Advanced MPLS Design and Implementation

An in-depth guide to understanding advanced MPLS implementation, including packet-based VPNs, ATM-based VPNs, traffic engineering, and quality of service Who Should Read This Book Scope and Definition Command Conventions Illustration Iconography A New Forwarding Paradigm What Is MPLS Summary WAN Technologies and MPLS Inside the Cloud Layer 3 Routing Label Switching Integration of IP and ATM Challenges Faced by Service Providers Summary MPLS Architecture MPLS Operation MPLS Node Architecture...

Advantages of the Cisco VPN Solutions Center

The following are some advantages of the Cisco VPN Solutions Center A provisioning subsystem for MPLS VPN service provisioning with a scheduler for time-based provisioning. Support for provisioning of quality of service (QoS) parameters for effectively policing and enabling differentiated classes of service. A wizard-based service request entry offering ease of use for operators. CVPNSC provides easy-to-use wizard-based setup and administration of VPN memberships. It also checks and reduces...

Assigning Traffic to Tunnels

The integrated routing feature accomplishes automatic assignment of traffic to tunnels using a modified Shortest Path First (SPF) algorithm. The conventional SPF algorithm runs by iteratively placing contending paths on a tentative list, selecting the shortest path from that list, and adding that path and destination node to its forwarding tree. The root node is added to the SPF tree and then adds the one-hop paths to each of its directly connected neighbors to the tentative list. On each...

Assured Forwarding AF PHB

The DSCP marking of AF packets specifies an AF class and drop preference for IP packets. Packets with different drop preferences within the same AF class are dropped based on the their relative drop precedence values within the AF class. RFC 2587 recommends 12 AF PHBs representing four AF classes with three drop-preference levels in each. The Assured Forwarding PHB defines a method by which BAs can be given different forwarding assurances. The AFxy PHB defines four classes AF1y, AF2y, AF3y, and...

Atm

Asynchronous Transfer Mode is derived from standards developed by the ITU-T that were based on BISDN (Broadband ISDN) technology. ATM is a connection-oriented service in which transmitted data is organized into fixed-length cells. Upper-layer protocols and user data such as an IP packet are segmented into 48-byte protocol data units (PDUs). These PDUs are prepended with a 5-byte ATM header, and the resulting 53-byte cells are input into an ATM switch and multiplexed together. These cells then...

ATM Cell Generation

User information such as voice, data, and video traffic is passed from the upper layers to the convergence sublayer (CS) portion of the ATM adaptation layer being used. At the CS, header and trailer information is added and subsequently passed to the segmentation and reassembly (SAR) sublayer. The SAR sublayer is responsible for generating the 48-octet payloads, which are then passed to the ATM layer. The ATM layer adds the appropriate header (UNI or NNI), resulting in a 53-octet cell. That...

ATM Cells at the NNI

The ATM header at the NNI is also five octets in length and is identical to the UNI format with the exception of the first octet, as shown in Figure 2-9. The 4 bits used for the generic flow control (GFC) field have been replaced by 4 additional bits for the VPI field. The NNI, which provides bundles of VCIs between switches, defines an additional 4 bits for the VPI. In other words, the NNI has 12 bits for the VPI and 16 for the VCI, whereas the UNI header has only 8 bits for the VPI and 16...

ATM Layers

The ATM layers explain data flow to and from upper-layer protocols such as TCP IP. These layers are as follows Physical layer Analogous to the physical layer of the OSI reference model, the ATM physical layer manages the medium-dependent transmission. The physical layer is responsible for sending and receiving bits on the transmission medium, such as SONET, and for sending and receiving cells to and from the ATM layer. ATM operates on various media from clear-channel T1 (1.544 Mbps) upward. ATM...

