Upload
paulina-warner
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
Presented by:Roger MuellerEric Severson
Agenda
Customer centric view of MPLS Practical approach Tales from the trenches
Traditional Connectivity
Point-to-Point Frame Relay ATM
VPN Connectivity
IPSEC L2TP MPLS
What is MPLS?
MPLS from the customer standpoint is: WAN connectivity Looks a lot like traditional connectivity A private network with customer-controlled
routing and QOS You don’t have to know any MPLS details to
implement an MPLS network!
Why MPLS?
Cost Full mesh by default Low latency Reduced Carrier Operation Costs ATM Complexity/Scalability Quality of Service/Traffic Engineering
The Full Mesh Problem
The Full Mesh Problem
Number of circuits = n(n - 1) / 2
example: 10 node network requires 10(10-1)/2 = 45 circuits
The Full Mesh Problem
The old way… Hub and spoke networks built Suboptimal routing used Multiple virtual circuits used (frame relay and
ATM)
The Full Mesh Problem Solved!
MPLS VPN gives you full mesh by default. From the CE router perspective, any other node in your network will be 3 hops away. CE-PE-PE-CE. If you don’t want full mesh it can be requested from your service provider.
PEPE
PE
PEPE
CE CE
CE
CE
CE
Vendor Offerings
Sprint AT&T Verizon Others
Design options
Data Link protocol Routing protocol choices Full routing vs. default Multicast BGP Multipath Managed vs. unmanaged
Network Design Document
Migration Strategies
Flash cut Gradual migration
Customer A - Background
Multiple Medical Services Provider 250 Physical Clinics across USA ASP for OCR scanning review ASP for various other medical application Growth via Acquisitions
Customer A – Existing Network
(400) total locations; (5) data centers All across USA 40% of WAN was ATT FR & MPLS 60% of WAN was MCI Frame-Relay P2P circuits IPSEC VPN Multiple ISP entry points (over 40)
Customer A – Existing Network
Access circuits 56K T1 and Fraction T1 Frac T3
Frame Relay PVCs - non-fully meshed Protocols - EIGRP, OSPF, RIP and Static All sorts of Cisco and Bay Network routers
Customer A – Moving to MPLS
Centralized Data Center Due to ASP nature had to have a DR site RFI sent out and MCI MPLS was chosen All carriers were moving away from FR WAN needed to be cleaned up Company continued acquisition growth Needed to remove EOL WAN gear Consolidate WAN to single vendor
Customer A – New Design
RFI/RFP process MPLS service from MCI Multiple T3 circuits at two hub sites T1 or bonded T1s at remote sites Eliminate 56K FR circuits with 256K MPLS
Customer to manage CE routers Carrier to build on-site SONET ring
access at primary Data Center
Customer A – New Design
All Cisco network equipment Replace all EOL and Bay routers Hub sites - Dual Cisco 7000 Remote sites – Cisco 2801 and 1841
Customer A – New Design
Replace all frame-relay circuits with MPLS Move all sites to MCI MPLS Remove P2P circuits Consolidate 5 Data Centers into Primary
and Secondary BU DC’s Two fully dynamic Internet access points Small offices converted to VPN via DSL
Customer A – New Design
Single BGP AS as WAN routing protocol EIGRP as LAN routing protocol BGP load sharing at two Data Centers Full routes distributed to all sites
Customer B - Project Management
Design Procurement Implementation
Customer B - Background
Manufacturer of consumer goods Products distributed through Home Depot,
Lowes, Sears and through dealer network Most manufacturing done in Mexico Product distribution and support from
regional distribution centers Extensive dealer network also supported
Customer B - Network
