan Korea Telcom Research Lab ETRI (Electronic and Transmission Research Institute), Korea

University of Washington –  Pacific/Northwest GigaPoP  STAR TAP (International Research & Education Network Meet Point)  APAN (Asia Pacific Advanced Network)  Consortium  NOAA (National Oceanographic and  Atmospheric Administration)  NASA – Goddard Space Flight Center
NIH (National Institutes of Health) DoD (Department of Defense) US Army Engineer Research and Development Center
3

 

Original Agenda      MPLS Fundamentals Traffic Engineering Constraint-Based Routing Refreshment Break Virtual Private Networks  Optical Applications for MPLS Signaling (GMPLS/MPλS) Juniper Networks Solutions   Questions and Comments 4 .

Our Agenda    MPLS Overview Traffic Engineering VPNs 5 .

What are we missing out on?    A bunch of pure marketing slides A bunch of filler slides Slides with content that is of interest mainly to ISPs  Here is how you can use MPLS to bring in more revenue.  Some Details of MPLS Signaling Protocols and RFC 2547 VPNs  You can (and should) only cover so much in one talk  Some MP(Lambda)S Details  Seems too much like slide ware right now 6 . offer different services. etc.

What are we gaining?  Besides being spared marketing and ISP centric stuff:  We will see some examples from networks and applications we are familiar with information  We will save some time and cover almost as much 7 .

Why Is MPLS an Important Technology?    Fully integrates IP routing & L2 switching Leverages existing IP infrastructures Optimizes IP networks by facilitating traffic engineering    Enables multi-service networking Seamlessly integrates private and public networks The natural choice for exploring new and richer IP service offerings Dynamic optical bandwidth provisioning 8  .

What Is MPLS?   IETF Working Group chartered in spring 1997 IETF solution to support multi-layer switching:  IP Switching (Ipsilon/Nokia)  Tag Switching (Cisco)  IP Navigator (Cascade/Ascend/Lucent)  ARIS (IBM)  Objectives  Enhance performance and scalability of IP routing  Facilitate explicit routing and traffic engineering  Separate control (routing) from the forwarding mechanism so each can be modified independently  Develop a single forwarding algorithm to support a wide range of routing and switching functionality 9 .

MPLS Terminology  Label  Short. fixed-length packet identifier  Unstructured  Link local significance  Forwarding Equivalence Class (FEC)  Stream/flow of IP packets:  Forwarded  Treated  Mapped over the same path in the same manner to the same label based on destination IP address prefix  FEC/label binding mechanism  Currently  Future mappings based on SP-defined policy 10 .

17) (4. 23) (2. label)  Same forwarding algorithm used in Frame Relay and ATM 11 . label) determines:  Label operation  Output (port. label) (port. 24) IP 19 (1. label) Operation (1. 19) (3. 25) (2.MPLS Terminology Connection Table IP 25 Port 1 Port 2 In Out Label (port. 17) (3. 12) Swap Swap Swap Swap Port 3 Port 4  Label Swapping  Connection table maintains mappings  Exact match lookup  Input (port. 22) (1.

MPLS Terminology New York San Francisco LSP  Label-Switched Path (LSP)  Simplex L2 tunnel across a network  Concatenation of one or more label switched hops  Analogous to an ATM or Frame Relay PVC 12 .

MPLS Terminology LSR LSR San Francisco New York LSR LSR LSP  Label-Switching Router (LSR)  Forwards MPLS packets using label-switching  Capable of forwarding native IP packets  Executes one or more IP routing protocols  Participates in MPLS control protocols  Analogous to an ATM or Frame Relay Switch (that also knows about IP) 13 .

MPLS Terminology Egress LSR Ingress LSR San Francisco Transit LSR New York Transit LSR LSP  Ingress LSR (“head-end LSR”)  Examines inbound IP packets and assigns them to an FEC  Generates MPLS header and assigns initial label  Transit LSR  Forwards MPLS packets using label swapping  Egress LSR (“tail-end LSR”)  Removes the MPLS header 14 .

MPLS Header Label (20-bits) CoS S TTL L2 Header MPLS Header 32-bits IP Packet  Fields  Label  Experimental (CoS)  Stacking bit  Time to live IP packet is encapsulated by ingress LSR  IP packet is de-encapsulated by egress LSR  15 .

