ATM and Multi-Protocol Label Switching (MPLS) By Behzad Akbari Spring 2011 These slides are based in parts on the slides of J. Kurose (UMASS) and Shivkumar (RPI)

Outline ATM basics IP over ATM MPLS basics MPLS VPN MPLS traffic engineering

Asynchronous Transfer Mode: ATM 1990’s/00 standard for high-speed (155Mbps to 622 Mbps and higher) Broadband Integrated Service Digital Network architecture Goal: integrated, end-end transport of carry voice, video, data meeting timing/QoS requirements of voice, video (versus Internet best-effort model) “next generation” telephony: technical roots in telephone world packet-switching (fixed length packets, called “cells”) using virtual circuits

ATM architecture adaptation layer: only at edge of ATM network physical ATM AAL end system switch adaptation layer: only at edge of ATM network data segmentation/reassembly roughly analagous to Internet transport layer ATM layer: “network” layer cell switching, routing physical layer

ATM: network or link layer? Vision: end-to-end transport: “ATM from desktop to desktop” ATM is a network technology Reality: used to connect IP backbone routers “IP over ATM” ATM as switched link layer, connecting IP routers IP network ATM network

ATM Adaptation Layer (AAL) ATM Adaptation Layer (AAL): “adapts” upper layers (IP or native ATM applications) to ATM layer below AAL present only in end systems, not in switches AAL layer segment (header/trailer fields, data) fragmented across multiple ATM cells analogy: TCP segment in many IP packets physical ATM AAL end system switch

ATM Adaptation Layer (AAL) [more] Different versions of AAL layers, depending on ATM service class: AAL1: for CBR (Constant Bit Rate) services, e.g. circuit emulation AAL2: for VBR (Variable Bit Rate) services, e.g., MPEG video AAL5: for data (eg, IP datagrams) User data AAL PDU ATM cell

ATM Layer Service: transport cells across ATM network analogous to IP network layer very different services than IP network layer Guarantees ? Network Architecture Internet ATM Service Model best effort CBR VBR ABR UBR Congestion feedback no (inferred via loss) no congestion yes Bandwidth none constant rate guaranteed minimum Loss no yes Order no yes Timing no yes

ATM Layer: Virtual Circuits VC transport: cells carried on VC from source to dest call setup, teardown for each call before data can flow each packet carries VC identifier (not destination ID) every switch on source-dest path maintain “state” for each passing connection link,switch resources (bandwidth, buffers) may be allocated to VC: to get circuit-like perf. Permanent VCs (PVCs) long lasting connections typically: “permanent” route between to IP routers Switched VCs (SVC): dynamically set up on per-call basis

ATM VCs Advantages of ATM VC approach: QoS performance guarantee for connection mapped to VC (bandwidth, delay, delay jitter) Drawbacks of ATM VC approach: Inefficient support of datagram traffic one PVC between each source/dest pair) does not scale (N*2 connections needed) SVC introduces call setup latency, processing overhead for short lived connections

ATM Layer: ATM cell 5-byte ATM cell header 48-byte payload Why?: small payload -> short cell-creation delay for digitized voice halfway between 32 and 64 (compromise!) Cell header Cell format

ATM cell header VCI: virtual channel ID will change from link to link thru net PT: Payload type (e.g. RM cell versus data cell) CLP: Cell Loss Priority bit CLP = 1 implies low priority cell, can be discarded if congestion HEC: Header Error Checksum cyclic redundancy check

ATM Physical Layer (more) Two pieces (sublayers) of physical layer: Transmission Convergence Sublayer (TCS): adapts ATM layer above to PMD sublayer below Physical Medium Dependent: depends on physical medium being used TCS Functions: Header checksum generation: 8 bits CRC Cell delineation With “unstructured” PMD sublayer, transmission of idle cells when no data cells to send

ATM Physical Layer Physical Medium Dependent (PMD) sublayer SONET/SDH: transmission frame structure (like a container carrying bits); bit synchronization; bandwidth partitions (TDM); several speeds: OC3 = 155.52 Mbps; OC12 = 622.08 Mbps; OC48 = 2.45 Gbps, OC192 = 9.6 Gbps TI/T3: transmission frame structure (old telephone hierarchy): 1.5 Mbps/ 45 Mbps unstructured: just cells (busy/idle)

