mpls concepts. time to certify

MPLS Introduction Time to Certify

Nov 2011. Version 1.0

Copyright Time to Certify. All rights reserved.

TIME TO CERTIFY “YOUR ONLINE RESOURCE FOR IT CERTIFICATION”

This MPLS Introduction Training is a courtesy of

[email protected]


MPLS Introduction

§ What is MPLS and how does it work

§ MPLS Labels and Label Switched Paths

§ MPLS Forwarding

§ MPLS Label Distribution Protocol (LDP)

§ MPLS Virtual Private Networks (VPNs)

§ MPLS Layer 2 VPNs

§ MPLS Layer 3 VPNs

Page § 3


What is MPLS?

§  MPLS = Multi Protocol Label Switching

§  MPLS is a technology that tags traffic with “Labels” being used for fast switching of packets through the network based on a simplified header

§  Originally created to simplify traditional forwarding mechanisms such IP Routing §  Slow mechanisms that required CPU consumption and lookups into the Routing Tables

§  Providing the benefit of additional functionality: §  Virtual Private Networks §  Traffic Engineering

§  Hardware evolution has made the fast switching (original motivation for MPLS) not so relevant but additional services provided are still beneficial

§  Runs on top of a variety of Layer 2 technologies such as ATM, FR, PPP, POS, Ethernet


MPLS Operation (1)

§ MPLS adds a Label to the Layer 2 frame structure and uses it for switching packets in a fast fashion within the transport network

§ Key elements in a MPLS network are as follows: §  Provider Edge (PE) router: Adds the MPLS label to the Layer 2 frame §  Provider (P) router: Switches traffic according to the MPLS label §  Customer Equipment (CE): Injects traffic into the MPLS network

PE PE

P P

P P

CE CE


MPLS Operation (2)

PE PE

P P

P P

CE CE

At PE (Ingress Edge): Classify Traffic Add Label

At P (Core): Forward using MPLS labels (as opposed to IP addresses)

At PE (Egress Edge): Remove Labels Forward Packets

•  Label Indicates:

–  Destination (at IP layer): Each IP destination network has a different label which has local significance: label for a destination network changes in each hop.

–  Service Class: QoS treatment over the network.


MPLS Label

•  Label = 20 bits. Used for fast switching •  TOS/EXP = Class of Service, 3 bits •  S = Bottom of Stack, 1 bit •  TTL = Time to Live, 8 bits

•  Label is added after the Layer 2 MAC header

Layer 2 Frame /Layer 3 Packet MAC Header LABEL

Label EXP TOS TTL

20 3 1 8

•  Label can be added to the following Layer 2 Technologies: Ethernet, ATM, Frame Relay or PPP


MPLS. Label Switched Path

§ LSP = Label Switched Path § Path through the different P routers from ingress PE router to egress PR

router § Traffic mapped into LSP based on (at the ingress of an MPLS network): §  IP Prefix/host address § Layer 2 Circuits (ATM, FR, PPP, HDLC, Ethernet) § Groups of addresses/sites—VPN x § A Bridge/switch instance—VSI § Tunnel interface—Traffic Engineering

§ Labels have local significance (among two routers)

§ Labels are being distributed using a LDP (Label Distribution Protocol)


MPLS. Traditional Routing operation (non-MPLS)

192.168.1.15

Interface E0 192.168.1.1





Routing Table (Router A)

192.168.1.0 E0 Connected 10.0.0.0 E1 Connected 175.15.0.0 E1 10.125.1.2

Net Interface Next Hop Interface

Router A

Routing Table (Router B)

172.15.0.0 E0 Connected 10.0.0.0 E1 Connected 192.168.1.0 E1 10.125.1.1

Net Interface Next Hop Interface

S:192.168.1.15 D:172.15.0.25

1

2 Routing Table Lookup

172.15.0.0 ?? à Use E1

Next Hop Address: 10.125.1.2

S:192.168.1.15 D:172.15.0.25

3

4 Routing Table Lookup

172.15.0.0 ?? à Use E0

Host is directly connected

S:192.168.1.15 D:172.15.0.25

5

Assemble IP Packet Destination Address:

