Download presentation
Presentation is loading. Please wait.
1
Using MPLS/VPN for Policy Routing
Walt Prue With Significant Help From Ken Lindahl and Jim Warner Sponsored by CENIC (Corporation for Education Network Initiatives in California 9/17/2018
2
Introduction Cisco suggested MPLS/VPN as a possible solution to CENIC’s policy routing needs. CENIC needs to know if it will scale to the requirements of the network. 9/17/2018
3
Agenda Define Problem Examine Cisco’s ability to solve our problem
Viability of Cisco’s solution Junipers Compatibility with Cisco’s MPLS/VPN 9/17/2018
4
Overview Does it scale to 100,000+ routes?
Can the existing equipment be used? Can it be maintained? Can CENIC introduce technology with minimal disruption? Can Junipers play too? 9/17/2018
5
Vocabulary MPLS (MultiProtocol Label Switching)
VPN (Virtual Private Network) VRF (VPN Routing and Forwarding) PE (Provider Edge) router P (Provider) router CE (Customer Edge) router 9/17/2018
6
MPLS Label Exp S TTL P PE PE P Tag in Tag out I/F out 1 55 4 … 14 23 2
IP 14 IP P IP 23 PE IP 17 PE IP Tag in Tag out I/F out 1 55 4 … 14 23 2 - 17 … 9 72 1 I/F out Tag out Tag in P 1 17 23 … 7 44 I/F out Tag out Tag in 9/17/2018
7
MPLS Issues MPLS over ethernet MTU discovery TTL
Traceroute Across MPLS Enabled Net MPLS and ATM 9/17/2018
8
MPLS/VPN Route Nexthop 10.1.1.0 10.1.1.1 192.168.6.0 128.2.0.0
PE PE ip vrf cust-a rd 1:100 route-target export 1:100 route-target import 1:100 cust-a VRF BGP Table Route Nexthop route RD 1:100 1.100 9/17/2018
9
Policy Routing on CENIC
ISP-B ISP-A Cisco SB CIT SB Campus CIT Campus ESnet UCLA Campus UCLA USC USC Campus 9/17/2018
10
Routing Connectivity Matrix
9/17/2018
11
Cisco’s MPLS/VPN Current rel. 12 software can’t support 100,000 routes
Engine 1 gigabit ethernet ports couldn’t support MPLS/VPN MPLS/VPN doesn’t currently support multicast Cisco can forward MPLS traffic at near OC-12 line rates with engine 0 line cards A workaround solution exists for multicast and 100,000 routes problem Use 803.1Q for virtual ports on Gig-e I/F 9/17/2018
12
Configuring and Maintaining MPLS/VPN
Configuring and syntax was straight forward (see below) Troubleshooting was reasonable but a bit different than net engineers are used to Installing on existing network would be disruptive Each campus would need two logical ports for access to multicast and ISP service (use to reduce installation disruption ) Cisco has MPLS/VPN Tools Available 9/17/2018
13
Syntax (Global) ip vrf VPN-A rd 52:1 route-target import 12334:1
route-target export 52:1 route-target import 52:1 9/17/2018
14
Per CE I/F interface serial0 ip vrf forarding VPN-A
ip address 9/17/2018
15
Per Trunk I/F interface serial4/0/0 ip mpls
mpls label-distribution ldp ip address Or globally as: mpls label protocol ldp 9/17/2018
16
Routing router bgp 11422 no bgp default ipv4-unicast
neighbor remote-as 11422 neighbor update-source loopback0 ... 9/17/2018
17
Routing (cont.) address-family ipv4 vrf VPN-A
neighbor remote-as 52 neighbor activate no auto-summary no syncronization exit-address-family address-family vpnv4 neighbor activate neighbor send-community extended exit address-family 9/17/2018
18
Junipers and MPLS/VPN Compatible if LDP used instead of TAG distribution A bit more complex to configure Can handle 200,000+ routes Can forward at OC-12 Line Rates 9/17/2018
19
Summary MPLS/VPN can be used to solve our policy routing problems
Ciscos can’t do MPLS/VPN with full routes or supporting multicast today With a modified network design MPLS/VPN may be our solution 9/17/2018
20
Where to Get More Information
RFC2547 BGP/MPLS VPNs RFC 3031 Muliprotocol Label Switching Architecture MPLS and VPN Architectures – Cisco Press Juniper Documentation CD-ROM Release 5.0 9/17/2018
Similar presentations
