SMUCSE 8344 MPLS Virtual Private Networks (VPNs).

Slides:

Advertisements

Similar presentations

Virtual Links: VLANs and Tunneling

Advertisements

Identifying MPLS Applications

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.

Deployment of MPLS VPN in Large ISP Networks

Internetworking II: MPLS, Security, and Traffic Engineering

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer

Introducing MPLS Labels and Label Stacks

CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.

CS Summer 2003 Lecture 6. CS Summer 2003 Hierarchical LSP LSP1 LSP2 LSP3 Ingress LSR for LSP1 Egress LSR for LSP1 Ingress LSR for LSP3 Hierarchical.

MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.

CS Summer 2003 Lecture 13. CS Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below:

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.

Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30-2:50 in COS 105) Mike Freedman Teaching Assistants: Wyatt.

MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,

COS 420 Day 16. Agenda Assignment 3 Corrected Poor results 1 C and 2 Ds Spring Break?? Assignment 4 Posted Chap Due April 6 Individual Project Presentations.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Forwarding MPLS VPN Packets.

Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.

MPLS VPN Security assessment

V1.1 VPLS Principle. Objectives Understand the basics of mpls layer 2 VPN Understand VPLS principle.

1 © 1999, Cisco Systems, Inc _05F9_c2 1 NW’99 Vienna © 1999, Cisco Systems, Inc. MPLS VPNs Peter Tomsu Senior Consultant EMEA

1 Copyright © 2012, Elsevier Inc. All rights Reserved Chapter 4 Advanced Internetworking Computer Networks, 5th Edition.

MPLS Evan Roggenkamp. Introduction Multiprotocol Label Switching High-performance Found in telecommunications networks Directs data from one network node.

1 Multi-Protocol Label Switching (MPLS) presented by: chitralekha tamrakar (B.S.E.) divya krit tamrakar (B.S.E.) Rashmi shrivastava(B.S.E.) prakriti.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.

Virtual Private Network (VPN) SCSC 455. VPN A virtual private network that is established over, in general, the Internet – It is virtual because it exists.

1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.

1 Multiprotocol Label Switching. 2 “ ” It was designed to provide a unified data-carrying service for both circuit-based clients and packet-switching.

MPLS MultiProtocol Label Switching.

1 © 2001, Cisco Systems. MPLS Architecture Overview Jay Kumarasamy Adopted from Stefano Previdi’s presentation.

SMUCSE 8344 Lecture 9 Mark E. Allen SMU SMUCSE 8344 Agenda Summarize MPLS –Discussion from Cisco Presentation Discuss QoS in MPLS –Chapter 6 in.

EVC Atahar Khan CCIE SP Cisco Systems.

MPLS Architecture Overview Adopted from Stefano Previdi’s presentation 麟瑞科技技術經理張晃崚.

MPLS Forwarder Preliminary 1 Outline MPLS Overview MPLS Overview MPLS MRD MPLS Data Path HLD 48K MPLS Fwder HLD IPE MPLS Fwder HLD Issues Summary.

© 2006 Cisco Systems, Inc. All rights reserved. FRAME MODE MPLS IMPLEMENTATION.

MPLS (MultiProtocol Labeling Switching) School of Electronics and Information Kyung Hee University. Choong Seon HONG.

MPLS and VPNs (David Andersen) (Nick Feamster) February 18, 2008.

Inter AS option D (draft-mapathak-interas-option-d-00) Manu Pathak Keyur Patel Arjun Sreekantiah November 2012.

1MPLS QOS 10/00 © 2000, Cisco Systems, Inc. rfc2547bis VPN Alvaro Retana Alvaro Retana

MPLS VPNs by Richard Bannister. The Topology The next two slides display both the physical and logical topology of our simple example network –Please.

MPLS Concepts Introducing Basic MPLS Concepts. Outline Overview What Are the Foundations of Traditional IP Routing? Basic MPLS Features Benefits of MPLS.

MPLS Label Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.

MPLS Some notations: LSP: Label Switched Path

W&L Page 1 CCNA CCNA Training 3.4 Describe the technological requirements for running IPv6 in conjunction with IPv4 Jose Luis Flores /

MPLS VPN Presented by : Md. Shafiqur Rahman Divisional Engineer (A & C) Moghbazar, Dhaka-1217.

MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.

Mr. Mark Welton.  WAN transportation method that formats data into frames and sent over a network controlled by a service provider  Frame Relay is often.

Module 2 MPLS Concepts.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

Multiple Protocol Support: Multiprotocol Level Switching.

VS (Virtual Subnet) draft-xu-virtual-subnet-03 Xiaohu Xu IETF 79, Beijing.

Multi-protocol Label Switching

Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.

Multiprotocol Label Switching (MPLS) Routing algorithms provide support for performance goals – Distributed and dynamic React to congestion Load balance.

Multi-protocol Label Switching (MPLS) RFC 3031 MPLS provides new capabilities: QoS support Traffic engineering VPN Multiprotocol support.

