1MPLS QOS 10/00 © 2000, Cisco Systems, Inc. rfc2547bis VPN Alvaro Retana Alvaro Retana

Slides:



Advertisements
Similar presentations
Virtual Links: VLANs and Tunneling
Advertisements

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
MPLS VPN.
Identifying MPLS Applications
Generalized Multiprotocol Label Switching: An Overview of Signaling Enhancements and Recovery Techniques IEEE Communications Magazine July 2001.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing MPLS VPN Architecture.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Deployment of MPLS VPN in Large ISP Networks
Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 Module Summary The VRF table is a virtual routing and forwarding instance separating sites.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring VRF Tables.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.
Introducing MPLS Labels and Label Stacks
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
MPLS / VPN Connectivity between VPNs JET 2004/03/15.
MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Considering the Advantages of Using BGP.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5#-1 MPLS VPN Implementation Configuring OSPF as the Routing Protocol Between PE and CE Routers.
Border Gateway Protocol (BGP4) Rizwan Rehman, CCS, DU.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring Small-Scale Routing Protocols Between PE and CE Routers.
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Forwarding MPLS VPN Packets.
Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.
MPLS VPN Security assessment
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Using MPLS VPN Mechanisms of Cisco IOS Platforms.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
1 © 1999, Cisco Systems, Inc _05F9_c2 1 NW’99 Vienna © 1999, Cisco Systems, Inc. MPLS VPNs Peter Tomsu Senior Consultant EMEA
1 Multi-Protocol Label Switching (MPLS) presented by: chitralekha tamrakar (B.S.E.) divya krit tamrakar (B.S.E.) Rashmi shrivastava(B.S.E.) prakriti.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
61st IETF Washington DC November 2004 BGP/MPLS IP Multicast VPNs draft-yasukawa-l3vpn-p2mp-mcast-00.txt Seisho Yasukawa (NTT) Shankar Karuna (Motorola)
Chapter 9. Implementing Scalability Features in Your Internetwork.
© 1999, Cisco Systems, Inc. Module 9: Understanding Virtual LANs.
MPLS and VPNs (David Andersen) (Nick Feamster) February 18, 2008.
Inter AS option D (draft-mapathak-interas-option-d-00) Manu Pathak Keyur Patel Arjun Sreekantiah November 2012.
Routing and Routing Protocols
MPLS VPNs by Richard Bannister. The Topology The next two slides display both the physical and logical topology of our simple example network –Please.
MPLS Concepts Introducing Basic MPLS Concepts. Outline Overview What Are the Foundations of Traditional IP Routing? Basic MPLS Features Benefits of MPLS.
Base Specification for Multicast in BGP/MPLS VPNs draft-raggarwa-l3vpn-2547-mvpn-00.txt Rahul Aggarwal Juniper Networks.
MPLS VPN Presented by : Md. Shafiqur Rahman Divisional Engineer (A & C) Moghbazar, Dhaka-1217.
Support for RSVP in Layer 3 VPNs draft-davie-tsvwg-rsvp-l3vpn-01.txt Bruce Davie François le Faucheur Ashok Narayanan Cisco Systems.
MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.
Mr. Mark Welton.  WAN transportation method that formats data into frames and sent over a network controlled by a service provider  Frame Relay is often.
Module 2 MPLS Concepts.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
Multiple Protocol Support: Multiprotocol Level Switching.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.
1 Copyright © 2009 Juniper Networks, Inc. E-VPN for NVO Use of Ethernet Virtual Private Network (E-VPN) as the carrier-grade control plane.
MULTI-PROTOCOL LABEL SWITCHING By: By: YASHWANT.V YASHWANT.V ROLL NO:20 ROLL NO:20.
Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.
MBGP and Customer Routes
MPLS Introduction Computer Networks 2007 Week 9 Lecture 1 by Donald Neal.
MPLS Virtual Private Networks (VPNs)
Working at a Small-to-Medium Business or ISP – Chapter 6
MPLS VPN Implementation
Virtual Aggregation (VA)
CCNA 2 v3.1 Module 6 Routing and Routing Protocols
MPLS VPNs by Richard Bannister.
Kireeti Kompella Juniper Networks
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
Working at a Small-to-Medium Business or ISP – Chapter 6
Presentation transcript:

1MPLS QOS 10/00 © 2000, Cisco Systems, Inc. rfc2547bis VPN Alvaro Retana Alvaro Retana

2 MPLS VPNs © 2000, Cisco Systems, Inc. MPLS/BGP VPNs Goals MPLS/BGP VPN Features Implementation Conclusions

3 MPLS VPNs © 2000, Cisco Systems, Inc. Objectives Provide a solution that enables Service Providers to offer VPN service that : scales to large number of customers (100, ,000,000 VPNs) most of customers with little/no IP routing expertise supports diverse customer population including large VPNs (100s s sites per VPN) value added service low cost service