Atm Lsr Operation

ATM MPLS uses the label-based forwarding paradigm to transport Layer 3 packets as ATM cells over an ATM-based network. ATM MPLS is also called cell mode MPLS. An ATM-LSR is an MPLS-enabled ATM switch that can act as an LSR. ATM-LSRs normally have an LSC, which performs an IP routing function with other LSRs in the MPLS network. A label-switching-controlled ATM (LC-ATM) interface is an ATM interface controlled by the label-switching control component. When a packet traversing such an interface...

ATM Management

One of the significant elements of the BISDN architecture is the management plane. The ATM Forum developed the Interim Local Management Interface (ILMI) to address those management requirements. The ILMI assumes that each ATM device that is supporting at least one UNI has a UNI Management Entity (UME) associated with each UNI. Network management information is then communicated between UMEs, as shown in Figure 2-13. The protocol chosen for the ILMI communication is the Simple Network Management...

ATM Quality of Service QoS

Traffic management is the key feature of ATM that distinguishes it from current networking protocols and makes it suitable for deployment in high-speed networks and for providing performance guarantees in an integrated environment. ATM supports QoS guarantees composed of traffic contract, traffic shaping, and traffic policing. A traffic contract specifies an envelope that describes the intended data flow. This envelope specifies values for peak bandwidth, average sustained bandwidth, and burst...

ATMBased Mpls Vpns

ATM-based MPLS VPNs use ATM LSRs in the core and a combination of ATM routers or other ATM LSRs (performing the Edge LSR or PE function) at the various points of presence. The various combinations are shown in Figure 9-2. The core ATM LSRs use Label Virtual Circuits (LVCs) to communicate with other core LSRs and the PE ATM routers. In Figure 9-2, you might notice that the core ATM LSRs are BPX 8650s with 7200 or 7500 Label Switch Controllers (LSCs). The LSC in the service provider's PoP-1 can...

Benefits of MPLS

Label-based switching methods allow routers and MPLS-enabled ATM switches to make forwarding decisions based on the contents of a simple label, rather than by performing a complex route lookup based on destination IP address. This technique brings many benefits to IP-based networks VPNs Using MPLS, service providers can create Layer 3 VPNs across their backbone network for multiple customers, using a common infrastructure, without the need for encryption or end-user applications. Traffic...

BGP Confederation Inter Provider Mpls Vpn Configuration

The network topology in Figure 5-12 shows a single Internet service provider (ISP) that is partitioning the backbone with confederations. Figure 5-12. BGP Confederation Inter-Provider MPLS VPN Figure 5-12. BGP Confederation Inter-Provider MPLS VPN The provider's AS number is 100. The two ASs run their own IGPs and are configured with AS1, which includes PE1, P1, and EBGP1. The IGP used for AS1 is OSPF. AS2 includes PE2, P2, and EBGP2. The IGP used for AS2 is IS-IS. CE1 and CE2 belong to the...

BGP Next Hop Configuration

In the case of BGP next-hop configuration, a second interface (physical or logical subinterface) is necessary to distribute routes from the global routing table to the customer site and to recognize routes from the customer site that need to be placed in the global table of the PE rather than the VRF. A BGP session must be established between the PE and CE routers across the second interface, and the CE router must advertise customer routes that will be propagated to the rest of the Internet...

BGP Route Reflectors

BGP requires that all of the IBGP speakers be fully meshed. However, this requirement does not scale when there are many IBGP speakers. A BGP speaker does not advertise a route learned from another IBGP speaker to a third IBGP speaker. Route reflectors ease this limitation and allow a router to advertise or reflect IBGP-learned routes to other IBGP speakers, thereby reducing the number of IBGP peers within an Autonomous System (AS). BGP confederations can be used to reduce the IBGP full mesh as...

Book Advanced MPLS Design and Implementation Section Virtual Private Networks

To address the unique needs and requirements of varied enterprise customers, service providers should consider using both MPLS and IPSec in their VPN deployment mix. Each of these technologies has its relative strengths and complements the other in an end-to-end secure VPN environment extending over the service provider's secure infrastructure as well as circuits over the public Internet. The decision matrix in Table 4-1 provides a comparison of the various VPN technologies and recommendations...

