Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 MPLS John Jamison University of Illinois at Chicago November 17, 2000 Whats in it for Research & Education Networks?

Similar presentations


Presentation on theme: "1 MPLS John Jamison University of Illinois at Chicago November 17, 2000 Whats in it for Research & Education Networks?"— Presentation transcript:

1 1 MPLS John Jamison University of Illinois at Chicago November 17, 2000 Whats in it for Research & Education Networks?

2 2 Juniper Networks Product Family Nov 1999 M20 Sept 1998 M40 Mar 2000 M160 Sept 2000 M5 M10

3 3 Juniper Networks Research and Education Customers MCI Worldcom – vBNS/vBNS+ MCI Worldcom – vBNS/vBNS+ Department of Energy – ESnet Department of Energy – ESnet DANTE - TEN-155 (Pan-European Research & Education Backbone) DANTE - TEN-155 (Pan-European Research & Education Backbone) NYSERNet – New York State Education & Research Network NYSERNet – New York State Education & Research Network Georgia Tech – SOX GigaPoP Georgia Tech – SOX GigaPoP University of Washington – Pacific/Northwest GigaPoP University of Washington – Pacific/Northwest GigaPoP STAR TAP (International Research & Education Network Meet Point) STAR TAP (International Research & Education Network Meet Point) APAN (Asia Pacific Advanced Network) Consortium APAN (Asia Pacific Advanced Network) Consortium NOAA (National Oceanographic and Atmospheric Administration) NOAA (National Oceanographic and Atmospheric Administration) NASA – Goddard Space Flight Center NASA – Goddard Space Flight Center NIH (National Institutes of Health) NIH (National Institutes of Health) DoD (Department of Defense) DoD (Department of Defense) US Army Engineer Research and Development Center US Army Engineer Research and Development Center University of Illinois – NCSA (National Center for Supercomputing Applications) University of California, San Diego - SDSC (San Diego Supercomputer Center) University of Southern California, Information Sciences Institute Indiana University Stanford University University of California, Davis California Institute of Technology North Carolina State University University of Alaska University of Hiroshima, Japan Korea Telcom Research Lab ETRI (Electronic and Transmission Research Institute), Korea

4 4 Original Agenda MPLS Fundamentals MPLS Fundamentals Traffic Engineering Traffic Engineering Constraint-Based Routing Constraint-Based Routing Refreshment Break Refreshment Break Virtual Private Networks Virtual Private Networks Optical Applications for MPLS Signaling (GMPLS/MPλS) Optical Applications for MPLS Signaling (GMPLS/MPλS) Juniper Networks Solutions Juniper Networks Solutions Questions and Comments Questions and Comments

5 5 Our Agenda MPLS Overview MPLS Overview Traffic Engineering Traffic Engineering VPNs VPNs

6 6 What are we missing out on? A bunch of pure marketing slides A bunch of pure marketing slides A bunch of filler slides A bunch of filler slides Slides with content that is of interest mainly to ISPs Slides with content that is of interest mainly to ISPs Here is how you can use MPLS to bring in more revenue, offer different services, etc. Here is how you can use MPLS to bring in more revenue, offer different services, etc. Some Details of MPLS Signaling Protocols and RFC 2547 VPNs Some Details of MPLS Signaling Protocols and RFC 2547 VPNs You can (and should) only cover so much in one talk You can (and should) only cover so much in one talk Some MP(Lambda)S Details Some MP(Lambda)S Details Seems too much like slide ware right now Seems too much like slide ware right now

7 7 What are we gaining? Besides being spared marketing and ISP centric stuff: Besides being spared marketing and ISP centric stuff: We will see some examples from networks and applications we are familiar with We will see some examples from networks and applications we are familiar with We will save some time and cover almost as much information We will save some time and cover almost as much information

