Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Slides:



Advertisements
Similar presentations
Virtual Links: VLANs and Tunneling
Advertisements

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
MPLS VPN.
Identifying MPLS Applications
AT&T Multi-protocol Label Switching Private Network Transport Service (MPLS PNT) National Communications Tel:
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
Deployment of MPLS VPN in Large ISP Networks
Provider Provisioned Virtual Private Networks Wing C. Lau Performance Analysis Department Bell Labs, Lucent Technologies Holmdel, New Jersey Dec
Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs draft-ietf-l3vpn-2547bis-mcast-00.txt.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,
Introducing MPLS Labels and Label Stacks
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
CS Summer 2003 Lecture 13. CS Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below:
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
A Study of MPLS Department of Computing Science & Engineering DE MONTFORT UNIVERSITY, LEICESTER, U.K. By PARMINDER SINGH KANG
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
Copyright Kenneth M. Chipps Ph.D. 1 VPN Last Update
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Forwarding MPLS VPN Packets.
Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.
MPLS VPN Security assessment
V1.1 VPLS Principle. Objectives Understand the basics of mpls layer 2 VPN Understand VPLS principle.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—3-1 Frame-Mode MPLS Implementation on Cisco IOS Platforms Configuring Frame-Mode MPLS on Cisco.
1 Multi-Protocol Label Switching (MPLS) presented by: chitralekha tamrakar (B.S.E.) divya krit tamrakar (B.S.E.) Rashmi shrivastava(B.S.E.) prakriti.
© 2007 AT&T Knowledge Ventures. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Knowledge Ventures. Subsidiaries and affiliates of AT&T.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 4 v3.1 Module 5 Frame Relay Cisco Networking Academy.
WAN Technologies FRAME RELAY. Frame Relay: An Efficient and Flexible WAN Technology  Frame Relay has become the most widely used WAN technology in the.
1 Multi Protocol Label Switching Presented by: Petros Ioannou Dept. of Electrical and Computer Engineering, UCY.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—6-1 Establishing Serial Point-To-Point Connections Introducing Frame Relay.
IP/MPLS Multiprotocol Label Switching
1 © 2001, Cisco Systems. MPLS Architecture Overview Jay Kumarasamy Adopted from Stefano Previdi’s presentation.
EVC Atahar Khan CCIE SP Cisco Systems.
Lucy Yong Susan Hares September 20, 2012 Boston
MPLS Forwarder Preliminary 1 Outline MPLS Overview MPLS Overview MPLS MRD MPLS Data Path HLD 48K MPLS Fwder HLD IPE MPLS Fwder HLD Issues Summary.
Lab MPLS Basic Configuration Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Brief Introduction to Juniper and its TE features Huang Jie [CSD-Team19]
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
1MPLS QOS 10/00 © 2000, Cisco Systems, Inc. rfc2547bis VPN Alvaro Retana Alvaro Retana
MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.
Mr. Mark Welton.  WAN transportation method that formats data into frames and sent over a network controlled by a service provider  Frame Relay is often.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
Multiple Protocol Support: Multiprotocol Level Switching.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in VPLS draft-raggarwa-l2vpn-vpls-mcast-00.txt Rahul Aggarwal.
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.
1 Overview of VPN. 2 Private Networks Leased Lines Organization A Site 1 Organization A Site 2 Organization A Site 3 Organization B Site 1 Organization.
MPLS Introduction Computer Networks 2007 Week 9 Lecture 1 by Donald Neal.
MPLS Virtual Private Networks (VPNs)
MPLS VPN Implementation
Presenter: Jeffrey Zhang
Hector Avalos Technical Director-Southern Europe
Point-to-Multipoint Pseudo-Wire Encapsulation draft-raggarwa-pwe3-p2mp-pw-encaps-00.txt R. Aggarwal (Juniper)
Chapter 1: WAN Concepts Connecting Networks
MPLS - How does it work ?.
Kireeti Kompella Juniper Networks
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
Experiences with Implementing MPLS/VPN Services
Presentation transcript:

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Juniper Networks, Inc. Copyright © Agenda: L2 MPLS VPNs  VPNs Overview  Provider-provisioned L2 MPLS VPNs  Taxonomy  Operational Model  Conclusion

