Multiprotocol Label Switching
Multiprotocol Label Switching
(MPLS)
(MPLS)
Petr Gryg
Technology Basics
Technology Basics
•
Integrates label-based forwarding paradigm with network layer routing•
label forwarding + label swapping similar to ATM/FR•
switching tables constructed using IP routing protocol(s)•
Advantages:•
improves the price/performance of network layer routing•
MPLS switching algorithm might be simpler and faster than traditional IP routing•
Processor-intensive packet analysis and classification happens only once at the ingress edge•
But MPLS is not onlyBut MPLS is not only a method to make routers much more faster a method to make routers much more faster•
improves the scalability of the network layer•
(slow lookup of huge IP routing tables etc.)•
provides greater flexibility in the delivery of (new) routing services•
new routing services may be added without change to the forwarding paradigm• Multiple VRF-based VPNs (with address overlap), traffic-engineering,…
MPLS Operation in Brief
MPLS Operation in Brief
(Frame Mode)
(Frame Mode)
•
Standard IP routing protocol used in MPLS routing domain Standard IP routing protocol used in MPLS routing domain•
(OSPF, IS-IS, …)(OSPF, IS-IS, …)•
<IP prefix, label > mapping created by egress router<IP prefix, label > mapping created by egress router•
i.e. router at MPLS domain edge used as exit point for that IP prefixi.e. router at MPLS domain edge used as exit point for that IP prefix•
Label distribution protocols used to distribute label bindings for IP Label distribution protocols used to distribute label bindings for IP prefixes between adjacent neighborsprefixes between adjacent neighbors
•
label has local significancelabel has local significance•
Ingress LSR receives IP packetsIngress LSR receives IP packets•
Performs classification and assigns labelPerforms classification and assigns label•
Forwards labeled packet to MPLS coreForwards labeled packet to MPLS core•
Core LSRs switch labeled packets based on label valueCore LSRs switch labeled packets based on label value•
Egress router removes label before forwarding packet out of MPLS Egress router removes label before forwarding packet out of MPLS domaindomain
MPLS position in OSI RM
MPLS position in OSI RM
MPLS operates between link and network layer
MPLS operates between link and network layer
•
Deals with L3 routing/addressing
Deals with L3 routing/addressing
•
Uses L2 labels for fast switching
Uses L2 labels for fast switching
•
Inherent labels of some L2 technologies
Inherent labels of some L2 technologies
•
ATM VPI/VCI, Frame Relay DLCI, optical switching ATM VPI/VCI, Frame Relay DLCI, optical switching lambdas, …lambdas, …
•
Additional “shim” headers placed between L2 and
Additional “shim” headers placed between L2 and
L3 headers
L3 headers
•
it’s presence indicated in L2 headerit’s presence indicated in L2 headerLabel-based packet forwarding
Label-based packet forwarding
•
Packet marked with labels at ingress MPLS routerPacket marked with labels at ingress MPLS router•
Allows to apply various rules to impose labels•
destination network prefix, QoS, policy routing (traffic engineering), VPNs, …•
labels imply both routes (IP destination prefixes) and service attributes (QoS, labels imply both routes (IP destination prefixes) and service attributes (QoS, TE, VPN, …)TE, VPN, …)
•
Multiple labels can be imposed (label stack)Multiple labels can be imposed (label stack)•
allows special applications (hierarchical MPLS forwarding)allows special applications (hierarchical MPLS forwarding)•
Packet quickly forwarded according to labels through MPLS corePacket quickly forwarded according to labels through MPLS core•
uses only label swapping, no IP routinguses only label swapping, no IP routing•
IP routing information used only to build forwarding tables, not for actual IP routing information used only to build forwarding tables, not for actual (potentially slow) IP routing(potentially slow) IP routing
•
label-switch paths determined by IP routing protocollabel-switch paths determined by IP routing protocol• implementation of MPLS is only as good as underlying routing protocolimplementation of MPLS is only as good as underlying routing protocol
•
Label removed at egress router and packet forwarded using Label removed at egress router and packet forwarded using standard L3 IP routing table lookupComponents of MPLS architecture
Components of MPLS architecture
•
Forwarding Component (data plane)
•
“brute force” forwarding using label forwarding information base (LFIB)•
Control Component (control plane)
•
Creates and updates label bindings (LFIB)•
<IP_prefix, label>•
MPLS node has to participate in routing protocol (IGP or MPLS node has to participate in routing protocol (IGP or static routing)static routing)
•
including ATM switches in MPLS cell-modeincluding ATM switches in MPLS cell-mode•
Labels assignment is distributed to other MPLS peers•
using some sort of label distribution protocol (LDP)MPLS Devices
MPLS Devices
Label-Switch Router (LSR)
Label-Switch Router (LSR)
•
Any router/switch participating on label assignment and Any router/switch participating on label assignment and distribution that supports label-based packet/cell switchingdistribution that supports label-based packet/cell switching
LSR Classification
LSR Classification
•
Core LSR (P-Provider)Core LSR (P-Provider)•
Edge LSR (PE-Provider Edge)Edge LSR (PE-Provider Edge)(Often the same kind of device, but configured differently)
(Often the same kind of device, but configured differently)
•
Frame-mode LSRFrame-mode LSR•
MPLS-capable router with Ethernet interfacesMPLS-capable router with Ethernet interfaces•
Cell-mode LSRCell-mode LSRFunctions of Edge LSR
Functions of Edge LSR
•
Any LSR on MPLS domain edge, i.e. with non-MPLS
Any LSR on MPLS domain edge, i.e. with non-MPLS
neighboring devices
neighboring devices
•
Performs label imposition and disposition
Performs label imposition and disposition
