View
213
Download
0
Embed Size (px)
Citation preview
8/20/2019 MPLS-2015-CISCOLIVE
1/75
8/20/2019 MPLS-2015-CISCOLIVE
2/75
Introduction to MPLSBRKMPL-1100
Eric Osborne
Principal Engineer, Cisco
8/20/2019 MPLS-2015-CISCOLIVE
3/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Session Goals
Understand history and business drivers for MPLS Learn about MPLS customer and market segments
Understand the problems MPLS is addressing
Understand the major MPLS technology components
Understand typical MPLS applications
Understand benefits of deploying MPLS
Learn about MPLS futures; where MPLS is going
Objectives
8/20/2019 MPLS-2015-CISCOLIVE
4/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Agenda
Introduction MPLS Technology Basics
MPLS Layer-3 VPNs
MPLS Layer-2 VPNs
Advanced Topics
Summary
Topics
8/20/2019 MPLS-2015-CISCOLIVE
5/75
Introduction
8/20/2019 MPLS-2015-CISCOLIVE
6/75© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Intro
Involved in Internet networks since 1995
At cisco since 1998
– TAC, AS, DE
Co-Author, “Traffic Engineering with MPLS” (Cisco Press 2003)
Long-time IP/MPLS guy
About Me
8/20/2019 MPLS-2015-CISCOLIVE
7/75© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
What Is MPLS?
Multi Multi-Protocol: The ability to carry anypayload.
Have:IPv4, IPv6, Ethernet, ATM, FR.
Could do IPX, AppleTalk, DECnet, etc
etc.
Protocol
Label Uses Labels to tell a node what to dowith a packet; separates forwarding(hop by hop behavior) from routing
(control plane)
Switching Routing == IPv4 or IPv6 lookup.Everything else is Switching.
8/20/2019 MPLS-2015-CISCOLIVE
8/75© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
What is MPLS?
It’s all about labels …
Use the best of both worlds – Layer-2 (ATM/FR): efficient forwarding and traffic engineering
– Layer-3 (IP): flexible and scalable
MPLS forwarding plane – Use of labels for forwarding Layer-2/3 data traffic
– Labeled packets are being switched instead of routed Leverage layer-2 forwarding efficiency
MPLS control/signaling plane – Use of existing IP control protocols extensions + new protocols
to exchange label information Leverage layer-3 control protocol flexibility and scalability
Brief Summary
8/20/2019 MPLS-2015-CISCOLIVE
9/75© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Technology Comparison
IP Native Ethernet
Forwarding
Destination address based
Forwarding table learned
from control plane
TTL support
Destination address based
Forwarding table learned
from data plane
No TTL support
Forward
Control Plane Routing ProtocolsEthernet Loop avoidance
and signaling protocols
Ro
M
Packet Encapsulation IP Header 802.3 Header MP
QoS 8 bit TOS field in IP header 3-bit 802.1p field in VLAN tag 3 bit
OAM IP ping, traceroute E-OAM
Key Characteristics of IP, Native Ethernet, and MPLS
8/20/2019 MPLS-2015-CISCOLIVE
10/75© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Evolution of MPLSTechnology Evolution and Main Growth Areas
1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 20
Bring MPLS to Market
Complete base MPLS portfolio
Optimize MPLS for video
Optimpac
Cisco ships
MPLS
FirstL3VPNs
Deployed
First MPLS TE
Deployments
First L2VPN
Deployments
Large Scale
L3VPNDeployments
Large Scale
MPLS TEDeployments
Large ScaleL2VPN
Deployments
First LSM
Deployments
First
Dep
Evolved from tag switching in 1996 to full
IETF standard, covering over 130 RFCs Key application initially were Layer-3 VPNs,
followed by Traffic Engineering (TE),and Layer-2 VPNs
8/20/2019 MPLS-2015-CISCOLIVE
11/75
MPLS Technology Basics
8/20/2019 MPLS-2015-CISCOLIVE
12/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Topics
MPLS reference architecture
MPLS Labels
MPLS signaling andforwarding operations
MPLS Traffic Engineering
MPLS OAM
Basics of MPLS Signaling and Forwarding
Transport
MPLS Forwarding
IP/MPLS (LDP/RSVP-TE/BGP)
Layer-3 VPNs Layer-2 VPNs
Service (Clients)
8/20/2019 MPLS-2015-CISCOLIVE
13/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Reference Architecture
P (Provider) router
– Label switching router (LSR)
– Switches MPLS-labeled packets
PE (Provider Edge) router
– Edge router (LER)
– Imposes and removes MPLS
labels
CE (Customer Edge) router
– Connects customer network toMPLS network
Different Type of Nodes in a MPLS Network
MPLS Domain
CE
CE
Label switched traffic
P
P
P
P
PE
PE
8/20/2019 MPLS-2015-CISCOLIVE
14/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Labels
Labels used for makingforwarding decision
Multiple labels can be used forMPLS packet encapsulation
No limit on the number oflabels in a stack.