MBGP and Customer Routes

MPLS Introduction Computer Networks 2007 Week 9 Lecture 1 by Donald Neal.

MPLS Virtual Private Networks (VPNs)

Advanced Computer Networks

MPLS VPN Implementation

Hector Avalos Technical Director-Southern Europe

MPLS - How does it work ?.

Kireeti Kompella Juniper Networks

Experiences with Implementing MPLS/VPN Services

Presentation transcript:

SMUCSE 8344 MPLS Virtual Private Networks (VPNs)

SMUCSE 8344 When VPN? Internet as your own private network –Communicate securely between various corporate sites (Intranet) –Communicate securely between partner sites (Extranet) –Connect remote dial-up users securely to corporate networks

SMUCSE 8344 Advantages Flexible and cost effective Better business-to-business connectivity –business partners, service providers, contractors, and customers Advances in security

SMUCSE 8344 Layer2 vs. Layer3 VPNs Layer 3 VPNs Layer 2 VPNs Provider devices forward customer packets based on Layer 3 information (e.g., IP) MPLS/BGP VPNs (RFC 2547), GRE, virtual router approaches SP involvement in routing Provider devices forward customer packets based on Layer 2 information “pseudo-wire” concept Tunnels, circuits, LSPs, MAC address

SMUCSE 8344 Layer2 Example IP or MPLS Core IP Core R2R1 L2TPv3 Tunnel Ethernet IPL2TPEthernet Server B Workstation A Step #2 R1 takes Ethernet frame and encapsulates it in L2TP and routes it to tunnel destination Step #3 R2 receives IP/L2TP/Ethernet Packet and removes the IP/L2TPv3 headers. The remaining Ethernet frame is forwarded to Server B. Step #1 Workstation A sends packet destined for Server B

SMUCSE 8344 Overlay Model Each site has a router connected via P-T-P links to routers on other sites –Leased lines –Frame relay –ATM circuit Connectivity –Fully connected –Hub-and-spoke

SMUCSE 8344 Limitations of Overlay Customers need to manage the back-bones Mapping between Layer2 Qos and IP QoS Scaling problems –Cannot support large number of customers –(n-1) peering requirement

SMUCSE 8344 The Peer Model Aims to support large-scale VPN service Key technologies –Constrained distribution of routing info. –Multiple forwarding tables –VPN-IP addresses –MPLS switching

SMUCSE 8344 Terminology CE router Customer Edge router PE router –Provider Edge router. Part of the P-Network and interfaces to CE routers P router –Provider (core) router, without knowledge of VPN

SMUCSE 8344 Terminology (cont’d) Route Distinguisher Attributes of each route used to uniquely identify prefixes among VPNs (64 bits) VPN-IPv4 addresses Address including the 64 bits Route Distinguisher and the 32 bits IP address VRF –VPN Routing and Forwarding Instance –Routing table and FIB table

SMUCSE 8344 Connection Model The VPN backbone is composed by MPLS LSRs PE routers (edge LSRs) P routers (core LSRs) PE routers are faced to CE routers and distribute VPN information through BGP to other PE routers P routers do not run BGP and do not have any VPN knowledge

SMUCSE 8344 Model (cont’d) P and PE routers share a common IGP PE and CE routers exchange routing information through: EBGP, OSPF, RIP, Static routing CE router run standard routing software

SMUCSE 8344 Routing The routes the PE receives from CE routers are installed in the appropriate VRF The routes the PE receives through the backbone IGP are installed in the global routing table By using separate VRFs, addresses need NOT to be unique among VPNs

SMUCSE 8344 Forwarding PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops Label Stack is used for packet forwarding Top label indicates Next-Hop (interior label) Second level label indicates outgoing interface or VRF (exterior label)

SMUCSE 8344 Forwarding (cont’d) The upstream LDP peer of the BGP next-hop (PE router) will pop the first level label The egress PE router will forward the packet based on the second level label which gives the outgoing interface (and VPN)

SMUCSE 8344 Forwarding Example PE2 PE1 CE1 CE2 P1 P2 IGP Label(PE2) VPN Label IP packet PE1 receives IP packet Lookup is done on site VRF BGP route with Next-Hop and Label is found BGP next-hop (PE2) is reachable through IGP route with associated label IGP Label(PE2) VPN Label IP packet P routers switch the packets based on the IGP label (label on top of the stack) VPN Label IP packet Penultimate Hop Popping P2 is the penultimate hop for the BGP next- hop P2 remove the top label This has been requested through LDP by PE2 IP packet PE2 receives the packets with the label corresponding to the outgoing interface (VRF) One single lookup Label is popped and packet sent to IP neighbour IP packet CE3

SMUCSE 8344 Scalability Existing BGP techniques can be used to scale the route distribution Each edge router needs only the information for the VPNs it supports Directly connected VPNs Easy to add new sites –configure the site on the PE connected to it, the network automatically does the rest

SMUCSE 8344 QoS Support Pipe model –Similar to int-serv –Unidirectional as opposed to bi-directional model in ATMs Hose Model –Similar to diff-serv