Presentation is loading. Please wait.

Presentation is loading. Please wait.

Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Published byKatrina Tapp Modified over 9 years ago

Similar presentations

Presentation on theme: "Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe"— Presentation transcript:

1 Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe havalos@juniper.net

2 Juniper Networks, Inc. Copyright © 2000 2 Agenda: L2 MPLS VPNs  VPNs Overview  Provider-provisioned L2 MPLS VPNs  Taxonomy  Operational Model  Conclusion

3 Juniper Networks, Inc. Copyright © 2000 3 What is a VPN?  A private network constructed over a shared infrastructure  Virtual: not a separate physical network  Private: separate addressing and routing  Network: a collection of devices that communicate  Policies are key—global connectivity is not the goal Shared Infrastructure Shared Infrastructure Mobile Users and Telecommuters Remote Access Branch Office Corporate Headquarters Suppliers, Partners and Customers Intranet Extranet

4 Juniper Networks, Inc. Copyright © 2000 4 Deploying VPNs in the 1990s  Operational model  PVCs overlay the shared infrastructure (ATM/Frame Relay)  Routing occurs at customer premise  Benefits  Mature technologies  Relatively “secure”  Service commitments (bandwidth, availability, and more)  Limitations  Scalability, provisioning and management  Not a fully integrated IP solution Provider Frame Relay Network CPE DLCI FR Switch DLCI FR Switch

5 Juniper Networks, Inc. Copyright © 2000 5 Traditional (Layer 2) VPNs Router Frame Relay/ ATM Switch

6 Juniper Networks, Inc. Copyright © 2000 6 Improving Traditional Layer 2 VPNs  Decouple edge (customer-facing) technology from core technology  Have a single network infrastructure for all desired services  Internet  L3 MPLS VPNs  L2 MPLS VPNs  Simplify provisioning  Appropriate signaling mechanisms for VPN auto- provisioning

7 Juniper Networks, Inc. Copyright © 2000 7 VPN Classification Model  Customer-managed VPN solutions (CPE-VPNs)  Layer 2: L2TP and PPTP  Layer 3: IPSec  Provider-provisioned VPN solutions (PP-VPNs)  Layer 3: MPLS-Based VPNs (RFC 2547bis)  Layer 3: Non-MPLS-Based VPNs (Virtual Routers)  Layer2: MPLS VPNs PE CPE Subscriber Site 3 PP-VPN Subscriber Site 2 CPE PE VPN Tunnel CPE PE CPE CPE-VPN VPN Tunnel Subscriber Site 1 Subscriber Site 3 Subscriber Site 2 VPN Tunnel VPN Tunnel Subscriber Site 1

8 Juniper Networks, Inc. Copyright © 2000 8 PP-VPNs: Layer 2 Classification  Service Provider delivers Layer 2 circuit IDs (DLCI, VPI/VCI, 802.1q vlan) to the customer  One for each reachable site  Customer maps their own routing architecture to the circuit mesh  Provider router maps the circuit ID to a Label Switched Path (LSP) to traverse the provider core  Customer routes are transparent to provider routers  Provider-provisioned L2 MPLS VPN Internet drafts  draft-kompella-mpls-l2vpn-02.txt  draft-martini-l2circuit-encap-mpls-01.txt

9 Juniper Networks, Inc. Copyright © 2000 9 Agenda: L2 MPLS VPNs  Overview of VPNs  Provider-provisioned L2 MPLS VPNs  Taxonomy  Operational Model  Conclusion

10 Juniper Networks, Inc. Copyright © 2000 10 Customer Edge Routers  Customer Edge (CE) routers  Router or switch device located at customer premises providing access to the service provider network  Layer 2 (FR, ATM, Ethernet) and Layer 3 (IP, IPX, SNA …) independence of the service provider network  CEs within a VPN, uses the same L2 technology to access the service provider network  Requires a sub-interface per CE it needs to interconnect to within the VPN  Maintains routing adjacencies with other CEs within the VPN CE P P PECE Customer Edge CE PE VPN A VPN B PE ATM FR ATM FR VPN Site

11 Juniper Networks, Inc. Copyright © 2000 11 Provider Edge Routers  Provider Edge (PE) routers  Maintain site-specific VPN Forwarding Tables  Exchange VPN Connection Tables with other PE routers using MP-IBGP or LDP  Use MPLS LSPs to forward VPN traffic CE P P PECE PE VPN A VPN B PE Provider Edge ATM FR ATM FR