Outer label always used forswitching MPLS packets innetwork
Inner labels usually used forservices (e.g. L2/L3 VPN)
Label Definition and Encapsulation
TC = Traffic Class: 3 Bits; S = Bottom of Stack;
MPLS Label Stack Ent
MPLS Label Stack (1
MPLS Label Stack (2 la
Label = 20 bits T
LAN MAC Header Label, S=0
LAN MAC Header Label , S
8/20/2019 MPLS-2015-CISCOLIVE
15/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS QoS
MPLS label contains 3 TC bits
Used for packet classification andprioritization – Similar to Type of Service (ToS) field
in IP packet (DSCP values)
DSCP values of IP packet mappedinto TC bits of MPLS label – At ingress PE router
Most providers have defined 3–5service classes (TC values)
Different DSCP TC mappingschemes possible – Uniform mode, pipe mode, and short
pipe mode
QoS Marking in MPLS Labels
MPLS HeaderLayer-2 Header La
MPLS DiffServ Marking
in Traffic Class BitsIP
TC D
8/20/2019 MPLS-2015-CISCOLIVE
16/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Basic MPLS Forwarding Operations
Label imposition (Push)
– By ingress PE router; classify andlabel packets
– Based on Forwarding EquivalenceClass (FEC)
Label swapping – By P router; forward packets using
labels; indicates service class &destination
Label disposition (Pop) – By egress PE router; remove label
and forward original packet todestination CE
How Labels Are Being Used to Establish End-to-end Connectivity
CE
CE
PE
PE
Label Imposition
(Push)
Label Swap Label Swap
P
P
P
PL1
L2 L3
8/20/2019 MPLS-2015-CISCOLIVE
17/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (LSP) Setup and Traffic Forward
LSP signaling
– Either LDP* or RSVP – Leverages IP routing
– Routing table (RIB)
Exchange of labels
– Label bindings
– Downstream MPLS node advertises whatlabel to use to send traffic to node
MPLS forwarding
– MPLS Forwarding table (FIB)
MPLS Traffic Forwarding and MPLS Path (LSP) Setup
IP
Forwarding
Destination address
Forwarding table le
from control pla
TTL support
Control Plane OSPF, IS-IS, BG
Packet
EncapsulationIP Header
QoS 8 bit TOS field in IP
OAM IP ping, tracerou
* LDP signaling assumed for next the examples
8/20/2019 MPLS-2015-CISCOLIVE
18/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (LSP) Setup
LDP signaling
– Leverages existing routing
RSVP signaling
– Aka MPLS RSVP/TE
– Enables enhanced capabilities, such asFast ReRoute (FRR)
Can use both protocolssimultaneously
– They work differently, they solvedifferent problems
– Dual-protocol deployments are verycommon
Signaling Options
LDP
Forwarding path LSP
Forwarding
Calculation
Based on IP routing database
Shortest-Path based
Packet
EncapsulationSingle label
Signaling
By each node independently
Uses existing routing
protocols/information
8/20/2019 MPLS-2015-CISCOLIVE
19/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (LSP) Setup with LDP
Exchange of IP routes
– OSPF, IS-IS, EIGRP, etc.
Establish IPreachability
Step 1: IP Routing (IGP) Convergence
1
01
InLabel
Addr essPrefix
…
OutI’face
128.89 1
171.69 1
…
OutLabel
InLabel
AddressPrefix
…
OutI’face
128.89 0
171.69 1
…
OutLabel
InLa
You Can Reach 171.69 Thru Me
You Can Reach 128.89 and
171.69 Thru Me
Routing Updates
(OSPF, EIGRP, …)
You C
Forwarding Table Forwarding Table
0
1
1
8/20/2019 MPLS-2015-CISCOLIVE
20/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
IP Packet Forwarding Example
IP routing information
exchanged between nodes – Via IGP (e.g., OSFP, IS-IS)
Packets being forwardedbased on destination IPaddress
– Lookup in routing table (RIB)
Basic IP Packet Forwarding
0
1
1
128.89.25.4 Data
128.89.25.
128.89.25.4 Data
…
128.89
171.69
Addr ess I/F
1
1
…
128.89
171.69
Address I/F
0
1
ForwardingTable ForwardingTable
8/20/2019 MPLS-2015-CISCOLIVE
21/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (LSP) Setup with LDP
Local label mapping are sent to
connected nodes
Receiving nodes updateforwarding table
– Out label
LDP label advertisement
happens in parallel(downstream unsolicited)
Step 2: Assignment of Remote Labels
1
01
UUse Label 20 for 128.89 and
Use Label 21 for 171.69
Label Distribution
Protocol (LDP)(Downstream
All ocati on)
Use Label 36 fo r 171.69
InLabel Add ressPrefix
128.89
171.69
…
OutI’face
1
1
…
OutLabel InLabel AddressPrefix
128.89
171.69
…
OutI’face
0
1
…
OutLabel
20
21
…
-
-
…
30
36
…
20
21
…
Forwarding Table Forwarding Table
0
1
1
8/20/2019 MPLS-2015-CISCOLIVE
22/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Traffic Forwarding with LDP
Ingress PE node adds label
to packet (push) – Via forwarding table
Downstream node uselabel for forwardingdecision (swap)
– Outgoing interface – Out label
Egress PE removes labeland forwards originalpacket (pop)
Hop-by-hop Traffic Forwarding Using Labels
1
0
1
128.89.25.4 Data 128.89.25.4 Data20
128.89.230
Forwarding based on
Label
In
Label
Add ress
Prefix
128.89
171.69
…
Out
I’face
1
1
…
Out
Label
In
Label
Add ress
Prefix
128.89
171.69
…
Out
I’face
0
1
…
Out
Label
In
Labe
20
21
…
-
-
…
30
36
…
20
21
…
30
…
Forwarding Table Forwarding Table Fo
0
1
1
8/20/2019 MPLS-2015-CISCOLIVE
23/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Traffic Forwarding with LDP
Routing protocol distributes routes
LDP distributes labels that map to routes
Packets are forwarded using labels
…
So what?