2/24 12.5 2 200.31.3.4 3 12.6.5.5 Routing Table Destination 134.1.IP Packet Forwarding Example 134.2.3.4 16 .5.7 12.3.2/24 Next Hop 134.2.7 200.2.1 134.7 200.2/24 12.5/16 Next Hop 12.7 200.3.3.7 5 12.2.9 200.2.5 200.29.29.9 200.1 Routing Table Destination 134.29.5 200.31.31.29.31.31.2.3.5 Routing Table Destination 134.31.31.2.5.3.5/16 Next Hop 12.31.29.1 200.5 200.2/24 12.1 200.3.5/16 200.29.1 Routing Table Destination 134.3.31.29.6.29.29.31.2.3.29.5/16 Next Hop 12.3.3.7 12.

3.6.1 200.7 MPLS Table In Out MPLS Table In Out 200. 99) 1 2 3 5 200. 84) (3.2/24 Next Hop (2.1 (2.1 200.1. 56) (3.6.2.3.2.2.MPLS Forwarding Example MPLS Table In Out 134.7 (1.5/16 200.1 3 Ingress Routing Table Destination 134.5. 99) (2.3.5/16 200.3.7 6 134.3. 0) 2 200.5. 84) (6.2. 56) (5.2.3. 0) 17 .2/24 Next Hop 134.3.5 Egress Routing Table 2 Destination 134.5.

5 I-BGP peers AS 77 Transit SP E-BGP peers BGP Ingress LSR Routing Table LSP 32 Egress LSR BGP 134.5.5/16 LSP 32   Map LSP to the BGP next hop FEC = {all BGP destinations reachable via egress LSR} 18 .1.5.1.5 BGP BGP E-BGP peers 134.How Is Traffic Mapped to an LSP? AS 45 AS 63 134.

How are LSPs Set Up? Egress LSR Ingress LSR LSP  Two approaches:  Manual Configuration  Using a Signaling Protocol 19 .

MPLS Signaling Protocols   The IETF MPLS architecture does not assume a single label distribution protocol LDP  Executes hop-by-hop  Selects same physical path as IGP  Does not support traffic engineering  RSVP  Easily extensible for explicit routes and label distribution  Deployed by providers in production networks  CR-LDP  Extends LDP to support explicit routes  Functionally identical to RSVP  Not deployed 20 .

How Is the LSP Physical Path Determined? Egress LSR Ingress LSR LSP  Two approaches:  Offline path calculation (in house or 3rd party tools)  Online path calculation (constraint-based routing)  A hybrid approach may be used 21 .

Offline Path Calculation  Simultaneously considers  All link resource constraints  All ingress to egress traffic trunks  Benefits  Similar to mechanisms used     in overlay networks Global resource optimization Predictable LSP placement Stability Decision support system  In-house and third-party tools 22 .

Offline Path Calculation R6 R1 R2 R4 R7 R9 Egress LSR Ingress LSR R8 Explicit route = {R1. R9} R3 R5 LSP  Input to offline path calculation utility:  Ingress and egress points  Physical topology  Traffic matrix (statistics about city .router pairs)  Output:  Set of physical paths. R4. each expressed as an explicit route 23 . R8.

strict R9}  LSP physical path  R1 to R8 – follow IGP path  R8 to R9 – directly connected 24 .Explicit Routes: Example 1 R6 R1 R2 R4 R7 R9 Egress LSR Ingress LSR R8 R3 R5   LSP from R1 to R9 Partial explicit route:  {loose R8.

strict R4. strict R7. strict R9} LSP physical path  R1 to R3 – directly connected  R3 to R4 – directly connected  R4 to R7 – directly connected  R7 to R9 – directly connected 25 .Explicit Routes: Example 2 R6 R1 R2 R4 R7 R9 Egress LSR Ingress LSR R8 R3 R5    LSP from R1 to R9 Full explicit route:  {strict R3.

Constraint-Based Routing Egress LSR Ingress LSR User defined LSP constraints   Online LSP path calculation Operator configures LSP constraints at ingress LSR  Bandwidth reservation  Include or exclude a specific link(s)  Include specific node traversal(s)  Network actively participates in selecting an LSP path that meets the constraints 26 .

