Presented by:Roger MuellerEric Severson

Agenda

Customer centric view of MPLS Practical approach Tales from the trenches

Traditional Connectivity

Point-to-Point Frame Relay ATM

VPN Connectivity

IPSEC L2TP MPLS

What is MPLS?

MPLS from the customer standpoint is: WAN connectivity Looks a lot like traditional connectivity A private network with customer-controlled

routing and QOS You don’t have to know any MPLS details to

implement an MPLS network!

Why MPLS?

Cost Full mesh by default Low latency Reduced Carrier Operation Costs ATM Complexity/Scalability Quality of Service/Traffic Engineering

The Full Mesh Problem

The Full Mesh Problem

Number of circuits = n(n - 1) / 2

example: 10 node network requires 10(10-1)/2 = 45 circuits

The Full Mesh Problem

The old way… Hub and spoke networks built Suboptimal routing used Multiple virtual circuits used (frame relay and

ATM)

The Full Mesh Problem Solved!

MPLS VPN gives you full mesh by default. From the CE router perspective, any other node in your network will be 3 hops away. CE-PE-PE-CE. If you don’t want full mesh it can be requested from your service provider.

PEPE

PE

PEPE

CE CE

CE

CE

CE

Vendor Offerings

Sprint AT&T Verizon Others

Design options

Data Link protocol Routing protocol choices Full routing vs. default Multicast BGP Multipath Managed vs. unmanaged

Network Design Document

Migration Strategies

Flash cut Gradual migration

Customer A - Background

Multiple Medical Services Provider 250 Physical Clinics across USA ASP for OCR scanning review ASP for various other medical application Growth via Acquisitions

Customer A – Existing Network

(400) total locations; (5) data centers All across USA 40% of WAN was ATT FR & MPLS 60% of WAN was MCI Frame-Relay P2P circuits IPSEC VPN Multiple ISP entry points (over 40)

Customer A – Existing Network

Access circuits 56K T1 and Fraction T1 Frac T3

Frame Relay PVCs - non-fully meshed Protocols - EIGRP, OSPF, RIP and Static All sorts of Cisco and Bay Network routers

Customer A – Moving to MPLS

Centralized Data Center Due to ASP nature had to have a DR site RFI sent out and MCI MPLS was chosen All carriers were moving away from FR WAN needed to be cleaned up Company continued acquisition growth Needed to remove EOL WAN gear Consolidate WAN to single vendor

Customer A – New Design

RFI/RFP process MPLS service from MCI Multiple T3 circuits at two hub sites T1 or bonded T1s at remote sites Eliminate 56K FR circuits with 256K MPLS

Customer to manage CE routers Carrier to build on-site SONET ring

access at primary Data Center

Customer A – New Design

All Cisco network equipment Replace all EOL and Bay routers Hub sites - Dual Cisco 7000 Remote sites – Cisco 2801 and 1841

Customer A – New Design

Replace all frame-relay circuits with MPLS Move all sites to MCI MPLS Remove P2P circuits Consolidate 5 Data Centers into Primary

and Secondary BU DC’s Two fully dynamic Internet access points Small offices converted to VPN via DSL

Customer A – New Design

Single BGP AS as WAN routing protocol EIGRP as LAN routing protocol BGP load sharing at two Data Centers Full routes distributed to all sites

Customer B - Project Management

Design Procurement Implementation

Customer B - Background

Manufacturer of consumer goods Products distributed through Home Depot,

Lowes, Sears and through dealer network Most manufacturing done in Mexico Product distribution and support from

regional distribution centers Extensive dealer network also supported

Customer B - Network

(30) locations; (3) data centers Primarily USA but some Europe and Asia Sprint frame relay – multiple PVC Point-to-point IPSEC VPN

Customer B – Moving to MPLS

Sprint was primary carrier Sprint moving away from frame relay Sprint contract expiring WAN needed a refresh Company poised for growth