4 MPLS VPNs © 2000, Cisco Systems, Inc. What is a VPN ? VPN is a set of sites which are allowed to communicate with each other VPN is defined by a set of administrative policies policies determine both connectivity and QoS among sites policies established by VPN customers policies could be implemented completely by VPN Service Providers using BGP/MPLS VPN mechanisms

5 MPLS VPNs © 2000, Cisco Systems, Inc. What is a VPN (cont.)? Flexible inter-site connectivity ranging from complete mesh to hub-and-spoke Sites may be either within the same or in different organizations VPN can be either Intranet or Extranet Site may be in more than one VPN VPNs may overlap Not all sites have to be connected to the same service provider VPN can span multiple providers

6 MPLS VPNs © 2000, Cisco Systems, Inc. BGP/MPLS VPN - example VPN A/Site 1 VPN A/Site 2 VPN A/Site 3 VPN B/Site 2 VPN B/Site 1 VPN B/Site 3 CE A1 CE B3 CE A3 CE B2 CE A2 CE 1 B1 CE 2 B1 PE 1 PE 2 PE 3 P1P1 P2P2 P3P3 10.1/ / / / / /16

7 MPLS VPNs © 2000, Cisco Systems, Inc. BGP/MPLS VPN key components: (1) Constrained distribution of routing information + multiple forwarding tables (2) Address extension (3) MPLS

8 MPLS VPNs © 2000, Cisco Systems, Inc. Constrained Distribution of Routing Information Provides control over connectivity among sites flow of data traffic (connectivity) is determined by flow (distribution) of routing information

9 MPLS VPNs © 2000, Cisco Systems, Inc. Routing Information Distribution Step 1: from site (CE) to service provider (PE) e.g., via RIP, or static routing, or BGP, or OSPF Step 2: export to provider’s BGP at ingress PE Step 3: within/across service provider(s) (among PEs): via BGP Step 4: import from provider’s BGP at egress PE Step 5: from service provider (PE) to site (CE) e.g., via RIP, or static routing, or BGP, or OSPF

10 MPLS VPNs © 2000, Cisco Systems, Inc. Constrained Distribution of Routing Information Occurs during Steps 2, 3, 4 Performed by Service Provider using route filtering based on BGP Extended Community attribute BGP Community is attached by ingress PE at Step 2 route filtering based on BGP Community is performed by egress PE at Step 4

11 MPLS VPNs © 2000, Cisco Systems, Inc. Routing Information Distribution - example VPN A/Site 1 VPN C/Site 2 VPN A/Site 3 VPN B/Site 2 VPN B/Site 1 VPN C/Site 1 CE A1 CE B3 CE A3 CE B2 CE A2 CE 1 B1 CE 2 B1 PE 1 PE 2 PE / / / / /16 RIP Static RIP BGP Static RIP BGP 12.2/16 Step 1 Step 2 Step 3 Step 4 Step 5

12 MPLS VPNs © 2000, Cisco Systems, Inc. Amount of routing peering maintained by CE is O(1) - CE peers only with directly attached PE independent of the total number of sites within a VPN scales to VPNs with large number of sites (100s s sites per VPN) In contrast, mesh with any tunnel-based approach (e.g., IPSec) requires O(n) peering (where n is the number of sites) does not scale to VPNs with large number of sites Implications on scalability Site All other sites CEPE Routing peering

13 MPLS VPNs © 2000, Cisco Systems, Inc. Amount of configuration changes needed to add a new site (new CE) is O(1): need to configure only the directly attached PE independent of the total number of sites within a VPN In contrast, mesh with any tunnel-based approach (e.g., IPSec) requires O(n) changes (where n is the number of sites) scales worse than the BGP/MPLS VPN Implications on scalability New Site All other sites CEPE Config changes

14 MPLS VPNs © 2000, Cisco Systems, Inc. Multiple Forwarding Tables How to constrain distribution of routing information at PE that has sites from multiple (disjoint) VPNs attached to it ? single Forwarding Table on PE doesn’t allow per VPN segregation of routing information

15 MPLS VPNs © 2000, Cisco Systems, Inc. Multiple Forwarding Tables (cont.) PE maintains multiple Forwarding Tables one per set of directly attached sites with common VPN membership e.g., one for all the directly attached sites that are in just one particular VPN Enables (in conjunction with route filtering) per VPN segregation of routing information on PE

16 MPLS VPNs © 2000, Cisco Systems, Inc. Multiple Forwarding Tables (cont.) Each Forwarding Table is populated from: (a) routes received from directly connected CE(s) of the site(s) associated with the Forwarding Table (b) routes receives from other PEs (via BGP) restricted to only the routes of the VPN(s) the site(s) is in via route filtering based on BGP Extended Community Attribute

17 MPLS VPNs © 2000, Cisco Systems, Inc. Multiple Forwarding Tables (cont.) Each customer port on PE is associated with a particular Forwarding Table via configuration management (at provisioning time) Provides PE with per site (per VPN) forwarding information for packets received from CEs Ports on PE could be “logical” e.g., VLAN, FR, ATM, L2F, etc...