BPX Switch Configuration

The partition's BPX switch resources must be distributed between the associated BXM trunk ports. This is set up with the cnfrsrc command. The Qbin CoS buffer parameters on the BXM trunks are set up using the cnfqbin command. Finally, the LSC is linked to the BPX with the addshelf command to allow the router's LSC function to control the MPLS operation of the BPX node. Refer to Figure 6-25 for BPX1 connectivity and addressing information. In this case study, BPX1 has a four-port BXM 155-4 in...

Carrierover Carrier Mpls Vpns

The carrier-supporting-carrier feature lets one MPLS VPN-based service provider allow other service providers to use a segment of its backbone network. Carrier-supporting-carrier is a term used to describe a situation in which one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the...

Case Study of a Packet Based MPLS over Atm Vpn

Consider the service provider shown in Figure 6-19. It has points of presence (PoPs) in Chicago, Seattle, San Diego, Miami, and Washington. The service provider can offer Layer 3 IP VPN services across its MPLS backbone. The service provider offers MPLS VPN services to three customers A, B, and C. Backbone ATM switches have replaced the core P routers. The customers are each operating a single VPN. Figure 6-19. Case Study Packet-Based MPLS over ATM VPN Configuration T72 lfl. HO fli 172 17. l 0...

Case Study of an Mpls Vpn Design and Implementation

Consider a service provider with points of presence in Chicago, Seattle, San Diego, Miami, and Washington. The service provider offers layered IP VPN services across its MPLS backbone. The service provider offers MPLS VPN services to three customers A, B, and C. The detailed architecture is shown in Figure 5-3. The customers are operating a single VPN each. Figure 5-3. Case Study Service Provider Network Figure 5-3. Case Study Service Provider Network The service provider has provisioned the...

CE1 Configuration

A partial configuration for the customer edge router CE1 is as follows Figure 5-17. Internet Connectivity Using EBGP Multihop Sessions Figure 5-17. Internet Connectivity Using EBGP Multihop Sessions interface loopbackO ip address 10.2.2.1 255.255.255.0 interface ethernet0 0 ip address 150.100.2.1 255.255.255.0 interface serial0 0 ip address 20.2.2.1 255.255.255.0 router bgp 2 neighbor 64.2.2.2 remote-as 25431 neighbor 64.2.2.2 ebgp-multihop 255 neighbor 64.2.2.2 update-source loopbackO neighbor...

Cell Interleaving

Label VC allocation over ATM for multiple sources transmitting data to the same destination causes a few challenges. An ATM LSR that receives binding requests from different upstream neighbors toward the same prefix has to request multiple outbound labels from its downstream neighbor. If the ATM LSR allocates only one outgoing VCI, cells from different AAL5 frames are potentially interleaved and dropped at the receiving end. Allocating different outbound VCIs for the same destination ensures...

Cell Based VPNs

Cell-based VPNs such as ATM and SMDS use logical paths as defined by switched and permanent virtual circuits. As shown in Figure 4-5, multiple closed user groups or customers share the Service Providers Switched infrastructure. Customers perceive virtual circuits that have been exclusively provisioned for their private use. These PVCs or SVCs can be provisioned with a class of service such as CBR, VBR-RT, VBR-NRT, ABR, or UBR. ATM also enables the provisioning of soft PVCs, which are a hybrid...

Centralized Service

Building VPNs in Layer 3 allows delivery of targeted services to a group of users represented by a VPN. A VPN must give service providers more than a mechanism for privately connecting users to intranet services. It must also provide a way to flexibly deliver value-added services to targeted customers. Scalability is critical, because customers want to use services privately in their intranets and extranets. Because MPLS VPNs are seen as private intranets, you may use new IP services such as...

