MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what.

Slides:



Advertisements
Similar presentations
APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
Advertisements

MPLS VPN.
Identifying MPLS Applications
Generalized Multiprotocol Label Switching: An Overview of Signaling Enhancements and Recovery Techniques IEEE Communications Magazine July 2001.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Deployment of MPLS VPN in Large ISP Networks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 MPLS Scale to 100k endpoints with resiliency and simplicity Clarence.
IEEE HPSR IP Network Background and Strategy Milestones  Started as a Internet backbone/IGW  Expansion with MAN networks  Tripleplay and multimedia,
Routing Basics.
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
Best Practices for ISPs
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
MPLS H/W update Brief description of the lab What it is? Why do we need it? Mechanisms and Protocols.
MPLS and Traffic Engineering
CS Summer 2003 Lecture 13. CS Summer 2003 MP_REACH_NLRI Attribute The MP_REACH_NLRI attribute is encoded as shown below:
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
PTX Use Cases Chris Whyte
Seamless MPLS for Mobile Backhaul draft-li-mpls-seamless-mpls-mbh-00
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
Chapter 27 Q and A Victor Norman IS333 Spring 2015.
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
MPLS VPN Security assessment
1 © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential Session Number Presentation_ID Advanced BGP Convergence Techniques Pradosh Mohapatra.
MPLS Evan Roggenkamp. Introduction Multiprotocol Label Switching High-performance Found in telecommunications networks Directs data from one network node.
Routing and Routing Protocols Routing Protocols Overview.
Technical Refresher Session 3. Overview Difference between communication between devices on a single logical network and communication between different.
MPLS on UW System Network Michael Hare. Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what.
© 2012 Juniper Networks, Inc. All rights reserved. | | Worldwide Education Services Chapter 2: Routing Fundamentals Junos Routing Essentials.
Juniper update Michael Hare 2015/09/23 UW System Network.
MENU Implications of Securing Router Infrastructure NANOG 31 May 24, 2004 Ryan McDowell
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
Inter AS option D (draft-mapathak-interas-option-d-00) Manu Pathak Keyur Patel Arjun Sreekantiah November 2012.
U-Turn Alternates for IP/LDP Local Protection draft-atlas-ip-local-protect-uturn-00.txt Alia Atlas Gagan Choudhury
1MPLS QOS 10/00 © 2000, Cisco Systems, Inc. rfc2547bis VPN Alvaro Retana Alvaro Retana
MPLS VPNs by Richard Bannister. The Topology The next two slides display both the physical and logical topology of our simple example network –Please.
Engineering Workshops Router Configuration. Engineering Workshops Cisco Router Configuration Rule #1: What Would v4 do? –Enable routing ipv6 unicast-routing.
MULTI-PROTOCOL LABEL SWITCHING Brandon Wagner. Lecture Outline  Precursor to MPLS  MPLS Definitions  The Forwarding Process  MPLS VPN  MPLS Traffic.
E-VPN on UW System Network Michael Hare. Purpose of presentation A high level introduction to E-VPN A simple lab demonstration For our documentation,
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Outbound Route Filtering.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—2-1 BGP Transit Autonomous Systems Forwarding Packets in a Transit AS.
A Snapshot on MPLS Reliability Features Ping Pan March, 2002.
2547 egress PE Fast Failure Protection draft-minto-2547-egress-node-fast-protection-00 Jeyananth Minto Maciek
Computer Networks 0110-IP Gergely Windisch
BGP Route Server Proof of Concept Magnus Bergroth NORDUnet.
MPLS Introduction Computer Networks 2007 Week 9 Lecture 1 by Donald Neal.
MPLS Virtual Private Networks (VPNs)
Advanced Computer Networks
100% Exam Passing Guarantee & Money Back Assurance
Kapitel 19: Routing. Kapitel 21: Routing Protocols
MPLS VPN Implementation
BGP Route Server Proof of Concept
BGP-Based SPF RTGWG - Jan 2017
OpenDaylight BGP Use-Cases
Chapter 2: Static Routing
Multi-domain MPLS Deployment Enhancement
Using MPLS/VPN for Policy Routing
Chapter 2: Static Routing
MPLS VPNs by Richard Bannister.
Kireeti Kompella Juniper Networks
Dynamic Routing and OSPF
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
BGP-Based SPF IETF 98, Chicago
IS-IS VPLS for Data Center Network draft-xu-l2vpn-vpls-isis-02
Computer Networks Protocols
Presentation transcript:

MPLS on UW System Network Michael Hare

Purpose of presentation As I didn't really understand MPLS going in, I thought it would be useful to share what I've learned in logical order [vs chronological order, which would leave you with a jumbled mess]. Note: My experience is Juniper specific so there may not be a 1:1 match in Cisco land.

Overview Prepare IGP for MPLS Prepare BGP for MPLS Enable MPLS Deploy services Keeping it running

Preparing your IGP for MPLS The MPLS layer is built upon your IGP, so you should take steps to make it robust. Steps include: Improving convergence in your IGP Securing your IGP

Improving convergence in your IGP The faster your IGP converges, the more robust your MPLS services will be. Minimize devices in an area Enable loop free alternate routes. An alternative route is calculated and installed in the forwarding table, moving convergence to near sonet levels. LFA route will not be able to calculate backups for 100% of LSA's: more on this later alternate-routes.html Eliminate/reduce links between routers that are not directly connected. If you can't, BFD is required. full disclosure: I run area 0 everywhere in uwsys.net.