8 8 Why Is MPLS an Important Technology? Fully integrates IP routing & L2 switching Fully integrates IP routing & L2 switching Leverages existing IP infrastructures Leverages existing IP infrastructures Optimizes IP networks by facilitating traffic engineering Optimizes IP networks by facilitating traffic engineering Enables multi-service networking Enables multi-service networking Seamlessly integrates private and public networks Seamlessly integrates private and public networks The natural choice for exploring new and richer IP service offerings The natural choice for exploring new and richer IP service offerings Dynamic optical bandwidth provisioning Dynamic optical bandwidth provisioning

9 9 What Is MPLS? IETF Working Group chartered in spring 1997 IETF Working Group chartered in spring 1997 IETF solution to support multi-layer switching: IETF solution to support multi-layer switching: IP Switching (Ipsilon/Nokia) IP Switching (Ipsilon/Nokia) Tag Switching (Cisco) Tag Switching (Cisco) IP Navigator (Cascade/Ascend/Lucent) IP Navigator (Cascade/Ascend/Lucent) ARIS (IBM) ARIS (IBM) Objectives Objectives Enhance performance and scalability of IP routing Enhance performance and scalability of IP routing Facilitate explicit routing and traffic engineering Facilitate explicit routing and traffic engineering Separate control (routing) from the forwarding mechanism so each can be modified independently Separate control (routing) from the forwarding mechanism so each can be modified independently Develop a single forwarding algorithm to support a wide range of routing and switching functionality Develop a single forwarding algorithm to support a wide range of routing and switching functionality

10 10 MPLS Terminology Label Label Short, fixed-length packet identifier Short, fixed-length packet identifier Unstructured Unstructured Link local significance Link local significance Forwarding Equivalence Class (FEC) Forwarding Equivalence Class (FEC) Stream/flow of IP packets: Stream/flow of IP packets: Forwarded over the same path Forwarded over the same path Treated in the same manner Treated in the same manner Mapped to the same label Mapped to the same label FEC/label binding mechanism FEC/label binding mechanism Currently based on destination IP address prefix Currently based on destination IP address prefix Future mappings based on SP-defined policy Future mappings based on SP-defined policy

11 11 MPLS Terminology Label Swapping Label Swapping Connection table maintains mappings Connection table maintains mappings Exact match lookup Exact match lookup Input (port, label) determines: Input (port, label) determines: Label operation Label operation Output (port, label) Output (port, label) Same forwarding algorithm used in Frame Relay and ATM Same forwarding algorithm used in Frame Relay and ATM Port 1 Port 3 Port 2 Port 4 Connection Table In (port, label) Out (port, label) (1, 22) (1, 24) (1, 25) (2, 23) (2, 17) (3, 17) (4, 19) (3, 12) Label Operation Swap 25IP 19IP

12 12 MPLS Terminology Label-Switched Path (LSP) Label-Switched Path (LSP) Simplex L2 tunnel across a network Simplex L2 tunnel across a network Concatenation of one or more label switched hops Concatenation of one or more label switched hops Analogous to an ATM or Frame Relay PVC Analogous to an ATM or Frame Relay PVC SanFrancisco New York LSP

13 13 MPLS Terminology SanFrancisco New York LSP LSR LSR LSR LSR Label-Switching Router (LSR) Label-Switching Router (LSR) Forwards MPLS packets using label-switching Forwards MPLS packets using label-switching Capable of forwarding native IP packets Capable of forwarding native IP packets Executes one or more IP routing protocols Executes one or more IP routing protocols Participates in MPLS control protocols Participates in MPLS control protocols Analogous to an ATM or Frame Relay Switch (that also knows about IP) Analogous to an ATM or Frame Relay Switch (that also knows about IP)

14 14 MPLS Terminology SanFrancisco New York LSP Ingress LSR (head-end LSR) Ingress LSR (head-end LSR) Examines inbound IP packets and assigns them to an FEC Examines inbound IP packets and assigns them to an FEC Generates MPLS header and assigns initial label Generates MPLS header and assigns initial label Transit LSR Transit LSR Forwards MPLS packets using label swapping Forwards MPLS packets using label swapping Egress LSR (tail-end LSR) Egress LSR (tail-end LSR) Removes the MPLS header Removes the MPLS header IngressLSR TransitLSR TransitLSR EgressLSR