•
Packets classified and label imposedPackets classified and label imposed•
Classification based on routing and policy requirementsClassification based on routing and policy requirements•
Traffic engineering, policy routing, QoS-based routingTraffic engineering, policy routing, QoS-based routing•
Information of L3 (and above) headers inspected only
Information of L3 (and above) headers inspected only
once at edge of the MPLS domain
Forwarding Equivalence Class
(FEC)
•
Packets classified into FECs at MPLS domain
Packets classified into FECs at MPLS domain
edge LSR
edge LSR
•
according unicast routing destinations, QoS class,
according unicast routing destinations, QoS class,
VPN, multicast group, traffic-engineered traffic
VPN, multicast group, traffic-engineered traffic
class, …
class, …
•
FEC is a class of packets to be MPLS-switched
FEC is a class of packets to be MPLS-switched
the same way
Label switching path (LSP)
Label switching path (LSP)
•
Sequence of LSRs between ingress and egress
Sequence of LSRs between ingress and egress
(edge) LSRs
(edge) LSRs
•
+ sequence of assigned labels (local significance)
+ sequence of assigned labels (local significance)
•
Unidirectional
Unidirectional
•
For every forward equivalence class
For every forward equivalence class
•
May diverge from IGP shortest path
May diverge from IGP shortest path
•
Path established by traffic engineering using explicit
Path established by traffic engineering using explicit
routing and label switching paths tunnels
Upstream and downstream neighbors
Upstream and downstream neighbors
•
From perspective of some particular LSR
From perspective of some particular LSR
•
Related to particular destination (and FEC)
Related to particular destination (and FEC)
•
Routing protocol’s Next-hop address determines
Routing protocol’s Next-hop address determines
downstream neighbor
downstream neighbor
Upstream neighbor is closer to data source whereas
Upstream neighbor is closer to data source whereas
downstream neighbor is closer to the destination
downstream neighbor is closer to the destination
network
network
MPLS and IP routing interaction in LSR
MPLS and IP routing interaction in LSR
IP routing table
IP routing table
IP routing process
IP routing process
MPLS Signalling protocol
MPLS Signalling protocol
Label forwarding table
Label forwarding table
routing information routing information exchange exchange (routing protocol) (routing protocol) label bindings label bindings exchange exchange Outgoing Outgoing labeled labeled Incoming Incoming labeled labeled packets packets Incoming Incoming unlabeled unlabeled packets
packets OutgoingOutgoing unlabelled unlabelled packets packets Control plane Control plane
Interaction of neighboring MPLS LSRs
Interaction of neighboring MPLS LSRs
Routing information Routing information exchange exchange label bindings label bindings exchange exchange Labeled packets Labeled packets IP routing table
IP routing table
IP routing
IP routing
process process MPLS Signalling MPLS Signalling Protocol Protocol Label forwarding Label forwarding table tableIP routing table
IP routing table
IP routing
IP routing
process
process
MPLS Signalling MPLS Signalling Protocol Protocol Label forwarding Label forwarding table tableOperation of edge LSR
Operation of edge LSR
IP routing table
IP routing table
IP routing process
IP routing process
MPLS Signalling protocol
MPLS Signalling protocol
routing information routing information
exchan exchangege
label bindings label bindings exchange exchange Outgoing Outgoing Incoming Incoming unlabeled unlabeled packets packets Outgoing Outgoing unlabeled unlabeled packets packets
IP forwarding table
IP forwarding table
Label disposition
Label disposition
and L3 lookup
and L3 lookup
Incoming Incoming Resolving Resolving of recursive of recursive routes routes
Penultimate hop behavior
Penultimate hop behavior
Label at the top of label stack is removed not by egress routes at MPLS domain edge (as
Label at the top of label stack is removed not by egress routes at MPLS domain edge (as
could be expected), but by it’s upstream neighbor (penultimate hop)
could be expected), but by it’s upstream neighbor (penultimate hop)
•
On egress router, packet could not be label-switched anywayOn egress router, packet could not be label-switched anyway•
Egress router has to perform L3 lookup to find more specific routeEgress router has to perform L3 lookup to find more specific route•
commonly, egress router advertises single label for summary routecommonly, egress router advertises single label for summary route•
Disposition of label imposed by egress router’s upstream neighbor would Disposition of label imposed by egress router’s upstream neighbor would introduce unnecessary overheadintroduce unnecessary overhead
•
For that reason, upstream neighbor of egress router always pops label and sends For that reason, upstream neighbor of egress router always pops label and sends packet to egress router unlabeledpacket to egress router unlabeled
•
Egress LSR requests popping of label through label distribution protocolEgress LSR requests popping of label through label distribution protocolLabel and label stack
Label and label stack
•
Label format (and length) dependent on L2
Label format (and length) dependent on L2
technology
technology
•
Labels have local-link significance, each LSR
Labels have local-link significance, each LSR
creates it’s own label mappings
creates it’s own label mappings
•
although not a rule, same label is often propagated
although not a rule, same label is often propagated
from different links for the same prefix
from different links for the same prefix
•
Multiple labels may be imposed, forming the
Multiple labels may be imposed, forming the
label stack
label stack
•
Label bottom indicated by “s” bit
Label bottom indicated by “s” bit
•
Label stacking allows special MPLS applications
Label stacking allows special MPLS applications
(VPNs etc.)