Introduction to MPLS

This chapter covers the following topics A New Forwarding Paradigm This section discusses conventional technologies versus Multiprotocol Label Switching (MPLS) techniques that are being implemented in carrier and service provider networks. MPLS is the technology that is driving future IP networks, including the Internet. MPLS gives the Internet a new forwarding paradigm that affects its traffic engineering and the implementation of VPNs. What Is MPLS This section discusses MPLS as an improved...

Advanced MPLS Architectures

This chapter covers the following topics Optical Networking This section discusses the requirement for fiber-optic network infrastructures in which switches and routers have integrated optical interfaces and are directly connected by fiber or optical network elements, such as Dense Wavelength Division Multiplexers (DWDMs). Conventional fiber-optic systems and DWDM technology are also discussed. Optical Transport Network Elements Technical details of Optical Transport Network (OTN) elements such...

MPLS Architecture

This chapter covers the following topics MPLS Operation This section describes the operation of MPLS networks and discusses the advantages of MPLS over conventional Layer 3 forwarding. MPLS Node Architecture This section describes the architecture of MPLS nodes. These nodes include MPLS-enabled routers and ATM switches. MPLS nodes consist of a control plane and a forwarding plane. MPLS Elements The various elements that constitute an MPLS network are described here. The MPLS Label-Switched...

Virtual Private Networks

This chapter covers the following topics Overview of VPNs Virtual Private Networks identify closed user groups over a common network infrastructure. This section examines and compares TDM, X.25, Frame Relay, SMDS, and ATM services. It also discusses private IP VPNs. Connection-oriented VPNs Connection-oriented VPNs can be built on Layer 2 or Layer 3 infrastructures. This section discusses Layer 2 VPNs built using connection-oriented point-to-point overlays such as Frame Relay and ATM virtual...

MPLS Traffic Engineering

This chapter covers the following topics The Need for Traffic Engineering on the Internet Through the deployment of traffic engineering, the traffic flowing across the service provider's backbone can be optimized, and traffic flows over underutilized paths can be optimized. Unequal-Cost Load Balancing via Metric Manipulation This technique allows routers to take advantage of load sharing over multiple unequal-cost paths to a given destination. This can be achieved by manipulating the parameters...

MPLS Quality of Service

This chapter covers the following topics Quality of Service Service providers that offer IP services over an MPLS backbone must support IP quality of Service (QoS) over their MPLS infrastructure. This means supporting IP QoS over MPLS VPNs or MPLS traffic-engineered paths. MPLS can help service providers offer IP QoS services more efficiently over a wider range of platforms, such as ATM LSRs. Integrated Services Integrated Services (IntServ) refers to an overall QoS architecture developed by...

MPLS Design and Migration

This chapter covers the following topics MPLS VPN Design and Topologies The various design approaches to practical MPLS VPN deployment are described in this section. MPLS VPNs can be implemented in a variety of ways, using a combination of packet-based and ATM MPLS Label-Switched Routers (LSRs). Migrating MPLS into an ATM network This section describes how MPLS can be deployed into a traditional ATM network gradually, starting with just a single pair of ATM LSRs in an otherwise purely ATM...

Chicago CE Configuration Customer B

Interface ethernet0 0 ip address 172.17.10.254 255.255.255.0 Set up a Frame Relay PVC as a link to the PE router encapsulation frame-relay frame-relay lmi-type ansi interface Serial 5 0 0.1 point-to-point ip address 172.17.254.2 255.255.255.252 frame-relay interface-dlci 100 ip route 0.0.0.0 0.0.0.0 172.17.254.1

Chicago PE Configuration

The following is the Chicago PE configuration interface atm1 0 0.1 point-to-point description atm pvc to Seattle ip address 10.10.12.1 255.255.255.252 pvc 2 3 encapsulation aal5snap tag-switching ip interface atm1 0 0.2 point-to-point description atm pvc to San Diego ip address 10.10.13.1 255.255.255.252 pvc 7 5 encapsulation aal5snap tag-switching ip interface atm1 0 1.1 point-to-point description atm pvc to Miami ip 10.10.14.1 255.255.255.252 pvc 8 1 encapsulation aal5snap tag-switching ip...

