Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internetworking II: MPLS, Security, and Traffic Engineering

Published byRamon Hindes Modified over 9 years ago

Similar presentations

Presentation on theme: "Internetworking II: MPLS, Security, and Traffic Engineering"— Presentation transcript:

1 Internetworking II: MPLS, Security, and Traffic Engineering
3035/GZ01 Networked Systems Kyle Jamieson Department of Computer Science University College London

2 Last time: Internetworking
IP interconnects many heterogeneous networks The Internet is a datagram network Each datagram has enough information to allow any switch to decide how to get it to its destination IP is simple and responsible for Internet’s success But, IP leaves certain questions unresolved: What to do about the complexity of the longest-prefix match (LPM) for IP address lookup? What about privacy? What if we want more control over where traffic goes? Datagram contains destination address, routers make independent decisions based only on the destination address. Networked Systems 3035/GZ01

3 Today Three topics that address IP’s shortcomings: MPLS
Virtual private networks Traffic engineering in the Internet

4 Multiprotocol label switching (MPLS)
Widely-used part of the Internet’s architecture, but largely hidden from end-users MPLS is a virtual circuit (VC) network Unlike IP, MPLS establishes one or more connections (circuits) before moving data from A to B Unlike IP, switches keep connection state Like IP, MPLS sends packets over the connection Connection is switch state. B A

5 Label-switched forwarding
MPLS routers forward based on labels instead of IP address Labels have a fixed length, unlike CIDR IP addresses Labels have local scope, unlike IP addresses: they only have meaning within one MPLS router Where are the labels? Inserted between the link- and network-layer headers, so encapsulating the IP datagram: MPLS is a “Layer-2.5” protocol Ethernet header IP header IP payload Ethernet trailer MPLS header Label Networked Systems 3035/GZ01

6 Comparison: IP address-based forwarding
R3 and R4 each have one connected network R1 and R2 have IP routing tables indicating which outgoing interface to use for each of the two networks

7 MPLS label-switched forwarding: Advertising labels
“Please attach label 15 to all packets for /24” R2 allocates labels 15, 16 and advertises Routers allocate, advertise a label for each routing table prefix Can think of labels as indices into the allocating router’s table

8 MPLS label-switched forwarding: Attaching labels
15 On hearing advertisement, neighboring router stores the remote label in its table alongside the prefix it represents Routers attach the corresponding label to outgoing packets.

9 MPLS label-switched forwarding: Forming the virtual circuit
24 15 R3 allocates and advertises an index (24) for prefix /24 “Threaded indices” of labels get built up over multiple hops MPLS forwarding rule: Replace an incoming packet’s matching label with the corresponding remote label MPLS routers’ label state forms a virtual circuit

10 Label edge routers accept IP packets
15 R1 is a label edge router (LER), the first MPLS router at which a certain IP packet arrives R1 must perform a complete LPM IP lookup to apply label 15 Thereafter, MPLS routers only look at labels, avoiding LPM

11 Today Three topics that address IP’s shortcomings: MPLS
Virtual private networks Traffic engineering in the Internet

12 Private networks Internet addresses are globally routable: can send an IP packet to any device with a public IP address Sometimes, we want to restrict connectivity among nodes in the network as a whole Confidentiality Immunity from attack (denial-of-service, et al.) Corporations, governments often lease private lines and use these to interconnect different sites Networked Systems 3035/GZ01

13 Virtual private networks (VPNs)
Useful property: VC requires that a circuit be established before data can flow VPNs use VCs in the Internet to restrict communication But, the Internet is a datagram network So we need a way of creating a VC there Corporations, governments often lease private lines and use these to interconnect sites (private networks, picture (a) above). (b) Use the Internet and MPLS instead.

14 IP tunnels Configure R1 with the IP address of R2.
Encapsulate packets inside IP datagrams with destination address of R2.