15 15 MPLS Header Fields Fields Label Label Experimental (CoS) Experimental (CoS) Stacking bit Stacking bit Time to live Time to live IP packet is encapsulated by ingress LSR IP packet is encapsulated by ingress LSR IP packet is de-encapsulated by egress LSR IP packet is de-encapsulated by egress LSR TTLLabel (20-bits)CoSS IP Packet 32-bits L2 Header MPLS Header

16 16 134.5.1.5 200.3.2.7 200.3.2.1 134.5.6.1 Routing Table DestinationNext Hop 134.5/16 200.3.2/24 12.29.31.5 Destination Routing Table Next Hop 134.5/16 200.3.2/24 134.5.6.1 200.3.2.1 IP Packet Forwarding Example 200.3.2.7 3 5 2 12.29.31.4 12.29.31.1 Routing Table DestinationNext Hop 134.5/16 200.3.2/24 12.29.31.5 12.29.31.9 12.29.31.5 Routing Table DestinationNext Hop 134.5/16 200.3.2/24 12.29.31.5 12.29.31.4 12.29.31.9 200.3.2.7

17 17 134.5.1.5 200.3.2.7 1 2 200.3.2.1 134.5.6.1 Ingress Routing Table DestinationNext Hop 134.5/16 200.3.2/24 (2, 84) (3, 99) MPLS Table InOut (1, 99)(2, 56) MPLS Table InOut (3, 56)(5, 0) Destination Egress Routing Table Next Hop 134.5/16 200.3.2/24 134.5.6.1 200.3.2.1 MPLS Forwarding Example 200.3.2.7 99 0 MPLS Table InOut (2, 84)(6, 0) 200.3.2.7 56 3 5 2 3 26

18 18 How Is Traffic Mapped to an LSP? Map LSP to the BGP next hop Map LSP to the BGP next hop FEC = {all BGP destinations reachable via egress LSR} FEC = {all BGP destinations reachable via egress LSR} 134.5.1.5 Egress LSR AS 45 AS 63 AS 77 Transit SP LSP 32 I-BGP peers 134.5.1.5 E-BGPpeersE-BGPpeers BGPBGP BGPBGP Routing Table 134.5/16 LSP 32 Ingress LSR

19 19 How are LSPs Set Up? Two approaches: Two approaches: Manual Configuration Manual Configuration Using a Signaling Protocol Using a Signaling Protocol LSP Ingress LSR Egress LSR

20 20 MPLS Signaling Protocols The IETF MPLS architecture does not assume a single label distribution protocol The IETF MPLS architecture does not assume a single label distribution protocol LDP LDP Executes hop-by-hop Executes hop-by-hop Selects same physical path as IGP Selects same physical path as IGP Does not support traffic engineering Does not support traffic engineering RSVP RSVP Easily extensible for explicit routes and label distribution Easily extensible for explicit routes and label distribution Deployed by providers in production networks Deployed by providers in production networks CR-LDP CR-LDP Extends LDP to support explicit routes Extends LDP to support explicit routes Functionally identical to RSVP Functionally identical to RSVP Not deployed Not deployed

21 21 How Is the LSP Physical Path Determined? Two approaches: Two approaches: Offline path calculation (in house or 3rd party tools) Offline path calculation (in house or 3rd party tools) Online path calculation (constraint-based routing) Online path calculation (constraint-based routing) A hybrid approach may be used A hybrid approach may be used LSP Ingress LSR Egress LSR

22 22 Offline Path Calculation Simultaneously considers Simultaneously considers All link resource constraints All link resource constraints All ingress to egress traffic trunks All ingress to egress traffic trunks Benefits Benefits Similar to mechanisms used in overlay networks Similar to mechanisms used in overlay networks Global resource optimization Global resource optimization Predictable LSP placement Predictable LSP placement Stability Stability Decision support system Decision support system In-house and third-party tools In-house and third-party tools