Circuit Switching and TDM

Time-division multiplexing combines data streams by assigning each stream a different time slot in a set. TDM repeatedly transmits a fixed sequence of time slots over a single transmission channel. Within T-carrier systems, such as T1 E1 and T3 E3, TDM combines pulse code modulated (PCM) streams created for each conversation or data stream. TDM circuits such as T1 E1 or T3 E3 lines can be used for voice as well as data. PCM is used to encode analog signals into digital format. Voice calls need...

Class Selector PHB

Many current implementations of IP QoS use IP precedence due to its simplicity and ease of implementation. In order to preserve backward compatibility with the IP precedence scheme, DSCP values of the form xxx000 are defined (where x equals 0 or 1). Such codepoints are called class-selector codepoints. The default codepoint 000000 is a class-selector codepoint. The PHB associated with a class-selector codepoint is a class-selector PHB. These PHBs retain almost the same forwarding behavior as...

Colored Thread CT Algorithm

The Colored Thread method of loop prevention requires the use of the ordered control method of LSP establishment. The colored thread method can be modeled by considering a colored thread extended from the ingress to the egress of the LSP. Any intermediate LSR would sense a loop if the thread loops back on itself. This would trigger the LSR to prevent the looping LSP from being built. The LSRs would then wait for the routing tables to converge and stabilize before attempting to extend another...

Configuration Case Study of an MPLS Traffic Engineered Network ISIS

Consider a service provider that has the network topology shown in Figure 7-7. In this example, the network is running over an ATM backbone, and the link-state routing protocol being used is IS-IS. The links between R1-R2-R6-R8 are OC48 (2.5 Gbps). The rest of the links within the service provider cloud are OC3 (155 Mbps) and OC12 (622 Mbps). Based on the link-state routing algorithm, traffic traversing from Network A to Network C is routed across the best path determined on the basis of an...

Configuration for AS1 EBGP1

The following is the configuration used for Exterior Border Gateway Protocol router 1 (EBGP1). EBGP1 is configured with the redistribute connected subnets command and interfaces with AS2. interface LoopbackO ip address 10.0.0.4 255.255.255.255 interface Ethernet0 0 description EBGP1 to P1 ip address 10.2.1.2 255.255.255.0 tag-switching ip interface Serial0 0 description EBGP1 to EBGP2 ip address 12.0.0.1 255.255.255.252 router ospf 1 log-adjacency-changes redistribute connected subnets network...

Configuration for AS1 P1

The following is the configuration used for the provider (P) router P1. P1 acts as a route reflector for all IBGP devices within AS1. interface LoopbackO ip address 10.0.0.2 255.255.255.255 interface Ethernet0 0 description P1 to EBGP1 ip address 10.2.1.1 255.255.255.0 tag-switching ip interface Ethernet0 1 description P1 to PE1 ip address 10.2.2.1 255.255.255.0 tag-switching ip router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 router bgp 1 no synchronization bgp...

Configuration for AS1 PE1

The following is the configuration used for the Provider Edge (PE) router PE1. route-target export 1 100 route-target import 1 100 interface Loopback0 ip address 10.0.0.1 255.255.255.255 interface Serial0 0 description PE1 to CE1 ip vrf forwarding VPN1 ip address 172.16.2.2 255.255.255.252 interface Ethernet0 0 description PE1 to P1 ip address 10.2.2.2 255.255.255.0 tag-switching ip network 10.0.0.0 0.255.255.255 area 0 router ospf 10 vrf VPN1 log-adjacency-changes redistribute bgp 1 metric 100...