0 through 31 Groups assigned to interfaces Silver San Francisco Bronze Gold 27 .Constraint-Based Routing   Thirty-two named groups.

} B G I A D F E H C 6 28 .Constraint-Based Routing  Choose the path from A to I using: admin group { include [gold sliver].

Constraint-Based Routing  A-C-F-G-I uses only gold or silver links B G I A D 1 C E 6 2 F H 29 .

from San_Francisco. admin-group {exclude green} cspf} Dallas 30 .Constraint-Based Routing: Example 1 Seattle Chicago San Francisco Kansas City Los Angeles Atlanta New York label-switched-path SF_to_NY { to New_York.

Constraint-Based Routing: Example 2 label-switched-path madrid_to_stockholm{ to Stockholm. admin-group {include red. green} cspf} Stockholm London Paris Munich Geneva Madrid Rome 31 31 . from Madrid.

Other Neat MPLS Stuff  Secondary  Fast LSPs Reroute  Label Stacking  GMPLS 32 .

MPLS Secondary LSPs San Francisco Data Center New York Data Center Primary LSP Secondary LSP  Standard LSP failover  Failure signaled  Standby Secondary LSP  Pre-established LSP  Sub-second failover to ingress LSR  Calculate & signal new LSP  Reroute traffic to new LSP 33 .

MPLS Fast Reroute San Francisco Data Center New York Data Center Primary LSP Active Detour Ingress signals fast reroute during LSP setup  Each LSR computes a detour path (with same constraints)  Supports failover in ~100s of ms  34 .

MPLS Label Stacking 3 Trunk LSP LSP 1 2 3 6 LSP 2 2 5 4 2 5 1 1 3 5 Label (20-bits) CoS S TTL 2    A label stack is an ordered set of labels Each LSR processes the top label Applications  Routing hierarchy  Aggregate individual LSPs into a “trunk” LSP  VPNs 35 .

Push [42]) (2. Push [42]) MPLS Table In (5. 35) Out (2. 17) 36 . 25) (3.MPLS Label Stack: Example 1 Trunk LSP 3 1 1 3 2 5 6 2 5 4 2 5 5 2 MPLS Table In (1. 56) (5. Pop) MPLS Table In (4. 18) Out (5. 42) Out (6. 25) (4. 18) MPLS Table In (2. 35) Out (2.

Push [42]) MPLS Table In (5. 18) Out (5. 35) Out (2. 42) Out (6. 56) (5. 17) 37 . 35) Out (2. 25) (3. 18) MPLS Table In (2.MPLS Label Stack: Example 2 Trunk LSP 3 1 1 3 2 5 6 2 5 4 2 5 5 2 MPLS Table In (1. 25) (4. Pop) MPLS Table In (4. Push [42]) (2.

Label Stacking allows you to Reduce the Number of LSPs LSP 1 LSP 2 LSP 1 LSP 2 LSP Trunk LSP 3 LSP Trunk of Trunks LSP Trunk LSP 3 LSP 4 LSP 4  Label stacking to create a hierarchy of LSP trunks 38 .

WDMs)    Reduce complexity Reduce cost Router subsumes functions performed by other layers  Fast router interfaces eliminate the need for MUXs  MPLS replaces ATM/FR for traffic engineering  MPLS fast reroute obviates SONET APS restoration  Dynamic provisioning of optical bandwidth is required for growth and innovative service creation 39 .Generalized MPLS (GMPLS) Formally known as MPL(amda)S IP Service (Routers) Optical Core Optical Transport (OXCs.

GMPLS: LSP Hierarchy PSC Cloud TDM Cloud LSC Cloud FSC Cloud Fiber 1 Fiber n FA-PSC FA-TDM FA-LSC LSC Cloud TDM Cloud PSC Cloud Bundle Explicit Label LSPs Time-slot LSPs l LSPs Fiber LSPs l LSPs Time-slot Explicit LSPs Label LSPs (multiplex low-order LSPs) (demultiplex low-order LSPs)    Nesting LSPs enhances system scalability LSPs always start and terminate on similar interface types LSP interface hierarchy  Packet Switch Capable (PSC) Lowest  Time Division Multiplexing Capable (TDM)  Lambda Switch Capable (LSC)  Fiber Switch Capable (FSC) Highest 40 .