172.15.0.25

•  Routing Performed based on Destination IP •  Requires Routing Table Look up


MPLS. Label based switching






22 192.168.1.0 E0 2 1 172.15.0.0 E1 21

In Label Network Interface Out Label

Router A

PE

PE

Router B

S:192.168.1.15 D:172.15.0.25

2

Ingress PE

Adds MPLS Label

LABEL 1

3 Lookup

In Label 1 à Out Label 21, Interface E1

S:192.168.1.15 D:172.15.0.25

4 LABEL 21

5 Lookup

In Label 21 à Out Label 31, Interface E0

32 192.168.1.0 E0 22 21 172.15.0.0 E0 31

In Label Network Interface Out Label

S:192.168.1.15 D:172.15.0.25

6 LABEL 31

Egress PE

Removes MPLS Label


1 7

•  Fast Forwarding performed based on label •  Very efficiently implemented in hardware


Label Distribution Protocol (LDP)

11

Use label 4

for 128.89

Use label 9

for 128.89

E1 E1

Router A PE

Router B P

Router C PE

E0 E1 E0 NET

128.89.x.x

E0

9 192.168.1.0 E0 -- In Label Network Interface Out Label

4 192.168.1.0 E0 9 In Label Network Interface Out Label

-- 192.168.1.0 E0 4 In Label Network Interface Out Label

•  Label assigned by upstream router and distributed using LDP Protocol

•  LDP requires an routing protocol to get information about existing networks


MPLS FEC (Forwarding Equivalence Class)

§ FEC = Forwarding Equivalence Class §  Subset of traffic that has specific forwarding requirements §  Forwarding path §  Forwarding treatment (priority, QoS, etc)

§  Label Information Base (LIB) contains the FECs to Label Mapping. It is router specific

§ FEC usually corresponds to destination IP subnet §  Obtained by means of static routing / routing protocol §  Routing Protocols (IGPs) are used to obtain the IP Subnets existing in the

network that will constitute the FECs

§ FEC make use of LDP protocol §  FECs and corresponding labels are communicated to adjacent routers by means

of a Label Distribution Protocol (LDP)


MPLS. Label Information Base (LIB) and IGP

13

IP Routing Protocol

IP Routing Table

MPLS Routing Control

IP Static Routes

Routing Information Interchange

Label Binding

Interchange

IP Forwarding Table

Label Forwarding Table

Incoming IP Packets

Outgoing IP Packets

Incoming labeled Packets

Outgoing labeled Packets

Control Plane

Data Plane

LDP

IGP


MPLS all together (1)

14

E1 E1

Router A PE

Router B P

Router C PE

E0 E1 E0 NET

128.89.x.x

E0

9 192.168.1.0 E0 -- In Label Network Interface Out Label

4 192.168.1.0 E0 9 In Label Network Interface Out Label

-- 192.168.1.0 E0 4 In Label Network Interface Out Label

OSPF – Discovery of Network Topology

LDP – Label Assignment and Discovery

MPLS – Packet Forwarding based on labels

1

2

3


MPLS all together (2)

15

E1 E1

Router A PE

Router B P

Router C PE

E0 E1 E0 NET

128.89.x.x

E0

9 128,89 E0 -- In Label Network Interface Out Label

4 128.89 E0 9 In Label Network Interface Out Label

-- 128.89 E0 4 In Label Network Interface Out Label

1.  OSPF runs in the Network 2.  Router B learns about 128.89.x.x over OSPF 3.  Router B forwards to Router A the label to be used when sending packets to

128.89.x.x (Label 4) using LDP 4.  Router A sends packets to Router B for a destination host in 128.89 using

the LDP label provided by Router B (Label 4) 5.  Router B will forward the packets to Router C only based on incoming label

and will switch the label to the one provided by Router C for this network (Label 9)


MPLS. Virtual Private Networks

§ VPN = Virtual Private Network

§ VPN is a set of sites which are allowed to communicate with each other

§ VPN is defined by a set of administrative policies determining §  Connectivity: Which site can connect to each site §  QoS characteristics of traffic among sites