…
MPLS’s benefit shows up later, in two places:
1. Divergence from IP routed shortest path
2. Payload-independent tunneling
Quick recap
8/20/2019 MPLS-2015-CISCOLIVE
24/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (RSVP) Setup
MPLS-TE lets you deviate from the IGP shortest-cost path
This gives you lots of flexibility around how you send traffic across
Three steps:
1. Information distribution
2. Path calculation
3. LSP signaling
8/20/2019 MPLS-2015-CISCOLIVE
25/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (RSVP) Setup
Flood link characteristics in the IGP
– Reservable bandwidth, link colors, otherproperties
IP/MPLS
8/20/2019 MPLS-2015-CISCOLIVE
26/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (RSVP) Setup
IGP: Find shortest (lowest
cost) path to all nodes.
TE: Per node, find the shortest(lowest cost) path whichmeets constraints.
Link with ins
Link with su
n
n
Find
shortest
path to R8with 8Mbps
IP/MPLS
53
10
15
10
10
8
R1
8/20/2019 MPLS-2015-CISCOLIVE
27/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Path (RSVP) Setup
Set up the calculated path using RSVP
(Resource ReSerVation Protocol)
Once labels are learned, they’reprogrammed just like LDP labels
– At the forwarding level, you can’t tell whetheryour label came from RSVP or LDP
– All the hard work is in the control plane
– No per-packet forwarding hit for any of this
IP/MPLSHead end
PATH
RESV
L=16
8/20/2019 MPLS-2015-CISCOLIVE
28/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS TE Fast ReRoute (FRR)
Steady state
– Primary tunnel: A → B → D → E
– Backup tunnel: B → C → D (pre-provisioned)
Failure of link between router Band D
Traffic rerouted over backuptunnel
Recovery time 50 ms – Actual Time Varies—Well Below 50 ms in Lab
Tests
Implementing Network Failure Protection Using MPLS RSVP/TE
Router D
Router C
Router A Router B
RouteRouter X
P
B
8/20/2019 MPLS-2015-CISCOLIVE
29/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS OAM
MPLS LSP Ping
– Used for testing end-to-end MPLS connectivity similar to IP ping – Can we used to validate reachability of LDP-signaled LSPs, TE tunnels, and PWs
MPLS LSP Trace – Used for testing hop-by-hop tracing of MPLS path similar to traceroute – Can we used for path tracing LDP-signaled LSPs and TE tunnels
MPLS LSP Multipath (ECMP) Tree Trace – Used to discover of all available equal cost LSP paths between PEs – Unique capability for MPLS OAM; no IP equivalent!
Auto IP SLA – Automated discovery of all available equal cost LSP paths between PEs – LSP pings are being sent over each discovered LSP path
Tools for Reactive and Proactive Trouble Shooting of MPLS Connect
8/20/2019 MPLS-2015-CISCOLIVE
30/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Summary
MPLS networks consist of PE routers at in/egress and P routers in
Traffic is encapsulated with label(s) at ingress (PE router)
Labels are removed at egress (PE router)
MPLS forwarding operations include label imposition (PUSH), swadisposition (POP)
LDP and RSVP can be used for signaling label mapping informatioan end-to-end Label Switched Path (LSP)
RSVP label signaling enables setup of TE tunnels, supporting enhengineering capabilities; traffic protection and path management
Key Takeaways
8/20/2019 MPLS-2015-CISCOLIVE
31/75
MPLS Virtual Private Networks
8/20/2019 MPLS-2015-CISCOLIVE
32/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Virtual Private Networks
Definition of MPLS VPN
service
Basic MPLS VPN deploymentscenario
Technology options
Topics
Transport
MPLS Forwarding
IP/MPLS (LDP/RSVP-TE/BGP)
Layer-3 VPNs Layer-2 VPNs
Service (Clients)
8/20/2019 MPLS-2015-CISCOLIVE
33/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
What Is a Virtual Private Network?
Set of sites which communicate with each other in a secure way
– Typically over a shared public or private network infrastructure
Defined by a set of administrative policies
– Policies established by VPN customers themselves (DIY)
– Policies implemented by VPN service provider (managed/unmanaged)
Different inter-site connectivity schemes possible
– Full mesh, partial mesh, hub-and-spoke, etc.