Configuration for AS2 CE2

The following is the configuration used for the customer edge (CE) router CE2. CE1 and CE2 are both members of Virtual Private Network VPN1. interface Loopback0 ip address 172.16.0.2 255.255.255.255 interface Serial0 0 description CE2 to PE2 ip unnumbered Loopback0 router ospf 1 network 172.16.0.0 0.0.255.255 area 0 Copyright 2002 O'Reilly & Associates, Inc. All rights reserved. 1005 Gravenstein Highway North Sebastopol, CA 95472

Configuration for AS2 EBGP2

The following is the configuration used for Exterior Border Gateway Protocol router 2 (EBGP2). EBGP2 is configured with the neighbor next-hop-self command and interfaces with AS1. route-target export 1 100 route-target import 1 100 interface Loopback0 ip address 20.0.0.3 255.255.255.255 ip router isis interface Loopback1 ip vrf forwarding VPN1 ip address 172.16.0.3 255.255.255.255 interface Serial0 0 description EBGP2 to P2 ip unnumbered Loopback0 ip router isis tag-switching ip interface...

Configuration for AS2 PE2

The following is the configuration used for the provider edge (PE) router PE2. route-target export 1 100 route-target import 1 100 interface Loopback0 ip address 20.0.0.9 255.255.255.255 ip router isis interface Loopback1 ip vrf forwarding VPN1 ip address 172.16.0.9 255.255.255.255 interface Serial0 0 description PE2 to CE2 no ip address ip vrf forwarding VPN1 ip unnumbered Loopback1 interface Ethernet0 0 description PE2 to P2 ip address 20.9.1.1 255.255.255.0 ip router isis tag-switching ip...

Configure a Rate Limit on an Input Interface to Set MPLS Packets

Configure a rate limit on the input interface that will throttle back the preclassified IP packets Step 1. Designate the input interface Router(config) interface interface-name Step 2. Specify the action to take on packets during label imposition Router(config-int) rate-limit input access-group rate-limit acl-index bps burst-normal burst-max conform-action set-mpls-exp-transmit exp exceed-action set-mpls-exp-transmit exp Step 3. Exit interface configuration mode Here is an example. The...

Configure the Service Policy to Attach to an Interface

The service-policy interface configuration command is used to attach the service policy to an interface and to specify the direction in which the policy should be applied. The service-policy command syntax is as follows service-policy input output policy-map-name no service-policy input output policy-map-name Step 1. Designate the input interface Router(config) interface interface-name Step 2. Attach the specified policy map to the input interface Router(config-int) service-policy input...

Congestion Control

Frame Relay networks have two methods of congestion control Explicit congestion notification Implicit congestion notification Explicit congestion notification uses the forward (FECN) and backward (BECN) bits that are included in the T1.618 address field. The use of these bits is determined by the direction of traffic flow. The FECN bit is sent to the next-hop Frame Relay switch in the direction of the data flow, and the BECN bit is sent in the opposite direction of the data flow. Implicit...

Connection Oriented VPNs

Connection-oriented VPNs can be built on Layer 2 or Layer 3 infrastructures. VPNs built using connection-oriented, point-to-point overlays such as Frame Relay and ATM virtual connections are examples of Layer 2 connection-oriented VPN networks. VPNs built using a full or partial mesh of tunnels utilizing IPSec (with encryption for privacy) or Generic Routing Encapsulation (GRE) are examples of Layer 3 connection-oriented VPN networks. Access VPNs are circuit-switched, connection-oriented VPNs...

Control Component

The control component of MPLS consists of link-state IP routing protocols such as Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) running in conjunction with MPLS label allocation and maintenance procedures. The control component is responsible for setting up label forwarding paths along IP routes. The control component also maintains accuracy for the paths, because network topologies are prone to change. ATM LSRs use the downstream-on-demand allocating...