(30) locations; (3) data centers Primarily USA but some Europe and Asia Sprint frame relay – multiple PVC Point-to-point IPSEC VPN
Customer B – Moving to MPLS
Sprint was primary carrier Sprint moving away from frame relay Sprint contract expiring WAN needed a refresh Company poised for growth
Customer B – Existing Network
Access circuits - T3, T1, Fraction T1 Sprint frame relay and AT&T frame relay Redundant PVCs to redundant hub
routers for HA Frame relay PVCs – many 0K CIR ISDN backup Some point-to-point Some IPSEC VPN
Customer B – Existing Network
EIGRP routing on WAN EIGRP on LAN at core sites Dialer interface for ISDN backup QOS/Avaya voice traffic
Customer B – Existing Equipment
All Cisco 1700, 2600, 3600 and 3700 series routers Cisco PIX at Internet egress (2 locations) Cisco client VPN on VPN 3000 series
concentrators Site-to-site VPN tunnels on Cisco IOS Not all equipment under maintenance
Customer B – Applications
Avaya voice traffic AS/400 ERP systems Lotus Notes email and user productivity
tools Citrix
Customer B – New Design
MPLS VPN service from Sprint Multiple T3 circuits at hub sites T1 or bonded T1s at remote sites Eliminate Fractional T1 access Customer to manage CE routers IPSEC tunnel at remotes for backup
Customer B – New Design
All Cisco network equipment Use Cisco ISR routers Major sites - Cisco 3845 Remote sites – Cisco 2821 Multiple MPLS routers at major sites sites Make network voice-ready - all routers
would have voice feature set
Customer B – New Design
Replace all frame-relay circuits with MPLS Replace some VPN circuits with MPLS
where cost effective Replace ISDN dialer backups with IPSEC
VPN backup Replace point-to-point circuits where cost
effective Keep Internet access the same
Customer B – New Design
BGP as routing protocol – unique ASNs EIGRP used locally at larger sites BGP Multipath for major sites Multiple routing instances within Sprint
cloud – Data, Voice, Guest Full routes distributed to major sites Default route only to remote sites
Customer B - Procurement
Master Service Agreement – MPLS service
MPLS circuit orders Backup circuits – DSL, Cable Equipment – routers, switches, racks,
cabling Installation resources – in-house/3rd party
Implementation
All circuits/MPLS brought up in 60 days (1) person full-time managing project 1.5 network engineers Use Sprint Concert deployment service Used another 3rd party for some sites
Lessons Learned
Had problems with T3 circuits Had problems with BGP multipath Long lead times for Aus/NZ Aus/NZ very pricey! Some sites did not have Internet access
or good 3G access for VPN backhaul Doing “regional” Internet egress needs to
be carefully thought out
CE Router Configuration
If you have a single vrf, your configuration will not have any MPLS-specific configuration commands
If you have multiple vrfs, your configuration will need MPLS-specific configuration commands
VRF-Aware Commands
Configuration commands Show commands
How to Configure Your EquipmentMultiple vrf configurations must have
commands to…
Indicate route targets and route descriptors
Make BGP aware of the VPN overlay Connect interfaces to vrf instances
Configuring CE Routersip vrf Newco-General rd 1:10 route-target export 1:10 route-target import 1:10!ip vrf Newco-Guest rd 1:30 route-target export 1:30 route-target import 1:30!ip vrf Newco-Voice rd 1:20 route-target export 1:20 route-target import 1:20