VPN sites may be either within the same or in different organizatio
– VPN can be either intranet (same org) or extranet (multiple orgs)
VPNs may overlap; site may be in more than one VPN
Definition
8/20/2019 MPLS-2015-CISCOLIVE
34/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS VPN: Build vs Buy?
To some people, “deploying MPLS VPN” means building your own
network
To some, it means “buying MPLS-based VPN services from a prov
Most of the heavy lifting is in building your own
Buying may or may not have any impact on your network
8/20/2019 MPLS-2015-CISCOLIVE
35/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS VPN Example
VPN policies
– Configured on PE routers (manualoperation)
VPN signaling – Between PEs
– Exchange of VPN policies
VPN traffic forwarding
– Additional VPN-related MPLS labelencapsulation
PE-CE link – Connects customer network to MPLS
network; either layer-2 or layer-3
Basic Building Blocks
Label Switched Traffic
P
P
PE
PE
CE
PE-CE
Link
P
P
CE
VPN
Policy
VPN
Policy
VPN Signaling
8/20/2019 MPLS-2015-CISCOLIVE
36/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS VPN Models
MPLS Layer-3 VPNs
– Peering relationship between CEand PE
MPLS Layer-2 VPNs
– Interconnect of layer-2 AttachmentCircuits (ACs)
Technology Options
MPLS VPN Models
• CE connecte
based conne
layer-2 type)
– Static rou
– PE-CE rou
eBGP, OS
• CE routing h
relationship
routers are p
routing
• PE routers m
specific rout
exchange cu
routing infor
MPLS LMPLS Layer-2 VPNs
Point-to-PointLayer-2 VPNs
Multi-PointLayer-2 VPNs
• CE
connected
to PE viap2p L2
connection
• CE-CE L2
connectivity
• CE-CE
routing; no
SP
involvement
• CE
connected to
PE viamp2mp
Ethernet
connection
• CE-CE L2
connectivity
• CE-CE
routing; no
SP
involvement
8/20/2019 MPLS-2015-CISCOLIVE
37/75
MPLS Layer-3 Virtual Private Networks
MPLS L 3 Vi t l P i t N t k
8/20/2019 MPLS-2015-CISCOLIVE
38/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Layer-3 Virtual Private Networks
Technology components
VPN control plane mechanisms
VPN forwarding plane
Deployment use cases
– Business VPN services
– Network segmentation
– Data Center access
Topics
Transport
MPLS Forwarding
IP/MPLS (LDP/RSVP-TE/BGP)
Layer-3 VPNs Layer-2 VPNs
Service (Clients)
MPLS L 3 VPN O i
8/20/2019 MPLS-2015-CISCOLIVE
39/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Layer-3 VPN Overview
VPN policies
– Separation of customer routing via virtual VPN routing table (VRF) – In PE router, customer interfaces are connected to VRFs
VPN signaling – Between PE routers: customer routes exchanged via BGP (MP-iBGP)
VPN traffic forwarding – Separation of customer VPN traffic via additional VPN label
– VPN label used by receiving PE to identify VPN routing table
PE-CE link – Can be any type of layer-2 connection (e.g., FR, Ethernet)
– CE configured to route IP traffic to/from adjacent PE router
– Variety of routing options; static routes, eBGP, OSPF, IS-IS
Technology Components
Vi t l R ti d F di I t
8/20/2019 MPLS-2015-CISCOLIVE
40/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Virtual Routing and Forwarding Instance
Virtual routing and forwarding table
– On PE router – Separate instance of routing (RIB) and
forwarding table
Typically, VRF created for eachcustomer VPN
– Separates customer traffic
VRF associated with one or morecustomer interfaces
VRF has its own routing instance forPE-CE configured routing protocols
– E.g., eBGP
Virtual Routing Table and Forwarding to Separate Customer Traffic
VRF
Blue
VRF
Green
CE
PE
CE
VPN 2
VPN 1
VPN R t Di t ib ti
8/20/2019 MPLS-2015-CISCOLIVE
41/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
VPN Route Distribution
Full mesh of BGP sessions
among all PE routers – Or BGP Route Reflector
(common)
Multi-Protocol BGP extensions(MP-iBGP) to carry VPN policies
PE-CE routing options – Static routes
– eBGP
– OSPF
– IS-IS
Exchange of VPN Policies Among PE Routers
Label Switched Traffic
P
P
PE
PE
CE
PE-CE
Link
P
P
CEP
P
Blue VRF
Red VRF
BGP Route Reflector
VPN Control Plane Processing
8/20/2019 MPLS-2015-CISCOLIVE
42/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
