Presentation is loading. Please wait.

Presentation is loading. Please wait.

MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what.

Published byWilliam Lambert Modified over 8 years ago

Similar presentations

Presentation on theme: "MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what."— Presentation transcript:

1 MPLS on UW System Network Michael Hare

2 Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what I've learned in logical order [vs chronological order, which would leave you with a jumbled mess]. Note: My experience is Juniper specific so there may not be a 1:1 match in Cisco land.

3 Overview Prepare IGP for MPLS Prepare BGP for MPLS Enable MPLS Deploy services Keeping it running

4 Preparing your IGP for MPLS The MPLS layer is built upon your IGP, so you should take steps to make it robust. Steps include: Improving convergence in your IGP Securing your IGP

5 Improving convergence in your IGP The faster your IGP converges, the more robust your MPLS services will be. Minimize devices in an area Enable loop free alternate routes. An alternative route is calculated and installed in the forwarding table, moving convergence to near sonet levels. LFA route will not be able to calculate backups for 100% of LSA's: more on this later http://www.juniper.net/documentation/en_US/junos11.4/topics/topic-map/ospf-loop-free- alternate-routes.html Eliminate/reduce links between routers that are not directly connected. If you can't, BFD is required. full disclosure: I run area 0 everywhere in uwsys.net.

6 Improving convergence in your IGP [2] Make sure your loopback resolution doesn’t match aggregate or default route. When you have a node failure this is required to withdraw unusable BGP routes in a timely fashion. set routing-options resolution rib inet.0 import limit-inet0-resolution set policy-options policy-statement limit-inet0-resolution term reject-routes from prefix-list-filter sync_lists-limit-inet0-resolution exact set policy-options policy-statement limit-inet0-resolution term reject-routes then reject set policy-options policy-statement limit-inet0-resolution then accept set policy-options prefix-list sync_lists-limit-inet0-resolution 0.0.0.0/0 set policy-options prefix-list sync_lists-limit-inet0-resolution 143.235.0.0/16

7 Securing your IGP Keep your IGP rock solid ISIS does not use IP, it uses CLNS. Not being world reachable adds a layer of security Use routing engine filters to protect protocols, not just your IGP. Do not run IGP protocols with your customers [sorry guys, its true]. IPSEC

8 Preparing BGP for MPLS MPLS VPNs use BGP as a database to distribute information. BGP/MPLS overview Preparing BGP for MPLS

9 BGP/MPLS overview BGP is used as the database is used to distribute VPN information Each BGP family [AFI/SAFI] have different NLRI that describes each database row. NLRI are per AFI/SAFI. http://www.iana.org/assignments/safi-namespace/safi-namespace.xhtml https://tools.ietf.org/html/rfc7432#page-13 [E-VPN NLRI] https://tools.ietf.org/html/rfc7432#page-13 note: point to point pseudowires can be built without BGP but everything else needs BGP.

10 Preparing BGP for MPLS BGP requires a full mesh with each BGP speaker in an AS. Route reflectors simplify device configuration by requiring a full mesh only with the route reflectors Use two [or more] devices as BGP route reflectors. Route reflectors can be inline or out of forwarding path Enable all of the BGP families you think you want, because adding an NLRI to a peer requires a BGP peer reset. flowspec, l3vpn, ipv6 l3vpn, evpn/l2vpn note: On uwsys.net I use two inline core devices for this function and have been satisfied

11 iBGP BFD iBGP sessions should –NOT- have BFD. Instead, PE IGP loopback should be withdrawn during node outage, marking routes as invalid [not best path]. If node outage is brief [60 ~ 90s], BGP will not need to re-establish. See “Improving convergence in your IGP … limit-resolution … “

12 Enable MPLS MPLS: Basic terminology Label distribution [LDP, RSVP] and tunneling

13 MPLS: Basic terminology MPLS forwards packets by switching labels [push, pop] based on a forwarding database Label A on interface X: pop label A, push label B, forward on interface Y: P: Provider core node. PE: Provider edge: Node that connects directly to a customer network CE: Customer edge: Does not participate in P/PE MPLS protocols, but is serviced by it. Generally outside of the service provider’s domain. Note: UW System Network does not have a pure ‘P’ node. The MX2010s are both P and PE nodes as customers directly connect. In fully l3vpn’d networks, the P device could be absent all customer routes in the FIB, only using IGP and MPLS to forward packets.