Configuring CE Routersrouter bgp 65004 no synchronization bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf Newco-General neighbor 10.150.1.14 remote-as 1803 neighbor 10.150.1.14 password $ecret neighbor 10.150.1.14 version 4 neighbor 10.150.1.14 activate synchronization network 0.0.0.0 network 10.0.8.0 mask 255.255.255.0 network 10.0.9.0 mask 255.255.255.0exit-address-family
Configuring CE Routersinterface Serial1/0 description Sprint MPLS-1 no ip address encapsulation frame-relay ip route-cache flow dsu bandwidth 22000 scramble frame-relay lmi-type ansi service-policy output WAN-INGRESS!interface Serial1/0.304 point-to-point ip vrf forwarding Newco-General ip address 10.150.1.13 255.255.255.252 frame-relay interface-dlci 304
Configuring CE Routersrouter eigrp 100 no auto-summary ! address-family ipv4 vrf Newco-Voice redistribute bgp 65004 auto-summary autonomous-system 20 exit-address-family
Configuring CE Routersinterface GigabitEthernet0/0.1 encapsulation dot1Q 1 native ip vrf forwarding Newco-General ip address 10.1.1.6 255.255.0.0!!interface GigabitEthernet0/0.200 encapsulation dot1Q 200 ip vrf forwarding Newco-Guest ip address 172.16.5.6 255.255.255.0
Show CommandsR1# show ip route vrf Newco-General
Routing Table: Newco-GeneralCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.63.7.2 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 21 subnets, 3 masksB 10.63.48.0/21 [20/0] via 10.154.1.98, 2w1dS 10.254.254.0/24 [1/0] via 10.63.7.2B 10.63.30.0/24 [20/0] via 10.154.1.98, 7w0dB 10.63.25.0/24 [20/0] via 10.154.1.98, 7w0dB 10.63.24.0/24 [20/0] via 10.154.1.98, 7w0d
Show CommandsR1# show ip bgp vpnv4 allBGP table version is 370, local router ID is 10.10.10.25Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 2:70 (default for vrf Newco-Guest)r> 10.156.1.96/30 10.156.1.98 0 0 1803 ?*> 10.156.1.116/30 10.156.1.98 0 1803 ?Route Distinguisher: 2:80 (default for vrf Newco-Voice)*> 10.155.1.112/30 10.155.1.98 0 1803 ?*> 10.155.1.116/30 10.155.1.98 0 1803 ?Route Distinguisher: 2:90 (default for vrf Newco-General)*> 0.0.0.0 10.63.7.2 0 32768 i*> 10.63.0.0/24 10.63.7.2 0 32768 i*> 10.63.1.0/24 10.63.7.2 0 32768 i
Show CommandsR1# ping vrf Newco-General 10.63.128.1
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.63.128.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
R1# trace vrf Newco-General 10.63.30.1
Type escape sequence to abort.Tracing the route to 10.63.30.1
1 10.154.1.98 12 msec 20 msec 12 msec 2 10.154.1.114 [MPLS: Label 3232 Exp 0] 36 msec 36 msec 32 msec 3 10.154.1.113 52 msec * 36 msec
QOS
Use Service provider’s recommendations Follow Cisco best practices
QoS Queue Allocation
Type Precedence class percent
Strict Priority 5 Voice 20
CBWFQ 4 Video 15
CBWFQ 3High Priority
Data 40
CBWFQ 2Medium Priority
Data 15
CBWFQ 1 Best Effort 10
CBWFQ 0 None 0
Further Reading
MPLS Fundamentals. By Luc De Ghein. Luc De Ghein. Cisco Press. ISBN-10: 1-58705-197-4; ISBN-13: 978-1-58705-197-5. 2007
Multiprotocol Label Switching (MPLS) Architecture Overview. Jim Guichard, Ivan Pepelnjak. Cisco Press.
MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization. Azhar Sayeed, Monique J. Morrow. Cisco Press. ISBN-10: 1-58720-120-8; ISBN-13:
QoS for IP/MPLS Networks. Santiago Alvarez. Cisco Press. ISBN-10: 1-58705-233-4; ISBN-13: 978-1-58705-233-0; 2006
Selecting MPLS VPN Services. Chris Lewis, Steve Pickavance. Cisco Press. ISBN-10: 1-58705-191-5; ISBN-13: 978-1-58705-191-3; Copyright 2006
MPLS Configuration on Cisco IOS Software. Umesh Lakshman, Lancy Lobo. ISBN-10: 1-58705-199-0; ISBN-13: 978-1-58705-199-9; Copyright 2006
Next Month
MPLS In Depth – Tom Young
Questions?
Roger Mueller – ciscowiz at yahoo.com
Eric Severson – eric at network-specialties.com