VPN Control Plane Processing
Make customer routes unique:
Route Distinguisher (RD):8-byte field, VRF parameters; unique value to make VPN IP routes
VPNv4 address: RD + VPN IP prefix
Selective distribute VPN routes:
Route Target (RT): 8-byte field, VRF parameter, unique value to dimport/export rules for VPNv4 routes
MP-iBGP: advertises VPNv4 prefixes + labels
VPN Control Plane Processing
8/20/2019 MPLS-2015-CISCOLIVE
43/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Blue VPN
VPN Control Plane Processing
1. CE1 redistribute IPv4 route to
PE1 via eBGP2. PE1 allocates VPN label for
prefix learnt from CE1 to createunique VPNv4 route
3. PE1 redistributes VPNv4 routeinto MP-iBGP, it sets itself as a
next hop and relays VPN siteroutes to PE2
4. PE2 receives VPNv4 routeand, via processing in localVRF (green), it redistributesoriginal IPv4 route to CE2
Interactions Between VRF and BGP VPN Signaling
BGP advertisement :
VPN-IPv4 Addr = RD:16.1/16
BGP Next-Hop = PE1
Route Target = 100:1Label=42
PPE1
eBGP:
16.1/16
PCE1
ip vrf blue-vpn
RD 1:100
route-target export
1:100
route-target import
1:100
VRF parameters:
Name = blue-vpnRD = 1:100
Import Route-Target = 100:1
Export Route-Target = 100:1
VPN Forwarding Plane Processing
8/20/2019 MPLS-2015-CISCOLIVE
44/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
VPN Forwarding Plane Processing
1. CE2 forwards IPv4 packet to PE2
2. PE2 imposes pre-allocated VPNlabel to IPv4 packet received fromCE2 Learned via MP-IBGP
3. PE2 imposes outer IGP label A(learned via LDP) and forwardslabeled packet to next-hopP-router P2
4. P-routers P1 and P2 swap outerIGP label and forward label packetto PE1 A->B (P2) and B->C (P1)
5. Router PE1 strips VPN label andIGP labels and forwards IPv4packet to CE1
Forwarding of Layer-3 MPLS VPN Packets
P1PE1 P2CE1
IGPLabel A
IPv4VPNv4Label
IGPLabel B
IPv4VPNv4Label
IGPLabel C
IPv4Packet
IPv4
Service Provider Deployment Scenario
8/20/2019 MPLS-2015-CISCOLIVE
45/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Service Provider Deployment Scenario
Deployment Use Case
– Delivery of IP VPN services tobusiness customers
Benefits – Leverage same network for
multiple services and customers(CAPEX) Highly scalable
– Service enablement onlyrequires edge nodeconfiguration (OPEX)
– Different IP connectivity can beeasily configured; e.g.,full/partial mesh
MPLS Layer-3 VPNs for Offering Layer-3 Business VPN Services
VPNCoreEdge Core
CPEE
Managed VPN Service
Unmanaged VPN Service
Network
SegmentCPE Edge
MPLS NodeCE PE
Typical
Platforms ASR1K
ISR/G2
ASR9K
7600
ASR1K
ASR903
ME3800X
Enterprise Deployment Scenario
8/20/2019 MPLS-2015-CISCOLIVE
46/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Enterprise Deployment Scenario
Deployment Use Case
– Segmentation of enterprisenetwork to provide selectiveconnectivity for specific usergroups and organizations
Benefits
– Network segmentation only
requires edge node configuration – Flexible routing; different IP
connectivity can be easilyconfigured; e.g., full/partial mesh
MPLS Layer-3 VPNs for Implementing Network Segmentation
VPNCoreEdge Core
AccessE
MPLS VPNs for L3 Network
Segmentation
Network
Segment Access Edge
MPLS Node CE PE
Typical
Platforms ASR1K
ISR/G2
7600
ASR1K
Data Center Deployment Scenario
8/20/2019 MPLS-2015-CISCOLIVE
47/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Data Center
Data Center Deployment Scenario
Deployment Use Case
– Segmented WAN Layer-3 atData Center edge
– Layer-3 segmentation in DataCenter
Benefits
– Only single Data Center edge
node needed for segmentedlayer-3 access
– Enables VLAN/Layer-2 scale (>4K)
MPLS Layer-3 VPNs for Segmented L3 Data Center Access and Inte
CoreDistribution Core Access
Top Of Rack
MPLS VPNs term
aggreg
Network
Segment
Distribut ion Core
MPLS Node CE or PE P or CE
Typical
Platforms
N7K
6500
N7K
6500
MPLS L3 VPN: Build vs buy?
8/20/2019 MPLS-2015-CISCOLIVE
48/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS L3 VPN: Build vs buy?
Key consideration: bringing SP into the customer’s routing domain
Easy to solve with BGP, the world’s only political routing protocol!