MPLS header
MPLS header
•
Between L2 and L3 header
Between L2 and L3 header
•
MPLS header presence indicated in EtherType/PPP
MPLS header presence indicated in EtherType/PPP
Protocol ID/Frame Relay NLPID
Protocol ID/Frame Relay NLPID
•
4 octets (32b)
4 octets (32b)
•
20 bits – label value
20 bits – label value
•
3 bits Exp (experimental) – used for QoS today
3 bits Exp (experimental) – used for QoS today
•
8 bits MPLS TTL (Time to Live)
8 bits MPLS TTL (Time to Live)
Label Bindings Distribution
Label Distribution Protocol
Label Distribution Protocol
Functionality
Functionality
•
Used to advertise
Used to advertise
<
<
IP
IP
_prefix
_
prefix
,
,
label>
label
>
binding
binding
s
s
•
Used to create
Used to create
L
L
abel
abel
Information Base (LIB)
Information Base (LIB)
and
and
Label
Label
F
F
orwarding
orwarding
I
I
nformation
nformation
B
B
ase
ase
(LFIB)
(LFIB)
•
LIB maintains all prefixes advertised by MPLS neighborsLIB maintains all prefixes advertised by MPLS neighbors•
LFIB maintains only prefixes advertised by next hops for individual LFIB maintains only prefixes advertised by next hops for individual routesroutes
•
i.e. those actually used for label switchingi.e. those actually used for label switching•
next-hop determined by traditional IGP next-hop determined by traditional IGPLFIB used for actual label switching, LIB maintains labels which may be
LFIB used for actual label switching, LIB maintains labels which may be
useful if IGP routes change
Label Retention Modes
Label Retention Modes
•
Liberal mode
Liberal mode
•
LSR retains labels for FEC from all neighbors
LSR retains labels for FEC from all neighbors
•
Requires more memory and label spaceRequires more memory and label space•
Improves latency after IP routing paths changeImproves latency after IP routing paths change•
Conservative mode
Conservative mode
•
Only labels from next-hop for IP prefix are
Only labels from next-hop for IP prefix are
maintained
maintained
•
next-hop determined from IP routing protocolnext-hop determined from IP routing protocolLabel Distribution Modes
Label Distribution Modes
•
Independent LSP control
Independent LSP control
•
LSR binds labels to FECs and advertises them
LSR binds labels to FECs and advertises them
whether or not the LSR itself has received a label
whether or not the LSR itself has received a label
from it’s next-hop for that FEC
from it’s next-hop for that FEC
•
Most common in MPLS frame mode
Most common in MPLS frame mode
•
Ordered LSP control
Ordered LSP control
•
LSR only binds and advertises label for FEC if
LSR only binds and advertises label for FEC if
-
it is the egress LSR for that FECit is the egress LSR for that FECProtocols for Label Distribution
Protocols for Label Distribution
•
Label Distribution Protocol (LDP) – IETFLabel Distribution Protocol (LDP) – IETF standard standard•
TCP port 646TCP port 646•
RSVP-TERSVP-TE•
used for MPLS traffic engineeringused for MPLS traffic engineering•
BGPBGP•
implements MPLS VPNs (peer model)implements MPLS VPNs (peer model)•
PIMPIM•
enables MPLS-based multicastsenables MPLS-based multicasts•
Tag Distribution Protocol (TDP) – Cisco proprietary, obsoleteTag Distribution Protocol (TDP) – Cisco proprietary, obsolete•
LDP predecestorLDP predecestor•
TCP port 711TCP port 711Label bindings are exchanged
Label bindings are exchanged between neighboring routersbetween neighboring routers
•
in special cases also between non-neighboring routers in special cases also between non-neighboring routersLabel Distribution Protocol (LDP):
Label Distribution Protocol (LDP):
Message Types
Message Types
•
Discovery messages (hellos)
Discovery messages (hellos)
•
UDP/646UDP/646•
Used to discover and continually check for presence of LDP Used to discover and continually check for presence of LDP peerspeers
•
Once a neighbor is discovered, LDP session is
Once a neighbor is discovered, LDP session is
established over TCP/646
established over TCP/646
•
messages to establish, maintain and terminate sessionmessages to establish, maintain and terminate session•
label mappings advertisement messages label mappings advertisement messages•
create, modify, deletecreate, modify, delete•
error notification messageerror notification message•
LDP Neighbor IDLDP Neighbor IDFrame-mode and Cell-mode LSRs
Frame-mode LSRs
Frame-mode LSRs
•
Frame/Packet processing devices
Frame/Packet processing devices
•
such as routers or Frame Relay switches
such as routers or Frame Relay switches
•
Labeled packets treated as L2 frames
Labeled packets treated as L2 frames
•
Shim header between L2 and L3 header
Shim header between L2 and L3 header
Frame-mode Label Distribution
Frame-mode Label Distribution
•
Unsolicited downstream
Unsolicited downstream
•
Labels distributed automatically to upstream neighborsLabels distributed automatically to upstream neighbors•
Downstream LSR advertises labels for particular FECs to the Downstream LSR advertises labels for particular FECs to the upstream neighborupstream neighbor
•
Independent control of label assignment
Independent control of label assignment
•
Label assigned as soon as new IP prefix appears in IP routing table Label assigned as soon as new IP prefix appears in IP routing table(may be limited by ACL) (may be limited by ACL)
•
Mapping stored into LIBMapping stored into LIB•
LSR may send (switch) labeled packets to next hop even if next-LSR may send (switch) labeled packets to next hop even if next-hop itself does not have label for switching that FEC furtherhop itself does not have label for switching that FEC further
•
Liberal retention mode
Liberal retention mode
Cell-mode LSRs
Cell-mode LSRs
ATM switches
ATM switches
•
LSRs switch cells, not packets