12 Juniper Networks, Inc. Copyright © 2000 12 CE P P PECE PE VPN A VPN B PE Provider Routers  Provider (P) routers  Forward data traffic transparently over established LSPs  Do not maintain VPN-specific forwarding information Provider Routers ATM FR ATM FR

13 Juniper Networks, Inc. Copyright © 2000 13 VPN Forwarding Tables (VFT) P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 VPN B Site 1 PE 1 PE 3 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P A VFT is created for each site connected to the PE OSPF ATM  Each VFT is populated with:  The forwarding information provisioned for the local CE sites  VPN Connection Tables received from other PEs via iBGP or LDP

14 Juniper Networks, Inc. Copyright © 2000 14 Site 1 Site 2 Site 1 Site 2 VPN Connection Tables (VCT) PE-2 CE-4 PE-1 CE-2 CE-1 VFT  The VCT is a subset of information hold by the VFT  VCTs are distributed by the PEs via iBGP or LDP A VCT is distributed for each VPN site to PEs MP-iBGP session / LDP

15 Juniper Networks, Inc. Copyright © 2000 15 L2 VPN Provisioning  Provisioning the network  Provisioning the CEs  Provisioning the VPN (PEs)  VPN Connection Table Distribution Assumption: access technology is Frame Relay (other cases are similar)

16 Juniper Networks, Inc. Copyright © 2000 16 Provisioning the Network P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 VPN B Site 1 PE 1 PE 3 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P OSPF ATM  PE-to-PE LSPs pre-established via  RSVP-TE  LDP  LDP over RSPV-TE tunneling  LSPs used for many services: IP, L2 VPN, L3 VPN, …  Provisioned independent of Layer 2 VPNs

17 Juniper Networks, Inc. Copyright © 2000 17 Provisioning Customer Sites  List of DLCIs: one for each site, some spare for over-provisioning  DLCIs independently numbered at each site  LMI, inverse ARP and/or routing protocols for auto-discovery and learning addresses  No changes as VPN membership changes  Until over-provisioning runs out CE-4 DLCIs 63 75 82 94 CE-4 Routing Table InOut DLCI 63 10/8 DLCI 7520/8 DLCI 8230/8 DLCI 94-

18 Juniper Networks, Inc. Copyright © 2000 18 Provisioning CE’s at the PE  A VFT is provisioned at each PE for each CE  VPN-ID : unique value within the service provider network  CE-ID : unique value in the context of a VPN  CE Range : maximum number of CEs that it can connect to  Sub-interface list : set of local sub-interface IDs assigned for the CE-PE connection CE 4 VFT VPN ID CE ID RED VPN 4 CE Range 4 Sub-int IDs 63 75 82 94

19 Juniper Networks, Inc. Copyright © 2000 19 Provisioning CE’s at the PE  A VFT is provisioned at each PE for each CE  VPN-ID : unique value within the service provider network  CE-ID : unique value in the context of a VPN  CE Range : maximum number of CEs that it can connect to  Sub-interface list : set of local sub-interface IDs assigned for the CE-PE connection  Label-base : Label assigned to the first sub-interface ID  The PE reserves N contiguous labels, where N is the CE Range CE 4 VFT VPN ID CE ID RED VPN 4 CE Range 1000 4 Label Base Sub-int IDs 63 75 82 94 CE 4 VCT

20 Juniper Networks, Inc. Copyright © 2000 20 Site 1 Site 2 Site 1 Site 2 Provisioning CE’s at the PE PE-2 CE-4 PE-1 CE-2 CE-1 VFT CE 4 VFT VPN ID CE ID RED VPN 4 CE Range Label base 4 Sub-int IDs 63 75 82 94 1000 1001 1002 1003 Label used by CE 1 to reach CE 4 1001 Label used by CE 2 to reach CE 4 1002 Label used by CE 0 to reach CE 4 1000 FR CE 4 ‘s DLCI to CE 0 63 CE 4 ‘s DLCI to CE 1 75 CE 4 ‘s DLCI to CE 2 82 CE 4 ‘s DLCI to CE 3 94  PE-2 is configured with the CE4 VFT Label used by CE 3 to reach CE 4 1003