IP-Over-ATM IP over ATM replace “network” (e.g., LAN segment) with ATM network ATM addresses, IP addresses Classic IP only 3 “networks” (e.g., LAN segments) MAC (802.3) and IP addresses ATM network Ethernet LANs Ethernet LANs

IP-Over-ATM AAL ATM phy Eth IP app transport

Datagram Journey in IP-over-ATM Network at Source Host: IP layer maps between IP, ATM dest address (using ARP) passes datagram to AAL5 AAL5 encapsulates data, segments cells, passes to ATM layer ATM network: moves cell along VC to destination at Destination Host: AAL5 reassembles cells into original datagram if CRC OK, datagram is passed to IP

IP-Over-ATM Issues: IP datagrams into ATM AAL5 PDUs from IP addresses to ATM addresses just like IP addresses to 802.3 MAC addresses! ATM network Ethernet LANs

Re-examining Basics: Routing vs Switching

IP Routing vs IP Switching

MPLS: Best of Both Worlds PACKET ROUTING CIRCUIT SWITCHING HYBRID IP MPLS+IP ATM TDM Caveat: one cares about combining the best of both worlds only for large ISP networks that need both features! Note: the “hybrid” also happens to be a solution that bypasses IP-over-ATM mapping woes!

History: Ipsilon’s IP Switching: Concept Hybrid: IP routing (control plane) + ATM switching (data plane)

Ipsilon’s IP Switching ATM VCs setup when new IP “flows” seen, I.e., “data-driven” VC setup

Issues with Ipsilon’s IP switching

Tag Switching Key difference: tags can be setup in the background using IP routing protocols (I.e. control-driven VC setup)

Multi-Protocol Label Switching (MPLS)

Background It was meant to improve routing performance on the Internet Routing is difficult using CIDR (longest prefix matching) Using the label-swapping paradigm to optimize network performance MPLS is similar to virtual circuits Only a fixed-sized label is used (like a VCID) with local scope It is very datagram oriented though It uses IP addressing and IP routing protocols

Goals of MPLS To enable IP capability on devices that cannot handle IP traffic Making cell switches behave as routers Increased performance Using the label-swapping paradigm to optimize network performance Forward packets along “explicit routes” (pre-calculated routes not used in “regular” routing) MPLS also permits explicit backbone routing, which specifies in advance the hops that a packet will take across the network. This should allow more deterministic, or predictable, performance that can be used to guarantee QoS To support certain virtual private network services

IP Regular Destination Based Forwarding Address Prefix Address Prefix Address Prefix I/F I/F I/F 128.89 1 128.89 128.89 171.69 1 171.69 1 … … … … 128.89 1 128.89.25.4 Data Now when a packet comes into a router a look up is done based on the IP address in the packet, at match is obtained, and the packet is forwarded out the appropriate interface. The packet follows the same process on a hop-by-hop bases through the network until it reaches its destination. 128.89.25.4 Data 1 128.89.25.4 Data 128.89.25.4 Data Packets Forwarded Based on IP Address 171.69

MPLS Example: Routing Information Label Address Prefix Out I’face Out Label In Label Address Prefix Out I’face Out Label In Label Address Prefix Out I’face Out Label 128.89 1 128.89 128.89 171.69 1 171.69 1 … … … … … … 128.89 1 You Can Reach 128.89 Thru Me Tag edge routers and tag switches use standard IP routing protocols to identify routes through the network. Theses fully interoperate with non-tag switching routers So what tag switching does is it extends the forwarding table by adding a tag field. One for the incoming tag and one for the outgoing tag. Note the topology of the network is discovered using unmodified layer 3 protocols such as OSPF. You Can Reach 128.89 and 171.69 Thru Me 1 Routing Updates (OSPF, EIGRP, …) You Can Reach 171.69 Thru Me 171.69

Labels for Destination-Based Forwarding A label is allocated for each prefix in its table The label is chosen locally Think of them as indices into the routing table Router advertises this to its neighbors “label distribution protocol” (LDP) Packets addressed to the prefix should, for efficiency, be tagged with the label. The label of an incoming packet is “swapped” before being forwarded to the next router.