LSRs switch cells, not packets
•
packets fragmented into cells
packets fragmented into cells
•
VPI/VCI used to carry labels
VPI/VCI used to carry labels
•
Additional piece of software needed to integrate
Additional piece of software needed to integrate
ATM switches with IP routing (IGP) and
ATM switches with IP routing (IGP) and
implement label distribution protocols - Label
implement label distribution protocols - Label
Switch Controller
Switch Controller
•
needed to provide label assignment and distribution
needed to provide label assignment and distribution
and proper building of switching tables (ATM layer)
and proper building of switching tables (ATM layer)
Problems with ATM Switches in IP
Problems with ATM Switches in IP
Networks
Networks
•
ATM switches cannot perform IP lookup and label stack lookupATM switches cannot perform IP lookup and label stack lookup•
Packets chopped into ATM cellsPackets chopped into ATM cells•
VPI/VCI serves as labelVPI/VCI serves as label•
ATM switches cannot handle IP packets directly hop-by-hopATM switches cannot handle IP packets directly hop-by-hop•
Virtual circuits have to be createdVirtual circuits have to be created•
created dynamically for every FECcreated dynamically for every FEC•
Signalling between neighboring ATM switches is needed to dynamically Signalling between neighboring ATM switches is needed to dynamically create VCscreate VCs
•
VPI=0, VCI=32, aal5snap encapsulationVPI=0, VCI=32, aal5snap encapsulation•
between ATM Edge LSR and ATM LSR and between two ATM LSRsbetween ATM Edge LSR and ATM LSR and between two ATM LSRs•
ATM switching tables created according to signalling requestsATM switching tables created according to signalling requestsDownstream on demand label assignment
Downstream on demand label assignment
•
On-demand dynamic VC creation methodOn-demand dynamic VC creation method•
Label request for particular prefix is Label request for particular prefix is sent by ingress LSR step-by-sent by ingress LSRstep-by-step to destination egress LSR along IGP shortest path
step to destination egress LSR along IGP shortest path
•
Upstream LSRs request label to downstream neighborsUpstream LSRs request label to downstream neighbors•
Downstream LSRs respond with labels Downstream LSRs respond with labels upon requestupon request•
Egress LSR creates label mappingEgress LSR creates label mapping•
Label mapping propagated back to the sourceLabel mapping propagated back to the source•
Labels assigned by all intermediate LSRsLabels assigned by all intermediate LSRs•
Uses conservative label retention modeUses conservative label retention mode•
LIB maintains only actually used labelsLIB maintains only actually used labels•
because label request is sent to FEC’s next hop onlybecause label request is sent to FEC’s next hop only•
Labels assigned only on demandLabels assigned only on demandCell-mode Label Distribution Problem
Cell-mode Label Distribution Problem
•
Unsolicited Downstream method cannot be used
•
AAL5 cannot intermix cells of multiple packets101/4 3 150.10/16 100/7 2 101/4 3 150.10/16 100/5 1 Out tag Out if (prefix) In tag In if 1 1 2 2 3 3 150.10.0.0/16 150.10.0.0/16 Packet Packet Packet Packet 7
7 77
7 7 5 5 5 5 5 5 4
4 44 44 44
???
Cell-mode Label Assignment Principles
Cell-mode Label Assignment Principles
•
ATM-LSR assigns unique label (VPI/VCI pair)
ATM-LSR assigns unique label (VPI/VCI pair)
for every upstream neighbor
for every upstream neighbor
•
LSR requests downstream neighbor to give one label
LSR requests downstream neighbor to give one label
(VPI/VCI) per FEC and per incoming interface
(VPI/VCI) per FEC and per incoming interface
(upstream neighbor)
(upstream neighbor)
•
Separate VC created for every FEC from ingress
Separate VC created for every FEC from ingress
LSR to egress edge LSR
LSR to egress edge LSR
Cell-mode Label Distribution:
Cell-mode Label Distribution:
Unique Labels for
Unique Labels for
U
U
pstream
pstream
N
N
eighbors
eighbors
101/6 3 150.10/16 100/7 2 101/4 3 150.10/16 100/5 1 Out tag Out if (prefix) In tag In if 1 1 2 2 3 3 150.10.0.0/16 150.10.0.0/16 Packet Packet Packet Packet 7
7 77
7 7 5 5 5 5 5 5 4
VC Merge
VC Merge
Option
Option
•
Single label can be allocated for FEC if ATM
Single label can be allocated for FEC if ATM
switch avoids intermixing of cells of packets of
switch avoids intermixing of cells of packets of
that FEC coming from
that FEC coming from
different
different
ingoing
ingoing
interfaces at the same time
interfaces at the same time
•
LSR have to capture
LSR have to capture
/buffer
/buffer
cells of incoming
cells of incoming
packets and send packets one after another at the
packets and send packets one after another at the
outgoing interface
outgoing interface
•
Saves label space, limits number of VCs
Saves label space, limits number of VCs
VC Merge
VC Merge
O
O
peration
peration
101/4 3 150.10/16 100/7 2 101/4 3 150.10/16 100/5 1 Out tag Out if (prefix) In tag In if 1 1 2 2 3 3 150.10.0.0/16 150.10.0.0/16 Packet Packet Packet Packet 7
7 77
7 7 5 5 5 5 5 5 4
MPLS
MPLS
O
O
peration -
peration -
S
S
ummary
ummary
1.
1.
Standard routing protocols create routing table
Standard routing protocols create routing table
2.
2.
Label distribution protocol creates and distributes
Label distribution protocol creates and distributes
<IP-prefix, label> mappings
<IP-prefix, label> mappings
3.
3.
Ingress edge LSR receives IP packet, classifies it and
Ingress edge LSR receives IP packet, classifies it and
imposes label
imposes label
4.
4.
Core LSRs switch packets only using label switching
Core LSRs switch packets only using label switching
without inspecting IP headers
without inspecting IP headers
5.
5.