§ Two types of VPNs §  L2 VPNs. Provide end to end connectivity at Layer 2 among sites §  L3 VPNs. Provide end to end connectivity at Layer 3 among sites

16


MPLS. VPNs and MPLS Labels

Payload IP or L2 Header L2 L1 Frame

Header

S=0 Next Hop

Label

VPN Label

•  Membership to a VPN is indicated by adding an extra MPLS Label. –  New Label is know as the VPN ID

•  The S bit is set to 0 in the first label and set to 1 in the second one to indicate no more labels have been added to the layer 2 frame –  A number of labels can be added to carry VPNs on top of VPNs. Only

the last one sets the S bit to 1

S=1 End of

Labels


MPLS. L2 VPN vs L3 VPN (1)

§ Layer 2 VPNs § Customer End points (CEs) appear as connected at layer 2 §  IP Routing among sites is responsibility of the CEs as the network

acts as a layer 2 transparent carrier § Routing protocol must be configured among CE routers

§ Multiple logical connections are established from each end point of the VPN into each of the other end points where connectivity at layer 2 must be established § Mesh of connections

18


MPLS. L2 VPN vs L3 VPN (2)

§ Layer 3 VPNs §  Customer End points (CEs) peer with provider edge (PE) routers § Single peering relationship using a routing protocol

§  Provider network is responsible for distributing IP routing information to VPN sites §  Using MP-BGP

§  Separation of routing tables among VPNs §  Isolation of traffic in different VPNs § Possibility of overlapping IPs § Different Virtual Routing Functions in each PE for each VPN §  A routing function is a virtual router

In Layer 3 VPNs, multiple networks with isolated routing can be established between different locations

19


MPLS. Layer 2 VPNs

20

•  Layer 2 VPNs are used to transport any type of L2 traffic across a shared infrastructure

•  Two main flavors of L2 VPNs: –  VPLS (Virtual Private LAN Service): Applications requiring multipoint

or broadcast access. Emulation of Ethernet Network connecting multiple sites

–  VPWS (Virtual Pseudo Wire Service): L2 point to point emulation

•  Two main VPWS technologies: –  Any Transport over MPLS (AToM). Uses MPLS to provide L2 services –  L2TPv3 (L2 Transport Protocol): Emulation of VPNs over non-MPLS

enabled networks (pure IP)


MPLS. Layer 2 VPN Types

L2VPN VPWS

Point to Point VPLS

Multipoint

AToM Any Transport over MPLS L2TPv3

Ethernet Frame- relay

ATM AAL5 & CELL

PPP HDLC

Ethernet (ERS & EWS)


MPLS. Layer 2 VPN. Any Transport over MPLS (AToM)

•  AToM provides L2 circuit emulation over MPLS

•  Encapsulation format is defined in a standard known as “Draft Martini” –  Historical IETF Draft (2001). “Encapsulation Methods for

Transport of Layer 2 Frames Over MPLS” –  Draft became RFC 4906 “Transport of Layer 2 Frames Over

MPLS” –  Name comes from the lead author of the RFC:

Luca Martini Cisco Systems, Inc. EMail: [email protected]


MPLS. Layer 2 VPN. Any Transport Over MPLS (AToM)

PE PE

Virtual Circuit

Tunnel LSP

Pseudo Wire

CE

CE

CE

CE

P

Emulated Virtual Circuit (Emulated VC) Attachment

Virtual Circuit

Attachment

VC

Attachment Virtual Circuit

Attachment

VC

MPLS Network

•  Circuits at each side of the MPLS network are connected at Layer 2 by an LSP tunnel know as pseudo-wire

•  Attachment circuits can be Ethernet, Frame Relay, ATM, etc.