23 23 Ingress LSR Egress LSR LSP Offline Path Calculation Input to offline path calculation utility: Input to offline path calculation utility: Ingress and egress points Ingress and egress points Physical topology Physical topology Traffic matrix (statistics about city - router pairs) Traffic matrix (statistics about city - router pairs) Output: Output: Set of physical paths, each expressed as an explicit route Set of physical paths, each expressed as an explicit route R1 R3 R2 R4 R5 R6 R7 R8 R9 Explicit route = {R1, R4, R8, R9}

24 24 Explicit Routes: Example 1 LSP from R1 to R9 LSP from R1 to R9 Partial explicit route: Partial explicit route: {loose R8, strict R9} {loose R8, strict R9} LSP physical path LSP physical path R1 to R8 – follow IGP path R1 to R8 – follow IGP path R8 to R9 – directly connected R8 to R9 – directly connected Ingress LSR Egress LSR R1 R3 R2 R4 R5 R6 R7 R8 R9

25 25 Ingress LSR Egress LSR R1 R3 R2 R4 R5 R6 R7 R8 R9 Explicit Routes: Example 2 LSP from R1 to R9 LSP from R1 to R9 Full explicit route: Full explicit route: {strict R3, strict R4, strict R7, strict R9} {strict R3, strict R4, strict R7, strict R9} LSP physical path LSP physical path R1 to R3 – directly connected R1 to R3 – directly connected R3 to R4 – directly connected R3 to R4 – directly connected R4 to R7 – directly connected R4 to R7 – directly connected R7 to R9 – directly connected R7 to R9 – directly connected

26 26 Constraint-Based Routing Ingress LSR Egress LSR Online LSP path calculation Online LSP path calculation Operator configures LSP constraints at ingress LSR Operator configures LSP constraints at ingress LSR Bandwidth reservation Bandwidth reservation Include or exclude a specific link(s) Include or exclude a specific link(s) Include specific node traversal(s) Include specific node traversal(s) Network actively participates in selecting an LSP path that meets the constraints Network actively participates in selecting an LSP path that meets the constraints User defined LSP User defined LSPconstraints

27 27 Constraint-Based Routing Thirty-two named groups, 0 through 31 Thirty-two named groups, 0 through 31 Groups assigned to interfaces Groups assigned to interfaces San Francisco Gold Bronze Silver

28 28 Constraint-Based Routing Choose the path from A to I using: Choose the path from A to I using: admin group { include [gold sliver]; } C D E F G H B A I Copper Bronze Gold Copper Silver Gold Copper 6

29 29 Constraint-Based Routing A-C-F-G-I uses only gold or silver links A-C-F-G-I uses only gold or silver links C D E F G H B A I Copper Bronze Gold Copper Silver Gold Copper 1 6 2

30 30 NewYork Atlanta Chicago Seattle LosAngeles SanFrancisco KansasCity Dallas label-switched-path SF_to_NY { to New_York; to New_York; from San_Francisco; from San_Francisco; admin-group {exclude green} admin-group {exclude green} cspf} cspf} Constraint-Based Routing: Example 1

31 31 Paris London Stockholm Madrid Rome Geneva Munich label-switched-path madrid_to_stockholm{ to Stockholm; from Madrid; admin-group {include red, green} cspf} Constraint-Based Routing: Example 2 31

32 32 Other Neat MPLS Stuff Secondary LSPs Secondary LSPs Fast Reroute Fast Reroute Label Stacking Label Stacking GMPLS GMPLS

33 33 MPLS Secondary LSPs Standard LSP failover Standard LSP failover Failure signaled to ingress LSR Failure signaled to ingress LSR Calculate & signal new LSP Calculate & signal new LSP Reroute traffic to new LSP Reroute traffic to new LSP Standby Secondary LSP Pre-established LSP Sub-second failover New York Data Center San Francisco Data Center Primary LSP Secondary LSP