Egress edge LSR disposes label and forwards packet
Egress edge LSR disposes label and forwards packet
according to IP routing table
MPLS Applications
MPLS Applications
IP header and forwarding decision decoupling allows for
IP header and forwarding decision decoupling allows for
better flexibility and new applications
Some Popular MPLS
Some Popular MPLS
Applications
Applications
•
BGP-Free core
BGP-Free core
•
6PE/6VPE
6PE/6VPE
•
Carrier Supporting Carrier
Carrier Supporting Carrier
•
MPLS Traffic engineering
MPLS Traffic engineering
•
MPLS VPN
MPLS VPN
•
Integration of IP and ATM
Integration of IP and ATM
I
I
ntegration
ntegration
of
of
IP
IP
and
and
ATM
ATM
•
IP routing tightly integrated with m
IP routing tightly integrated with m
ultipurpose ATM
ultipurpose ATM
backbone
backbone
using MPLS
using MPLS
•
ATM routing protocols like PNNI and signalling protocols ATM routing protocols like PNNI and signalling protocols for SVCs are not necessaryfor SVCs are not necessary
•
Eliminates complex technologies to map between IP
Eliminates complex technologies to map between IP
and ATM routing information and addressing
and ATM routing information and addressing
•
no need for solutions like LANE, CLIP, NHRP and MPOA no need for solutions like LANE, CLIP, NHRP and MPOA based on emulation of classical LAN/WAN technologiesbased on emulation of classical LAN/WAN technologies
over ATM
over ATM
•
ATM infrastructure may be fully utilized
ATM infrastructure may be fully utilized
BGP-Free Core
BGP-Free Core
•
Design of transit AS without BGP running on transit
Design of transit AS without BGP running on transit
(internal) routers
(internal) routers
•
BGP sessions between PE routers only
BGP sessions between PE routers only
•
full mesh or using route reflector(s)
full mesh or using route reflector(s)
•
P routers know only routes to networks in the core
P routers know only routes to networks in the core
•
including PE loopback interfaces
including PE loopback interfaces
•
LDP creates LSPs into individual networks in the core
LDP creates LSPs into individual networks in the core
(including PEs' loopbacks)
(including PEs' loopbacks)
•
PEs' loopbacks are used as next hops of BGP routes
PEs' loopbacks are used as next hops of BGP routes
passed between PE routers
6PE (1)
6PE (1)
•
Interconnection of IPv6 islands over MPLS Interconnection of IPv6 islands over MPLS non-IPv6-aware corenon-IPv6-aware core
•
PE routers has to support both IPv6 and IPv4, but P routers do PE routers has to support both IPv6 and IPv4, but P routers do not need to be upgraded (can be MPLS + IPv4 only)not need to be upgraded (can be MPLS + IPv4 only)
•
Outer label identifies destination PE router (IPv4 BGP next hop), Outer label identifies destination PE router (IPv4 BGP next hop), inner label identifies particular IPv6 routeinner label identifies particular IPv6 route
•
Inner label serves as 'index' into egress PE's IPv6 routing tableInner label serves as 'index' into egress PE's IPv6 routing table•
IPv6 prefixes plus associated (inner) labels are passed between PE IPv6 prefixes plus associated (inner) labels are passed between PE routers through MP-BGP (using TCP/IPv4)routers through MP-BGP (using TCP/IPv4)
•
Inner label needed because of PHPInner label needed because of PHP6PE (2)
6PE (2)
•
BGP Next Hop attribute is the IPv4-mapped IPv6 address of BGP Next Hop attribute is the IPv4-mapped IPv6 address of egress 6PE routeregress 6PE router
•
Only LDP for IPv4 is requiredOnly LDP for IPv4 is required•
LDP for IPv6 not implemented yetLDP for IPv6 not implemented yet•
Does not support multicast trafficDoes not support multicast traffic•
Only proposed standard – RFC 4798 (Cisco, 2007), but Only proposed standard – RFC 4798 (Cisco, 2007), but implemented by multiple vendorsimplemented by multiple vendors
•
See Seehttp://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdf
http://www.netmode.ntua.gr/Presentations/6PE%20-%20IPv6%20over%20MPLS%20(cisco%20expo%2005).pdf
for further details
6VPE
6VPE
•
VRF-aware 6PE
VRF-aware 6PE
•
Allows to build MPLS IPv6 VPNs on IPv4-only
Allows to build MPLS IPv6 VPNs on IPv4-only
MPLS core
MPLS core
•
See
See
http://sites.google.com/site/amitsciscozone/ho
http://sites.google.com/site/amitsciscozone/ho
me/important-tips/mpls-wiki/6vpe-ipv6-over-mpls-vpn for configuration example (Cisco)
Carrier Supporting Carrier (1)
Carrier Supporting Carrier (1)
•
Hierarchical application of label switching concept
Hierarchical application of label switching concept
•
A MPLS super-carrier provides connectivity between
A MPLS super-carrier provides connectivity between
regions for others MPLS-based customer carriers
regions for others MPLS-based customer carriers
•
Concept of MPLS VPN in super-carrier networks
Concept of MPLS VPN in super-carrier networks
•
CSC-P, CSC-PE, CSC-CE
CSC-P, CSC-PE, CSC-CE
•
Customer carriers regions may also implement MPLS
Customer carriers regions may also implement MPLS
VPN
VPN
Carrier Supporting Carrier (2)
Carrier Supporting Carrier (2)
•
Utilizes label stack with multiple labels
Utilizes label stack with multiple labels
•
sub-carrier's labels are untouched during transport
sub-carrier's labels are untouched during transport
over super-carrier
over super-carrier
•
Customer carriers do not exchange their
Customer carriers do not exchange their
customer's routes with super-carrier
customer's routes with super-carrier
MPLS Traffic Engineering
MPLS TE Goals
MPLS TE Goals
•
Minimizes network congestion, improve
Minimizes network congestion, improve
network performance
network performance
•
Spreads flows to multiple paths
Spreads flows to multiple paths
•
i.e. diverges them from “shortest” path calculated by
i.e. diverges them from “shortest” path calculated by
IGP
IGP
MPLS TE Principle
MPLS TE Principle
•
Originating LSR (headend) sets up a TE LSP to
Originating LSR (headend) sets up a TE LSP to
terminating LSR (tailend) through a explicitly
terminating LSR (tailend) through a explicitly
specified path
specified path
•
defined by sequence of intermediate LSRs
defined by sequence of intermediate LSRs
•
either strict or loose explicit route
either strict or loose explicit route
•
LSP is calculated automatically using constraint-
LSP is calculated automatically using
constraint-based routing or manually
based routing or manually
•
using some sort of management tool in large
using some sort of management tool in large
networks
MPLS-TE Mechanisms
MPLS-TE Mechanisms
•
Link information distribution
Link information distribution
•
Path computation
Path computation
•
LSP signalling
LSP signalling
•
RSVP
RSVP
-TE accomplishes
-TE accomplishes
label assignment during MPLS
label assignment during MPLS
tunnel creation
tunnel creation
•
signalling needed even if path calculation is performed
signalling needed even if path calculation is performed
manually
manually
•
Selection of traffic that will take the TE-LSP
Selection of traffic that will take the TE-LSP
Link Information Distribution
Link Information Distribution
•
Utilizes extensions of OSPF or IS-IS to distribute links’
Utilizes extensions of OSPF or IS-IS to distribute links’
