Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/0/0c/MPLS-frame.pdf · Multiprotocol Label Switching (MPLS) ... L3 VPN, L2 VPN, L2 virtual P2P lines, ... •Between

© 2005 Petr Grygarek, Advanced Computer Networks Technologies 1

Multiprotocol Label SwitchingMultiprotocol Label Switching(MPLS)(MPLS)

Petr GrygPetr Grygáárekrek

2© 2005 Petr Grygarek, Advanced Computer Networks Technologies

Technology in BriefTechnology in Brief

• Inserts underlying label-based forwarding layer under traditional network layer routing• label forwarding + label swapping similar to ATM/FR

• Forwarding tables (switching paths) may be constructed by various mechanisms providing enormous flexibility• switching tables constructed using IP routing protocol(s) or some other

mechanism

• Completely decouples data plane forwarding from path determination (control plane)

• Packet forwarding does not depends only on routing protocols that search for shortest path for particular L3 routed protocol based on particular IGP metric

• Integrates advantages of traditional packet switching and circuit switching worlds


MPLS Advantages & ApplicationsMPLS Advantages & Applications• improves the price/performance of network layer routing

• MPLS switching algorithm might be simpler and faster than traditional IP routing (longest match)

• Processor-intensive packet analysis and classification happens only once at the ingress edge

• But MPLS should not be primarily considered a method to make routers much But MPLS should not be primarily considered a method to make routers much faster anymore todayfaster anymore today

• integrates various traditional applications on single setvice provider platform

• Internet, L3 VPN, L2 VPN, L2 virtual P2P lines, Voice (->QoS, fast reconvergence), …

• Wide range of traffic-engineering and node/link protection options

• improves the scalability of the network layer• eliminating huge IP routing tables by establishing forwarding hierarchy

• provides greater flexibility in the delivery of (new) routing services • new routing services may be added without change to the forwarding paradigm

• Multiple VRF-based VPNs (with address overlap), traffic-engineering,…

• integrates IP routing with VC-based networks (like ATM)


Frame Mode and Cell ModeFrame Mode and Cell Mode

• Frame modeFrame mode• frame switching, used today in service provider's and frame switching, used today in service provider's and

other core networksother core networks• encapsulate IP or any other payloads (even L2 frames)encapsulate IP or any other payloads (even L2 frames)

• Cell modeCell mode• Used to integrate connectionless packet forwarding Used to integrate connectionless packet forwarding

applications with connection-oriented networks applications with connection-oriented networks (ATM)(ATM)

• Mostly historical, not used anymore todayMostly historical, not used anymore today


MPLS position in OSI RMMPLS position in OSI RMMPLS operates between link and network layerMPLS operates between link and network layer• Deals with L3 routing/addressingDeals with L3 routing/addressing• Uses L2 labels for fast switchingUses L2 labels for fast switching

• Additional “shim” headers placed between L2 and Additional “shim” headers placed between L2 and L3 headersL3 headers• it’s presence indicated in L2 headerit’s presence indicated in L2 header

• Ethernet EtherType, PPP Protocol field, Frame Relay NLPID, Ethernet EtherType, PPP Protocol field, Frame Relay NLPID, ……

• 8847 – unicast, 8848 multicast8847 – unicast, 8848 multicast

• Inherent labels of some L2 technologiesInherent labels of some L2 technologies• ATM VPI/VCI, Frame Relay DLCI, optical switching ATM VPI/VCI, Frame Relay DLCI, optical switching

lambdas, …lambdas, …


Label-based packet forwardingLabel-based packet forwarding• Packet marked with labels at ingress MPLS router (label imposition)Packet marked with labels at ingress MPLS router (label imposition)

• Allows to apply various rules to impose labels • destination network prefix, QoS, policy routing (traffic engineering), VPNs, …• labels imply both routes (IP destination prefixes) and service attributes (QoS, labels imply both routes (IP destination prefixes) and service attributes (QoS,

TE, VPN, …)TE, VPN, …)• Multiple labels can be imposed (label stack)Multiple labels can be imposed (label stack)

• allows special applications (hierarchical MPLS forwarding)allows special applications (hierarchical MPLS forwarding)

• Packet quickly forwarded according to labels through MPLS corePacket quickly forwarded according to labels through MPLS core• uses only label swapping, no IP routinguses only label swapping, no IP routing• IP routing information may be used only to build forwarding tables, not for IP routing information may be used only to build forwarding tables, not for

actual (potentially slow) IP routingactual (potentially slow) IP routing

• Label removed at egress router and packet forwarded using Label removed at egress router and packet forwarded using standard L3 IP routing table lookupstandard L3 IP routing table lookup• In reality, penultimate hop removes label to avoid double In reality, penultimate hop removes label to avoid double

lookup on egress devicelookup on egress device


Components of MPLS architectureComponents of MPLS architecture

• Forwarding Component (data plane)• “brute force” forwarding using label forwarding information

base (LFIB)• Control Component (control plane)

• Control plane implementation for MPLS-based IP routing:

• Creates and updates label bindings (LFIB)• <IP_prefix, label>

• MPLS node has to participate in routing protocol (IGP or static routing) and/or some MPLS node has to participate in routing protocol (IGP or static routing) and/or some other signalling mechanismother signalling mechanism

• including ATM switches in MPLS cell-modeincluding ATM switches in MPLS cell-mode

• Labels assignment is distributed to other MPLS peers• using some sort of label distribution protocol (LDP)

Control and forwarding functions are separated


MPLS DevicesMPLS DevicesLabel-Switch Router (LSR)Label-Switch Router (LSR)

• Any router/switch participating on label assignment and Any router/switch participating on label assignment and distribution that supports label-based packet/cell switchingdistribution that supports label-based packet/cell switching

LSR ClassificationLSR Classification• Core LSR (P-Provider)Core LSR (P-Provider)• Edge LSR (PE-Provider Edge)Edge LSR (PE-Provider Edge)(Often the same kind of device, but configured differently)(Often the same kind of device, but configured differently)