34 34 MPLS Fast Reroute Ingress signals fast reroute during LSP setup Ingress signals fast reroute during LSP setup Each LSR computes a detour path (with same constraints) Each LSR computes a detour path (with same constraints) Supports failover in ~100s of ms Supports failover in ~100s of ms New York Data Center San Francisco Data Center Primary LSP Active Detour

35 35 MPLS Label Stacking A label stack is an ordered set of labels A label stack is an ordered set of labels Each LSR processes the top label Each LSR processes the top label Applications Applications Routing hierarchy Routing hierarchy Aggregate individual LSPs into a trunk LSP Aggregate individual LSPs into a trunk LSP VPNs VPNs 2 1 3 LSP 1 LSP 2 Trunk LSP 2 5 4 TTLLabel (20-bits)CoSS 3625 3 5 2 1

36 36 3 5 2 1 2 1 3 2 5 4 Trunk LSP MPLS Label Stack: Example 142 25 IP18 25 IP 25 IP 56 IP MPLS Table InOut (5, 42)(6, 18) MPLS Table InOut (2, 18)(5, Pop) MPLS Table InOut (4, 25)(2, 56) InOut (1, 25)(2, Push [42]) MPLS Table (4, 35)(5, 17) (3, 35) (2, Push [42]) 5625

37 37 3 5 2 1 2 1 3 2 5 4 Trunk LSP MPLS Label Stack: Example 242 35 IP18 35 IP 35 IP 17 IP MPLS Table InOut (5, 42)(6, 18) MPLS Table InOut (2, 18)(5, Pop) MPLS Table InOut (4, 25)(2, 56) (4, 35)(5, 17) InOut (1, 25)(2, Push [42]) (3, 35) MPLS Table (2, Push [42]) 5625

38 38 Label stacking to create a hierarchy of LSP trunks Label stacking to create a hierarchy of LSP trunks LSP 4 LSP 3 LSP 1 LSP 2 LSP 1 LSP Trunk of Trunks LSP 2 LSP 4 LSPTrunk LSP 3 LSPTrunk Label Stacking allows you to Reduce the Number of LSPs

39 39 IP Service (Routers) Optical Transport (OXCs, WDMs) Optical Core Generalized MPLS (GMPLS) Formally known as MPL(amda)S Reduce complexity Reduce complexity Reduce cost Reduce cost Router subsumes functions performed by other layers Router subsumes functions performed by other layers Fast router interfaces eliminate the need for MUXs Fast router interfaces eliminate the need for MUXs MPLS replaces ATM/FR for traffic engineering MPLS replaces ATM/FR for traffic engineering MPLS fast reroute obviates SONET APS restoration MPLS fast reroute obviates SONET APS restoration Dynamic provisioning of optical bandwidth is required for growth and innovative service creation Dynamic provisioning of optical bandwidth is required for growth and innovative service creation

40 40 GMPLS: LSP Hierarchy Nesting LSPs enhances system scalability Nesting LSPs enhances system scalability LSPs always start and terminate on similar interface types LSPs always start and terminate on similar interface types LSP interface hierarchy LSP interface hierarchy Packet Switch Capable (PSC) Lowest Packet Switch Capable (PSC) Lowest Time Division Multiplexing Capable (TDM) Time Division Multiplexing Capable (TDM) Lambda Switch Capable (LSC) Lambda Switch Capable (LSC) Fiber Switch Capable (FSC) Highest Fiber Switch Capable (FSC) Highest FA-LSC FA-TDM FA-PSC Bundle Fiber n Fiber 1 FSC Cloud LSC Cloud TDM Cloud PSC Cloud LSC Cloud TDM Cloud PSC Cloud Explicit Label LSPs Time-slot LSPs Fiber LSPs LSPs Explicit Label LSPs Time-slot LSPs (multiplex low-order LSPs) (demultiplex low-order LSPs)