Control Plane

The MPLS control plane is responsible for populating and maintaining the LFIB. All MPLS nodes must run an IP routing protocol to exchange IP routing information with all other MPLS nodes in the network. MPLS enabled ATM nodes would use an external Label Switch Controller (LSC) such as a 7200 or 7500 router or use a Built-in Route Processor Module (RPM) in order to participate in the IP routing process. Link-state routing protocols such as OSPF and IS-IS are the protocols of choice, because they...

Conventional IP VPNs

Many carriers provide a managed IP services offering that basically lets customers hook up their CPE IP routers to a service provider's private IP backbone. Most IP service providers run an IP network over a Layer 2 infrastructure such as an ATM or Frame Relay network. An example of a conventional IP VPN is shown in Figure 4-9. Figure 4-9. Conventional IP Router-Based VPN Network Figure 4-9. Conventional IP Router-Based VPN Network The service provider typically configures multiple routing...

Conventional Layer 3 Routing Versus MPLS

As Layer 3 packets are forwarded from one router to the next, each router makes an independent forwarding decision for that packet. Each router analyzes the destination Layer 3 address in the packet's header and runs a network layer routing algorithm. Each router independently chooses a next hop for the packet based on its analysis of the packet's header and the results of running the routing algorithm. Forwarding decisions are the result of two functions Classification of Layer 3 packets into...

CoS feature optional Configuration of PE routers

You must perform the following tasks on the PE router to configure and verify MPLS VPN operation Configure your ATM interfaces and IGP Configure PE to PE routing sessions Configure PE to CE routing sessions. There are four ways to do this - Static PE to CE routing configuration - RIPv2 PE to CE routing configuration - BGP4 PE to CE routing configuration - OSPF PE to CE routing configuration Configuration of CE Routers CE routers can be configured with one of four options The PE router must be...

Credits

Michael Hakkert, Tom Geitner, William Warren Managing Editor Development Editor Andrew Cupp Project Editor Copy Editor Gayle Johnson Technical Editors Ibrahim Bac Brian Beck Matthew J. Cat Castelli Mark Gallo Brian Melzer David Rosedale Team Coordinator Tammi Ross Book Designer Gina Rexrode Octal Publishing, Inc. Indexer Tim Wright Ginny Bess Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http www.cisco.com Tel 408 526-4000 800 553-NETS (6387) Fax...

Data Link Connection Identifier DLCI

A data-link connection identifier (DLCI) identifies the Frame Relay PVC. Frames are routed through one or more virtual circuits identified by DLCIs. Each DLCI has a permanently configured switching path to a certain destination. Thus, by having a system with several DLCIs configured, you can communicate simultaneously with several different sites. The User-Network Interface (UNI) provides the demarcation between the FRAD and the Frame Relay network. The combination of the UNI and the DLCI...

Dedications

This book is dedicated to my wife Sarita C. Alwayn for her continuous support, without which this book would not have been possible. I thank you. In memory of my father, Urban Alwayn, whose words of encouragement are still with me, and continue to be my inspiration. To my mother, Belinda Alwayn, whose support and prayers have made this endeavor possible. These fundamentals have got to be simple. Lord Ernest Rutherford, Circa 1908 Copyright 2002 O'Reilly & Associates, Inc. All rights...

Deployment Options

IP-based service providers who own and manage their own router, fiber, and OTN infrastructure are more inclined to go with a peer model implementation of MP S. Providers who offer multiple services over their OTN will probably choose an overlay solution. As noted earlier, providers have the flexibility to use any combination. For example, a provider could configure a domain of IP routers and OXCs all running an MPLS- or MPA,S-based control plane to support ISP services. Some OXCs might also...

Design Criteria for Selecting ATM Edge LSRs

There are four main considerations when selecting ATM MPLS edge equipment The service type that will be offered This can be Managed IP services, ATM services, or a combination of both. Service providers with an existing ATM infrastructure will prefer a phased migration to MPLS. The different types of access lines and associated protocols The line cards must use a technology and protocol that will interface with the majority of CE routers, such as serial, serial Frame Relay, ISDN up to E1 T1, 10...