21 Juniper Networks, Inc. Copyright © 2000 21 Distributing VCTs  Key: signalling using LDP or MP-iBGP  Auto-discovery of members  Auto-assignment of inter-member circuits  Flexible VPN topology  O(N) configuration for the whole VPN  Could be more for complex topologies  O(1) configuration to add a site  “Overprovision” DLCIs (sub-interfaces) at customer sites

22 Juniper Networks, Inc. Copyright © 2000 22 Site 1 Site 2 Site 1 Site 2 Distributing VCTs  PE-1 accepts PE-2’s CE 4 VCT PE-2 CE-4 PE-1 CE-2 CE-1 VFT FR Label used by CE 2 to reach CE 4 1002 MP-iBGP session / LDP CE 4 VCT update VPN ID CE ID RED VPN 4 CE Range Label base 4 1000 CE 4 VCT update VPN ID CE ID RED VPN 4 CE Range Label base 4 1000

23 Juniper Networks, Inc. Copyright © 2000 23 Site 1 Site 2 Site 1 Site 2 Updating VFTs  PE-1 update its CE 2 VFT PE-2 CE-4 PE-1 CE-2 CE-1 VFT FR DLCI 82 FR DLCI 414 CE 2 VFT CE ID Inner Label Sub-int IDs Label used to reach CE 4 1002 107 209 265 414 1 2 3 4 5020 7500 9350

24 Juniper Networks, Inc. Copyright © 2000 24 Site 1 Site 2 Site 1 Site 2 Updating VFTs  PE-1 update its CE 2 VFT PE-2 CE-4 PE-1 CE-2 CE-1 VFT CE 2 VFT CE ID Inner Label Sub-int IDs LSP to PE-2 500 107 209 265 414 1 2 3 4 5020 7500 9350 1002 Outer Label FR DLCI 82 FR DLCI 414

25 Juniper Networks, Inc. Copyright © 2000 25 Site 1 Site 2 Site 1 Site 2 Data Flow  The CE-2 sends packets to the PE via the DLCI which connects to CE-4 (414) PE-2 CE-4 PE-1 CE-2 CE-1 VFT DLCI 82 DLCI 414 packet DLCI 414

26 Juniper Networks, Inc. Copyright © 2000 26 Site 1 Site 2 Site 1 Site 2 Data Flow  The DLCI number is removed by the ingress PE  Two labels are derived from the VFT sub-interface lookup and “pushed” onto the packet  Outer IGP label  Identifies the LSP to egress PE router  Derived from core’s IGP and distributed by RSVP or LDP  Inner site label  Identifies outgoing sub-interface from egress PE to CE  Derived from MP-IBGP/LDP VCT distributed by egress PE PE-2 CP-4 PE-1 CE-2 CE-1 PE-1 1) Lookup DLCI in Red VFT 2) Push VPN label (1002) 3) Push IGP label (500) VFT DLCI 82 Packet site label (1002) IGP label (500)

27 Juniper Networks, Inc. Copyright © 2000 27 Site 1 Site 2 10.1/16 Site 1 Site 2 Data Flow  After packets exit the ingress PE, the outer label is used to traverse the LSP  P routers are not VPN-aware PE-2 CPE-4 PE-1 CE-2 CE-1 VFT Packet site label (1002) IGP label (z) DLCI 82 DLCI 414

28 Juniper Networks, Inc. Copyright © 2000 28 Site 1 Site 2 10.1/16 Site 1 Site 2 Data Flow  The outer label is removed through penultimate hop popping (before reaching the egress PE) PE-2 CE-4 PE-1 CE-2 CE-1 Penultimate Pop top label VFT Packet site label (1002) DLCI 82 DLCI 414

29 Juniper Networks, Inc. Copyright © 2000 29 Site 1 Site 2 Site 1 Site 2 Data Flow  The inner label is removed at the egress PE  The egress PE does a label lookup to find the corresponding DLCI value  The native Frame Relay packet is sent to the corresponding outbound sub-interface PE-2 CE-4 PE-1 CE-2 CE-1 VFT DLCI 82 DLCI 414 packet DLCI 82