• Frame-mode LSRFrame-mode LSR• MPLS-capable router with Ethernet interfacesMPLS-capable router with Ethernet interfaces

• Cell-mode LSRCell-mode LSR• ATM switch with added functionality (control software)ATM switch with added functionality (control software)


Functions of Edge LSRFunctions of Edge LSR

• Any LSR on MPLS domain edge, i.e. with non-MPLS Any LSR on MPLS domain edge, i.e. with non-MPLS neighboring devicesneighboring devices

• Performs label imposition and dispositionPerforms label imposition and disposition• Packets classified and label imposedPackets classified and label imposed• Classification based on routing and policy requirementsClassification based on routing and policy requirements

• Traffic engineering, policy routing, QoS-based routingTraffic engineering, policy routing, QoS-based routing

• Information of L3 (and above) headers inspected only Information of L3 (and above) headers inspected only once at edge of the MPLS domainonce at edge of the MPLS domain


Forwarding Equivalence Class (FEC)

• Packets classified into FECs at MPLS domain Packets classified into FECs at MPLS domain edge LSRedge LSR• according unicast routing destinations, QoS class, according unicast routing destinations, QoS class,

VPN, multicast group, traffic-engineered traffic VPN, multicast group, traffic-engineered traffic class, …class, …

• FEC is a class of packets to be MPLS-switched FEC is a class of packets to be MPLS-switched the same waythe same way


Label switching path (LSP)Label switching path (LSP)

• Sequence of LSRs between ingress and egress Sequence of LSRs between ingress and egress (edge) LSRs(edge) LSRs• + sequence of assigned labels (local significance)+ sequence of assigned labels (local significance)

• Unidirectional (!)Unidirectional (!)• Reverse path can take completely different routeReverse path can take completely different route

• For every forward equivalence classFor every forward equivalence class• May diverge from IGP shortest pathMay diverge from IGP shortest path

• Path established by traffic engineering using explicit Path established by traffic engineering using explicit routing and label switching paths tunnels routing and label switching paths tunnels


Upstream and downstream neighborsUpstream and downstream neighbors

• From perspective of some particular LSRFrom perspective of some particular LSR• Related to particular destination (and FEC)Related to particular destination (and FEC)• Routing protocol’s Next-hop address determines Routing protocol’s Next-hop address determines

downstream neighbordownstream neighbor

Upstream neighbor is closer to data source whereas Upstream neighbor is closer to data source whereas downstream neighbor is closer to the destination downstream neighbor is closer to the destination networknetwork


Label and label stackLabel and label stack• Label format (and length) dependent on L2 Label format (and length) dependent on L2

technologytechnology• Labels have local-link significance, each LSR Labels have local-link significance, each LSR

creates it’s own label mappingscreates it’s own label mappings• although not a rule, same label is often propagated although not a rule, same label is often propagated

from different links for the same prefixfrom different links for the same prefix• Multiple labels may be imposed, forming the Multiple labels may be imposed, forming the

label stacklabel stack• Label bottom indicated by “s” bitLabel bottom indicated by “s” bit• Label stacking allows special MPLS applications Label stacking allows special MPLS applications

(VPNs etc.)(VPNs etc.)• Packet switching is always based on the label on the Packet switching is always based on the label on the

top of stacktop of stack


MPLS headerMPLS header• Between L2 and L3 headerBetween L2 and L3 header

• MPLS header presence indicated in EtherType/PPP MPLS header presence indicated in EtherType/PPP Protocol ID/Frame Relay NLPIDProtocol ID/Frame Relay NLPID

• 4 octets (32b)4 octets (32b)• 20 bits – label value20 bits – label value• 3 bits Exp (experimental) – used for QoS today3 bits Exp (experimental) – used for QoS today• 8 bits MPLS TTL (Time to Live)8 bits MPLS TTL (Time to Live)• 1 bit – “S bit” – indicates bottom of stack1 bit – “S bit” – indicates bottom of stack


MPLS Operation – basic IP routingMPLS Operation – basic IP routing• Standard IP routing protocol used in MPLS routing domain Standard IP routing protocol used in MPLS routing domain

• (OSPF, IS-IS, …)(OSPF, IS-IS, …)• <IP prefix, label > mapping created by egress router<IP prefix, label > mapping created by egress router

• i.e. router at MPLS domain edge used as exit point for that IP prefixi.e. router at MPLS domain edge used as exit point for that IP prefix• Label distribution protocols used to distribute label bindings for IP Label distribution protocols used to distribute label bindings for IP

prefixes between adjacent neighborsprefixes between adjacent neighbors• label has local significancelabel has local significance

• Ingress LSR receives IP packetsIngress LSR receives IP packets• Performs classification and assigns labelPerforms classification and assigns label• Forwards labeled packet to MPLS coreForwards labeled packet to MPLS core

• Core LSRs switch labeled packets based on label valueCore LSRs switch labeled packets based on label value• Egress router removes label before forwarding packet out of MPLS Egress router removes label before forwarding packet out of MPLS

domaindomain• performs normal L3 routing table lookupperforms normal L3 routing table lookup


MPLS and IP routing interaction in LSRMPLS and IP routing interaction in LSR

IP routing tableIP routing table

IP routing processIP routing process

MPLS Signalling protocolMPLS Signalling protocol

Label forwarding tableLabel forwarding table

routing informationrouting information exchange exchange

(routing protocol)(routing protocol)