Also works with static routes: no dynamic handoff, no potential for mess
BGP and static are very popular
EIGRP, OSPF, RIP are also options
Summary
8/20/2019 MPLS-2015-CISCOLIVE
49/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Summary
MPLS Layer-3 VPNs provide IP connectivity among CE sites
– MPLS VPNs enable full-mesh, hub-and-spoke, and hybrid IP connectivity
CE sites connect to the MPLS network via IP peering across PE-C
MPLS Layer-3 VPNs are implemented via VRFs on PE edge node
– VRFs providing customer routing and forwarding segmentation
BGP used for signaling customer VPN (VPNv4) routes between PE
To ensure traffic separation, customer traffic is encapsulated in anVPN label when forwarded in MPLS network
Key applications are layer-3 business VPN services, enterprise nesegmentation, and segmented layer-3 Data Center access
Key Takeaways
8/20/2019 MPLS-2015-CISCOLIVE
50/75
MPLS Layer-2 Virtual Private Networks
MPLS Layer-2 Virtual Private Networks
8/20/2019 MPLS-2015-CISCOLIVE
51/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Layer 2 Virtual Private Networks
L2VPN technology options
P2P VPWS services (PWs) – Overview & Technology Basics
– VPN control plane
– VPN forwarding plane
MP2MP VPLS services – Overview & Technology Basics
– VPN control plane – VPN forwarding plane
Deployment use cases – L2 Business VPN services
– Data Center Interconnect
Topics
Transport
MPLS Forwarding
IP/MPLS (LDP/RSVP-TE/BGP)
Layer-3 VPNs Layer-2 VPNs
Service (Clients)
MPLS Layer-2 Virtual Private Networks
8/20/2019 MPLS-2015-CISCOLIVE
52/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS Layer 2 Virtual Private Networks
VPWS services
– Point-to-point – Referred to as Pseudowires
(PWs)
VPLS services
– Multipoint-to-Multipoint
EVPN – BGP-based mp2mp
PBB-EVPN
– Combines scale tools fromPBB with BGP learning fromEVPN
Technology Options
MPLS Layer-2 VPNs
Point-to-PointLayer-2 VPNs (VPWS)
Multipoint-to-Layer-2 V
VPLS
MPLS L2 VPN
8/20/2019 MPLS-2015-CISCOLIVE
53/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS L2 VPN
Started with p2p, but that doesn’t scale well
Many issues to solve with multipoint – Discovery: who do I talk to?
– Signaling: what label(s) do I send them?
– Learning: what MACs are at which sites?
– Connectivity: can CEs be multihomed? ECMP orredundancy?
Can solve in the control plane or in the dataplane
Control plane: BGP or LDP?
Data plane is often expensive
Why so many solutions?
Virtual Private Wire Services (VPWS)
8/20/2019 MPLS-2015-CISCOLIVE
54/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Virtual Private Wire Services (VPWS)
Based on IETF’s Pseudo-Wire(PW) Reference Model
Enables transport of any Layer-2traffic over MPLS
PE-CE link is referred to as Attachment Circuit (AC)
Provides a p2p service
Discovery: manual (config)
Signaling: LDP
Learning: data plane
Overview of Pseudowire (PW) Architecture
Label Switched Traffic
P
P
PE
PE
CE
Attachmen t
Circuit (AC)
P
P
CE
Pseudo-Wire 1
Pseudo-Wire 2
Emulated Layer-2 Service
Layer-2
Layer-2
VPWS Control Plane Processing
8/20/2019 MPLS-2015-CISCOLIVE
55/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
g
1. New Virtual Circuit (VC) cross-connect connects customer L2
interface (AC) to new PW via VC IDand remote PE ID
2. New targeted LDP session betweenPE1 and PE2 is established, in caseonedoes not already exist
3. PE binds VC label with customer
layer-2 interface and sends label-mapping to remote PE
4. Remote PE receives LDP labelbinding message and matches VCID with local configured VC cross-connect
Signaling of a New Pseudo-Wire
2 LDP session
3 Label Mapping M
1
4
PPE PCE
Emulated Layer-2 Service
VPWS Forwarding Plane Processing
8/20/2019 MPLS-2015-CISCOLIVE
56/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
g g
1. CE2 forwards L2 packet to PE2.
2. PE2 pushes VC (inner) label to L2packet received from CE2 – Optionally, a control word is added
as well (not shown)
3. PE2 pushed outer (Tunnel) labeland forwards packet to P2
4. P2 and P1 forward packet using
outer (tunnel) label (swap)5. Router PE2 pops Tunnel label and,
based on VC label, L2 packet isforwarded to customer interface toCE1, after VC label is removed – In case control word is used, new
layer-2 header is generated first
Forwarding of Layer-2 Traffic Over PWs
P1PE1 P2CE1
IGPLabel A
EthPWLabel
IGPLabel B
EthPWLabel
IGPLabel C
EthernetFrame
Eth
EVPN
8/20/2019 MPLS-2015-CISCOLIVE
57/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Provides mp2mp
Discovery: BGP, using MPLSVPN mechanisms (RT)
Signaling: BGP
Learning: Control plane (BGP)
Allows for multihomed CEs
PE
PE
CE2
CE1
Emulated Virtual Switch
BGP RR
BGP advertisement:
L2VPN/EVPN Addr = CE1.MAC
BGP Next-Hop = PE1
Route Target = 100:1
Label=42
PBB-EVPN
8/20/2019 MPLS-2015-CISCOLIVE
58/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Combines Provider Backbone
Bridging (802.1ah) with EVPN – Scales better than straight EVPN – Removes the need to flood all MAC
addresses in BGP
Provides mp2mp