AGENDA    MPLS Overview Traffic Engineering VPNs 41 .

What Is Traffic Engineering? Source Destination Layer 3 Routing Traffic Engineering  Ability to control traffic flows in the network  Optimize available resources  Move traffic from IGP path to less congested path 42 .

Brief History  Early 1990‟s  Internet core was connected with T1 and T3 links between routers  Only a handful of routers and links to manage and configure  Humans could do the work manually  Metric-based traffic control was sufficient 43 .

Metric-Based Traffic Engineering  Traffic sent to A or B follows path with lowest metrics 1 1 A 1 B C 2 44 .

Metric-Based Traffic Engineering  Drawbacks  Redirecting traffic flow to A via C causes traffic for B to move also!  Some links become underutilized or overutilized 1 4 A 1 B C 2 45 .

Metric-Based Traffic Engineering  Drawbacks  Complexity made metric control tricky  Adjusting one metric might destabilize network 46 .

Discomfort Grows  Mid 1990‟s  ISPs became uncomfortable with size of Internet core  Large growth spurt imminent  Routers too slow  Metric “engineering” too complex  IGP routing calculation was topology driven. not traffic driven  Router based cores lacked predictability 47 .

the virtual network could be reengineered without changing the physical network  Benefits   Full traffic control  Per-circuit statistics  More balanced flow of traffic across links 48 .Overlay Networks are Born ATM switches offered performance and predictable behavior  ISPs created “overlay” networks that presented a virtual topology to the edge routers in their network  Using ATM virtual circuits.

Overlay Networks  ATM core ringed by routers  PVCs overlaid onto physical network A Physical View B C Logical View A C B 49 .

MD San Francisco Washington DC Los Angeles Houston 50 Atlanta .vBNS ATM Design Full UBR PVP mesh between terminal switches to carry “Best Effort” traffic Cleveland Chicago Boston Denver New York City Seattle Perryman.

vBNS Backbone Network Map Seattle C Boston National Center for Atmospheric Research C A Ameritech NAP C Chicago Cleveland A C C C New York City C Pittsburgh C A Supercomputing Center C National Center for Supercomputing Applications C C Sprint NAP Perryman. MD San Francisco C J Los Angeles C A C San Diego Supercomputer Center Denver C C MFS NAP Washington. DC J C Atlanta A C J Ascend GRF 400 Cisco 7507 Juniper M40 DS-3 C OC-3C OC-12C Houston FORE ASX-1000 NAP OC-48 51 .

Overlay Nets Had Drawbacks      Growth in full mesh of ATM PVCs stresses everything Router IGP runs out of steam Practical limitation of updating configurations in each switch and router ATM 20% Cell Tax ATM SAR speed limitations  OC-48 SAR very difficult/expensive to build  OC-192 SAR? 52 .

In the mean time:  Routers caught up  Current generation of routers have  High speed. wire-rate interfaces  Deterministic performance  Software advances  MPLS came along  Fuses best aspects of ATM PVCs with high- performance routing engines  Uses low-overhead circuit mechanism  Automates path selection and configuration  Implements quick failure recovery 53 .

MPLS for Traffic Engineering

Low-overhead virtual circuits for IP Originally designed to make routers faster
 Fixed label lookup faster than longest match used by IP

routing  Not true anymore
 

Value of MPLS is now in traffic engineering Other MPLS Benefits:
 No second network

 A fully integrated IP solution – no second technology
 Traffic engineering  Lower cost  A CoS enabler  Failover/link protection  Multi-service and VPN support
54

AGENDA
  

MPLS Overview Traffic Engineering VPNs

55

What Is a Virtual Private Network?
Corporate headquarters Intranet Shared Infrastructure Remote access

Branch office
Mobile users and telecommuters Suppliers, partners and customers

Extranet

  

“A private network constructed over a shared infrastructure” Virtual Private
 An artificial object simulated by computers (not really there!)  Separate/distinct environments  Separate addressing and routing systems  A collection of devices that communicate among themselves
56

Network

Deploying VPNs using Overlay Networks Provider Frame Relay Network CPE FR switch DLCI FR switch FR switch CPE CPE FR switch DLCI FR switch CPE FR switch DLCI FR switch CPE CPE  Operational model Benefits  PVCs overlay the shared infrastructure (ATM/Frame Relay)  Routing occurs at CPE  Mature technologies  Inherently „secure‟  Service commitments (bandwidth. availability.)   Limitations  Scalability and management of the overlay model  Not a fully integrated IP solution 57 . etc.

