MPLS AN 9mei2017-widenative ATM, SONET, Frame Relay and Ethernet frames, but also Pseudo Wires (PW), VPLS, IP VPNs; •Label Switched Paths are similar to circuit-switched paths (virtual

MPLS etc..

9 May 2017 AN

MPLS is not alone

Multi-Protocol Label Switching

MPLS-TE

MPLS-TP

RSVP-TE

PBB-TE

LSP

FEC

LDP

MP-BGP

VPLS

GMPLSMPƛS

OSPF-TE

ISIS-TE

T-MPLS

LABEL

TAG

PCEP

SR

H-VPLS

...because its techniques are applicable to ANY network layer protocol.

• It was designed to provide a unified data-carrying service for both circuit-based clients and packet-switching clients which provide a datagram service model; (converged networks)

• It can be used to carry many different kinds of traffic, including IP packets, as well as native ATM, SONET, Frame Relay and Ethernet frames, but also Pseudo Wires (PW), VPLS, IP VPNs;

•Label Switched Paths are similar to circuit-switched paths (virtual circuit) in ATM or FR networks, except not dependent on particular Layer-2 technology;


AToM

Label switching idea brilliant innovation?

• Back then ATM was popular, only encapsulations for flow over ATM were defined

• ATM did not become the big hit and is mostly replaced now by IP/Ethernet devices

Multi-Protocol SwitchingLabel

•Next Cisco came with Tag Switching (1997); •This was brought to the IETF for open standardisation; •IETF working group involved other vendors and MPLS was defined; •Tag renamed to Label;

Really: • Back then traffic was growing faster than router vendor

and service providers could keep up with;

• Existing routing equipment was very expensive; • performance was not enough (no in hardware forwarding

of packets);

• Fixed length label lookup was faster;

SwitchingMulti-Protocol Label

RFC-3031: Multiprotocol Label Switching Architecture [June 2001]

•ATM switches offered higher-speed interfaces and faster forwarding; •ISPs were building backbones with ATM switches and routers as edge devices; •That required building full-mesh networks and that's a lot of configuration and difficult

management; •Vendors were trying to implement tighter integration between router and ATM switch

control planes;

Label idea comes from "label swapping" in Frame Relay, ATM.

★edge device of MPLS network applies tag

★tag switch forwards according to label swapping table (pre-established)

★edge device removes tag and forwards packet

Basically:

•It was invented for fast(er) “routing" (more like L2 switching); • IDEA: Each flow might be special but numerous flows share the same forwarding behaviour; •All packets with same label follow the same path; •Fixed length label lookup is faster than longest match lookups;

MPLS is sometimes called: Layer 2.5 protocol

Applications

TCP UDP SCTP, MPTCP, DCCP, …

MPLS

Ethernet

Physical

ATM FR PPP…

IP

Routing vs Switching

•Switch switches within the subnet/within the network •Router routes between the networks

•Switching makes packet (frame) forwarding decisions based on layer 2 data

[MAC address]

•Routing makes packet forwarding decision based on layer 3 data [IP address]

Switches switch and Routers route….

Bridges??Forwarding??

Gateways??

recursive lookup - to determine the next hop + outbound interface

OSPF BGP

RIB Routing Information Base

FIB Forwarding Information Base

Topology Database

“IP Routing table”

“Forwarding table”

• Not all entries in RIB have next hops that

are directly connected;

• OSPF route has an outgoing interface; it’s

computed by the SPF algorithm and

transferred into the IP routing table;

• BGP route has no outgoing interface and

its next hop is not directly connected; the

router has to perform recursive lookups to

find the outgoing interface;

• IP routes are copied to Forwarding

Information Base (FIB) and their next hops

are resolved, outgoing interfaces are

computed and multiple entries are created

when the next-hop resolution results in

multiple paths to the same destination;Simplifiedview

Routing vs Switching Switches switch and Routers route….

Juniper

specific


Regardless of how you decide to call the physical (or virtual) device that forwards the data across your network, it’s important to understand whether it forwards the data based on physical layer-2 addresses (we called that bridging) or based on logical, hierarchical layer-3 addresses (what we called routing 20 years ago).

•Switching makes packet (frame) forwarding decisions based on layer 2 data

[MAC address]

•Routing makes packet forwarding decision based on layer 3 data [IP address]

Switches switch and Routers route….