41 41 AGENDA MPLS Overview MPLS Overview Traffic Engineering Traffic Engineering VPNs VPNs

42 42 What Is Traffic Engineering? Ability to control traffic flows in the network Ability to control traffic flows in the network Optimize available resources Optimize available resources Move traffic from IGP path to less congested path Move traffic from IGP path to less congested path Source Destination Layer 3 Routing Traffic Engineering

43 43 Brief History Early 1990s Early 1990s Internet core was connected with T1 and T3 links between routers Internet core was connected with T1 and T3 links between routers Only a handful of routers and links to manage and configure Only a handful of routers and links to manage and configure Humans could do the work manually Humans could do the work manually Metric-based traffic control was sufficient Metric-based traffic control was sufficient

44 44 Metric-Based Traffic Engineering Traffic sent to A or B follows path with lowest metrics Traffic sent to A or B follows path with lowest metrics 11 12 A B C

45 45 Metric-Based Traffic Engineering Drawbacks Drawbacks Redirecting traffic flow to A via C causes traffic for B to move also! Redirecting traffic flow to A via C causes traffic for B to move also! Some links become underutilized or overutilized Some links become underutilized or overutilized 14 12 A B C

46 46 Metric-Based Traffic Engineering Drawbacks Drawbacks Complexity made metric control tricky Complexity made metric control tricky Adjusting one metric might destabilize network Adjusting one metric might destabilize network

47 47 Discomfort Grows Mid 1990s Mid 1990s ISPs became uncomfortable with size of Internet core ISPs became uncomfortable with size of Internet core Large growth spurt imminent Large growth spurt imminent Routers too slow Routers too slow Metric engineering too complex Metric engineering too complex IGP routing calculation was topology driven, not traffic driven IGP routing calculation was topology driven, not traffic driven Router based cores lacked predictability Router based cores lacked predictability

48 48 Overlay Networks are Born ATM switches offered performance and predictable behavior ATM switches offered performance and predictable behavior ISPs created overlay networks that presented a virtual topology to the edge routers in their network ISPs created overlay networks that presented a virtual topology to the edge routers in their network Using ATM virtual circuits, the virtual network could be reengineered without changing the physical network Using ATM virtual circuits, the virtual network could be reengineered without changing the physical network Benefits Benefits Full traffic control Full traffic control Per-circuit statistics Per-circuit statistics More balanced flow of traffic across links More balanced flow of traffic across links

49 49 Overlay Networks ATM core ringed by routers ATM core ringed by routers PVCs overlaid onto physical network PVCs overlaid onto physical network Physical View A B C A B C Logical View

50 50 vBNS ATM Design Full UBR PVP mesh between terminal switches to carry Best Effort traffic

51 51 San Francisco National Center for Atmospheric Research San Diego Supercomputer Center Houston Denver Ameritech NAP Chicago National Center for Supercomputing Applications Cleveland Perryman, MD Sprint NAP MFS NAP Pittsburgh Supercomputing Center Los Angeles A Atlanta A New York City vBNS Backbone Network Map Boston Washington, DC Seattle A A C C C C C C C C C C C C C C C C C C J J Ascend GRF 400 Cisco 7507 Juniper M40 FORE ASX-1000 NAP A C DS-3 OC-3C OC-12C OC-48 J

52 52 Overlay Nets Had Drawbacks Growth in full mesh of ATM PVCs stresses everything Growth in full mesh of ATM PVCs stresses everything Router IGP runs out of steam Router IGP runs out of steam Practical limitation of updating configurations in each switch and router Practical limitation of updating configurations in each switch and router ATM 20% Cell Tax ATM 20% Cell Tax ATM SAR speed limitations ATM SAR speed limitations OC-48 SAR very difficult/expensive to build OC-48 SAR very difficult/expensive to build OC-192 SAR? OC-192 SAR?