label bindingslabel bindingsexchangeexchange

Outgoing Outgoing labeledlabeled packets packets

IncomingIncominglabeledlabeledpacketspackets

IncomingIncomingunlabeledunlabeled

packetspackets OutgoingOutgoingunlabelledunlabelled packets packets

Control planeControl plane

Data planeData plane


Interaction of neighboring MPLS LSRsInteraction of neighboring MPLS LSRs

Routing informationRouting informationexchangeexchange


Labeled packetsLabeled packets


IP routingIP routingprocessprocess

MPLS SignallingMPLS SignallingProtocolProtocol

Label forwardingLabel forwardingtabletable


IP routingIP routingprocessprocess

MPLS SignallingMPLS SignallingProtocolProtocol

Label forwardingLabel forwardingtabletable


Operation of edge LSROperation of edge LSR


IP routing processIP routing process

MPLS Signalling protocolMPLS Signalling protocol

Label forwarding tableLabel forwarding table

routing informationrouting informationexchanexchangege


OutgoingOutgoinglabeledlabeledpacketspackets

IncomingIncomingunlabeledunlabeled

packetspackets

OutgoingOutgoingunlabeledunlabeledpacketspackets

IP forwarding tableIP forwarding table

Label dispositionLabel disposition and L3 lookup and L3 lookupIncomingIncoming

labeledlabeledpacketspackets

ResolvingResolvingof recursiveof recursiveroutesroutes


Penultimate hop behaviorPenultimate hop behaviorLabel at the top of label stack is removed not by egress routes at MPLS domain edge (as Label at the top of label stack is removed not by egress routes at MPLS domain edge (as

could be expected), but by it’s upstream neighbor (penultimate hop)could be expected), but by it’s upstream neighbor (penultimate hop)• On egress router, packet could not be label-switched anywayOn egress router, packet could not be label-switched anyway• Egress router has to perform L3 lookup to find more specific routeEgress router has to perform L3 lookup to find more specific route

• commonly, egress router advertises single label for summary routecommonly, egress router advertises single label for summary route• Label-based lookup and disposition of label imposed by egress router’s upstream Label-based lookup and disposition of label imposed by egress router’s upstream

neighbor would introduce unnecessary overheadneighbor would introduce unnecessary overhead• For that reason, upstream neighbor of egress router always pops label and sends For that reason, upstream neighbor of egress router always pops label and sends

packet to egress router unlabeledpacket to egress router unlabeled• Egress LSR requests popping of label through label distribution protocolEgress LSR requests popping of label through label distribution protocol

• advertises “implicit-null” label for particular FECadvertises “implicit-null” label for particular FEC


Label Bindings DistributionLabel Bindings Distribution


Label Distribution Protocol Label Distribution Protocol FunctionalityFunctionality

• Used to advertise Used to advertise <<IPIP__prefixprefix,, label label>> bindingbindingss• Still not available for IPv6 on most of platformsStill not available for IPv6 on most of platforms

• Used to create Used to create LLabel abel Information Base (LIB)Information Base (LIB) and and Label Label FForwarding orwarding IInformation nformation BBase ase (LFIB)(LFIB)• LIB maintains all prefixes advertised by MPLS neighborsLIB maintains all prefixes advertised by MPLS neighbors• FIB (HW copy of routing table) may contain label to be imposed FIB (HW copy of routing table) may contain label to be imposed

for particular destination networkfor particular destination network• LFIB maintains only labels advertised by next hops for individual LFIB maintains only labels advertised by next hops for individual

prefixesprefixes• i.e. those actually used for label switchingi.e. those actually used for label switching• next-hop determined by traditional IGP next-hop determined by traditional IGP

LFIB used for actual label switching, LIB maintains labels which may be LFIB used for actual label switching, LIB maintains labels which may be useful if IGP routes changeuseful if IGP routes change


Label Retention ModesLabel Retention Modes• Liberal mode (mostly used in Frame mode)Liberal mode (mostly used in Frame mode)

• LSR retains labels for FEC from all neighborsLSR retains labels for FEC from all neighbors• Requires more memory and label spaceRequires more memory and label space• Improves latency after IP routing paths changeImproves latency after IP routing paths change

• Conservative modeConservative mode• Only labels from next-hop for IP prefix are Only labels from next-hop for IP prefix are

maintainedmaintained• next-hop determined from IP routing protocolnext-hop determined from IP routing protocol

• Saves memory and label spaceSaves memory and label space


Label Distribution ModesLabel Distribution Modes

• Independent LSP controlIndependent LSP control• LSR binds labels to FECs and advertises them LSR binds labels to FECs and advertises them

whether or not the LSR itself has received a label whether or not the LSR itself has received a label from it’s next-hop for that FECfrom it’s next-hop for that FEC

• Most common in MPLS frame modeMost common in MPLS frame mode

• Ordered LSP controlOrdered LSP control• LSR only binds and advertises label for FEC ifLSR only binds and advertises label for FEC if

- it is the egress LSR for that FECit is the egress LSR for that FEC- it received a label binding from next-hop LSRit received a label binding from next-hop LSR


Label allocationLabel allocation

• Per device / per interfacePer device / per interface• For all or just for specified prefixesFor all or just for specified prefixes• Label range may be explicitly specifiedLabel range may be explicitly specified


Protocols for Label DistributionProtocols for Label Distribution• Label Distribution Protocol (LDP) – IETFLabel Distribution Protocol (LDP) – IETF standard standard

• TCP port 646TCP port 646• RSVP-TERSVP-TE

• used for MPLS traffic engineeringused for MPLS traffic engineering• BGPBGP

• implements MPLS VPNs (peer model)implements MPLS VPNs (peer model)• PIMPIM

• enables MPLS-based multicastsenables MPLS-based multicasts

• Tag Distribution Protocol (TDP) – Cisco proprietary, obsoleteTag Distribution Protocol (TDP) – Cisco proprietary, obsolete• LDP predecestorLDP predecestor• TCP port 711TCP port 711

Label bindings are exchanged Label bindings are exchanged between neighboring routersbetween neighboring routers• in special cases also between non-neighboring routers in special cases also between non-neighboring routers

• ““targeted LDP” session – e.g. MPLS-based pseudowiretargeted LDP” session – e.g. MPLS-based pseudowire


Label Distribution Protocol (LDP): Label Distribution Protocol (LDP): Message TypesMessage Types

• Discovery messages (hellos)Discovery messages (hellos)• UDP/646UDP/646• Used to discover and continually check for presence of LDP Used to discover and continually check for presence of LDP

peerspeers

• Once a neighbor is discovered, LDP session is Once a neighbor is discovered, LDP session is established over TCP/646established over TCP/646• messages to establish, maintain and terminate sessionmessages to establish, maintain and terminate session• label mappings advertisement messages label mappings advertisement messages