Improving convergence in your IGP [2] Make sure your loopback resolution doesn’t match aggregate or default route. When you have a node failure this is required to withdraw unusable BGP routes in a timely fashion. set routing-options resolution rib inet.0 import limit-inet0-resolution set policy-options policy-statement limit-inet0-resolution term reject-routes from prefix-list-filter sync_lists-limit-inet0-resolution exact set policy-options policy-statement limit-inet0-resolution term reject-routes then reject set policy-options policy-statement limit-inet0-resolution then accept set policy-options prefix-list sync_lists-limit-inet0-resolution /0 set policy-options prefix-list sync_lists-limit-inet0-resolution /16

Securing your IGP Keep your IGP rock solid ISIS does not use IP, it uses CLNS. Not being world reachable adds a layer of security Use routing engine filters to protect protocols, not just your IGP. Do not run IGP protocols with your customers [sorry guys, its true]. IPSEC

Preparing BGP for MPLS MPLS VPNs use BGP as a database to distribute information. BGP/MPLS overview Preparing BGP for MPLS

BGP/MPLS overview BGP is used as the database is used to distribute VPN information Each BGP family [AFI/SAFI] have different NLRI that describes each database row. NLRI are per AFI/SAFI. [E-VPN NLRI] note: point to point pseudowires can be built without BGP but everything else needs BGP.

Preparing BGP for MPLS BGP requires a full mesh with each BGP speaker in an AS. Route reflectors simplify device configuration by requiring a full mesh only with the route reflectors Use two [or more] devices as BGP route reflectors. Route reflectors can be inline or out of forwarding path Enable all of the BGP families you think you want, because adding an NLRI to a peer requires a BGP peer reset. flowspec, l3vpn, ipv6 l3vpn, evpn/l2vpn note: On uwsys.net I use two inline core devices for this function and have been satisfied

iBGP BFD iBGP sessions should –NOT- have BFD. Instead, PE IGP loopback should be withdrawn during node outage, marking routes as invalid [not best path]. If node outage is brief [60 ~ 90s], BGP will not need to re-establish. See “Improving convergence in your IGP … limit-resolution … “

Enable MPLS MPLS: Basic terminology Label distribution [LDP, RSVP] and tunneling

MPLS: Basic terminology MPLS forwards packets by switching labels [push, pop] based on a forwarding database Label A on interface X: pop label A, push label B, forward on interface Y: P: Provider core node. PE: Provider edge: Node that connects directly to a customer network CE: Customer edge: Does not participate in P/PE MPLS protocols, but is serviced by it. Generally outside of the service provider’s domain. Note: UW System Network does not have a pure ‘P’ node. The MX2010s are both P and PE nodes as customers directly connect. In fully l3vpn’d networks, the P device could be absent all customer routes in the FIB, only using IGP and MPLS to forward packets.

Label distribution [LDP, RSVP] and tunneling LDP and RSVP are used to distribute labels between P/PE devices Labels are distributed by sending LDP/RSVP control packets over IP. P/PE devices are numbered by their IP loopback addressing LDP and RSVP are commonly run on IPv4. However, LDP and RSVP do not forward packets, they setup MPLS routing databases. There are ways to forward IPv6 but only run LDP/RSVP over IPv4.

LDP LDP mirrors your IGP. MPLS traffic will follow your IGP path Juniper IGP LFA implementation extends to IGP, meaning an MPLS backup path between PE1 and PE2 can be precomputed and installed in forwarding table when possible. LDP can automatically signal a full mesh of paths between P/PE, making it simple to configure LDP neighbors are point to point but can be held up using their P/PE addressing. This feature is called session-protection. If point to point LDP session is interrupted but PE1 and PE2 are still unicast reachable, MPLS labels need not be discarded, improving convergence time upon restoration [in the same style as not running BFD on iBGP] As LDP is dependent on a converged IGP, use ldp-synchronization to make sure the IGP isn’t active until LDP is active.

RSVP RSVP can steer MPLS traffic in a way other than IGP best path. RSVP can be configured as a dynamic backup to LDP for LDP paths that cannot calculate a LFA. In Juniper land, this is called “link-protection dynamic-rsvp-lsp” RSVP ‘fast reroute’ is like LDP LFA but on steroids as it considers path constraints. RSVP requires more work from the operator to be useful

So do I use LDP or RSVP? LDP and RSVP can be run side by side. LDP Pros: LDP keeps things simple with minimal config. A good place to start. Pros: Juniper implementation can use RSVP to augment LDP LFA. Cons: Lots of needless labels is inefficient [signaled backups between PEs that do not actually communicate, etc] RSVP Pros: can be used for specific traffic engineering needs Cons: more ‘by hand’ configuration [automation!]

Deploy services Once IGP, BGP and MPLS is in place, deploy services While this is probably the most exciting portion, it is omitted. See me for details. I have deployed or tested L2circuit [pseudowire] L2 E-VPN I have not deployed L3 VPN but it is similar to L2 E-VPN in config I have not deployed MPLS multicast

Keeping it running Use routing engine filters to protect protocols, not just your IGP. [IGP: OSPF, ISIS. MPLS: LDP, RSVP. BGP, BFD, IGMP, MSDP, PIM, VRRP. DNS, NTP] Monitoring At a minimum, track BGP NLRI counts and watch syslog. Configuration sanity management There are lots of config bits that need to align for this all to work well.

That’s all, folks FIN

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.