Kireeti Kompella Juniper Networks MPLS-based Layer 2 VPNs Kireeti Kompella Juniper Networks

Juniper Networks, Inc. Copyright © 2000 Agenda Introduction Traditional Layer 2 VPNs MPLS-based Layer 2 VPNs Layer 3 VPNs Details Provisioning Signaling Topology Future work 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Traditional (Layer 2) VPNs Router Frame Relay/ ATM Switch 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Traditional (Layer 2) VPNs Provider network technology dictated by VPN services Frame switches? ATM switches? Provisioning – complex for provider Topology dictated by cost rather than traffic patterns Multiple networks – adds to provider’s administrative burden 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Question Can we Decouple edge (customer-facing) technology from core technology? Have a single network infrastructure for all desired services? Simplify provisioning? Appropriate signaling mechanisms? 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Answer MPLS is layer 2 agnostic POS in the core MPLS offers several services One infrastructure does it all MPLS has signaling RSVP, LDP, BGP work great, and are extensible MPLS has label stacking Provision once, and use same LSP for multiple purposes 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 MPLS-Based Layer 2 VPNs Traditional Layer 2 VPN from customer’s point-of-view Layer 3 independent Provider not responsible for routing MPLS transport in provider network Decouples edge and core technologies Auto-provisioning VPN Single network architecture for both Internet traffic and VPN traffic 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 MPLS-Based Layer 2 VPNs CE G CE B CE A CE E CE D CE C CE F PE 1 PE 2 PE 3 PE 4 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Layer 3 VPNs SP participates in customers’ routing Out-sourced routing Added SP responsibilities Value-added service ~ cost structure BGP MPLS VPNs – mature technology QoS/CoS, Carrier of Carriers, inter-SP VPNs Virtual routers Migration may take some work 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Provisioning CE G CE B CE A CE E CE D CE C CE F PE 1 PE 2 PE 3 PE 4 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Provisioning the Network PE-to-PE MPLS LSPs Key: signaling LDP LSPs RSVP-TE LSPs LDP over RSVP tunneling Fully-meshed Traffic Engineered core Edge-to-edge LDP LSPs Used for many services – IP, L2 VPNs, L3 VPNs, differentiated services Provisioned independent of Layer 2 VPNs! 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Provisioning a VPN Key: signaling Auto-discovery of members, auto-assignment of inter-member circuits Flexible VPN topology Signaling using LDP or BGP O(N) configuration for the whole VPN Could be more for complex topologies O(1) configuration to add a site “Overprovision” DLCIs at customer sites 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Provisioning Customer Sites List of DLCIs, one for each other site, some spare (over-provisioning) DLCIs independently numbered at each site LMI, inverse ARP and/or routing protocols for auto-discovery and learning addresses No changes as VPN membership changes (until over-provisioning runs out) 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 VPN Signaling Signaling through either BGP or LDP Compact representation of mapping of layer 2 address to inner label PE says: “CE k is in Blue VPN; label base 1000” This info sent to all members of Blue VPN CE # 0 uses label 1000 + 0 to reach CE k CE # 1 uses label 1000 + 1 to reach CE k Etc. 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Information Signaled Compact representation means one “routing entry” per CE per VPN in BGP/LDP Same info sent to each peer One “route” per CE per VPN in each PE’s forwarding table 200 CEs per PE, 500 PEs in network means 100000 total VPN routes in entire network Can easily be held by a single route reflector 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 VPN Topologies Arbitrary topologies possible; common ones such as full mesh and hub-and-spoke easy to configure BGP communities used to configure arbitrary topologies in BGP signaling “Connectivity” parameter serves similar purpose in LDP signaling 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Future Work Layer 2 technologies VLANs MPLS as layer 2 to CE Decouples access technology Carrier of carriers model, inter-SP VPNs, QoS/CoS support Reduce dependency on “over-provisioning” Security 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Summary Benefits to customer MPLS-based Layer 2 VPNs identical to Layer 2 VPNs from customers’ perspective Familiar paradigm Easy to migrate OSPF handled naturally Rely on SP only for connectivity 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Juniper Networks, Inc. Copyright © 2000 Summary Benefits to SP Single network infrastructure for all services: L2 VPNs, L3 VPNs, Traffic Engineering, DiffServ Auto-provisioning: VPN members discover each other, signal required DLCIs Layer 3 and routing independent Good scaling characteristics 12/2/2018 Juniper Networks, Inc. Copyright © 2000

Thank you! www.juniper.net