current states and attributes
current states and attributes
•
OSPF LSA type 10 (opaque)OSPF LSA type 10 (opaque)•
Maximum bandwidth, reservable bandwidth, available bandwidth, Maximum bandwidth, reservable bandwidth, available bandwidth, flags (aka attributes or colors), TE metricflags (aka attributes or colors), TE metric
•
Constraint-based routing
Constraint-based routing
•
Takes into account links’ current states and attributes when Takes into account links’ current states and attributes when calculating routescalculating routes
•
““Constraint-based SPF” calculation excludes links that do not Constraint-based SPF” calculation excludes links that do not comply with required LSP parametersRSVP Signalling
RSVP Signalling
•
Resource reSerVation Protocol (RFC 2205) was
Resource reSerVation Protocol (RFC 2205) was
originally developed in connection with IntServ,
originally developed in connection with IntServ,
but should be understood as completely
but should be understood as completely
independent signalling protocol
independent signalling protocol
•
Reserves resources for unidirectional
Reserves resources for unidirectional
(unicast/multicast) L4 flows
(unicast/multicast) L4 flows
•
soft-state
soft-state
•
May be used with MPLS/TE to signal DiffServ
May be used with MPLS/TE to signal DiffServ
QoS PHB over the path
RSVP Messages
RSVP Messages
•
Message Header (message type)
Message Header (message type)
•
Resv, Path, ResvConfirm, ResvTeardown
Resv, Path, ResvConfirm, ResvTeardown
PathTeardown, PathErr,ResvErr
PathTeardown, PathErr,ResvErr
•
Variable number of object of various classes
Variable number of object of various classes
•
including sub-objects
including sub-objects
•
Support for message authentication and integrity
Support for message authentication and integrity
check
Basic RSVP Operation
Basic RSVP Operation
•
PATH message travels from sender to receiver(s)
PATH message travels from sender to receiver(s)
•
allows intermediate nodes to build soft-state information
allows intermediate nodes to build soft-state information
regarding particular session
regarding particular session
•
includes flow characteristics (flowspec)
includes flow characteristics (flowspec)
•
RESV message travels from receiver interested in
RESV message travels from receiver interested in
resource reservation towards the sender
resource reservation towards the sender
•
actually causes reservation of intermediate nodes'
actually causes reservation of intermediate nodes'
resources
resources
•
provides labels to upstream routers
provides labels to upstream routers
LSP Preemption
LSP Preemption
•
Support for creation of LSPs of different priorities with
Support for creation of LSPs of different priorities with
preemption option
preemption option
•
setup and holding prioritysetup and holding priority•
setup priority is compared with holding priority of existing LSPssetup priority is compared with holding priority of existing LSPs•
0 (best) – 7 (worst)0 (best) – 7 (worst)•
Preemption modes
Preemption modes
•
Hard – just tears preempted LSP downHard – just tears preempted LSP down•
Soft – signalls pending preemption to the headend of existing Soft – signalls pending preemption to the headend of existing LSP to give it an opportunity to reroute trafficLSP Path Calculation in Multiarea
LSP Path Calculation in Multiarea
Environment
Environment
•
Splitting network into multiple areas limits state
Splitting network into multiple areas limits state
information flooding
information flooding
•
Headend specifies path to route LSP setup
Headend specifies path to route LSP setup
requests using list of ABRs
requests using list of ABRs
•
loose routing
loose routing
•
Each ABR calculates and reserves path over
Each ABR calculates and reserves path over
connected area and requests another ABR on
connected area and requests another ABR on
the path to take care of next section
Fast Reroute
Fast Reroute
•
In case of node or link failure, backup LSP may
In case of node or link failure, backup LSP may
be automatically initiated (in tens of
be automatically initiated (in tens of
milliseconds)
milliseconds)
•
Fast Reroute option must be requested during
Fast Reroute option must be requested during
LSP setup
LSP setup
Fast Reroute - Global restoration
Fast Reroute - Global restoration
•
New LSP is set up by headend
New LSP is set up by headend
•
LSP failure is signalled to the headend by PathErr
LSP failure is signalled to the headend by PathErr
RSVP message
RSVP message
•
Headend has the most complete routing constraints
Headend has the most complete routing constraints
information to establish a new LSP
Fast Reroute - Local restoration
Fast Reroute - Local restoration
•
““Detour” LSP around failed link/nodeDetour” LSP around failed link/node•
LSR that detected the failure (called Point of Local Repair) start LSR that detected the failure (called Point of Local Repair) start to use alternative LSPto use alternative LSP
•
Detour LSPs are manually preconfigured or precalculated dynamically by Detour LSPs are manually preconfigured or precalculated dynamically by Point of Local Repair and pre-signalledPoint of Local Repair and pre-signalled
•
““Detour” joins back the original LSP at the Merge PointDetour” joins back the original LSP at the Merge Point•
i.e. at Next hop for link protection, Next Next hop for Node protection i.e. at Next hop for link protection, Next Next hop for Node protection•
Facility Backup (commonly used) - double labeling is used on detour pathFacility Backup (commonly used) - double labeling is used on detour path•
external tag is dropped before packet enters Merge Pointexternal tag is dropped before packet enters Merge Point•
packets arrive to the Merge Point with the same label as they would if they packets arrive to the Merge Point with the same label as they would if they came along original LSPcame along original LSP
•
One-to-One backup One-to-One backup•
does not use label stackingdoes not use label stackingMPLS and Diffserv
MPLS and Diffserv
•
LSR uses the same mechanism as traditional router to
LSR uses the same mechanism as traditional router to
implement different Per-Hop Behaviors (PHBs)
implement different Per-Hop Behaviors (PHBs)
•
2 types of LSPs (may coexist on single network):
2 types of LSPs (may coexist on single network):
•
EXP-inferred LSPs (mostly used)EXP-inferred LSPs (mostly used)•
can transport multiple traffic classes simultaneouslycan transport multiple traffic classes simultaneously•
EXP bits in shim header used to hold DSCP valueEXP bits in shim header used to hold DSCP value•
Map between EXP and PHB signaled during LSP setupMap between EXP and PHB signaled during LSP setup•
extension of LDP and RSVP (new TLV defined)extension of LDP and RSVP (new TLV defined)•
Label-inferred LSPsLabel-inferred LSPs•
can transport just one traffic classcan transport just one traffic classDiffserv Tunneling over MPLS
Diffserv Tunneling over MPLS
There are two markings of the packet (EXP,
There are two markings of the packet (EXP,
DSCP). There are different models to handle
DSCP). There are different models to handle
interaction between multiple markings.