Customer B – Existing Network

Access circuits - T3, T1, Fraction T1 Sprint frame relay and AT&T frame relay Redundant PVCs to redundant hub

routers for HA Frame relay PVCs – many 0K CIR ISDN backup Some point-to-point Some IPSEC VPN

Customer B – Existing Network

EIGRP routing on WAN EIGRP on LAN at core sites Dialer interface for ISDN backup QOS/Avaya voice traffic

Customer B – Existing Equipment

All Cisco 1700, 2600, 3600 and 3700 series routers Cisco PIX at Internet egress (2 locations) Cisco client VPN on VPN 3000 series

concentrators Site-to-site VPN tunnels on Cisco IOS Not all equipment under maintenance

Customer B – Applications

Avaya voice traffic AS/400 ERP systems Lotus Notes email and user productivity

tools Citrix

Customer B – New Design

MPLS VPN service from Sprint Multiple T3 circuits at hub sites T1 or bonded T1s at remote sites Eliminate Fractional T1 access Customer to manage CE routers IPSEC tunnel at remotes for backup

Customer B – New Design

All Cisco network equipment Use Cisco ISR routers Major sites - Cisco 3845 Remote sites – Cisco 2821 Multiple MPLS routers at major sites sites Make network voice-ready - all routers

would have voice feature set

Customer B – New Design

Replace all frame-relay circuits with MPLS Replace some VPN circuits with MPLS

where cost effective Replace ISDN dialer backups with IPSEC

VPN backup Replace point-to-point circuits where cost

effective Keep Internet access the same

Customer B – New Design

BGP as routing protocol – unique ASNs EIGRP used locally at larger sites BGP Multipath for major sites Multiple routing instances within Sprint

cloud – Data, Voice, Guest Full routes distributed to major sites Default route only to remote sites

Customer B - Procurement

Master Service Agreement – MPLS service

MPLS circuit orders Backup circuits – DSL, Cable Equipment – routers, switches, racks,

cabling Installation resources – in-house/3rd party

Implementation

All circuits/MPLS brought up in 60 days (1) person full-time managing project 1.5 network engineers Use Sprint Concert deployment service Used another 3rd party for some sites

Lessons Learned

Had problems with T3 circuits Had problems with BGP multipath Long lead times for Aus/NZ Aus/NZ very pricey! Some sites did not have Internet access

or good 3G access for VPN backhaul Doing “regional” Internet egress needs to

be carefully thought out

CE Router Configuration

If you have a single vrf, your configuration will not have any MPLS-specific configuration commands

If you have multiple vrfs, your configuration will need MPLS-specific configuration commands

VRF-Aware Commands

Configuration commands Show commands

How to Configure Your EquipmentMultiple vrf configurations must have

commands to…

Indicate route targets and route descriptors

Make BGP aware of the VPN overlay Connect interfaces to vrf instances

Configuring CE Routersip vrf Newco-General rd 1:10 route-target export 1:10 route-target import 1:10!ip vrf Newco-Guest rd 1:30 route-target export 1:30 route-target import 1:30!ip vrf Newco-Voice rd 1:20 route-target export 1:20 route-target import 1:20

Configuring CE Routersrouter bgp 65004 no synchronization bgp log-neighbor-changes no auto-summary ! address-family ipv4 vrf Newco-General neighbor 10.150.1.14 remote-as 1803 neighbor 10.150.1.14 password $ecret neighbor 10.150.1.14 version 4 neighbor 10.150.1.14 activate synchronization network 0.0.0.0 network 10.0.8.0 mask 255.255.255.0 network 10.0.9.0 mask 255.255.255.0exit-address-family

Configuring CE Routersinterface Serial1/0 description Sprint MPLS-1 no ip address encapsulation frame-relay ip route-cache flow dsu bandwidth 22000 scramble frame-relay lmi-type ansi service-policy output WAN-INGRESS!interface Serial1/0.304 point-to-point ip vrf forwarding Newco-General ip address 10.150.1.13 255.255.255.252 frame-relay interface-dlci 304