MPLS: A VPN Enabling Technology Service Provider Network Site 1 Site 3 Site 2 Site 2 Site 3 Site 1  Benefits  Seamlessly integrates multiple “networks”  Permits a single connection to the service provider  Supports rapid delivery of new services  Minimizes operational expenses  Provides higher network reliability and availability 58 .

There are Three Types of VPNs  End to End (CPE Based) VPNs  L2PT & PPTP  IPSEC  Layer  CCC 2 VPNs  CCC & MPLS Hybrid  Layer3 VPNs  RFC 2547bis 59 .

End to End VPNs: L2TP and PPTP V.x modem Dial access server L2TP tunnel L2TP access server PPP dial-up Dial access server Dial Access Provider PPTP tunnel Service Provider or VPN PPTP access server   Application: Dial access for remote users Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Both support IPSec for encryption Authentication & encryption at tunnel endpoints 60  RFC 2661  Combination of L2F and PPTP    Bundled with Windows/Windows NT  .

End to End VPNs: The IP Security Protocol (IPSec)   Defines the IETF‟s layer 3 security architecture Applications:  Strong security requirements  Extend a VPN across multiple service providers  Security services include:  Access control  Data origin authentication  Replay protection  Data integrity  Data privacy (encryption)  Key management 61 .

End to End VPNs: IPSec – Example Public Internet Corporate HQ Branch office CPE IPSec ESP Tunnel Mode CPE   Routing must be performed at CPE Tunnels terminate on subscriber premise  Only CPE equipment needs to support IPSec  Modifications to shared resources are not required  ESP tunnel mode  Authentication insures integrity from CPE to CPE  Encrypts original header/payload across internet  Supports private address space 62 .

Layer 2 VPNs: CCC/MPLS CPE DLCI PE 600 ATM (or Frame Relay) DLCI 610 CCC Table In Out LSPs LSP 2 LSP 5 LSP 6 PE PE DLCI 506 CPE ATM (or Frame Relay) (MPLS core) In DLCI 408 CCC Table Out LSP 2 in LSP 5 DLCI 506 DLCI 600 LSP 2 in LSP 5 DLCI 610 LSP 6 in LSP 5 CCC Function LSP 6 in LSP 5 DLCI 408  Benefits  Reduces provider configuration complexity  MPLS traffic engineered core  Subscriber can run any Layer 3 protocol  User Nets do not know there is a cloud in the middle  Limitations  Circuit type (ATM/FR) must be “like to like” 63 .

CCC Example: Abilene and ISP Service on one link Big “I” Internet Traffic: ATM VC1 terminated. 64 . IP packets delivered to Qwest ISP Qwest ISP Abilene M40 University X ATM Access Abilene Traffic: ATM VC2 mapped to port facing Abilene An M20/40/160 can both terminate ATM PVCs (layer 3 lookup) and support CCC pass-through on the same port.

vBNS used CCC and MPLS to tunnel IPv6 across their backbone for SC2000 CCC vBNS/vBNS+ IPv4 CCC Chicago SC2000 in Dallas ATM IPv6 ATM IPv6 65 .

MPLS/BGP VPNs CPE Service Provider Network PE FT Site 1 CPE P PE CPE FT FT Site 3 CPE Site 2 CPE P P P Site 2 CPE FT Site 3 FT FT Site 1 PE P PE  MPLS (Multiprotocol Label Switching) is used for forwarding packets over the backbone BGP (Border Gateway Protocol) is used for distributing routes over the backbone Multiple Forwarding Tables (FT) on some edge routers. one for each VPN 66   .Layer 3 VPNs: RFC 2547 .

Questions? 67 .

juniper.net http://www.net 68 .Thank You jjamison@juniper.