interaction between multiple markings.
•
Pipe model
Pipe model
•
transfers inside DSCP marking untouched
transfers inside DSCP marking untouched
•
useful for interconnection of two Diffserv domains
useful for interconnection of two Diffserv domains
using MPLS
using MPLS
•
Uniform Model
Uniform Model
MPLS VPNs
VPN
VPN
Implementation Options
Implementation Options
Solution to implement potentially
Solution to implement potentially
overlapping address spaces
overlapping address spaces
of
of
independent customers:
independent customers:
•
Overlay model
Overlay model
•
Infrastructure provides tunells between Infrastructure provides tunells between CPE CPE routersrouters•
FRFR/ATM virtual circuits, IP tunnels (GRE, IPSec, …)/ATM virtual circuits, IP tunnels (GRE, IPSec, …)•
Peer-to-peer model
Peer-to-peer model
•
Provider edge router exchange routing information with customer Provider edge router exchange routing information with customer edge routeredge router
•
Customer routes in service provider’s IGPCustomer routes in service provider’s IGP•
Need to solve VPN separation and overlapping customer addressingNeed to solve VPN separation and overlapping customer addressing•
traditionally by complicated filteringtraditionally by complicated filtering•
Optimal routing between customer sites through shared Optimal routing between customer sites through shared infrastructureinfrastructure
MPLS VPN Basic Principles
MPLS VPN Basic Principles
•
MPLS helps to separate traffic from different VPNs without usage of MPLS helps to separate traffic from different VPNs without usage of overlay model tunneling techniquesoverlay model tunneling techniques
•
Routes from different VPNs kept separated, multiple routing tables Routes from different VPNs kept separated, multiple routing tables implemented at edge routers (one for each VPN)implemented at edge routers (one for each VPN)
•
Uses MPLS label stack: outer label identifies egress edge router, inner Uses MPLS label stack: outer label identifies egress edge router, inner label identifies VPNlabel identifies VPN
•
single route in particular VPNsingle route in particular VPN•
To allow propagation of IP prefixes from all VPNs to the core, To allow propagation of IP prefixes from all VPNs to the core,potentially overlapping addresses of separated VPNs is made unique
potentially overlapping addresses of separated VPNs is made unique
with Route Distinguisher (different for every VPN)
with Route Distinguisher (different for every VPN)
•
Those “IP-VPN” (VPNv4) addresses are propagated between PE routers using Those “IP-VPN” (VPNv4) addresses are propagated between PE routers using extended BGP (Multiprotocol BGP, MP-BGP)extended BGP (Multiprotocol BGP, MP-BGP)
•
New address family: VPNv4 address = RD + IPv4 addressNew address family: VPNv4 address = RD + IPv4 addressMPLS VPN advantages
MPLS VPN advantages
•
Integrates advantages of overlay and peer-to-
Integrates advantages of overlay and
peer-to-peer model
peer model
•
Overlay model advantages:
Overlay model advantages:
•
security and customer isolationsecurity and customer isolation•
Peer-to-peer model advantages:
Peer-to-peer model advantages:
•
routing optimalityrouting optimalityMPLS VPN Implementation
MPLS VPN Implementation
•
VPN defined as set of sites sharing the same routing informationVPN defined as set of sites sharing the same routing information•
Site may belong to multiple VPNsSite may belong to multiple VPNs•
Multiple sites (from different VPNs) may be connected to the Multiple sites (from different VPNs) may be connected to the same PE routersame PE router
•
PE routers maintains only routes for connected VPNs and PE routers maintains only routes for connected VPNs and backbone routes needed to reach other PEsbackbone routes needed to reach other PEs
•
Increases scalabilityIncreases scalability•
Decreases performance requirements of PE routerDecreases performance requirements of PE router•
PE router uses IP at customer network interface(s) and MPLS at PE router uses IP at customer network interface(s) and MPLS at backbone interfacesbackbone interfaces
•
Backbone (P routers) uses only label switchingBackbone (P routers) uses only label switching•
IGP routing protocol used only to establish optimal label switch pathsIGP routing protocol used only to establish optimal label switch paths•
Utilizes MPLS label stackUtilizes MPLS label stack•
Inner label identifies VPNInner label identifies VPNRouting information exchange
Routing information exchange
•
P-P and P-PE routers
P-P and P-PE routers
•
Using IGP
Using IGP
•
Needed to determine paths between PEs over MPLS
Needed to determine paths between PEs over MPLS
backbone
backbone
•
PE-PE routers (non-adjacent)
PE-PE routers (non-adjacent)
•
Using MP-iBGP sessions
Using MP-iBGP sessions
•
Needed to exchange routing information between
Needed to exchange routing information between
routing tables for particular VPN (VRFs)
routing tables for particular VPN (VRFs)
Routing information in PE routers
Routing information in PE routers
