However, the IP service switch does not support complete Internet routing functionality, nor does it provide
the same variety of routing policies that are available in a service edge router.
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 11 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Alcatel-Lucent 7750 SR Service Types
The following types of service are offered on the Alcatel-Lucent 7750 SR:
VPN services
Virtual private wire service (VPWS) — provides a point-to-point service that emulates a leased line
Virtual private LAN service (VPLS) — provides a multipoint Ethernet service similar to an Ethernet switch
Virtual private routed network service (VPRN) — provides a multipoint IP routed service
Internet Enhanced Service (IES)
Provides the customer with a Layer 3 IP interface to send and receive Internet traffic
Mirroring services
A variety of different service types are supported in a service network of Alcatel-Lucent 7750 SRs, based on a common core of IP/MPLS technology. The different possible VPN services are:
Virtual Private Wire Service (VPWS) also known as Virtual Leased Lines (VLL)– Layer 2 point-to-point service.
Virtual Private LAN Service (VPLS) - Layer 2 multipoint-to-multipoint VPN
Virtual Private Routed Network (VPRN) - Layer 3 IP multipoint-to-multipoint VPN service as defined in RFC 4364 (formerly RFC 2547bis)
In addition to the VPN based services, the 7750 SR supports the Internet Enhanced Service. IES is a Layer 3 direct Internet access service where the customer is assigned an IP interface for Internet connectivity.
Mirroring services - allows an operator to see the actual traffic on a customer’s service with a sniffer.
Mirror service be will be discussed later in module 4.
Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 12 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Virtual Private Wire Service (VPWS)
VPWS is a Layer 2 point-to-point service
VPWS defines a virtual point-to-point service that emulates a private leased line connection
VPWS encapsulates customer data and transports it across the service provider’s network in a GRE (generic routing encapsulation) or MPLS tunnel
Virtual Private Wire Service (VPWS)
The Alcatel-Lucent 7750 SR supports a Layer 2 point-to-point service commonly known as a Virtual Private Wire Service (VPWS). The VPWS encapsulates customer data and transports it across a service provider’s IP or MPLS network in a GRE or MPLS tunnel. VPWS is sometimes referred to as Layer 1 VPN, since there is no MAC learning required.
The Alcatel-Lucent service router is able to provide point-to-point Ethernet, Frame Relay, ATM
(Asynchronous Transfer Mode) or TDM (Time Division Multiplexing) service. In the slide figure a service provider network provides an epipe (point-to-point Ethernet) service.
A pseudowire is an emulated, Layer 2 circuit built across an MPLS network that can transport Layer 2 PDUs (protocol data units) as if they were transmitted on their native media. Epipes (Ethernet), apipes (ATM), fpipes (Frame Relay), ipipes (IP Interworking) and cpipes (TDM circuit emulation) are all examples of pseudowire technologies and are described in more detail in Module 2.
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 13 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Types of VPWS
VPWS service supported on the Alcatel-Lucent 7750 SR
EPipe - emulates a point-to-point Ethernet service
Apipe - emulates a point-to-point ATM service
Fpipe - emulates a point-to-point Frame Relay circuit
Cpipe - emulates a point-to-point TDM circuit
Ipipe - provides IP interworking capabilities between different Layer 2 technologies
The types of VPWS service supported on the Alcatel-Lucent 7750 SR include:
Epipe - emulates a point-to-point Ethernet service. VLAN tagged Ethernet frames are supported.
Interworking with other Layer 2 technologies is also supported.
Apipe - emulates a point-to-point ATM service. A number of sub-types are provided to support different ATM service types.
Fpipe - emulates a point-to-point Frame Relay circuit. Some features for interworking with ATM are also supported.
Cpipe - emulates a point-to-point TDM circuit.
Ipipe - provides IP interworking capabilities between different Layer 2 technologies
Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 14 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
VPWS Advantages
Customer’s perspective:
Supports ATM, Frame Relay, TDM or Ethernet
Service provider (SP) network appears as a leased line between the two customer locations
Transparent to customer data Service provider’s perspective:
Only the PE device is aware of the service
Scalability
Flexibility
The service provider can apply QoS, billing, ingress/egress traffic shaping and policing on a per-service basis
Scalability – the service provider can support thousands of customers per router
Flexibility – many different services for different customers can be provided over a single core IP/MPLS network
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 15 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Virtual Private LAN Service (VPLS)
VPLS is an Ethernet service that connects multiple sites in a single switched domain over a provider-managed IP/MPLS network
Alcatel-Lucent supports Virtual Private LAN Service (VPLS) multipoint switched services. A VPLS is a multipoint Layer 2 service that allows multiple customer sites to be connected in a single-switched domain contained within a provider-managed IP/MPLS network. Customer sites in the VPLS appear to be on the same LAN, even if the sites are geographically dispersed.