15 IP tunnels 1 Network number Interface 1 Interface 0 2 Virtual interface 0 (default) Interface 1 Since R2’s address is in network 18, packets forwarded out virtual interface 0 will leave by default route, interface 1. Supplement tunneling with encryption to make the network truly private. To set up the IP tunnel, encapsulate IP datagrams leaving virtual interface 0 in an IP datagram addressed to R2 R2 drops encapsulated IP packets not signed by R1

16 Today Three techniques that address IP’s shortcomings: MPLS
Virtual private networks Traffic engineering MPLS explicit routing IP anycast

17 IP’s source routing option
Suppose we want to pick a different route for a packet than the one IP forwarding would choose But source routing isn’t widely used. Why? Limited number of hops can be specified Processed on “slow path” of most IP routers Sometimes want different paths for datagrams with the same destination IP address To balance traffic load, e.g. Concept behind this is source routing. Source chooses path a packet follows by attaching list of interfaces. Each time you flip the list of interfaces. IP source (often client) determines the packet’s route

18 Explicit routing with MPLS
Service provider’s LER picks the route, not the IP source Suppose we want to load-balance R1  R7 and R2  R7 traffic Could IP routing handle this? Not here: IP routing only looks at destination, not source Flows from R1 and R2 both have destination R7 Solution: Tag packets at R1, R2 with different MPLS labels Threaded indices then accomplish the desired routing LER = label edge router

19 Today Three techniques that address IP’s shortcomings: MPLS
Virtual private networks Traffic engineering in the Internet MPLS explicit routing IP anycast

20 Not unicast Unicast: a single IP host receives all traffic
Abstract diagram; considering all links equal cost Traffic from node 2.2 to node 7.1 Unicast: a single IP host receives all traffic [Slide credit: CMU Network Group]

21 Not IP multicast Multicast group address: Nodes 1.2, 3.1, 5.3 all subscribe to multicast stream Node 2.2 sending to multicast group address IP multicast: Many hosts receive all traffic to a number of hosts (a multicast group) [Slide credit: CMU Network Group]

22 IP anycast Multiple hosts are configured to accept traffic on a single IP address Usually, just one host receives each datagram Datagram can be dropped like any other (best effort) Preferably only one node receives packet, but there are no absolute guarantees The host that receives a specific datagram is determined by the underlying Internet routing Vast majority of the time, only one node gets the packet. (That’s really the whole point.)

23 IP anycast Three nodes configured with anycast address (10.5.0.1)
[Slide credit: CMU Network Group]

24 IP anycast Paths to different destinations have equal cost metrics in A’s routing table, so A picks just one next hop [Slide credit: CMU Network Group]

25 IP anycast Sequential datagrams may be delivered to different anycast nodes Three sequential packets (labelled 1, 2, 3) follow different paths FLOW CACHING [Slide credit: CMU Network Group]

26 IP anycast Traffic from different immediately-preceding hops may follow separate paths [Slide credit: CMU Network Group]

27 IP anycast Server receiving a packet is determined by unicast routing
Sequential packets from a client to an anycast address may be delivered to different servers Best used for single request/response type protocols [Slide credit: CMU Network Group]

Download ppt "Internetworking II: MPLS, Security, and Traffic Engineering"

Similar presentations

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv4 20.3 IPv6.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.
20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

20.1 Chapter 20 Network Layer: Internet Protocol Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.

1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Chapter 18 Introduction to Network Layer 18.# 1

Chapter 18 Introduction to Network Layer 18.# 1
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
1 o Two issues in practice – Scale – Administrative autonomy o Autonomous system (AS) or region o Intra autonomous system routing protocol o Gateway routers.

1 o Two issues in practice – Scale – Administrative autonomy o Autonomous system (AS) or region o Intra autonomous system routing protocol o Gateway routers.
© Jörg Liebeherr ECE 1545 Packet-Switched Networks.

© Jörg Liebeherr ECE 1545 Packet-Switched Networks.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
5: DataLink Layer5-1 Cerf & Kahn’s Internetwork Architecture What is virtualized? r two layers of addressing: internetwork and local network r new layer.

5: DataLink Layer5-1 Cerf & Kahn’s Internetwork Architecture What is virtualized? r two layers of addressing: internetwork and local network r new layer.
1 Comnet 2010 Communication Networks Recitation 7 Lookups & NAT.

1 Comnet 2010 Communication Networks Recitation 7 Lookups & NAT.
4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.

4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.
Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
1 Chapter 8 Local Area Networks - Internetworking.

1 Chapter 8 Local Area Networks - Internetworking.
Multicast Communication

Multicast Communication

Similar presentations

Ads by Google