MPLS. L2 VPN. Any Transport Over MPLS (AToM)

•  Transport of L2 frames over MPLS is build around two concepts: –  Tunnel LSP: LSP between two PE routers acting as end points

for the devices willing to communicate at Layer 2. Every tunnel has a tunnel label (external MPLS label)

–  Virtual Circuit (VC): Communication circuit over a LSP tunnel: Every VC has its VC label (internal MPLS Label)

PE PE

ATM Circuit

FR Circuit

Ethernet 801.Q Ethernet

ATM Circuit

FR Circuit

Ethernet 801.Q Ethernet

Tunnel

Virtual Circuit


MPLS. Layer 2 VPN. Any Transport Over MPLS (AToM)

•  When AToM is used to transport Ethernet frames is known as EoMPLS (Ethernet over MPLS)

•  EoMPLS is a mechanism for establishing Layer 2 VPNs


MPLS. Layer 2 VPNs. Control/Data Plane Operation

PE1 PE2

CE1 CE2

P1

Customer A Site 2

P2 10.10.10.101

172.16.10/24

172.16.1.0/24

.1 .2

10.10.10.0/30

.1 .2

10.10.10.4/30

.5 .6

10.10.10.8/30

.7 .8 172.16.20.0/24

172.16.2.0/24

.1 .2

Customer A Site 1

10.10.10.101/32 Label: L1

2a 10.10.10.101/32

Label: L2

2b 10.10.10.101/32

Label: L3

2c LDP

IGP 10.10.10.101/32

1 10.10.10.101/32

1 1 10.10.10.101/32

Control Plane

L3 VC1 Ethernet

Frame

L2 VC1 Ethernet

Frame

L1 VC1 Ethernet

Frame

Ethernet Frame

Ethernet Frame

Note: Frame Format corresponds to Draft Martini

Data Plane


MPLS. Layer 2 VPN. Point to Point Services (VPWS)

27

PE PE CE CE

•  Set of point to point circuits (Pseudo Wires – PSW) established within the MPLS cloud

•  Mapping into PSW: –  EWS (Ethernet Wire Service): Mapping based on port –  ERS (Ethernet Relay Service): Mapping based on VLAN ID. Interface PE-CE is a

trunk •  Multipoint topologies emulated by multiple PWSs


MPLS. Layer 2 VPN Multipoint Services (VPLS)

28

§  MPLS network behaves as a switch for CEs

§  Mapping at PE into VPLS circuit based on physical port or VLAN ID

§  Full Multipoint topologies (made of individual “circuits”)

§  PE Routers are aware of all MAC addresses in the VPLS domain

PE PE CE CE MAC 1

MAC 2

PE

CE MAC 3

Address Tx/Rx MAC1 102/201 MAC2 Ethernet MAC3 302/203

Address Tx/Rx MAC1 Ethernet MAC2 201/102 MAC3 301/103

Address Tx/Rx MAC1 103/301 MAC2 203/302 MAC3 Ethernet

201

102 302

203

301

103

MPLS Network


MPLS. Layer 3 VPN. Architecture

PE PE

CE

•  L3 VPN provides isolation for traffic coming from different customers crossing a shared infrastructure (MPLS net)

•  Isolation provides further benefits –  Security –  IP Address overlapping capabilities

•  Two planes: –  Control Plane: Layer 3 reachability information interchange + Label Distribution –  Data Plane: Labeling of unlabeled traffic (PE) + Forwarding of labeled traffic (P)

CE

CE

CE

P P

P P

Customer A Site 1

Customer A Site 2

Customer B Site 1

Customer B Site 2


MPLS. Layer 3 VPN. PE Isolation of Traffic

•  Routing and Traffic Isolation is achieved by means of different routing instances at the PE

–  Routing Instance = Routing Context = Virtual Routing & Forwarding Table (VRF) –  Each router instance is only aware of the subnets belonging to a specific VPN à

ISOLATION of VPNs –  Default Routing Instance

–  Traffic not mapped into a VRF is processed by the default routing instance. –  Known as Global Routing Table (GRT)

•  Once traffic goes into a LSP, the P routers treat it according to the FEC specific policies

•  In a Layer 3 VPN, routing among sites is transparently provided by the MPLS network to the customer

–  PEs are aware of all the networks belonging to a specific VPN/VRF –  Routing information is exchanged among PEs by means of MP-BGP (Multi