Bridging

• http://blog.ipspace.net/2010/07/bridging-and-routing-is-there.html

• http://blog.ipspace.net/2011/02/how-did-we-ever-get-into-this-switching.html

• Ivan Pepelnjak Blog: http://blog.ipspace.net/2009/12/lies-damned-lies-and-product-marketing.html

MPLS is somewhere in between??? (Layer 2.5)


MPLS-based networks scale better than those using ATM or Frame Relay because of two major improvements:

• Automatic setup of virtual circuits based on network topology (core IP routing information), both between the core switches and between the core (P-routers) and edge (PE-routers) devices. Unless configured otherwise, IP routing protocol performs topology autodiscovery and LDP establishes a full mesh of virtual circuits across the core.

• VC merge: Virtual circuits from multiple ingress points to the same egress point can merge within the network. VC merge significantly reduces the overall number of VCs (and the amount of state the core switches have to keep) in fully meshed networks.

• Important purpose of MPLS: reduces routes in routers and forwarding table entries •Multiple IP prefixes “into one tag”


•Protocol used in the core of networks •Single domain (ISP) •Can be used for Traffic Engineering (TE)

R1CE

R3LSR

R8LER

LER = Label Edge Router (or PE = Provider Edge router) LSR = Label Switching Router (or P = Provider router)

R7LSR

R6LER

R5LSR

R4LSR

R2LER

R9CE

LSP = Label Switched Path: unidirectional path between LERs

LSP

Ingress

Egress

Transit

LabelpushLabelswap

Labelpop

R10CE


Label EXP S TTL

Label field= 20 bits

EXP field = 3 bits S field = 1 bit

TTL field = 8 bits

Label = number, picked by the router (local)

EXP = experimental bits, for Class of Service (*)S = Bottom of Stack

TTL = Time-to-Live (to detect loops)

[This header is put between layer-2 and layer-3 header (shim header) in IP]

•MPLS header applied to packet

(*) Renamed to Traffic Class field RFC-5462

•Protocol to establish an end-to-end path through the MPLS network •Still hop-by-hop forwarding mechanism •Builds a connection-oriented service on the IP network


FEC = Forwarding Equivalence Class

• Mapping between previous hop (incoming port, label) and FEC; • Mapping between FEC and next hop (outgoing port, label); • Each router has its own LIB, generates LFIB (Label Forwarding Information Base);

LIB = Label Information Base

• The ingress router receives packet and determines to which FEC it belongs; • Packets which should be forwarded in the same manner belong to same FEC; • Forwarded with the same label (over the same LSP);

•Forwarding Equivalent Class - all IP packets follow same path and receive same treatment at each node

•Label Forwarding Information Base - forwarding table mapping between labels to outgoing interfaces

FEC can be destination prefix, or source address, DSCP, …

Z PE1YPE2 Xingress egress

(PE1,L1)

FEC = loopback address PE1

PE1assignsaLabel(L1)toitsownL0address(FEC)andadverMsesthattoits

LDPpeerX

LSR/transit LSR/transit LSR/transit

Prefixes distributed with OSPF/ISIS


(PE1,L1)(PE1,L2)



LDPpeerX

XevaluateswhetherPE1isontheIGPshortestpathforthatFEC.IfsuccessfulXassignsL2forFECPE1,installsforwardingstateswappingL2andL1andadverMsesabinding

forL2andFECPE1toY.



Ywilldosimilarprocessing.TheLSPsetupproceedsfromegresstoingress.


(PE1,L1)(PE1,L2)(PE1,L3)



LDPpeerX


forL2andFECPE1toY.





(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)



LDPpeerX


forL2andFECPE1toY.





(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4) PE1-push L4



LDPpeerX


forL2andFECPE1toY.





(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)

swap (L4, L3) PE1-push L4



LDPpeerX


forL2andFECPE1toY.





(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)

swap (L3, L2) swap (L4, L3) PE1-push L4



LDPpeerX


forL2andFECPE1toY.




Z PE1YPE2 X

swap (L2, L1)

ingress egress

(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)




LDPpeerX


forL2andFECPE1toY.




Z PE1YPE2 X

swap (L2, L1)

ingress egress

(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)




LDPpeerX


forL2andFECPE1toY.


Label actions: Push to the stack, Swap top label, PoP from the stack; S-bit is set to 1 in MPLS header if label is last label on the stack;

LSPPrefixes distributed with OSPF/ISIS

•Label 3 is announced by router B to its neighbor , 3 is a special value, Implicit NULL label [RFC-3032];

•This triggers Penultimate Hop Popping (PHP) •the LSR (E) before the LER (B) pops the label and forwards normal IP packet to LER (B); •simplifies processing at LER (saves one lookup); •default behaviour of most implementations, not mandatory;

F G

E

B

D

C

A

105

10

5

5

5

5

53

28133

5 = IGP metric

28 = label

•LSR A receives mapping for Label N for FEC X from peer LSR B; •LSR A will use Label N for forwarding if and only if B is on the IGP shortest path for

destination X from A’s point of view; OR: LSPs set up via LDP follow the IGP shortest path and LDP uses IGP to avoid loops;

•LSPs shift with IGP path changes; - Danger of blackholing/looping during reconvergence;

But who/what assigns the labels? Goal is to build a forwarding table with mapping between incoming label and outgoing label; ➡Routers pick the label values (local significance only)

The MPLS architecture uses downstream label assignment: router expects to receive the traffic with label it picked locally.