PE routers maintain multiple separated routing tables
PE routers maintain multiple separated routing tables
•
Global routing table – filled with backbone routes
Global routing table – filled with backbone routes
(from IGP)
(from IGP)
•
allows to reach other PE routers
allows to reach other PE routers
•
VRF (VPN routing & forwarding)
VRF (VPN routing & forwarding)
•
Separate routing tables for individual VPNs
Separate routing tables for individual VPNs
•
Every router interface assigned to a single VRF
Every router interface assigned to a single VRF
VPN routing and forwarding
VPN routing and forwarding
VRF = virtual router
VRF = virtual router
PE
PE PP
VPN A CE
VPN A CE
VPN A CE
VPN A CE
VPN B CE
VPN B CE
VRF A
VRF A
VRF B
VRF B
VPN B CE
VPN B CE
VRF for VPN B
VRF for VPN B
VRF for VPN A
VRF for VPN A
MPLS domain
VRF usage
VRF usage
CE
CE
CE
CE PEPE
CE CE P P VPN A VPN A VPN A VPN A VPN B VPN B VRF A VRF A VRF B VRF B VPN B VPN B PE PE CE CE CE VPN A VPN A VPN B VPN B CE CE VPN A VPN A PE PE packet packet
MPLS VPN example
MPLS VPN example
10.0.0.1/24
S0
I-PE
Customer A
G-P
S0 S1/0 S1/1
e0 e0
e1 e1
10.0.0.1/24
Customer A Customer B
Customer B
J-PE
10.0.1.1/24
10.0.2.1/24
1.0.0.0/24 2.0.0.0/24
.1
.1 .2 .2
OSTRAVA TACHOV
VPN Route Distinguishing and
VPN Route Distinguishing and
Exchange Between PEs
Exchange Between PEs
10.0.0.1/24 S0 I-PE Customer A G-P S0 S1/0 S1/1 e0 e0 e1 e1 10.0.0.1/24
Customer A Customer B
Customer B J-PE 10.0.1.1/24 10.0.2.1/24 1.0.0.0/24 2.0.0.0/24 .1
.1 .2 .2
lo0 lo0 3.0.0.1/32 3.0.0.2/32 VRF CustomerA-I VRF CustomerA-J VRF VRF CustomerB-J RD 100:2 RT 100:20 RD 100:1 RT 100:10 OSTRAVA TACHOV MPLS Core
IGP (OSPF, IS-IS, …)
PE
PE
-
-
to
to
-
-
PE
PE
VPN Route Propagation
VPN Route Propagation
•
PE router exports information from VRF to MP-BGPPE router exports information from VRF to MP-BGP•
prefix uniqueness ensured using Route Distinguisher (64bit ID)prefix uniqueness ensured using Route Distinguisher (64bit ID)•
VPN-V4 prefix = RD VPN-V4 prefix = RD + IPv4 prefix+ IPv4 prefix•
Route exported with source VRF ID (route target)Route exported with source VRF ID (route target)•
MMultiprotocol (Multiprotocol (MPP) i) iBGP session between PE routersBGP session between PE routers over over MPLS backbone (P routers)MPLS backbone (P routers)
•
Full mesh (route reflectors often used)Full mesh (route reflectors often used)•
Propagates VPNv4 routesPropagates VPNv4 routes•
BGP attributes identify site-of-origin and route targetBGP attributes identify site-of-origin and route target•
Opposite Opposite PE router imports information from MP-BGP into PE router imports information from MP-BGP into VRFVRF
•
routes imported into particular VRFs according to BGP Route Target routes imported into particular VRFs according to BGP Route Target attribute valuesMPLS VPN BGP attributes
MPLS VPN BGP attributes
•
Site of Origin (SOO)
Site of Origin (SOO)
•
Identifies site where the route originated from
Identifies site where the route originated from
•
avoids loopsavoids loops•
Route Target
Route Target
•
Identifies source VRF
Identifies source VRF
Customer route advertisement from PE
Customer route advertisement from PE
router (MP-BGP)
router (MP-BGP)
•
PE router assigns RT, RD based on source VRF and
PE router assigns RT, RD based on source VRF and
SOO
SOO
•
PE router assigns VPN (MPLS) label
PE router assigns VPN (MPLS) label
•
Identifies particular VPN route (in VPN site’s routing
Identifies particular VPN route (in VPN site’s routing
table)
table)
•
Used as second label in the label stack
Used as second label in the label stack
•
Top-of-stack label identify egress PE routerTop-of-stack label identify egress PE router•
Route’s next-hop rewritten to advertising PE router
Route’s next-hop rewritten to advertising PE router
loopback interface
loopback interface
CE
CE
to
to
PE
PE
routing information exchange
routing information exchange
•
CE router always exchanges routes with VRF
CE router always exchanges routes with VRF
assigned to interface connecting that CE router
assigned to interface connecting that CE router
•
IGP (RIPv2,OSPF)
IGP (RIPv2,OSPF)
•
External BGP
External BGP
•
Static routing or direct
Static routing or direct
l
l
y connected networks
y connected networks
•
Multiple
Multiple
instances of
instances of
routing process
routing process
(
(
for every VRF
for every VRF
)
)
are running on PE router
are running on PE router
Overlapping of VPNs
Overlapping of VPNs
Site (VRF) may belong
Site (VRF) may belong
to multiple
to multiple
VPNs provided
VPNs provided
that there is no addresses overlap
that there is no addresses overlap
•
Useful for shared server farms, extranets, ISPs etc.
Useful for shared server farms, extranets, ISPs etc.
Overlapping VPNs example
Overlapping VPNs example
10.0.0.1/24 S0 I-PE Customer A G-P S0 S1/0 S1/1 e0 e0 e1 e1 10.0.0.1/24
Customer A Customer B
Customer B J-PE 10.0.1.1/24 10.0.2.1/24 1.0.0.0/24 2.0.0.0/24 .1
.1 .2 .2
lo0 lo0 3.0.0.1/32 3.0.0.2/32 VRF CustomerA-I VRF CustomerA-J VRF CustomerB-I VRF CustomerB-J RD 100:2 RT 100:22 RD 100:1 RT 100:11 OSTRAVA TACHOV