MPLS Example: Assigning Labels Address Prefix Out I’face Out Label In Label Address Prefix Out I’face Out Label In Label Address Prefix Out I’face Out Label - 128.89 1 4 4 128.89 9 9 128.89 - - 171.69 1 5 5 171.69 1 7 … … … … … … … … … … … … 128.89 1 Tag routers and switches use the tables generated by the standard routing protocols to assign and distribute tag information via the tag distribution protocol (TDP). Tag routers receive the TDP information and build a forwarding database, which makes use of the tags. TDP is then used to bind tags to routes and distribute this information to each routers upstream neighbor. Use Label 9 for 128.89 Use Label 4 for 128.89 and Use Label 5 for 171.69 1 Label Distribution Protocol (LDP) (downstream allocation) 171.69 Use Label 7 for 171.69

MPLS Example: Forwarding Packets Label Address Prefix Out I’face Out Label In Label Address Prefix Out I’face Out Label In Label Address Prefix Out I’face Out Label - 128.89 1 4 4 128.89 9 9 128.89 - - 171.69 1 5 5 171.69 1 7 … … … … … … … … … … … … 128.89 1 128.89.25.4 Data When we get to the first router, the one performing the tag imposition, there’s an IP look-up based on the IP prefix. It finds the forwarding table entry and it discovers that to get to the destination it should use tag x. It sticks that tag on the front of the packet and forwards it along to the next hop tag switch. At this point the router can just do pure tag forwarding, gets in the packet with tag x, figures our that the outgoing interface is y, and the outgoing tag replaces the incoming tag. Note packet is forwarded based solely on the tag without re-analyzing the network layer header. This provides the essential separation of routing and forwarding referred to earlier. The packet reaches the tag edge router at the egress point of the network ,where the tag is stripped off and the packet delivered. 9 128.89.25.4 Data 1 128.89.25.4 Data 4 128.89.25.4 Data Label Switch Forwards Based on Label

MPLS Operation 1a. Existing routing protocols (e.g. OSPF, IS-IS) establish reachability to destination networks. 4. Edge LSR at egress removes(POP) label and delivers packet. 1b. Label Distribution Protocol (LDP) establishes label to destination network mappings. Here is how MPLS actually works. Step 1A: a routing protocol such as OSPF, EIGRP, or IS-IS determines the layer 3 topology. A router builds a routing table as it “listens” to the network. A Cisco router or IP+ATM switch can have a routing function inside that does this. All devices in the network are building the layer 3 topology. Step 1B: The Label Distribution Protocol establishes label values for each device according to the routing topology, to pre-configure maps to destination points. Unlike ATM PVCs where the VPI/VCIs are manually assigned, labels are assigned automatically by LDP. Step 2: An ingress packet enters the Edge LSR. The LSR labels it, does all the layer 3 value-added services, including QoS, Bandwidth management, and so forth. It then applies a label to it based on the information in the forwarding tables. (This also reflects QoS, which we’ll discuss in detail in the next section). Step 3: the core LSR read the labels on each packet on the ingress interface, and based on what the label says, sends the packet out the appropriate egress interface with a new label. Step 4: the egress Edge LSR strips the label and sends the packet to its destination. 2. Ingress Edge LSR receives packet, performs Layer 3 value-added services, and labels(PUSH) packets. 3. LSR switches packets using label swapping(SWAP) .

Remarks Rather than longest prefix-matching we use label matching Labels can be very efficient, simply an index into the routing table Regular IP routing is still used E.g., we could use OSPF to determine the routes Then we use labels for efficiency in per-hop routing Note that a “Setup” phase (like in VC’s) is not used

Placement of “labels” For Ethernet, the “protocol number used” is 0x8847 for MPLS I.e., the “protocol number” of IP is not used. Thus, IP never sees the message!

Label Header Header= 4 bytes, Label = 20 bits. 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Label EXP S TTL Label = 20 bits EXP = Class of Service, 3 bits S = Bottom of Stack, 1 bit TTL = Time to Live, 8 bits Header= 4 bytes, Label = 20 bits. Can be used over Ethernet, 802.3, or PPP links Contains everything needed at forwarding time The tag frame encapsulation uses what’s called a shim header. It’s a header that sits between the MAC layer header and the layer 3 header in the packet. It consists of one or more entries that look like this. Its a 32-bit word per entry which contains: the tag your forwarding on a 3-bit class of service field an 8-bit time to live field, and a 1-bit end of stack. The end of stack is what allows you to determine when you’re popping a tag, whether this is the last tag on the packet, or whether there are further tags.