Juniper Networks, Inc. Copyright © What is a VPN?  A private network constructed over a shared infrastructure  Virtual: not a separate physical network  Private: separate addressing and routing  Network: a collection of devices that communicate  Policies are key—global connectivity is not the goal Shared Infrastructure Shared Infrastructure Mobile Users and Telecommuters Remote Access Branch Office Corporate Headquarters Suppliers, Partners and Customers Intranet Extranet

Juniper Networks, Inc. Copyright © Deploying VPNs in the 1990s  Operational model  PVCs overlay the shared infrastructure (ATM/Frame Relay)  Routing occurs at customer premise  Benefits  Mature technologies  Relatively “secure”  Service commitments (bandwidth, availability, and more)  Limitations  Scalability, provisioning and management  Not a fully integrated IP solution Provider Frame Relay Network CPE DLCI FR Switch DLCI FR Switch

Juniper Networks, Inc. Copyright © Traditional (Layer 2) VPNs Router Frame Relay/ ATM Switch

Juniper Networks, Inc. Copyright © Improving Traditional Layer 2 VPNs  Decouple edge (customer-facing) technology from core technology  Have a single network infrastructure for all desired services  Internet  L3 MPLS VPNs  L2 MPLS VPNs  Simplify provisioning  Appropriate signaling mechanisms for VPN auto- provisioning

Juniper Networks, Inc. Copyright © VPN Classification Model  Customer-managed VPN solutions (CPE-VPNs)  Layer 2: L2TP and PPTP  Layer 3: IPSec  Provider-provisioned VPN solutions (PP-VPNs)  Layer 3: MPLS-Based VPNs (RFC 2547bis)  Layer 3: Non-MPLS-Based VPNs (Virtual Routers)  Layer2: MPLS VPNs PE CPE Subscriber Site 3 PP-VPN Subscriber Site 2 CPE PE VPN Tunnel CPE PE CPE CPE-VPN VPN Tunnel Subscriber Site 1 Subscriber Site 3 Subscriber Site 2 VPN Tunnel VPN Tunnel Subscriber Site 1

Juniper Networks, Inc. Copyright © PP-VPNs: Layer 2 Classification  Service Provider delivers Layer 2 circuit IDs (DLCI, VPI/VCI, 802.1q vlan) to the customer  One for each reachable site  Customer maps their own routing architecture to the circuit mesh  Provider router maps the circuit ID to a Label Switched Path (LSP) to traverse the provider core  Customer routes are transparent to provider routers  Provider-provisioned L2 MPLS VPN Internet drafts  draft-kompella-mpls-l2vpn-02.txt  draft-martini-l2circuit-encap-mpls-01.txt

Juniper Networks, Inc. Copyright © Agenda: L2 MPLS VPNs  Overview of VPNs  Provider-provisioned L2 MPLS VPNs  Taxonomy  Operational Model  Conclusion

Juniper Networks, Inc. Copyright © Customer Edge Routers  Customer Edge (CE) routers  Router or switch device located at customer premises providing access to the service provider network  Layer 2 (FR, ATM, Ethernet) and Layer 3 (IP, IPX, SNA …) independence of the service provider network  CEs within a VPN, uses the same L2 technology to access the service provider network  Requires a sub-interface per CE it needs to interconnect to within the VPN  Maintains routing adjacencies with other CEs within the VPN CE P P PECE Customer Edge CE PE VPN A VPN B PE ATM FR ATM FR VPN Site

Juniper Networks, Inc. Copyright © Provider Edge Routers  Provider Edge (PE) routers  Maintain site-specific VPN Forwarding Tables  Exchange VPN Connection Tables with other PE routers using MP-IBGP or LDP  Use MPLS LSPs to forward VPN traffic CE P P PECE PE VPN A VPN B PE Provider Edge ATM FR ATM FR

Juniper Networks, Inc. Copyright © CE P P PECE PE VPN A VPN B PE Provider Routers  Provider (P) routers  Forward data traffic transparently over established LSPs  Do not maintain VPN-specific forwarding information Provider Routers ATM FR ATM FR

Juniper Networks, Inc. Copyright © VPN Forwarding Tables (VFT) P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 VPN B Site 1 PE 1 PE 3 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P A VFT is created for each site connected to the PE OSPF ATM  Each VFT is populated with:  The forwarding information provisioned for the local CE sites  VPN Connection Tables received from other PEs via iBGP or LDP