• create, modify, deletecreate, modify, delete

• error notification messageerror notification message• LDP Neighbor IDLDP Neighbor ID

• Corresponding address must be reachable from LDP peerCorresponding address must be reachable from LDP peer


Frame-mode Label Distribution (LDP)Frame-mode Label Distribution (LDP)• Unsolicited downstreamUnsolicited downstream

• Labels distributed automatically to upstream neighborsLabels distributed automatically to upstream neighbors• Downstream LSR advertises labels for particular FECs to the Downstream LSR advertises labels for particular FECs to the

upstream neighborupstream neighbor• Independent control of label assignmentIndependent control of label assignment

• Label assigned as soon as new IP prefix appears in IP routing table Label assigned as soon as new IP prefix appears in IP routing table (may be limited by ACL)(may be limited by ACL)• Mapping stored into LIBMapping stored into LIB

• LSR may send (switch) labeled packets to next hop even if next-LSR may send (switch) labeled packets to next hop even if next-hop itself does not have label for switching that FEC furtherhop itself does not have label for switching that FEC further

• Liberal retention mode Liberal retention mode • All received label mappings are retainedAll received label mappings are retained


MPLS ApplicationsMPLS Applications

IP header and forwarding decision decoupling allows for IP header and forwarding decision decoupling allows for better flexibility and new applicationsbetter flexibility and new applications


Some Popular MPLS Some Popular MPLS ApplicationsApplications

• BGP-Free coreBGP-Free core• 6PE/6VPE6PE/6VPE• Carrier Supporting CarrierCarrier Supporting Carrier• MPLS Traffic engineeringMPLS Traffic engineering• MPLS VPNMPLS VPN• Integration of IP and ATMIntegration of IP and ATM

• or with other connection-oriented networkor with other connection-oriented network


BGP-Free CoreBGP-Free Core• Design of transit AS without BGP running on transit Design of transit AS without BGP running on transit

(internal) routers(internal) routers• BGP sessions between PE routers onlyBGP sessions between PE routers only

• full mesh or using route reflector(s)full mesh or using route reflector(s)

• P routers know only routes to networks in the coreP routers know only routes to networks in the core• including PE loopback interfacesincluding PE loopback interfaces

• LDP creates LSPs into individual networks in the core LDP creates LSPs into individual networks in the core (including PEs' loopbacks)(including PEs' loopbacks)

• PEs' loopbacks are used as next hops of BGP routes PEs' loopbacks are used as next hops of BGP routes passed between PE routerspassed between PE routers


6PE (1)6PE (1)• Interconnection of IPv6 islands over MPLS Interconnection of IPv6 islands over MPLS

non-IPv6-aware corenon-IPv6-aware core• PE routers has to support both IPv6 and IPv4, but P routers do PE routers has to support both IPv6 and IPv4, but P routers do

not need to be upgraded (can be MPLS + IPv4 only)not need to be upgraded (can be MPLS + IPv4 only)• Outer label identifies destination PE router (IPv4 BGP next hop), Outer label identifies destination PE router (IPv4 BGP next hop),

inner label identifies particular IPv6 routeinner label identifies particular IPv6 route• Inner label serves as 'index' into egress PE's IPv6 routing tableInner label serves as 'index' into egress PE's IPv6 routing table• IPv6 prefixes plus associated (inner) labels are passed between PE IPv6 prefixes plus associated (inner) labels are passed between PE

routers through MP-BGP (using TCP/IPv4)routers through MP-BGP (using TCP/IPv4)• Inner label needed because of PHP, even if egress PE needs to Inner label needed because of PHP, even if egress PE needs to

do IPv6 route table lookup anywaydo IPv6 route table lookup anyway• penultimate hop cannot handle now exposed IPv6 headerpenultimate hop cannot handle now exposed IPv6 header• Technical implementation: inner label not unique per-route, but one of 16 reserved labels Technical implementation: inner label not unique per-route, but one of 16 reserved labels

is chosenis chosen• single reserved value is not enough because of load balancingsingle reserved value is not enough because of load balancing


6PE (2)6PE (2)• BGP Next Hop attribute is the IPv4-mapped IPv6 address of BGP Next Hop attribute is the IPv4-mapped IPv6 address of

egress 6PE routeregress 6PE router• Only LDP for IPv4 is requiredOnly LDP for IPv4 is required

• LDP for IPv6 not implemented yetLDP for IPv6 not implemented yet• Does not support multicast trafficDoes not support multicast traffic• Only proposed standard – RFC 4798 (Cisco, 2007), but Only proposed standard – RFC 4798 (Cisco, 2007), but

implemented by multiple vendorsimplemented by multiple vendors• See See

http://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdfhttp://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdf for further details for further details

http://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdf


6VPE6VPE

• VRF-aware 6PEVRF-aware 6PE• Allows to build MPLS IPv6 VPNs on IPv4-only Allows to build MPLS IPv6 VPNs on IPv4-only

MPLS coreMPLS core• See See

http://sites.google.com/site/amitsciscozone/hohttp://sites.google.com/site/amitsciscozone/home/important-tips/mpls-wiki/6vpe-ipv6-over-me/important-tips/mpls-wiki/6vpe-ipv6-over-mpls-vpn for configuration example (Cisco)mpls-vpn for configuration example (Cisco)


Carrier Supporting Carrier (1)Carrier Supporting Carrier (1)• Hierarchical application of label switching conceptHierarchical application of label switching concept• A MPLS super-carrier provides connectivity between A MPLS super-carrier provides connectivity between

regions (POPs) for others MPLS-based customer regions (POPs) for others MPLS-based customer carrierscarriers• Concept of MPLS VPN in super-carrier networksConcept of MPLS VPN in super-carrier networks• CSC-P, CSC-PE, CSC-CECSC-P, CSC-PE, CSC-CE• Customer carriers regions may also implement MPLS Customer carriers regions may also implement MPLS