Some Definitions Forwarding Equivalence Class (FEC): a group of IP packets which are forwarded in the same manner (e.g., over the same path, with the same forwarding treatment) Labeled Switched Router (LSR): A router capable of supporting MPLS labels. Labeled Switched Path: a sequence of LSR’s so that data can traverse the entire path using labels.

Traffic Aggregates: Forwarding Equivalence Classes Packets are destined for different address prefixes, but can be mapped to common path IP1 IP2 LSR LER LSP #L1 #L2 #L3 The “Forwarding Equivalence Class” is an important concept in MPLS. An FEC is any subset of packets that are treated the same way by a router. By “treated” this can mean, forwarded out the same interface with the same next hop and label. It can also mean given the same class of service, output on same queue, given same drop preference, and any other option available to the network operator. When a packet enters the MPLS network at the ingress node, the packet is mapped into an FEC. The mapping can also be done on a wide variety of parameters, address prefix (or host), source/destination address pair, or ingress interface. This greater flexibility adds functionality to MPLS that is not available in traditional IP routing. FECs also allow for greater scalability in MPLS. In Ipsilon’s implementation of IP Switching or in MPOA, their equivalent to an FEC maps to a data flow (source/destination address pair, or source/destination address plus port no.). The limited flexibility and large numbers of (short lived) flows in the Internet limits the applicability of both IP Switching and MPOA. With MPLS, the aggregation of flows into FECs of variable granularity provides scalability that meets the demands of the public Internet as well as enterprise applications. In the current Label Distribution Protocol specification, only three types of FECs are specified: - IP Address Prefix - Router ID - Flow (port, dest-addr, src-addr etc.) The spec. states that new elements can be added as required. FEC = “A subset of packets that are all treated the same way by a router” The concept of FECs provides for a great deal of flexibility and scalability In conventional routing, a packet is assigned to a FEC at each hop (i.e. L3 look-up), in MPLS it is only done once at the network ingress

Label Switched Path (LSP) 47.1 47.2 47.3 1 2 3 IP 47.1.1.1

Label Merging When multiple input streams corresponding to the same FEC exit using the same MPLS label. InLabel NextHop Label Port 3 30 25 Port 3 30 Netw D Dest NextHop Label D Port 1 10 R2 R4 R1 Port 3 Port 1 Port 5 R3 Dest NextHop Label D Port 5 25

Non-Label Merging Each source-destination pair has its own label at each LSR router. InLabel NextHop Label Port 3 5 25 Port 3 8 Netw D Dest NextHop Label D Port 1 10 R2 R4 R1 Port 3 Port 1 Port 5 R3 Dest NextHop Label D Port 5 25

Pushing-Requesting Labels R2 can “push” a label to R1, indicating which label to use to reach D R1 can “request” a label from R2 to be used to reach D. If using non-merging, usually R1 requests a label from R2 Netw D R2 R4 R1

ATM Most importantly, we can use ATM switches for IP We can turn “ATM Cell switches” into “label switching routers” usually only by changing the software and not the hardware of the switch.

IP over ATM (Before MPLS) We had every router with a VC over an ATM network to every other router Known as an “overlay” network Whole ATM network looked like a single “subnet” to the IP Routers ATM switches are not aware that the payload is an IP packet

IP disassembly into ATM cells IP becomes an “application” to the ATM layer. IP packets have to be broken into small 48-byte pieces, and placed into ATM Cells Cells are sent over the ATM circuit (e.g. from R1 to R6), the switches only see ATM Cells, not IP packet At R6, the cells are regrouped and the IP packet restored

ATM switches as LSRs (using MPLS) ATM switches are now “peers” of MPLS routers No longer viewed as a single subnet, each link is now a subnet

Advantages of MPLS vs overlay Each MPLS router has fewer “adjacencies” (i.e. neighbors) This reduces the OSPF traffic to the router significantly In OSPF you receive the topology of the entire network via each of your neighbors. Each router now has a view of the entire topology Not possible in overlay networks (ATM network “black box”) Routers have better control of paths in case of link failures In overlay networks, the ATM switches would do the rerouting ATM switches may still support native ATM if desired.