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 VPN Connection Tables (VCT) PE-2 CE-4 PE-1 CE-2 CE-1 VFT  The VCT is a subset of information hold by the VFT  VCTs are distributed by the PEs via iBGP or LDP A VCT is distributed for each VPN site to PEs MP-iBGP session / LDP

Juniper Networks, Inc. Copyright © L2 VPN Provisioning  Provisioning the network  Provisioning the CEs  Provisioning the VPN (PEs)  VPN Connection Table Distribution Assumption: access technology is Frame Relay (other cases are similar)

Juniper Networks, Inc. Copyright © Provisioning the Network P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 VPN B Site 1 PE 1 PE 3 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P OSPF ATM  PE-to-PE LSPs pre-established via  RSVP-TE  LDP  LDP over RSPV-TE tunneling  LSPs used for many services: IP, L2 VPN, L3 VPN, …  Provisioned independent of Layer 2 VPNs

Juniper Networks, Inc. Copyright © Provisioning Customer Sites  List of DLCIs: one for each site, some spare for over-provisioning  DLCIs independently numbered at each site  LMI, inverse ARP and/or routing protocols for auto-discovery and learning addresses  No changes as VPN membership changes  Until over-provisioning runs out CE-4 DLCIs CE-4 Routing Table InOut DLCI 63 10/8 DLCI 7520/8 DLCI 8230/8 DLCI 94-

Juniper Networks, Inc. Copyright © Provisioning CE’s at the PE  A VFT is provisioned at each PE for each CE  VPN-ID : unique value within the service provider network  CE-ID : unique value in the context of a VPN  CE Range : maximum number of CEs that it can connect to  Sub-interface list : set of local sub-interface IDs assigned for the CE-PE connection CE 4 VFT VPN ID CE ID RED VPN 4 CE Range 4 Sub-int IDs

Juniper Networks, Inc. Copyright © Provisioning CE’s at the PE  A VFT is provisioned at each PE for each CE  VPN-ID : unique value within the service provider network  CE-ID : unique value in the context of a VPN  CE Range : maximum number of CEs that it can connect to  Sub-interface list : set of local sub-interface IDs assigned for the CE-PE connection  Label-base : Label assigned to the first sub-interface ID  The PE reserves N contiguous labels, where N is the CE Range CE 4 VFT VPN ID CE ID RED VPN 4 CE Range Label Base Sub-int IDs CE 4 VCT

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 Provisioning CE’s at the PE PE-2 CE-4 PE-1 CE-2 CE-1 VFT CE 4 VFT VPN ID CE ID RED VPN 4 CE Range Label base 4 Sub-int IDs Label used by CE 1 to reach CE Label used by CE 2 to reach CE Label used by CE 0 to reach CE FR CE 4 ‘s DLCI to CE 0 63 CE 4 ‘s DLCI to CE 1 75 CE 4 ‘s DLCI to CE 2 82 CE 4 ‘s DLCI to CE 3 94  PE-2 is configured with the CE4 VFT Label used by CE 3 to reach CE

Juniper Networks, Inc. Copyright © Distributing VCTs  Key: signalling using LDP or MP-iBGP  Auto-discovery of members  Auto-assignment of inter-member circuits  Flexible VPN topology  O(N) configuration for the whole VPN  Could be more for complex topologies  O(1) configuration to add a site  “Overprovision” DLCIs (sub-interfaces) at customer sites

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 Distributing VCTs  PE-1 accepts PE-2’s CE 4 VCT PE-2 CE-4 PE-1 CE-2 CE-1 VFT FR Label used by CE 2 to reach CE MP-iBGP session / LDP CE 4 VCT update VPN ID CE ID RED VPN 4 CE Range Label base CE 4 VCT update VPN ID CE ID RED VPN 4 CE Range Label base

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 Updating VFTs  PE-1 update its CE 2 VFT PE-2 CE-4 PE-1 CE-2 CE-1 VFT FR DLCI 82 FR DLCI 414 CE 2 VFT CE ID Inner Label Sub-int IDs Label used to reach CE

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 Updating VFTs  PE-1 update its CE 2 VFT PE-2 CE-4 PE-1 CE-2 CE-1 VFT CE 2 VFT CE ID Inner Label Sub-int IDs LSP to PE Outer Label FR DLCI 82 FR DLCI 414

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 Data Flow  The CE-2 sends packets to the PE via the DLCI which connects to CE-4 (414) PE-2 CE-4 PE-1 CE-2 CE-1 VFT DLCI 82 DLCI 414 packet DLCI 414