VPNVPN• or be pure IP networksor be pure IP networks

• Enables “global” MPLS/VPNEnables “global” MPLS/VPN


Carrier Supporting Carrier (2)Carrier Supporting Carrier (2)

• Utilizes label stack with multiple labelsUtilizes label stack with multiple labels• sub-carrier's labels are untouched during transport sub-carrier's labels are untouched during transport

over super-carrierover super-carrier

• Customer carriers do not exchange their Customer carriers do not exchange their customer's routes with super-carriercustomer's routes with super-carrier• Just loopback interfaces of PE routersJust loopback interfaces of PE routers


MPLS Traffic EngineeringMPLS Traffic Engineering


MPLS TE GoalsMPLS TE Goals• Minimizes network congestion, improve Minimizes network congestion, improve

network performancenetwork performance• Spreads flows to multiple pathsSpreads flows to multiple paths

• i.e. diverges them from “shortest” path calculated by i.e. diverges them from “shortest” path calculated by IGPIGP

• More efficient network resource usageMore efficient network resource usage


MPLS TE PrincipleMPLS TE Principle• Originating LSR (headend) sets up a TE LSP to Originating LSR (headend) sets up a TE LSP to

terminating LSR (tailend) through a explicitly terminating LSR (tailend) through a explicitly specified pathspecified path• defined by sequence of intermediate LSRsdefined by sequence of intermediate LSRs• either strict or loose explicit routeeither strict or loose explicit route• dynamic (IGP-based path is also an option)dynamic (IGP-based path is also an option)

• LSP is calculated automatically using constraint-LSP is calculated automatically using constraint-based routing based routing • or manually using some sort of central management or manually using some sort of central management

tool in large networkstool in large networks


MPLS-TE MechanismsMPLS-TE Mechanisms• Link information distributionLink information distribution• Path computation (constrained SPF)Path computation (constrained SPF)• LSP signallingLSP signalling

• RSVPRSVP-TE accomplishes-TE accomplishes label assignment during MPLS label assignment during MPLS tunnel creationtunnel creation

• signalling needed even if path calculation is performed signalling needed even if path calculation is performed manuallymanually

• Selection of traffic that will take the TE-LSPSelection of traffic that will take the TE-LSP• by QoS class or another policy routing criteriaby QoS class or another policy routing criteria• static routes, policy routing, autoroute, forwarding static routes, policy routing, autoroute, forwarding

adjacency, ...adjacency, ...


Link Information DistributionLink Information Distribution• Utilizes extensions of OSPF or IS-IS to distribute links’ Utilizes extensions of OSPF or IS-IS to distribute links’

current states and attributescurrent states and attributes• OSPF LSA type 10 (opaque)OSPF LSA type 10 (opaque)• Maximum bandwidth, reservable bandwidth, available bandwidth, Maximum bandwidth, reservable bandwidth, available bandwidth,

flags (aka attributes or colors), TE metricflags (aka attributes or colors), TE metric

• Constraint-based routingConstraint-based routing• Takes into account links’ current states and attributes when Takes into account links’ current states and attributes when

calculating routescalculating routes• ““Constraint-based SPF” calculation excludes links that do not Constraint-based SPF” calculation excludes links that do not

comply with required LSP parameterscomply with required LSP parameters• bandwidth, affinity bits (link “colors”), …bandwidth, affinity bits (link “colors”), …

• Uses TE-metric instead of IGP metric if defined on individual linksUses TE-metric instead of IGP metric if defined on individual links


RSVP SignallingRSVP Signalling• Resource reSerVation Protocol (RFC 2205) was Resource reSerVation Protocol (RFC 2205) was

originally developed in connection with IntServ, originally developed in connection with IntServ, but should be understood as completely but should be understood as completely independent signalling protocolindependent signalling protocol

• Reserves resources for unidirectional Reserves resources for unidirectional (unicast/multicast) L4 flows(unicast/multicast) L4 flows• soft-statesoft-state

• May be used with MPLS/TE to signal DiffServ May be used with MPLS/TE to signal DiffServ QoS PHB over the pathQoS PHB over the path


RSVP MessagesRSVP Messages

• Message Header (message type)Message Header (message type)• Resv, Path, ResvConfirm, ResvTeardown Resv, Path, ResvConfirm, ResvTeardown

PathTeardown, PathErr,ResvErrPathTeardown, PathErr,ResvErr

• Variable number of objects of various classesVariable number of objects of various classes• TLVsTLVs• including sub-objectsincluding sub-objects

• Support for message authentication and integrity Support for message authentication and integrity checkcheck


Basic RSVP OperationBasic RSVP Operation• PATH message travels from sender to receiver(s) PATH message travels from sender to receiver(s)

• from TE tunnel headend to tailend in our casefrom TE tunnel headend to tailend in our case• allows intermediate nodes to build soft-state information allows intermediate nodes to build soft-state information

regarding particular sessionregarding particular session• includes flow characteristics (flowspec)includes flow characteristics (flowspec)

• RESV message travels from receiver interested in RESV message travels from receiver interested in resource reservation towards the senderresource reservation towards the sender• from TE tunnel tailend back to headendfrom TE tunnel tailend back to headend• actually causes reservation of intermediate nodes' resourcesactually causes reservation of intermediate nodes' resources• provides labels to upstream routersprovides labels to upstream routers

• Soft state has to be periodically renewedSoft state has to be periodically renewed


LSP PreemptionLSP Preemption

• Support for creation of LSPs of different priorities with Support for creation of LSPs of different priorities with preemption optionpreemption option• setup and holding prioritysetup and holding priority

• setup priority is compared with holding priority of existing LSPssetup priority is compared with holding priority of existing LSPs

• 0 (best) – 7 (worst)0 (best) – 7 (worst)

• Preemption modesPreemption modes• Hard – just tears preempted LSP downHard – just tears preempted LSP down• Soft – signalls pending preemption to the headend Soft – signalls pending preemption to the headend