53 53 In the mean time: Routers caught up Routers caught up Current generation of routers have Current generation of routers have High speed, wire-rate interfaces High speed, wire-rate interfaces Deterministic performance Deterministic performance Software advances Software advances MPLS came along MPLS came along Fuses best aspects of ATM PVCs with high- performance routing engines Fuses best aspects of ATM PVCs with high- performance routing engines Uses low-overhead circuit mechanism Uses low-overhead circuit mechanism Automates path selection and configuration Automates path selection and configuration Implements quick failure recovery Implements quick failure recovery

54 54 MPLS for Traffic Engineering Low-overhead virtual circuits for IP Low-overhead virtual circuits for IP Originally designed to make routers faster Originally designed to make routers faster Fixed label lookup faster than longest match used by IP routing Fixed label lookup faster than longest match used by IP routing Not true anymore Not true anymore Value of MPLS is now in traffic engineering Value of MPLS is now in traffic engineering Other MPLS Benefits: Other MPLS Benefits: No second network No second network A fully integrated IP solution – no second technology A fully integrated IP solution – no second technology Traffic engineering Traffic engineering Lower cost Lower cost A CoS enabler A CoS enabler Failover/link protection Failover/link protection Multi-service and VPN support Multi-service and VPN support

55 55 AGENDA MPLS Overview MPLS Overview Traffic Engineering Traffic Engineering VPNs VPNs

56 56 What Is a Virtual Private Network? A private network constructed over a shared infrastructure A private network constructed over a shared infrastructure Virtual Virtual An artificial object simulated by computers (not really there!) An artificial object simulated by computers (not really there!) Private Private Separate/distinct environments Separate/distinct environments Separate addressing and routing systems Separate addressing and routing systems Network Network A collection of devices that communicate among themselves A collection of devices that communicate among themselves SharedInfrastructure Mobile users and telecommuters Intranet Extranet Remote access Branchoffice Corporateheadquarters Suppliers, partners and customers

57 57 Deploying VPNs using Overlay Networks Provider Frame Relay Network CPE DLCI FR switch FR switch FR switch FR switch FR switch FR switch FR switch Operational model Operational model PVCs overlay the shared infrastructure (ATM/Frame Relay) PVCs overlay the shared infrastructure (ATM/Frame Relay) Routing occurs at CPE Routing occurs at CPE Benefits Benefits Mature technologies Mature technologies Inherently secure Inherently secure Service commitments (bandwidth, availability, etc.) Service commitments (bandwidth, availability, etc.) Limitations Limitations Scalability and management of the overlay model Scalability and management of the overlay model Not a fully integrated IP solution Not a fully integrated IP solution CPE

58 58 MPLS: A VPN Enabling Technology Benefits Benefits Seamlessly integrates multiple networks Seamlessly integrates multiple networks Permits a single connection to the service provider Permits a single connection to the service provider Supports rapid delivery of new services Supports rapid delivery of new services Minimizes operational expenses Minimizes operational expenses Provides higher network reliability and availability Provides higher network reliability and availability Service Provider Network Site 1 Site 2 Site 3 Site 2 Site 3

59 59 There are Three Types of VPNs End to End (CPE Based) VPNs End to End (CPE Based) VPNs L2PT & PPTP L2PT & PPTP IPSEC IPSEC Layer 2 VPNs Layer 2 VPNs CCC CCC CCC & MPLS Hybrid CCC & MPLS Hybrid Layer3 VPNs Layer3 VPNs RFC 2547bis RFC 2547bis

60 60 End to End VPNs: L2TP and PPTP Dial Access Provider V.x modem PPP dial-up Service Provider or VPN L2TP access server Dial access server L2TP tunnel Dial access server PPTP access server PPTP tunnel Application: Dial access for remote users Application: Dial access for remote users Layer 2 Tunneling Protocol (L2TP) Layer 2 Tunneling Protocol (L2TP) RFC 2661 RFC 2661 Combination of L2F and PPTP Combination of L2F and PPTP Point-to-Point Tunneling Protocol (PPTP) Point-to-Point Tunneling Protocol (PPTP) Bundled with Windows/Windows NT Bundled with Windows/Windows NT Both support IPSec for encryption Both support IPSec for encryption Authentication & encryption at tunnel endpoints Authentication & encryption at tunnel endpoints