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 Data Flow  The DLCI number is removed by the ingress PE  Two labels are derived from the VFT sub-interface lookup and “pushed” onto the packet  Outer IGP label  Identifies the LSP to egress PE router  Derived from core’s IGP and distributed by RSVP or LDP  Inner site label  Identifies outgoing sub-interface from egress PE to CE  Derived from MP-IBGP/LDP VCT distributed by egress PE PE-2 CP-4 PE-1 CE-2 CE-1 PE-1 1) Lookup DLCI in Red VFT 2) Push VPN label (1002) 3) Push IGP label (500) VFT DLCI 82 Packet site label (1002) IGP label (500)

Juniper Networks, Inc. Copyright © Site 1 Site /16 Site 1 Site 2 Data Flow  After packets exit the ingress PE, the outer label is used to traverse the LSP  P routers are not VPN-aware PE-2 CPE-4 PE-1 CE-2 CE-1 VFT Packet site label (1002) IGP label (z) DLCI 82 DLCI 414

Juniper Networks, Inc. Copyright © Site 1 Site /16 Site 1 Site 2 Data Flow  The outer label is removed through penultimate hop popping (before reaching the egress PE) PE-2 CE-4 PE-1 CE-2 CE-1 Penultimate Pop top label VFT Packet site label (1002) DLCI 82 DLCI 414

Juniper Networks, Inc. Copyright © Site 1 Site 2 Site 1 Site 2 Data Flow  The inner label is removed at the egress PE  The egress PE does a label lookup to find the corresponding DLCI value  The native Frame Relay packet is sent to the corresponding outbound sub-interface PE-2 CE-4 PE-1 CE-2 CE-1 VFT DLCI 82 DLCI 414 packet DLCI 82

Juniper Networks, Inc. Copyright © VPN Topologies  Arbitrary topologies are possible:  full mesh  hub-and-spoke  BGP communities are used to configure VPN topologies when using BGP signaling  “Connectivity” parameter serves similar purpose in LDP signaling

Juniper Networks, Inc. Copyright © Conclusions

Juniper Networks, Inc. Copyright © A Range of VPN Solutions  Each customer has different  Security requirements  Staff expertise  Tolerance for outsourcing  Customer networks vary by size and traffic volume  Providers also have different preferences concerning  Extensive policy management  Inclusion of customer routes in backbone routers  Approaches to managed service

Juniper Networks, Inc. Copyright © MPLS-Based Layer 2 VPNs  MPLS-based Layer 2 VPNs are identical to Layer 2 VPNs from customers’ perspective  Familiar paradigm  Layer 3 independent  Provider not responsible for routing  No hacks for OSPF  Rely on SP only for connectivity  MPLS transport in provider network  Decouples edge and core Layer 2 technologies  Multiple services over single infrastructure  Single network architecture for both Internet and VPN services  Label stacking  Provision once, and use same LSP for multiple purposes  Auto-provisioning VPN

Juniper Networks, Inc. Copyright © MPLS-based Layer 2 VPNs: Advantages  Subscriber  Outsourced WAN infrastructure  Easy migration from existing Layer 2 fabric  Can maintain routing control, or opt for managed service  Supports any Layer 3 protocol  Supports multicast  Provider  Complements RFC 2547bis  Operates over the same core, using the same outer LSP  Existing Frame Relay and ATM VPNs can be collapsed onto a single IP/MPLS infrastructure  Label stacking allows multiple services over a single LSP  No scalability problems associated with storing numerous customer VPN routes  Simpler than the extensive policy-based configuration used with 2547

Juniper Networks, Inc. Copyright © MPLS-based Layer 2 VPNs: Disadvantages  Circuit type (ATM/FR) to each VPN site must be uniform  Managed network service required for provider revenue opportunity  Customer must have routing expertise (or opt for managed service)

Juniper Networks, Inc. Copyright © Layer 2 MPLS-based VPNs Application  Customer profile  High degree of IP expertise  Desire to control their own routing infrastructure  Prefer to outsource tunneling  Large number of users and sites  Provider profile  MPLS deployed in the core  Migrating an existing ATM or Frame Relay network  Offers CPE managed service, or  Provisions only the layer 2 circuits at a premium cost  Layer 2 MPLS-based VPNs are ideal for this customer profile

Juniper Networks, Inc. Copyright © Thank you!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.