VPLS services switch traffic based on MAC addresses.
Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 16 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
VPLS Advantages
Customer’s perspective:
It looks as if all sites appear to be connected to a single-switched VLAN
Transparent to the customer’s data
Can operates over a single, local site or over multiple, geographically-dispersed sites
Frames are only forwarded across the required links in the network Service provider’s perspective:
The advantages to the service provider are similar to those of a VPWS service
The VPLS advantages from the customer’s perspective are:
•The VPLS is transparent to the customer’s data and higher layer protocols,
•The VPLS can operate over a single local site or at multiple, geographically dispersed sites
•The VPLS performs MAC learning so that frames are forwarded only across the required links in the network
The advantages to the service provider are the same advantages as for a VPWS service. The SP can reuse the IP/MPLS infrastructure to offer multiple services.
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 17 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Virtual Private Routed Network (VPRN)
VPRN is a Layer 3 service that connects multiple sites in a routed domain over a provider-managed IP/MPLS network
Virtual Private Routed Network (VPRN)
IETF RFC 4364 (formerly RFC 2547bis) details a method of distributing routing information and forwarding data to provide a Layer 3 Virtual Private Networks (VPN) service to end-customers. Each Virtual Private Routed Network (VPRN) consists of a set of customer sites connected to one or more PE routers. Each associated PE router maintains a separate IP forwarding table for each VPRN. The diagram shows three VPRN services (Red, Yellow, and Green). The details of VPRN service operation will be explained later in the course.
Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 18 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
VPRN Advantages
Customer’s perspective:
Sites are connected to a private routed network administered by the service provider for that customer only
Separate and independent IP address plan per VPRN
The VPRN can operate over a single local site or over multiple geographically-dispersed sites
Service provider’s perspective:
The advantages to the service provider are the same advantages as for a VPWS or VPLS service
The VPRN advantages from the customer perspective are:
•To the customer it appears as if all sites are connected to a private, routed IP network. The PE router maintains a separate, virtual routing and forwarding (VRF) table for each VPRN
•The IP address plan used by the customer is completely separate and independent of any address plan used by the provider or any of its other customers.
•The VPRN can operate over a single, local site or at multiple, geographically-dispersed sites
The advantages to the service provider are the same advantages as for a VPWS or VPLS service. The service provider uses MP-BGP to distribute the routes for the different customer networks.
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 19 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
IES provides customers with direct Internet access via a Layer 3 IP interface
From the customer’s perspective, IES provides a direct connection to the Internet
The service provider can apply all billing, ingress/egress shaping and policing to the customer
Internet Enhanced Service (IES)
An Internet enhanced service (IES) is a routed connectivity service where the subscriber communicates with a Layer 3 IP interface to send and receive Internet traffic.
The difference between the IES and a basic network interface is that the service provider can apply all QoS, billing, ingress/egress shaping and policing available within a service to the IES interface.
Confidential for Internal Use ONLY - Do Not Distribute
Services Overview & Implementation
Section 2 — Transport and Service Label Signaling
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 21 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Section Objectives
After successfully completing this section, you will be able to:
Explain how customer data is transmitted across the service provider network (MPLS vs. GRE tunnels)
Explain the encapsulation of service data with a service label and transport label
Explain how service labels are signaled
Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 22 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Transport Tunnels and Service Tunnels
MPLS or GRE tunnels are used to transmit customer data across the service provider network
Multiple service tunnels can be carried within a transport tunnel
Multiple transport tunnels can be configured on a single network port
Inner service label defines the service tunnel; outer transport label defines the transport tunnel
All the IP/MPLS VPN services described in section one use MPLS or GRE tunnels to transmit customer data across the service provider network. When MPLS is used, customer data is encapsulated with two MPLS labels; an outer transport label and an inner service label.
Alcatel-Lucent routers are connected to physical links that are used to carry traffic. When a service is set up using MPLS, transport LSP tunnels are set up between provider edge, or PE, routers. Each service or customer sends traffic through a service tunnel within the transport LSP tunnel. Transport tunnel LSPs are identified by MPLS labels that are swapped at each intermediate router, also known as a transit LSR, along the LSP from the ingress to the egress of the MPLS network.
The service label, or VC label, is used to identify which service or customer owns the packet. In the identification process, the label is attached at the ingress point and does not change value as the packet travels from ingress to egress.