Called downstream because label assigned to traffic at point X was picked by a router who is one hop further down in the direction of the traffic flow from X.

•MPLS - set up virtual circuits across switched architecture •Paths are called LSPs •LSPs are unidirectional •“Traditional MPLS” follows the traditional routing (shortest path) •Every router assigns label to every prefix in its routing table

(simplified, depends on implementation, independent or ordered label distribution control)

•Label is local to the router

Multi-Protocol Label Switching Summary

FEC = Forwarding Equivalence Class

LIB = Label Information Base

LER = Label Edge Router (or PE = Provider Edge router) LSR = Label Switching Router (or P = Provider router)

OSPF/IS-IS BGP

RIB Routing Information Base

FIB Forwarding Information Base

LIB Label Information Base

(mpls.0)

LFIB Label Forwarding Information Base

Topology Database

“Routing table” (inet.0)

“Forwarding table”

“Label Routing table”

FEC mapping table (inet.3)

LDP Database

LDP

Juniperspecific

See also: http://blog.ipspace.net/2011/12/junos-day-one-mpls-behind-scenes.html

Multi-Protocol Label Switching Summary

• With MPLS, routers (LSRs) never look at IP addresses, only at labels • you can encapsulate anything within MPLS (eg carry IPv6 traffic over IPv4 network)

In MPLS: • switching traffic based on labels advertised by LDP (or RSVP, BGP)

In IP routing: • routing based on destination address for which the entries in the routing table have to

exist (configured statically or installed by routing protocol)

(Traditional) IP routing: • Bound to the IP topology, that's what comes from the routing protocols

With MPLS: • You can create (with use of different labels and label stacks) different topologies &

services (MPLS-TE, MPLS VPNs)

Label Distribution - Control Plane

•How are bindings between labels and FECs distributed through network? •You need routing and signalling;

•Manual configuration not an option, need protocol; •2 options: invent new protocol or extend existing protocol to carry labels;

Both were done: •New protocol: LDP Label Distribution Protocol •Two existing protocols: RSVP and BGP


LDP - made by IETF [RFC-5036]

•UDP discovery and TCP session with peers; •Adjacent LSRs inform each other of the label bindings;

•An IGP protocol is configured on all LSRs; •New IGP routes (prefixed in routing table) lead to new label bindings;

•Labels can be withdrawn when IGP routes are no longer valid; •Hard-state;

Expected to work until explicitly torn down

Specifically designed for label distribution - does nothing else but that, no routing, in fact it relies on an IGP for all routing decisions;

• Fundamental concept in MPLS is that 2 LSRs must agree on the meaning of labels used to forward traffic. • Protocol used where one LSR informs another of the LABEL BINDINGS it has made.

•LDP works between directly connected neighbors or peers; •Peers are automatically discovered (via multicast to well-known UDP port);

Initialization: exchange information regarding features and modes supported;

Next: information regarding binding Labels and FECs exchanged;

After discovery a TCP session is established and LDP session is set up;

•[why chosen to use TCP? Reliable delivery and incremental updates, not periodic refreshes] •To keep session up keepalive messages are sent.

Label messages: advertise new labels, withdraw labels


RSVP-TE

•RSVP was developed before MPLS; •To create bandwidth reservations for individual traffic flows in network as part of the

int-serv model; •Its mechanism is to reserve bandwidth along each hop of a network for an end-to-end

session;

Resource ReserVation Protocol

➡Doesn't scale (create, maintain, tear-down state for each traffic flow!), so it is not/hardly used.

•RSVP extensions for MPLS to create and maintain LSPs and to create associated bandwidth reservations [RFC-3209];

•Better scaling (single LSP can carry all traffic between ingress and egress router pair, not per flow);

•RSVP-signaled LSP does not necessarily follow IGP shortest path; •Extensions allow for explicit routing (specify entire path or specific transit nodes)

•Creation of RSVP-signaled LSP is initiated by ingress router by sending RSVP Path message; •Destination is the egress router; •Transit routers inspect the message and make modifications (define label, check and reserve

bandwidth);

Bandwidth reservation is optional

‣Path message: label request object, Explicit Route Object (ERO) , Record Route Object, Sender Tspec

➡ERO contains addresses of nodes through which the LSP must pass;

Explicitly Routed LSP: An LSP whose path is established by a means other than normal IP routing.