Discovery: BGP, using MPLSVPN mechanisms (RT)
Signaling: BGP
Learning: Forwarding plane
Allows for multihomed CEs
PE
PE
CE2
CE1
Emulated Virtual Switch
BGP RR
BGP advertisement:
L2VPN/EVPN Addr = PE1.B-MAC
BGP Next-Hop = PE1
Route Target = 100:1
Label=42
CE-CE MAC addresses learned in the data pla
Service Provider Deployment Scenario
8/20/2019 MPLS-2015-CISCOLIVE
59/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
p y
Deployment Use Case
– Delivery of E-LINE services tobusiness customers
Benefits – Leverage same network for
multiple services andcustomers (CAPEX) Highly scalable
– Service enablement onlyrequires edge nodeconfiguration (OPEX)
PWs for Offering Layer-2 Business VPN Services
Network
SegmentCE PE
Typical
Platforms M3400 ASR901
ME3800X ASR903
ASR9K
PPE PCE
Layer-2 VPN Service
Data Center Deployment Scenario
8/20/2019 MPLS-2015-CISCOLIVE
60/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
y
Deployment Use Case
– E-LAN services for Data Centerinterconnect
Benefits
– Single WAN uplink to connect tomultipleData Centers
– Easy implementation ofsegmented layer-2 trafficbetween Data Centers
VPLS for Layer-2 Data Center Interconnect (DCI) Services
NetworkSegment
DC Edge Core
MPLS Node CE P
Typical
Platforms
ASR9K
7600
6500
CRS-1
ASR9K
Core
Core
Edge
Core
Core
DCEdge
Data Center
Summary
8/20/2019 MPLS-2015-CISCOLIVE
61/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
L2VPNs enable transport of any Layer-2 traffic over MPLS network
L2 packets encapsulated into additional VC label
Both LDP and BGP can be used L2VPN signaling
PWs suited for implementing transparent point-to-point connectivityLayer-2 circuits (E-LINE services)
VPLS suited for implementing transparent point-to-multipoint connbetween Ethernet links/sites (E-LAN services)
Typical applications of L2VPNs are layer-2 business VPN servicesCenter interconnect
Key Takeaways
8/20/2019 MPLS-2015-CISCOLIVE
62/75
Advanced Topics
MPLS And IPv6
8/20/2019 MPLS-2015-CISCOLIVE
63/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
MPLS allows IPv6 to be
deployed as an edge-onlyservice, no need to run v6 in thecore
– Easier to deploy
– Security mechanism
6PE: All IPv6 can see each
other (single VPN) – IPv6+label (no RD, no RT)
6VPE: Separate IPv6 VPNs
– VPNv6, includes RD and RT
IPv6 Support for Native MPLS Deployments and MPLS Layer-3 Serv
P6PE PCE
IPv6 IPv4 MPLS
P6VPE PCE
IPv6 IPv4 MPLS
Label Switched Multicast (LSM)
8/20/2019 MPLS-2015-CISCOLIVE
64/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
What is Label Switched Multicast? – MPLS extensions to provide
P2MP connectivity – RSVP extensions and multicast LDP
Why Label-Switched Multicast? – Enables MPLS capabilities, which
can not be applied to IP multicasttraffic (e.g., FRR)
Benefits of Label-SwitchedMulticast – Efficient IP multicast traffic
forwarding
– Enables MPLS traffic protection andBW control of IP multicast traffic
Point-to-Multi-Point MPLS Signaling and Connectivity
IP/MPLS
Uni-Direction
LSP
IP/MPLS
P2MP or MP2
LSP Tree
MPLS /IP
Label Switched
Multicast (LSM)
MPLS Transport Profile (TP)
8/20/2019 MPLS-2015-CISCOLIVE
65/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
What is MPLS TP? – Point-to-point static LSPs which are co-
routed – Bi-directional TP tunnel
Why MPLS TP? – Migration of TDM legacy networks often
assume continuation of connection-oriented operations model
– MPLS TP enables packet-basedtransport with connection-orientedconnectivity
Benefits of MPLS TP – Meets transport-oriented operations
requirements – Enables seamless migration to dynamic
MPLS
Bi-Directional MPLS Tunnel Extensions For Transport Oriented Conn
Transport
MPLS Forwarding
IP/MPLS(LDP/RSVP-TE/BGP) MPL(Static/R
PPE PCE
Bi-Directional
MPLS TP Tunnel
Futures
8/20/2019 MPLS-2015-CISCOLIVE
66/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
New MPLS Developments on the Horizon
MPLS and Cloud
IntegrationVPN Data Center
Integration
MPLS Multilayer
OptimizatonTE+TP+RSVP+GMPLS
Global OptimizationS-PCE/SDN
Control Plane
ReductionSegment Routing
8/20/2019 MPLS-2015-CISCOLIVE
67/75
Summary
Summary
8/20/2019 MPLS-2015-CISCOLIVE
68/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
It’s all about labels … – Label-based forwarding and protocol for label exchange
– Best of both worlds … L2 deterministic forwarding and scale/flexible L3 s
Key MPLS applications are end-to-end VPN services – Secure and scalable layer 2 and 3 VPN connectivity
MPLS supports advanced traffic engineering capabilities – QoS, bandwidth control, and failure protection
MPLS is a mature technology with widespread deployments – Defacto for most SPs, large enterprises, and increasingly in Data Center
Ongoing technology evolution – IPv6, optimized video transport, TP transport evolution, and cloud integra
Key Takeaways
Consider MPLS When …D i i C it i
8/20/2019 MPLS-2015-CISCOLIVE
69/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Is there a need for network segmentation? – Segmented connectivity for specific locations, users, applications, etc.