Configuring CE Routersrouter eigrp 100 no auto-summary ! address-family ipv4 vrf Newco-Voice redistribute bgp 65004 auto-summary autonomous-system 20 exit-address-family

Configuring CE Routersinterface GigabitEthernet0/0.1 encapsulation dot1Q 1 native ip vrf forwarding Newco-General ip address 10.1.1.6 255.255.0.0!!interface GigabitEthernet0/0.200 encapsulation dot1Q 200 ip vrf forwarding Newco-Guest ip address 172.16.5.6 255.255.255.0

Show CommandsR1# show ip route vrf Newco-General

Routing Table: Newco-GeneralCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.63.7.2 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 21 subnets, 3 masksB 10.63.48.0/21 [20/0] via 10.154.1.98, 2w1dS 10.254.254.0/24 [1/0] via 10.63.7.2B 10.63.30.0/24 [20/0] via 10.154.1.98, 7w0dB 10.63.25.0/24 [20/0] via 10.154.1.98, 7w0dB 10.63.24.0/24 [20/0] via 10.154.1.98, 7w0d

Show CommandsR1# show ip bgp vpnv4 allBGP table version is 370, local router ID is 10.10.10.25Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 2:70 (default for vrf Newco-Guest)r> 10.156.1.96/30 10.156.1.98 0 0 1803 ?*> 10.156.1.116/30 10.156.1.98 0 1803 ?Route Distinguisher: 2:80 (default for vrf Newco-Voice)*> 10.155.1.112/30 10.155.1.98 0 1803 ?*> 10.155.1.116/30 10.155.1.98 0 1803 ?Route Distinguisher: 2:90 (default for vrf Newco-General)*> 0.0.0.0 10.63.7.2 0 32768 i*> 10.63.0.0/24 10.63.7.2 0 32768 i*> 10.63.1.0/24 10.63.7.2 0 32768 i

Show CommandsR1# ping vrf Newco-General 10.63.128.1

Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.63.128.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms

R1# trace vrf Newco-General 10.63.30.1

Type escape sequence to abort.Tracing the route to 10.63.30.1

1 10.154.1.98 12 msec 20 msec 12 msec 2 10.154.1.114 [MPLS: Label 3232 Exp 0] 36 msec 36 msec 32 msec 3 10.154.1.113 52 msec * 36 msec

QOS

Use Service provider’s recommendations Follow Cisco best practices

QoS Queue Allocation

Type Precedence class percent

Strict Priority 5 Voice 20

CBWFQ 4 Video 15

CBWFQ 3High Priority

Data 40

CBWFQ 2Medium Priority

Data 15

CBWFQ 1 Best Effort 10

CBWFQ 0 None 0

Further Reading

MPLS Fundamentals. By Luc De Ghein. Luc De Ghein. Cisco Press. ISBN-10: 1-58705-197-4; ISBN-13: 978-1-58705-197-5. 2007

Multiprotocol Label Switching (MPLS) Architecture Overview. Jim Guichard, Ivan Pepelnjak. Cisco Press.

MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization. Azhar Sayeed, Monique J. Morrow. Cisco Press. ISBN-10: 1-58720-120-8; ISBN-13:

QoS for IP/MPLS Networks. Santiago Alvarez. Cisco Press. ISBN-10: 1-58705-233-4; ISBN-13: 978-1-58705-233-0; 2006

Selecting MPLS VPN Services. Chris Lewis, Steve Pickavance. Cisco Press. ISBN-10: 1-58705-191-5; ISBN-13: 978-1-58705-191-3; Copyright 2006

MPLS Configuration on Cisco IOS Software. Umesh Lakshman, Lancy Lobo. ISBN-10: 1-58705-199-0; ISBN-13: 978-1-58705-199-9; Copyright 2006

Next Month

MPLS In Depth – Tom Young

Questions?

Roger Mueller – ciscowiz at yahoo.com

Eric Severson – eric at network-specialties.com