18 MPLS VPNs © 2000, Cisco Systems, Inc. MPLS VPN example: full mesh One BGP Community C closed At PE with directly attached site: exports all site’s routes into provider’s BGP with Community C closed imports into the forwarding table associated with the VPN (site) only routes with C closed Could also be realized with more than one BGP Community useful when VPN spans multiple providers

19 MPLS VPNs © 2000, Cisco Systems, Inc. Address Extension How to support VPNs without imposing constraints on address allocation/management within VPNs (e.g., allowing private address space [RFC1918]) ? constrained distribution of routing information uses BGP BGP is designed with the assumption that addresses are unique

20 MPLS VPNs © 2000, Cisco Systems, Inc. VPN-IP Addresses New address family: VPN-IP addresses VPN-IP address = Route Distinguisher (RD) + IP address RD = Type + Provider’s Autonomous System Number + Assigned Number No two VPNs have the same RD convert non-unique IP addresses into unique VPN-IP addresses Reachability information for VPN-IP addresses is carried via multiprotocol extensions to BGP-4

21 MPLS VPNs © 2000, Cisco Systems, Inc. Converting between IP and VPN-IP addresses Performed by PE in control plane only ingress PE - exporting route into provider’s BGP: PE is configured with RD(s) for each directly attached VPN (directly attached sites) convert from IP to VPN-IP (by prepending RD) before exporting into provider’s BGP egress PE - importing route from provider’s BGP: convert from VPN-IP to IP (by stripping RD) before inserting into site’s forwarding table

22 MPLS VPNs © 2000, Cisco Systems, Inc. Route Distinguisher vs BGP Communities Route Distinguisher: used to disambiguate IP addresses via VPN-IP addresses not used to constrain distribution of routing information (route filtering) BGP Communities: not used to disambiguate IP addresses used to constrain distribution of routing information via route filtering based on BGP Communities

23 MPLS VPNs © 2000, Cisco Systems, Inc. MPLS Given that BGP operates in term of VPN- IP addresses, how to forward IP packets within Service Provider(s) along the routes computed by BGP ? IP header has no place to carry Route Distinguisher

24 MPLS VPNs © 2000, Cisco Systems, Inc. MPLS (cont.) Use MPLS for forwarding MPLS decouples information used for forwarding (label) from the information carried in the IP header Label Switched Paths (labels) are bound to VPN-IP routes Label Switched Paths are confined to VPN Service Provider(s)

25 MPLS VPNs © 2000, Cisco Systems, Inc. Packet Forwarding - example Logically separate forwarding table (FIB) for each (directly attached) VPN expressed in terms of IP address prefixes conversion from VPN-IP to IP addresses happen when FIB is populated from the routing table (RIB) Incoming interface determines the FIB FIB Table 1. Identify VPN Next Hop Label Info 2. Select FIB for this VPN PE LSR 3. Attach label info and send out Label IP PKT

26 MPLS VPNs © 2000, Cisco Systems, Inc. Two-level label stack VPN routing information is carried only among PE routers (using BGP) BGP Next Hop provides coupling between external routes (VPN routes) and service provider internal route (IGP routes) route to Next Hop is an internal route Top (first) level label is used for forwarding from ingress PE to egress PE Bottom (second) level is used for forwarding at egress PE distributed via BGP (together with the VPN route)  P routers maintain only internal routes (routes to PE routers and other P routers), but no VPN routes

27 MPLS VPNs © 2000, Cisco Systems, Inc. Two-level label stack - example IP packet IP packet VPN label = X IGP Label(PE2) IP packet VPN label = X IGP Label(PE2) IP packet VPN label = X IP packet PE2PE1 CE1 CE2 P1P2 BGP (Dest = RD:10.1.1, Next-Hop = PE2, Label = X) Dest = /24 IGP Label for PE2 via LDP/RSVP IGP Label for PE2 via LDP/RSVP IGP Label for PE2 via LDP/RSVP

28 MPLS VPNs © 2000, Cisco Systems, Inc. Scalability - “divide and conquer” (1) Two levels of labels to keep P routers free of all the VPN routing information (2) PE router has to maintain routes only for VPNs whose sites are directly connected to the PE router (3) Partition BGP Route Reflectors within the VPN Service Provider among VPNs served by the Provider  No single component within the system is required to maintain all routes for all the VPNs  Capacity of the system isn’t bounded by the capacity of an individual component

29 MPLS VPNs © 2000, Cisco Systems, Inc. BGP/MPLS VPN - Summary Supports large scale VPN services Increases value add by the VPN Service Provider Decreases Service Provider’s cost of providing VPN services Simplifies operations for VPN customers Mechanisms are general enough to enable VPN Service Provider to support a wide range of VPN customers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.