(PathTear/ResvTear) of existing LSP to give it an (PathTear/ResvTear) of existing LSP to give it an opportunity to reroute trafficopportunity to reroute traffic


LSP Path Calculation in Multiarea LSP Path Calculation in Multiarea EnvironmentEnvironment

• Splitting network into multiple areas limits state Splitting network into multiple areas limits state information floodinginformation flooding

• Headend specifies path to route LSP setup Headend specifies path to route LSP setup requests using list of ABRsrequests using list of ABRs• loose routingloose routing

• Each ABR calculates and reserves path over Each ABR calculates and reserves path over connected area and requests another ABR on connected area and requests another ABR on the path to take care of next sectionthe path to take care of next section

• In practise, service providers prefer flat core In practise, service providers prefer flat core network (OSPF area0 / L2-only IS-IS)network (OSPF area0 / L2-only IS-IS)


Dynamic routing & TE tunnelsDynamic routing & TE tunnels• Autoroute – all destinations located behind TE Autoroute – all destinations located behind TE

tunnel endopoint are directed to TE tunnel tunnel endopoint are directed to TE tunnel interface (unidirectional)interface (unidirectional)• tunnel's metric normally corresponds to IGP metric tunnel's metric normally corresponds to IGP metric

between headend and tailend between headend and tailend • shortest path, regardless of actual tunnel pathshortest path, regardless of actual tunnel path

• Logic local to tunnel headend routerLogic local to tunnel headend router

• Forwarding adjacencyForwarding adjacency• Headend-tailend link (TE tunnel) is propagated into Headend-tailend link (TE tunnel) is propagated into

OSPF/IS-IS databaseOSPF/IS-IS database• Needs to be configured both on headend and tailendNeeds to be configured both on headend and tailend


MPLS Fast RerouteMPLS Fast Reroute

• In case of node or link failure, backup LSP may In case of node or link failure, backup LSP may be automatically initiated (in tens of be automatically initiated (in tens of milliseconds)milliseconds)• 50 ms failover is a goal (compare to SDH)50 ms failover is a goal (compare to SDH)

• Fast Reroute option must be requested during Fast Reroute option must be requested during LSP setupLSP setup

• Global or Local restorationGlobal or Local restoration• Similar functionality exists in IP-only Similar functionality exists in IP-only

environment (IP Fast Reroute)environment (IP Fast Reroute)


Fast Reroute - Global restorationFast Reroute - Global restoration

• New LSP is set up by headendNew LSP is set up by headend• LSP failure is signalled to the headend by PathErr LSP failure is signalled to the headend by PathErr

RSVP messageRSVP message• Headend has the most complete routing constraints Headend has the most complete routing constraints

information to establish a new LSPinformation to establish a new LSP

• Backup tunnel can be pre-signalled or signalled Backup tunnel can be pre-signalled or signalled when primary tunnel goes downwhen primary tunnel goes down• latter option incurs tunnel break detection and latter option incurs tunnel break detection and

signalling delayssignalling delays


Fast Reroute - Local restorationFast Reroute - Local restoration• ““Detour” LSP around failed link/nodeDetour” LSP around failed link/node• LSR that detected the failure (called Point of Local Repair) start LSR that detected the failure (called Point of Local Repair) start

to use alternative LSPto use alternative LSP• Detour LSPs are manually preconfigured or precalculated dynamically by Detour LSPs are manually preconfigured or precalculated dynamically by

Point of Local Repair and pre-signalledPoint of Local Repair and pre-signalled

• ““Detour” joins back the original LSP at the Merge PointDetour” joins back the original LSP at the Merge Point• i.e. at Next hop for link protection, Next Next hop for Node protection i.e. at Next hop for link protection, Next Next hop for Node protection • Facility Backup (commonly used) - double labeling is used on detour pathFacility Backup (commonly used) - double labeling is used on detour path

• external tag is dropped before packet enters Merge Pointexternal tag is dropped before packet enters Merge Point• packets arrive to the Merge Point with the same label as they would if they packets arrive to the Merge Point with the same label as they would if they

came along original LSP (just from different interface)came along original LSP (just from different interface)• Different input interface is not an issue as labels are allocated per-Different input interface is not an issue as labels are allocated per-

platform, not per-interfaceplatform, not per-interface• One-to-One backup One-to-One backup

• does not use label stackingdoes not use label stacking• Each LSP has it’s own backup pathEach LSP has it’s own backup path


MPLS QoSMPLS QoS


MPLS and DiffservMPLS and Diffserv• LSR uses the same mechanism as traditional router to LSR uses the same mechanism as traditional router to

implement different Per-Hop Behaviors (PHBs)implement different Per-Hop Behaviors (PHBs)• 2 types of LSPs (may coexist on single network):2 types of LSPs (may coexist on single network):

• EXP-inferred LSPs (mostly used)EXP-inferred LSPs (mostly used)• can transport multiple traffic classes simultaneouslycan transport multiple traffic classes simultaneously• EXP bits in shim header used to hold DSCP valueEXP bits in shim header used to hold DSCP value• Map between EXP and PHB signaled during LSP setupMap between EXP and PHB signaled during LSP setup

• extension of LDP and RSVP (new TLV defined)extension of LDP and RSVP (new TLV defined)

• Label-inferred LSPsLabel-inferred LSPs• can transport just one traffic classcan transport just one traffic class• Fixed mapping of <DSCP, EXP> to PHB standardizedFixed mapping of <DSCP, EXP> to PHB standardized


Diffserv Tunneling over MPLSDiffserv Tunneling over MPLS

There are two markings of the packet (EXP, There are two markings of the packet (EXP, DSCP). There are different models to handle DSCP). There are different models to handle interaction between multiple markings.interaction between multiple markings.