Protocol BGP) •  PE becomes aware of the routes existing on each customer site by

means of a routing protocol running between CE and PE


MPLS. Layer 3 VPN. Routing Instances

Global Routing Table (GRT)

Customer A VRF Net1 Net2

Customer B VRF Net 3 Net 4

MP-BGP Route Interchange

PE Router

CE Customer A

Site 1 Net 1

CE Customer B

Site 1 Net 3

MPLS Network

Global Routing Table (GRT)

Customer A VRF Net1 Net2

Customer B VRF Net 3 Net 4

PE Router

CE

CE

Customer A Site 2

Net 2

Customer B Site 2

Net 4

CE to PE Interface Customer Routes Interchange -  Static Routing -  Routing Protocol (RIP, OSPF, EIGRP, BGP)

CE to PE Interface Customer Routes Interchange -  Static Routing -  Routing Protocol (RIP, OSPF, EIGRP, BGP) Net 1, Net 3

Net 2, Net 4


MPLS. Layer 3 VPN. Route Distinguisher

•  L3 VPNs allow for IP overlapping (two VPNs using the same IP Space) as VPNs are being handled by different Routing contexts

•  Route Distinguisher = RD is a 64 bits identifier prepended to any IPv4

route used to identify the VPN the route belongs to –  Unique RD is configured per VPN/VRF –  RD Format: Autonomous System (AS) Number : VPN Identifier. Example: 1:200

•  Route Target = RT is a 64 bit identifier used as part of the MP-BGP Attributes (Extended Community) to signify which routes should be exported/imported into a specific VRF

–  Export Route Target à Routes Target attribute on exported routes (multiple possible)

–  Import Route Target à Routes to be imported from MP-BGP Updates –  Route targets are used to have a site belonging to multiple VPNs. Also known as

route leaking


Routing Table VRF B 192.168.11.0

MPLS. Layer 3 VPN. MP-BGP Operation

MP-BGP

Customer A VRF RD: 1:100

Export RT:1:100 Import RT:1:100

MP-BGP Route Interchange

PE Router

CE

Customer A Site 1

CE

Customer B Site 1

MPLS Network

MP-BGP

PE Router

CE

CE

Customer A Site 2

Customer B Site 2

Customer B VRF RD: 1:101

Export RT:1:101 Import RT:1:101

Customer A VRF RD: 1:100

Customer B VRF RD: 1:100

Import RT:1:100

1 2

3

1:100:172.2.16.0/24 RT:1:100

VPN LABEL: V1 NH: 10.10.10.101

1:101:192.168.10.0/24 RT:1:101

VPN LABEL: V2 NH: 10.10.10.101

4

5 Routing Table VRF A 172.2.17.0

Routing Table VRF B 192.168.10.0 192.168.11.0 172.2.16.0

Routing Table VRF A 172.2.16.0 172.2.17.0 6

Loopback IP: 10.10.10.101


MPLS. Layer 3 VPN. MP-BGP Updates

1

PE Router

Routing information is propagated from the CE to the PE routers by means of the routing protocol running on the CE to PE interface (RIP, OSPF, BGP, EIGRP)

2 Routes get injected into the specific VRF/Routing Context

Routing Protocol CE-PE

3 Routes get forwarded to the MP-BGP process according to the export RT

MP-BGP

PE Router

4 Routing update is being propagated through MP-BGP (iBGP) to update the neighbor PEs. Routes contain the RT attribute (extended community)

5 Routes get populated into the right VRFs/Routing Context according to the import RT criteria

6 VRF Routing table gets updated


MPLS. Layer 3 VPN. Control Plane Protocols

PE PE CE CE

P Customer A

Site 1 Customer A

Site 2

MP-BGP

IGP/LDP IGP/LDP

IGP/BGP

Static

IGP/BGP

Static


MPLS. Layer 3 VPN. Control Plane Operation

PE PE

CE CE

P1

Customer A Site 1

Customer A Site 2

P2

VRF A RD 1:100 Export RT 1:100 Import RT 1:100


10.10.10.101

10.10.10.101/32 Label: L1

2a 10.10.10.101/32

Label: L2

2b 10.10.10.101/32

Label: L3

2c

1:100:172.16.10.0/24 RT 1:100

NH: 10.10.10.101 VPN Label: V1

4 MP-BGP

LDP

CE to PE Static/

IGP/BGP

IGP

172.16.10.0/24

3 6 172.16.10.0/24

10.10.10.101/32

1 10.10.10.101/32

1 1 10.10.10.101/32

172.16.10/24

Routing Table VRF A Prefix Next Hop 172.16.10.0/24 10.10.10.101

5


MPLS. Layer 3 VPN. Control Plane Operation (1)