Is there a need for flexible connectivity? – E.g., Flexible configuration of full-mesh or hub-and-spoke connectivity
Is there a need for implementing/supporting multiple (integrated) se – Leverage same network for multiple services
Are there specific scale requirements? – Large number of users, customer routes, etc.
Is there a need for optimized network availability and performance? – Node/link protection, pro-active connectivity validation
– Bandwidth traffic engineering and QoS traffic prioritization
Decision Criteria
Cisco Live 2013MPLS S i
8/20/2019 MPLS-2015-CISCOLIVE
70/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
BRKMPL-1100 Introduction to MPLS
BRKMPL-2100 Deploying MPLS Traffic Engineering
BRKMPL-2101 Deploying MPLS-based Layer 2 Virtual Private Networks BRKMPL-2102 Deploying MPLS-based IP VPNs
BRKMPL-2108 Designing MPLS in Next Generation Data Center: A Case Study
BRKMPL-2109 MPLS Solutions for Cloud Networking
BRKMPL-2333 E-VPN & PBB-EVPN: the Next Generation of MPLS-based L2VPN
BRKMPL-3010 Generalized MPLS - Introduction and Deployment
BRKMPL-3101 Advanced Topics and Future Directions in MPLS
LTRMPL-2102 Enterprise Network Virtualization using IP and MPLS Technologie LTRMPL-3100 Unified MPLS Lab
LTRMPL-3102 Enterprise Network Virtualization using IP and MPLS Technologie
PNLSPG-3999 Transport Evolution in SP Core Networks
TECMPL-3100 Unified MPLS - An architecture for Advanced IP NGN Scale
TECMPL-3200 SDN WAN Orchestration in MPLS and Segment Routing Network
MPLS Sessions
Terminology ReferenceA U d i MPLS R f A hit t
8/20/2019 MPLS-2015-CISCOLIVE
71/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Terminology Description
AC Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE.
AS Autonomous System (a Domain)
CoS Class of Service
ECMP Equal Cost Multipath
IGP Interior Gateway Protocol
LAN Local Area Network
LDP Label Distribution Protocol, RFC 3036.
LER Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains.
LFIB Labeled Forwarding Information Base
LSP Label Switched Path
LSR Label Switching Router
NLRI Network Layer Reachability Information
P Router An Interior LSR in the Service Provider's Autonomous System
PE Router An LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Back
PSN Tunnel Packet Switching Tunnel
Acronyms Used in MPLS Reference Architecture
Terminology ReferenceAcronyms Used in MPLS Reference Architecture
8/20/2019 MPLS-2015-CISCOLIVE
72/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Terminology Description
Pseudo-Wire A Pseudo-Wire Is a Bidirectional “Tunnel" Between Two Features on a Switching Path.
PWE3 Pseudo-Wire End-to-End Emulation
QoS Quality of Service
RD Route Distinguisher
RIB Routing Information Base
RR Route Reflector
RT Route Target
RSVP-TE Resource Reservation Protocol based Traffic Engineering
VPN Virtual Private Network
VFI Virtual Forwarding Instance
VLAN Virtual Local Area Network
VPLS Virtual Private LAN Service
VPWS Virtual Private WAN Service
VRF Virtual Route Forwarding Instance
VSI Virtual Switching Instance
Acronyms Used in MPLS Reference Architecture
Further ReadingMPLS References at Cisco Press and cisco com
8/20/2019 MPLS-2015-CISCOLIVE
73/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
http://www.cisco.com/go/mpls
http://www.ciscopress.com
MPLS and VPN Architectures — Cisco Press®
– Jim Guichard, Ivan Papelnjak
Traffic Engineering with MPLS — Cisco Press®
– Eric Osborne, Ajay Simha
Layer 2 VPN Architectures — Cisco Press®
– Wei Luo, Carlos Pignataro, Dmitry Bokotey, and Anthony Chan
MPLS QoS — Cisco Press ®
– Santiago Alvarez
MPLS References at Cisco Press and cisco.com
Complete Your Online Session Evaluation
http://www.cisco.com/go/mplshttp://www.ciscopress.com/http://www.ciscopress.com/http://www.cisco.com/go/mpls
8/20/2019 MPLS-2015-CISCOLIVE
74/75
© 2013 Cisco and/or its affiliates. All rights reserved.BRKMPL-1100 Cisco Public
Maximize your Cisco Live exp
free Cisco Live 365 account. D
PDFs, view sessions on-dema
live activities throughout the y
Cisco Live 365 button in your
log in.
Give us your feedback andyou could win fabulous prizes.Winners announced daily.
Receive 20 Cisco Daily Challengepoints for each session evaluationyou complete.
Complete your session evaluationonline now through either the mobileapp or internet kiosk stations.
8/20/2019 MPLS-2015-CISCOLIVE
75/75