• Pipe model Pipe model • transfers IP DSCP marking untouched transfers IP DSCP marking untouched • useful for interconnection of two Diffserv domains useful for interconnection of two Diffserv domains

using MPLSusing MPLS• Uniform ModelUniform Model

• Uniform customer and provider QoS modelsUniform customer and provider QoS models• makes LSP an extension of DiffServ domainmakes LSP an extension of DiffServ domain


MPLS VPNsMPLS VPNs


VPNVPN Implementation Options Implementation OptionsSolution to implement potentiallySolution to implement potentially overlapping address spaces overlapping address spaces of of

independent customers:independent customers:

• Overlay modelOverlay model• Infrastructure provides tunells between Infrastructure provides tunells between CPE CPE routersrouters

• FRFR/ATM virtual circuits, IP tunnels (GRE, IPSec, …)/ATM virtual circuits, IP tunnels (GRE, IPSec, …)

• Peer-to-peer modelPeer-to-peer model• Provider edge router exchange routing information with customer Provider edge router exchange routing information with customer

edge routeredge router• Customer routes in service provider’s IGPCustomer routes in service provider’s IGP

• Need to solve VPN separation and overlapping customer addressingNeed to solve VPN separation and overlapping customer addressing• traditionally by complicated filteringtraditionally by complicated filtering

• Optimal routing between customer sites through shared Optimal routing between customer sites through shared infrastructureinfrastructure• data don’t need to follow tunnel pathsdata don’t need to follow tunnel paths


MPLS VPN Basic PrinciplesMPLS VPN Basic Principles• MPLS helps to separate traffic from different VPNs without usage of MPLS helps to separate traffic from different VPNs without usage of

overlay model tunneling techniques overlay model tunneling techniques • Routes from different VPNs kept separated, multiple routing tables Routes from different VPNs kept separated, multiple routing tables

implemented at edge routers (one for each VPN)implemented at edge routers (one for each VPN)• Uses MPLS label stack: outer label identifies egress edge router, inner Uses MPLS label stack: outer label identifies egress edge router, inner

label identifies VPNlabel identifies VPN• single route in particular VPNsingle route in particular VPN

• To allow propagation of IP prefixes from all VPNs to the core, To allow propagation of IP prefixes from all VPNs to the core, potentially overlapping addresses of separated VPNs is made unique potentially overlapping addresses of separated VPNs is made unique with Route Distinguisher (different for every VPN)with Route Distinguisher (different for every VPN)• Those “IP-VPN” (VPNv4) addresses are propagated between PE routers using Those “IP-VPN” (VPNv4) addresses are propagated between PE routers using

extended BGP (Multiprotocol BGP, MP-BGP)extended BGP (Multiprotocol BGP, MP-BGP)• New address family: VPNv4 address = RD + IPv4 addressNew address family: VPNv4 address = RD + IPv4 address

• MP-BGP also distributes (inner) labels identifying particular route in target VRF MP-BGP also distributes (inner) labels identifying particular route in target VRF at egress edge router (using BGP attributes)at egress edge router (using BGP attributes)

• MP-BGP runs only between PEs, Ps are not involved at allMP-BGP runs only between PEs, Ps are not involved at all


MPLS VPN advantagesMPLS VPN advantages

• Integrates advantages of overlay and peer-to-Integrates advantages of overlay and peer-to-peer modelpeer model• Overlay model advantages:Overlay model advantages:

• security and customer isolationsecurity and customer isolation

• Peer-to-peer model advantages:Peer-to-peer model advantages:• routing optimalityrouting optimality• Simplicity of new CPEs additionSimplicity of new CPEs addition


MPLS VPN ImplementationMPLS VPN Implementation• VPN defined as set of sites sharing the same routing informationVPN defined as set of sites sharing the same routing information

• Site may belong to multiple VPNsSite may belong to multiple VPNs• Multiple sites (from different VPNs) may be connected to the Multiple sites (from different VPNs) may be connected to the

same PE routersame PE router• PE routers maintains only routes for connected VPNs and PE routers maintains only routes for connected VPNs and

backbone routes needed to reach other PEsbackbone routes needed to reach other PEs• Increases scalabilityIncreases scalability• Decreases performance requirements of PE routerDecreases performance requirements of PE router

• PE router uses IP at customer network interface(s) and MPLS at PE router uses IP at customer network interface(s) and MPLS at backbone interfacesbackbone interfaces

• Backbone (P routers) uses only label switchingBackbone (P routers) uses only label switching• IGP routing protocol used only to establish optimal label switch paths IGP routing protocol used only to establish optimal label switch paths

between PEsbetween PEs• Utilizes MPLS label stackUtilizes MPLS label stack

• Inner label identifies VPN/VRF (or particular route in destination VRF)Inner label identifies VPN/VRF (or particular route in destination VRF)• Outer label identifies egress LSROuter label identifies egress LSR


Routing information exchangeRouting information exchange

• P-P and P-PE routers P-P and P-PE routers • Using IGPUsing IGP• Needed to determine paths between PEs over MPLS Needed to determine paths between PEs over MPLS

backbonebackbone

• PE-PE routers (non-adjacent)PE-PE routers (non-adjacent)• Using MP-iBGP sessionsUsing MP-iBGP sessions• Needed to exchange routing information between Needed to exchange routing information between

routing tables (VRFs) for particular VPNrouting tables (VRFs) for particular VPN


Routing information in PE routersRouting information in PE routers

PE routers maintain multiple separated routing tablesPE routers maintain multiple separated routing tables• Global routing table – filled with backbone routes Global routing table – filled with backbone routes

(from IGP)(from IGP)• allows to reach other PE routersallows to reach other PE routers

• VRF (VPN routing & forwarding)VRF (VPN routing & forwarding)• Separate routing tables for individual VPNsSeparate routing tables for individual VPNs• Every router interface assigned to a single VRFEvery router interface assigned to a single VRF• VRF instance can be seen as virtual routerVRF instance can be seen as virtual router