1

CE to PE Interface (static/IGP/BGP)

Routing information about IP addresses reachable within the MPLS cloud gets propagated

3 172.16.10.0/24 network is made known to PE router (static/IGP/BGP)

Intra MPLS Cloud IGP

LDP

MP-BGP

2a PE assigns to 10.10.10.101/32 an Implicit-Null Label and propagates it using LDP (penultimate hop popping)

4 MP-BGP propagates the route to 172.16.10.0 using the following attributes: NEXT-HOP (NH): 10.10.10.101 (IP address of PE Router) Route Target (RT): 1:100 (as configured) VPN Label: Assigned by PE to the VPN

2b P1 assigns L1 to 10.10.10.101/32 and distributes this label using LDP

2c P2 assigns L2 to 10.10.10.101/32 and distributes this label using LDP


MPLS. Layer 3 VPN. Control Plane Operation (2)

5 VRF A routing table gets updated

MP-BGP (continuation)

Note 1: NH, RT and VPN Label are not attributes per se but fields on MP_REACH_NLRI MP-BGP attribute

CE to PE Interface (static/IGP/BGP)

6 PE updates CE by means of the IGP protocol running in the CE to PE interface


MPLS. Layer 3 VPN. Control Plane Operation. RTs/LIBs

PE1 PE2

CE1 CE2

P1

Customer A Site 2

P2 10.10.10.101

172.16.10/24


172.16.1.0/24

.1 .2

10.10.10.0/30

.1 .2

10.10.10.4/30

.5 .6

10.10.10.8/30

.7 .8 172.16.20.0/24

172.16.2.0/24

.1 .2

Customer A Site 2

Routing Table P1 Prefix Next Hop 10.10.10.101/32 10.10.10.1

Routing Table P2 Prefix Next Hop 10.10.10.101/32 10.10.10.5

Routing Table GRT + VRF A Prefix Next Hop 10.10.10.101/32 10.10.10.7 GRT 172.16.10.0/24 10.10.10.101 VRF A

Routing Table CE2 Prefix Next Hop 172.16.10.0/24 172.16.2.1

Label Information Base PE2 Prefix Out L 10.10.10.101/32 L3

Label Information Base PE2 In L Out L L2 L3 L3 L2



MPLS. Layer 3 VPN. Data Plane Operation

CE CE

Customer A Site 1

Customer A Site 2



PE1 PE2 P1 P2 10.10.10.101

L3 V1

IP Packet

Destination IP: 172.16.10.5

L2 V1

IP Packet


L1 V1

IP Packet


IP Packet


IP Packet


Routing Table GRT + VRF A Prefix Next Hop 10.10.10.101/32 10.10.10.7 GRT 172.16.10.0/24 10.10.10.101 VRF A

Label Information Base PE2 Prefix Out L 10.10.10.101/32 L3 Label

Information Base PE2 In L Out L L2 L3 L3 L2




MPLS. The real horse power of MPLS

•  FEC = Subset of Traffic characterized by: •  Forwarding Path •  Forwarding Treatment

•  MPLS has powerful mechanisms for influencing the FECs and therefore the paths and treatment that traffic is exposed to.

MPLS Routing Control

Multicast Routing Control

MPLS VPNs

MPLS Traffic

Engineering

MPLS Quality of Service

Label Information Base


TIME TO CERTIFY “YOUR ONLINE RESOURCE FOR IT CERTIFICATION”

This MPLS Introduction Training is a courtesy of

[email protected]

mpls concepts. time to certify

Education