61 61 End to End VPNs: The IP Security Protocol (IPSec) Defines the IETFs layer 3 security architecture Defines the IETFs layer 3 security architecture Applications: Applications: Strong security requirements Strong security requirements Extend a VPN across multiple service providers Extend a VPN across multiple service providers Security services include: Security services include: Access control Access control Data origin authentication Data origin authentication Replay protection Replay protection Data integrity Data integrity Data privacy (encryption) Data privacy (encryption) Key management Key management

62 62 End to End VPNs: IPSec – Example Routing must be performed at CPE Routing must be performed at CPE Tunnels terminate on subscriber premise Tunnels terminate on subscriber premise Only CPE equipment needs to support IPSec Only CPE equipment needs to support IPSec Modifications to shared resources are not required Modifications to shared resources are not required ESP tunnel mode ESP tunnel mode Authentication insures integrity from CPE to CPE Authentication insures integrity from CPE to CPE Encrypts original header/payload across internet Encrypts original header/payload across internet Supports private address space Supports private address space Public Internet Corporate HQ Branch office CPE IPSec ESP Tunnel Mode

63 63 Layer 2 VPNs: CCC/MPLS ATM (or Frame Relay) PE PE PE ATM (or Frame Relay) LSPs CCC Function InOut LSP 2 in LSP 5DLCI 600 LSP 6 in LSP 5DLCI 610 CCC Table LSP 2 LSP 6 LSP 5 InOut LSP 2 in LSP 5 DLCI 506 LSP 6 in LSP 5 DLCI 408 CCC Table DLCI600 DLCI610 DLCI506 DLCI408 (MPLS core) CPECPE Benefits Benefits Reduces provider configuration complexity Reduces provider configuration complexity MPLS traffic engineered core MPLS traffic engineered core Subscriber can run any Layer 3 protocol Subscriber can run any Layer 3 protocol User Nets do not know there is a cloud in the middle User Nets do not know there is a cloud in the middle Limitations Limitations Circuit type (ATM/FR) must be like to like Circuit type (ATM/FR) must be like to like

64 64 CCC Example: Abilene and ISP Service on one link University X ATM Access Big I Internet Traffic: ATM VC1 terminated, IP packets delivered to Qwest ISP Abilene Traffic: ATM VC2 mapped to port facing Abilene An M20/40/160 can both terminate ATM PVCs (layer 3 lookup) and support CCC pass-through on the same port. Abilene Qwest ISP M40

65 65 vBNS used CCC and MPLS to tunnel IPv6 across their backbone for SC2000 Chicago SC2000 in Dallas IPv6 vBNS/vBNS+IPv4 LSP ATM ATM CCC CCC

66 66 Layer 3 VPNs: RFC 2547 - MPLS/BGP VPNs MPLS (Multiprotocol Label Switching) is used for forwarding packets over the backbone MPLS (Multiprotocol Label Switching) is used for forwarding packets over the backbone BGP (Border Gateway Protocol) is used for distributing routes over the backbone BGP (Border Gateway Protocol) is used for distributing routes over the backbone Multiple Forwarding Tables (FT) on some edge routers, one for each VPN Multiple Forwarding Tables (FT) on some edge routers, one for each VPN Service Provider Network CPE CPE CPE PEPE PE CPE CPE CPE Site 1 Site 2 Site 3 Site 2 Site 3 P P P P P PE FT

67 67 Questions?

68 68 Thank You jjamison@juniper.nethttp://www.juniper.net


Download ppt "1 MPLS John Jamison University of Illinois at Chicago November 17, 2000 Whats in it for Research & Education Networks?"

Similar presentations


Ads by Google