30 Juniper Networks, Inc. Copyright © 2000 30 VPN Topologies  Arbitrary topologies are possible:  full mesh  hub-and-spoke  BGP communities are used to configure VPN topologies when using BGP signaling  “Connectivity” parameter serves similar purpose in LDP signaling

31 Juniper Networks, Inc. Copyright © 2000 31 Conclusions

32 Juniper Networks, Inc. Copyright © 2000 32 A Range of VPN Solutions  Each customer has different  Security requirements  Staff expertise  Tolerance for outsourcing  Customer networks vary by size and traffic volume  Providers also have different preferences concerning  Extensive policy management  Inclusion of customer routes in backbone routers  Approaches to managed service

33 Juniper Networks, Inc. Copyright © 2000 33 MPLS-Based Layer 2 VPNs  MPLS-based Layer 2 VPNs are identical to Layer 2 VPNs from customers’ perspective  Familiar paradigm  Layer 3 independent  Provider not responsible for routing  No hacks for OSPF  Rely on SP only for connectivity  MPLS transport in provider network  Decouples edge and core Layer 2 technologies  Multiple services over single infrastructure  Single network architecture for both Internet and VPN services  Label stacking  Provision once, and use same LSP for multiple purposes  Auto-provisioning VPN

34 Juniper Networks, Inc. Copyright © 2000 34 MPLS-based Layer 2 VPNs: Advantages  Subscriber  Outsourced WAN infrastructure  Easy migration from existing Layer 2 fabric  Can maintain routing control, or opt for managed service  Supports any Layer 3 protocol  Supports multicast  Provider  Complements RFC 2547bis  Operates over the same core, using the same outer LSP  Existing Frame Relay and ATM VPNs can be collapsed onto a single IP/MPLS infrastructure  Label stacking allows multiple services over a single LSP  No scalability problems associated with storing numerous customer VPN routes  Simpler than the extensive policy-based configuration used with 2547

35 Juniper Networks, Inc. Copyright © 2000 35 MPLS-based Layer 2 VPNs: Disadvantages  Circuit type (ATM/FR) to each VPN site must be uniform  Managed network service required for provider revenue opportunity  Customer must have routing expertise (or opt for managed service)

36 Juniper Networks, Inc. Copyright © 2000 36 Layer 2 MPLS-based VPNs Application  Customer profile  High degree of IP expertise  Desire to control their own routing infrastructure  Prefer to outsource tunneling  Large number of users and sites  Provider profile  MPLS deployed in the core  Migrating an existing ATM or Frame Relay network  Offers CPE managed service, or  Provisions only the layer 2 circuits at a premium cost  Layer 2 MPLS-based VPNs are ideal for this customer profile

37 Juniper Networks, Inc. Copyright © 2000 37 http://www.juniper.net Thank you!

Download ppt "Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe"

Similar presentations

Virtual Links: VLANs and Tunneling

Virtual Links: VLANs and Tunneling
APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
AT&T Multi-protocol Label Switching Private Network Transport Service (MPLS PNT) National Communications Tel: 866-624-2008 Email: Sales@nationalcommunicationsgroup.com.

AT&T Multi-protocol Label Switching Private Network Transport Service (MPLS PNT) National Communications Tel:
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing the MPLS VPN Routing Model.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.

Virtual Private Networks COSC541 Project Jie Qin & Sihua Xu October 11, 2014.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 E-VPN and Data Center R. Aggarwal
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
Provider Provisioned Virtual Private Networks Wing C. Lau Performance Analysis Department Bell Labs, Lucent Technologies Holmdel, New Jersey Dec. 6. 2002.

Provider Provisioned Virtual Private Networks Wing C. Lau Performance Analysis Department Bell Labs, Lucent Technologies Holmdel, New Jersey Dec
Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley

Leading Edge Routing MPLS Enhancements to Support Layer 2 Transport Services Jeremy Brayley
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,

All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs draft-ietf-l3vpn-2547bis-mcast-00.txt.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs draft-ietf-l3vpn-2547bis-mcast-00.txt.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—2-1 Label Assignment and Distribution Introducing Typical Label Distribution in Frame-Mode MPLS.
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer
IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

IPv4 and IPv6 Mobility Support Using MPLS and MP-BGP draft-berzin-malis-mpls-mobility-00 Oleg Berzin, Andy Malis {oleg.berzin,

Similar presentations

Ads by Google