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 23 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Transport Tunnels and Service Tunnels (continued)
Transport tunnels:
RSVP-TE or LDP signaled LSP
Labels are signaled using RSVP-TE or LDP
The MPLS-encapsulated data is forwarded to the egress PE for the service
GRE tunnel
The data is encapsulated with an IP header
The source IP address is the ingress PE router and the destination address is the egress PE router
Typically used when there are routers in the transport network that do not support MPLS label switching
Service tunnels:
MP-BGP or T-LDP are used to set up per-VPN service tunnels
Typically the transport tunnel is an RSVP-TE or LDP signaled LSP although it may also be a GRE tunnel.
Because the customer data is MPLS-encapsulated, forwarding across the network is not based at all on the customer data. The encapsulated data is simply forwarded to the tunnel egress, which is the egress PE for the service.
In GRE the data is encapsulated with an IP header. The source IP address is the ingress PE router and the destination address is the egress PE router. This header is used to route the packet across the network. The customer’s data has no influence on forwarding while the packet is in the GRE tunnel. GRE does not support traffic engineering futures that are available in MPLS
Our focus here is on the use of MPLS for transport tunnels.
Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 24 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Transport and Service Label Encapsulation MPLS encapsulation of VPN service traffic
DLC header — Layer 2 header used to transport the MPLS packet
MPLS transport (outer) label — The label signaled by the next-hop PE
Service (inner) label — The service, or virtual circuit (VC) label that identifies the service the packet belongs to
Control word — Optional and primarily used for ATM or Frame Relay services
Service packet —The customer data being transported by the service
Services over MPLS
In an IP/MPLS service network, data is encapsulated with at least two labels, the transport label and the service label.
Data Link Control Header (DLC Header) - a Layer 2 header used to transport the MPLS packet. In many cases, the data link, or Layer 2, header in use is Ethernet. In this case, all of the following apply: a 14-byte DLC header, a 6-byte destination MAC address, a 6-byte source MAC address and a 2-byte Ethertype field (0x8847 for MPLS or 0x0800 for IP/GRE). The 7750 SR also supports packet over SONET/SDH (POS).
When services are configured over MPLS, customer traffic is encapsulated in MPLS frames and sent over MPLS tunnels. A service label, or VC label, that indicates a specific customer connection, such as a Frame Relay DLCI, is pushed into the label stack between the transport tunnel label and the packet data.
An optional service-specific control word may be placed between the packet data and the service label.
The control word is used for frame sequencing and/or carrying service-specific information, such as Frame Relay forward explicit congestion notification (FECN) and backward explicit congestion notification (BECN) information. At the tunnel-end, the service label is used to find the customer interface over which the traffic is sent. The control word, if present, is used to convert the encapsulated customer traffic into its native format.
Note: do not confuse VC Label with the VC ID that is used for service provisioning.
Alcatel-Lucent Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 25 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2
Transport and Service Label Encapsulation (continued) GRE encapsulation of VPN service traffic
IP header and the GRE header are used instead of the MPLS transport label
A service label is still required to demultiplex the packet to the appropriate service
The service provider routers use the GRE header to route the packet across the network
Services over GRE
When GRE is used to transport services, an MPLS transport label is not used. Instead, an IP header is used, where the source IP address is the local PE router and the destination IP address is the far-end PE router. The minimum GRE header consists of 4 bytes: 2 for the flags, and 2 are used as protocol type files (contains the protocol ID of the payload packet). The MPLS protocol ID, which identifies the MPLS service label, is 0x8847. It is important to note that in this case, even though GRE is used for transport, an MPLS service label still exists so that the far-end PE can de-multiplex the service correctly. Therefore, unlike with MPLS transport labels, there is no label swapping at each router in the service provider’s network.
Rather, the outer IP header is used to forward the packet through the service provider network; as such, the IP header is not swapped at each router. The GRE IP header is stripped at the far-end provider edge router, which then uses the service label to demultiplex the service. At this point, the service label is stripped before the frame is passed to the customer. The main application of GRE would be in the case that a service provider has transport routerss (P routers) that are not MPLS-capable. In this case, GRE could be used to encapsulate the frame and only MPLS would be required on the service endpoint routers (PE routers). In general, if MPLS-capable routers are available, the MPLS will be utilized for the transport tunnel.
Confidential for Internal Use ONLY - Do Not Distribute
Module 1 | 26 All rights reserved © 2012 Alcatel-Lucent Alcatel-Lucent Services Architecture v 3.2