RSVP-TE

•in response the egress router sends an RSVP Resv message, this follows the reverse path back to ingress;

•establishes the LSP (send label in Resv message);

•Path and Resv messages travel hop-by-hop through network - establish state at each node; •Periodic exchange of messages after establishment to refresh the state (if missed LSP is

torn down); •RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple

available paths); •LSP still unidirectional!

WithRecordRouteObjectrouterscancheckifthepath

isloop-free‣Resv message:

‣ label object, Record Route Object

RSVP-TE

•It supports multiple address families, easy to define and carry new types of reachability information and associated attributes;

•Advertise prefix and label(s) associated with it;

MP-BGP

•Can be used inter-domain (between AS-es BGP is used); •Often BGP is already used so no need for another protocol; •This is used for Layer3 VPN between sites interconnected by MPLS (provider) core network; •Each VPN has its own VRF (Virtual Routing and Forwarding instance);

• MPLS forwarding uses stacked labels: • outer label for LSP forwarding • inner label to differentiate between different VPNs

Multiprotocol Extensions to BGP

[RFC-3107] Carrying Label Information in BGP-4: The label mapping information for a particular route is piggybacked in the same BGP Update message that is used to distribute the route itself.

Now back to some friends of MPLS …

Due to Moore’s Law lookup speed is no longer the biggest problem, but since 1997 a lot of new ways to use MPLS and Family have been found...

MPLS-TE

MPLS-TPRSVP-TE

LDP

MP-BGP

VPLS

PBB-TEGMPLSMPƛS

OSPF-TEISIS-TE

T-MPLS

LSPFEC

LABELTAG

PCEPSR

H-VPLS

LSPFEC

LABELTAG

RSVP-TELDP

MP-BGP

OSPF-TEISIS-TE

What is it? •Process of manipulating traffic on an (IP) network to make better use of capacity; • Is not network engineering, but linked; •Reduce overall cost of operations by more efficient use of bandwidth resources;

Traffic engineering

With “traditional” IP and IP routing protocols difficult: ➡ tweaking link cost or weight to influence IGP behaviour. ➡ availability of resources (e.g. bandwidth) not taken into account.

•IGPs distribute network topology information through network; •Can be used to calculate the routes of LSP automatically; •When required to establish LSPs not following IGP routes, with guaranteed QoS

characteristics and backup LSPs that avoid single points of failure you need more:

Traffic Engineering extensions “-TE”RFC-3272: Overview and Principles of Internet Traffic Engineering

•MPLS-TE: set of extensions to MPLS •explicit or constraint based routing; •use RSVP-TE to set up explicit paths; •bandwidth reservation;

Traffic engineering

•Cost optimisation (better utilisation of network resources); •congestion management; •dynamic services & traffic profiles; •Efficient routing (predictable, deterministic paths); •Availability/ resilience / fast restoration; •QoS / separate realtime latency-critical services from other traffic;

“MORECONTROL”

•explicit or constraint based routing;

MPLS-TE

More extensions: fast rerouting, restoration, QoS, Shared Risk Link Groups, link coloring, make-before-break, pre-emption, auto-bandwidth, etc..

•use RSVP-TE to set up explicit paths; •bandwidth requirement;

RSVP sets up “TE-tunnel” (VC) to endpoint using Path and Resv messages, reserving the bandwidth on path.

If no external NMS is used routers need to figure out where BW is available -TE extensions to OSPF (new LSA) and ISIS (new TLV) make it possible to tell how much BW available on every link. Router does a Constrained SPF (CSPF) calculation.

•Initiated by config on router interface or external third party application (NMS/PCEP)

Transport Profile

•In 2006 the ITU-T started with its own MPLS-like technology:

T-MPLS or Transport MPLS •Continued as joint effort of IETF together with ITU; •Now called: MPLS-TP;

MPLS-TP

MPLS-TP is set of extensions to IP MPLS feature set that fulfills packet transport requirements;

MPLS

MPLS-TPMPLS

extensions

MPLS-TP is the subset of MPLS tailored for transport networks; + Added functionality based on Transport requirements

Transport Profile

•MPLS-TP is bi-directional LSPs (follow same path both ways) •No LSP merging, no PHP •No ECMP (Equal-cost multi-path routing) •Explicit support for ring topologies •Static configuration via Network Management System (NMS) or using control plane •MPLS-TP does not assume IP connectivity between devices