14 Label distribution [LDP, RSVP] and tunneling LDP and RSVP are used to distribute labels between P/PE devices Labels are distributed by sending LDP/RSVP control packets over IP. P/PE devices are numbered by their IP loopback addressing LDP and RSVP are commonly run on IPv4. However, LDP and RSVP do not forward packets, they setup MPLS routing databases. There are ways to forward IPv6 but only run LDP/RSVP over IPv4.

15 LDP LDP mirrors your IGP. MPLS traffic will follow your IGP path Juniper IGP LFA implementation extends to IGP, meaning an MPLS backup path between PE1 and PE2 can be precomputed and installed in forwarding table when possible. LDP can automatically signal a full mesh of paths between P/PE, making it simple to configure LDP neighbors are point to point but can be held up using their P/PE addressing. This feature is called session-protection. If point to point LDP session is interrupted but PE1 and PE2 are still unicast reachable, MPLS labels need not be discarded, improving convergence time upon restoration [in the same style as not running BFD on iBGP] As LDP is dependent on a converged IGP, use ldp-synchronization to make sure the IGP isn’t active until LDP is active.

16 RSVP RSVP can steer MPLS traffic in a way other than IGP best path. RSVP can be configured as a dynamic backup to LDP for LDP paths that cannot calculate a LFA. In Juniper land, this is called “link-protection dynamic-rsvp-lsp” RSVP ‘fast reroute’ is like LDP LFA but on steroids as it considers path constraints. RSVP requires more work from the operator to be useful

17 So do I use LDP or RSVP? LDP and RSVP can be run side by side. LDP Pros: LDP keeps things simple with minimal config. A good place to start. Pros: Juniper implementation can use RSVP to augment LDP LFA. Cons: Lots of needless labels is inefficient [signaled backups between PEs that do not actually communicate, etc] RSVP Pros: can be used for specific traffic engineering needs Cons: more ‘by hand’ configuration [automation!]

18 Deploy services Once IGP, BGP and MPLS is in place, deploy services While this is probably the most exciting portion, it is omitted. See me for details. I have deployed or tested L2circuit [pseudowire] L2 E-VPN I have not deployed L3 VPN but it is similar to L2 E-VPN in config I have not deployed MPLS multicast

19 Keeping it running Use routing engine filters to protect protocols, not just your IGP. [IGP: OSPF, ISIS. MPLS: LDP, RSVP. BGP, BFD, IGMP, MSDP, PIM, VRRP. DNS, NTP] Monitoring At a minimum, track BGP NLRI counts and watch syslog. Configuration sanity management There are lots of config bits that need to align for this all to work well.

20 That’s all, folks FIN

Download ppt "MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what."

Similar presentations

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
Generalized Multiprotocol Label Switching: An Overview of Signaling Enhancements and Recovery Techniques IEEE Communications Magazine July 2001.

Generalized Multiprotocol Label Switching: An Overview of Signaling Enhancements and Recovery Techniques IEEE Communications Magazine July 2001.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing the MPLS VPN Routing Model.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 MPLS Scale to 100k endpoints with resiliency and simplicity Clarence.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 MPLS Scale to 100k endpoints with resiliency and simplicity Clarence.
IEEE HPSR 2012. IP Network Background and Strategy Milestones  Started as a Internet backbone/IGW  Expansion with MAN networks  Tripleplay and multimedia,

IEEE HPSR IP Network Background and Strategy Milestones  Started as a Internet backbone/IGW  Expansion with MAN networks  Tripleplay and multimedia,
Routing Basics.

Routing Basics.
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,

All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
Best Practices for ISPs

Best Practices for ISPs
CS 672 1 Summer 2003 Lecture 14. CS 672 2 Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.

MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.
MPLS and Traffic Engineering

MPLS and Traffic Engineering
CS 672 1 Summer 2003 Lecture 13. CS 672 2 Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below: +---------------------------------------------------------+

CS Summer 2003 Lecture 13. CS Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below:
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

Similar presentations

Ads by Google