VPN routing and forwardingVPN routing and forwarding

VRF = virtual routerVRF = virtual router

PEPE PP

VPN A CEVPN A CE

VPN A CEVPN A CE

VPN B CEVPN B CE

VRF AVRF A

VRF BVRF B

VPN B CEVPN B CE

VRF for VPN BVRF for VPN B

VRF for VPN AVRF for VPN A

MPLS domainMPLS domain


VRF usageVRF usage

CECE

CECE PEPE

CECE

PP

VPN AVPN A

VPN AVPN A

VPN BVPN B

VRF AVRF A

VRF BVRF B

VPN BVPN B

PEPE

CECE

CECE

VPN AVPN A

VPN BVPN BCECE

CECE

VPN AVPN A

PEPE

packetpacket


MPLS VPN exampleMPLS VPN example

10.0.0.1/24

S0I-PE

Customer AG-P

S0S1/0 S1/1e0 e0

e1 e1

10.0.0.1/24

Customer A Customer B

Customer B

J-PE

10.0.1.1/24

10.0.2.1/24

1.0.0.0/24 2.0.0.0/24

.1.1 .2 .2

OSTRAVA TACHOV

MPLS Core


VPN Route Distinguishing and VPN Route Distinguishing and Exchange Between PEsExchange Between PEs

10.0.0.1/24

S0I-PE

Customer AG-P

S0S1/0 S1/1e0 e0

e1 e1

10.0.0.1/24


Customer B

J-PE

10.0.1.1/24

10.0.2.1/24

1.0.0.0/24 2.0.0.0/24

.1.1 .2 .2lo0 lo03.0.0.1/32 3.0.0.2/32

VRFCustomerA-I

VRFCustomerA-JVRF

CustomerB-I

VRFCustomerB-J

RD 100:2RT 100:20

RD 100:2RT 100:20

RD 100:1RT 100:10

RD 100:1RT 100:10

OSTRAVA TACHOV

MPLS CoreIGP (OSPF, IS-IS, …)

MP-BGP


PEPE--toto--PE PE VPN Route PropagationVPN Route Propagation

• PE router exports information from VRF to MP-BGPPE router exports information from VRF to MP-BGP• prefix uniqueness ensured using Route Distinguisher (64bit ID)prefix uniqueness ensured using Route Distinguisher (64bit ID)• VPN-V4 prefix = RD VPN-V4 prefix = RD + IPv4 prefix+ IPv4 prefix• Route exported with source VRF ID (route target)Route exported with source VRF ID (route target)

• MMultiprotocol (Multiprotocol (MPP) i) iBGP session between PE routersBGP session between PE routers over over MPLS backbone (P routers)MPLS backbone (P routers)• Full mesh (route reflectors often used)Full mesh (route reflectors often used)• Propagates VPNv4 routesPropagates VPNv4 routes• BGP attributes identify site-of-origin and route target(s)BGP attributes identify site-of-origin and route target(s)

• Opposite Opposite PE router imports information from MP-BGP into PE router imports information from MP-BGP into VRFVRF• routes imported into particular VRFs according to BGP Route Target routes imported into particular VRFs according to BGP Route Target

attribute valuesattribute values


MPLS VPN BGP attributesMPLS VPN BGP attributes

• Site of Origin (SOO)Site of Origin (SOO)• Identifies site where the route originated fromIdentifies site where the route originated from

• avoids loopsavoids loops

• Route TargetRoute Target• In fact, it identifies source VRFIn fact, it identifies source VRF• Each VRF may configure which RT(s) it importEach VRF may configure which RT(s) it import


Customer route advertisement from PE Customer route advertisement from PE router (MP-BGP)router (MP-BGP)

• PE router assigns RT, RD based on source VRF and PE router assigns RT, RD based on source VRF and SOOSOO

• PE router assigns VPN (MPLS) labelPE router assigns VPN (MPLS) label• Identifies particular VPN route (in VPN site’s routing Identifies particular VPN route (in VPN site’s routing

table, i.e. in VRF)table, i.e. in VRF)• Used as second label in the label stackUsed as second label in the label stack

• Top-of-stack label identify egress PE routerTop-of-stack label identify egress PE router

• Route’s next-hop rewritten to advertising PE router Route’s next-hop rewritten to advertising PE router loopback interfaceloopback interface

• MP-iBGP update sent to other PE routersMP-iBGP update sent to other PE routers


CECE to to PEPE routing information exchangerouting information exchange• CE router always exchanges routes with VRF CE router always exchanges routes with VRF

assigned to interface connecting that CE routerassigned to interface connecting that CE router• Static routing or directStatic routing or directlly connected networksy connected networks• External BGPExternal BGP• IGP (RIPv2,OSPF)IGP (RIPv2,OSPF)

• Multiple Multiple instances of instances of routing process routing process ((for every VRFfor every VRF) ) are running on PE routerare running on PE router• or separated routing contexts in single or separated routing contexts in single routing routing processprocess


Overlapping of VPNsOverlapping of VPNs

Site (VRF) may belong Site (VRF) may belong to multiple to multiple VPNs provided VPNs provided that there is no addresses overlapthat there is no addresses overlap• Useful for shared server farms, extranets, Internet VRFs Useful for shared server farms, extranets, Internet VRFs

etc.etc.• Multiple RT imports configured for particular VRFMultiple RT imports configured for particular VRF

Typical usages both in SP networks and in DC cores Typical usages both in SP networks and in DC cores


Overlapping VPNs exampleOverlapping VPNs example

10.0.0.1/24

S0I-PE

Customer AG-P

S0S1/0 S1/1e0 e0

e1 e1

10.0.0.1/24


Customer B

J-PE

10.0.1.1/24

10.0.2.1/24

1.0.0.0/24 2.0.0.0/24

.1.1 .2 .2lo0 lo03.0.0.1/32 3.0.0.2/32

VRFCustomerA-I

VRFCustomerA-JVRF

CustomerB-I

VRFCustomerB-J

RD 100:2RT 100:21

RD 100:2RT 100:22

RD 100:1RT 100:11

RD 100:1RT 100::12

OSTRAVA TACHOV

Documents

Multiprotocol Label Switching (MPLS) - vsb.czwh.cs.vsb.cz/sps/images/0/0c/MPLS-frame.pdf · Multiprotocol Label Switching (MPLS) ... L3 VPN, L2 VPN, L2 virtual P2P lines, ... •Between