MPLS-TP

Result of the joint effort had a list of 115 requirements [RFC5654/2009] Some differences between MPLS and MPLS-TP:

•Differences are mainly in the control plane, management, and OAM •MPLS-TP applies additional constraints, eliminates some complex functions that make

networks unpredictable and non-deterministic

Virtual Private LAN Service

•A VPLS is (provider) service that emulates the full functionality of traditional LAN •a Layer 2 Virtual Private Network (VPN) •VPLS is "private" in that CE devices that belong to different VPLSs cannot interact •VPLS is "virtual" in that multiple VPLSs can be offered over a common packet switched

network (over IP or MPLS network)

VPLS

PPVPN ________________|__________________ | | Layer 2 Layer 3 ______|_____ ______|______ | | | | P2P P2M PE-based CE-based (VPWS) _____|____ ______|____ | | | | | | VPLS IPLS BGP/MPLS Virtual IPsec IP VPNs Router

[RFC-4026: Provider Provisioned Virtual Private Network (VPN) Terminology]

Virtual Private LAN Service

•Ethernet service: frames sent to broadcast addresses and unknown dest MAC addresses are flooded to all ports;

• all unknown unicast, broadcast and multicast frames are flooded over the corresponding PWs to all PE nodes participating in the VPLS

•Responsibility of service provider to create loop-free topology; •Full-mesh of pseudo-wires connecting the edge sites;

•Using LDP for Signaling [RFC-5461] •Using BGP for Auto-Discovery and Signaling [RFC-5462]

•Number of limitations in redundancy, multicast, multihoming, provisioning simplicity •New RFC on defining the requirements for a new solution: Ethernet VPN (EVPN) [RFC-7290

(May 2014)]

VPLS

•Alternative for LDP and RSVP-TE in MPLS networks; •Segment routing is a new forwarding paradigm that provides source routing; •The source can define the path a packet will take; •SR uses MPLS to forward packets (in IPv4), but labels are distributed by IGP (OSPF, ISIS);

Segment Routing (SR)

Source Routing – the source chooses a path and encodes it in the packet header as an ordered list of segments – the rest of the network executes the encoded “instructions” –Segment: an identifier for any type of instruction – forwarding or service –Example segments: particular node in network, network link, prefix

Source Routing: a node steers packets through an ordered list of instructions (segments) that are encoded in the packet header


• SR allows to enforce a flow through any topological path and service chain while maintaining per-flow state only at the ingress node to the SR domain;

• Application for SR enable some kind of application controller that can steer traffic over different paths, depending on different requirements and the current state of the network;

• Doing this now requires MPLS-TE, as well as keeping state in many device, with SR, there is no need to keep state in intermediary devices

Segment Routing – Forwarding Plane MPLS: ordered list of segments is represented as a stack of labels –Segment Routing re-uses MPLS data plane without any change –Segment is encoded as MPLS label –Applicable to IPv4 and IPv6 address families IPv6: an ordered list of segments is encoded in a routing extension header

The state is in the packet, not in the network


See for more info: IETF SPRING WG and http://www.segment-routing.net/home

7

•  Source routing along any explicit path Stack of “adjacency segment” labels

•  Segment Routing provides entire path control

B C

N O

Z

D

P

A

9101

9105 9107

9103

9105

9101

9105

9107

9103

9105

9105

9107

9103

9105

9107

9103

9105

9103

9105 9105

segment routing with central optimization (PCE - path computation element)

Next Header Length Type Segments Left

Segment 0

Segment 1

Segment 2

First Segment Flags Reserved

Optional Type Length Value Objects (variable)

Segment n

• segment encoded as IPv6 address • ordered list of segments is encoded as ordered list of IPv6 addresses in the routing header • active segment is indicated by the Destination Address of the packet • next active segment is indicated by a pointer in the routing header

(1) Picture from: https://conference.apnic.net/data/36/apnic36-segment-routing-santanu_v2s_1377667562.pdf

(1)

Just look at the number of RFCs after RFC-3013 (> 130) and the drafts in the MPLS WG of the IETF:

https://datatracker.ietf.org/wg/mpls/

•MPLS over 15 years old but… •Still lot of activities on standardisation; •Lot of new activities using or extending MPLS

MPLS et cetera …

•Skipped MPLS VPNs, GMPLS, seamless MPLS, Pseudo Wires, and much more….

Thanks for your attention!

Questions? [email protected]

Documents

MPLS AN 9mei2017-widenative ATM, SONET, Frame Relay and Ethernet frames, but also Pseudo Wires (PW), VPLS, IP VPNs; •Label Switched Paths are similar to circuit-switched paths (virtual