How to route IP packets? Can we send IP messages to our neighbors? We can use a special VCID (say 0) to send IP messages to our neighbor. Each node has a VCID 0 with each of its neighbors (a “single hop” VCID Thus, to send an IP message to a neighbor Disassemble the IP packet into ATM Cells Send them on VCID 0 of the link of the desired neighbor The neighbor reassembles the IP packet Since we can send an IP message to any neighbor This implies ATM LSR’s can execute ANY Internet protocol based on IP (e.g., OSPF, RIP, etc) and forward IP datagrams

End-to-end VC’s Disassembly/reassembly at each hop is wasteful It is better to establish an e-2-e VC for each source/destination pair, e.g., from R1 to R6 From OSPF (or other mechanism), each router knows which other router is ATM or regular router R1 “requests” a label from LSR1 for destination R6 LSR1 requests a label from LSR3 for destination R6 LSR3 requests a label from R6

Explicit Routing Similar to “source routing” but done by a router “Fish” network due to its shape R1 -> R7 : R1 R3 R6 R7 R2 -> R7 : R2 R3 R4 R5 R7 Perhaps we want to balance the load somehow Cannot be done with regular IP IP routing does not look at the source of the message

Explicitly Routed (ER-) LSP #216 #14 #462 ER-LSP follows route that source chooses. In other words, the control message to establish the LSP (label request) is source routed. #972 A B C Route= {A,B,C}

Explicitly Routed (ER-) LSP Contd IP 47.1.1.1 1 47.1 3 1 2 3 1 2 47.3 3 47.2 2 IP 47.1.1.1

Explicit Route Advantages Traffic Engineering You can control how much traffic travels through some point in the network This is done by controlling the paths taken by traffic Fast-rerouting You can bypass broken links quickly with explicit routing. No need to wait for a routing protocol (OSPF) to react. How? Keep track of two paths, regular path and backup path If the regular path fails use the backup

Virtual Private Networks We can do VPN’s with MPLS. Virtual Private Network A group of connected networks Connections may be over multiple networks not belonging to the group (e.g. over the Internet) E.g., joining the networks of several branches of a company into a “private internetwork”

Virtual Private Networks C A B M K L C A B M K L

Tunneling IP Tunnel Virtual point-to-point link between an arbitrarily connected pair of nodes IP Tunnel Network 1 Network 2 Internetwork R1 R2 10.0.0.1 IP Dest = 2.x IP Payload IP Dest = 2.x IP Payload IP Dest = 10.0.0.1 IP Dest = 2.x IP Payload

Tunneling Advantages of tunneling Disadvantages Transparent transmission of packets over heterogeneous networks The data carried may not even be IP messages! Only need to change relevant routers (end points) Coupled with encryption, gives you a secure private internetwork. End-points of tunnels my have features not available in other Internet routers. Multicast Local Addresses Disadvantages Increases packet size Processing time needed to encapsulate and decapsulate packets Management at tunnel-aware routers

Virtual Private Networks with MPLS We can do similarly with MPLS We can connect different sites with an MPLS tunnel We can send regular IP traffic through the tunnel, or any other type of traffic.

“Layer 2” tunnel Use MPLS to provide a tunnel between two LANs (Ethernet, etc) ATM points Any data can be “wrapped” with a label It need not be IP datagrams LSR does not look “beyond” the label

Demultiplexing Label What to do with the packet once it reaches the other side of the tunnel? A “demultiplexing” label needs to be added to inform the end-point router what to do with the packet.

E.g., Emulate a VC ATM cells with a specific VCID come in at the entrance of the tunnel ATM cells at the end of the tunnel should have the appropriate VCID for the next switch after the router.

Emulate a VC (steps) An ATM cell arrives to the input LSR with VCID 101 The head router attaches the demultiplexing label and identifies the emulated circuit The head router attaches the tunnel label (to reach the tail router) Routers in the middle forward as usual The tail router removes the tunnel label, finds the demultiplexing label, and identifies the VC The tail router modifies the VCID to the next ATM switch value (202) and sends it to the ATM switch.

Label Stacks The previous example has a stack of two labels You can have larger stacks of labels in the header. In the example It enables to have a tunnel And many types of traffic within the tunnel

“Layer 3” VPN’s The packet being carried is an IP packet Hence the name “layer 3” VPNs Service provider (see picture next ..) Has many customers Each customer has many sites These sites are linked with tunnels to appear to be one large Internetwork Each customer can only reach its own sites The customer is isolated from the rest of the Internet and from other customers