Design Criteria for Selecting Atm Lsrs

There are five main considerations when selecting ATM LSRs The different types of trunks supported by the ATM LSR The number of trunks supported by the switch The number of connections supported Requirements for redundancy and reliability Copyright 2002 O'Reilly & Associates, Inc. All rights reserved. 1005 Gravenstein Highway North Sebastopol, CA 95472

Designing MPLS Networks

MPLS network design must be accomplished prior to network installation in order to ensure that the network will operate reliably and optimally. Customer traffic must be properly estimated, because IP traffic is inherently connectionless, and customers will not be able to tell the service provider exactly which traffic they want to send where. This leads to a situation in which the network must be approximately sized with the option for scalability. The following design steps must be taken into...

Differentiated Services

The DiffServ model divides traffic into a small number of classes and allocates resources on a per-class basis. This model is similar to the IP precedence model discussed in the previous section. A 6-bit differentiated services code point (DSCP) marks the packet's class in the IP header. The DSCP is carried in the ToS byte field in the IP header. 6 bits can result in the implementation of 64 different classes however, in practice, only a few classes are normally implemented. As shown in Table...

Differentiated Services Architecture

The DiffServ (DS) region is composed of one or more DS domains. Each DS domain in turn is configured using the DSCP and the different PHBs. The entire IP path that a packet travels must be DiffServ-enabled. A DS domain itself is made up of DS ingress nodes, DS internal nodes in the core, and DS egress nodes. A DS ingress or egress node might be a DS boundary node, connecting two DS domains. Typically, the DS boundary node performs traffic conditioning. As shown in Figure 8-7, a traffic...

Distribution of Constraint Based Routing Information

The distribution of constraint-based information must be performed in order to find appropriate paths through the network. LSP traffic-engineered tunnels must be routed with an understanding of the traffic load they need to carry. The constraint information must be distributed across the MPLS network in a consistent way. The flooding mechanism used by link-state routing protocols such as OSPF and IS-IS can help create an integrated constraint and forwarding database. Distance vector (DV)...

DS Framing

Two kinds of framing techniques are used for DS-level transmissions The frame formats are shown in Figure 2-3 and Figure 2-4. D4 typically uses alternate mark inversion (AMI) encoding, and ESF uses binary 8-zero substitution (B8ZS) encoding. Figure 2-3. D4 Super Frame (SF) Format Figure 2-3. D4 Super Frame (SF) Format Figure 2-4. Extended Super Frame (ESF) Format As shown in Figure 2-3, the SF (D4) frame has 12 frames and uses the least-significant bit (LSB) in frames 6 and 12 for signaling (A,...

Ease of VPN Creation

Specific point-to-point connection maps or topologies are not required. Sites can be added to VPN intranets and extranets to form closed user groups. When VPNs are managed in this manner, it enables membership of any given site in multiple VPNs, maximizing flexibility in building intranets and extranets. MPLS functionality resides in the provider network, requiring little or no configuration on the customer premises. MPLS is transparent to the CPE router and customer CPE devices and do not need...

EBGP Multihop Configuration

The EBGP multihop configuration method requires only one interface and maintains AS_PATH information. Figure 5-17 illustrates Internet connectivity using EBGP multihop configuration. There is no need to reset the routes' BGP next hop. Customer routes can be exchanged directly with the Internet egress point. A default route can be set up within the VRF to forward Internet traffic to the egress point. Figure 5-17 illustrates the operation of the EBGP multihop session method of Internet...

Evolution of MPLS

The initial goal of label-based switching was to bring the speed of Layer 2 switching to Layer 3. This initial justification for technologies such as MPLS is no longer perceived as the main benefit, because newer Layer 3 switches using application-specific integrated circuit (ASIC)-based technology can perform route lookups at sufficient speeds to support most interface types. The widespread interest in label switching initiated the formation of the IETF MPLS working group in 1997. MPLS has...

Expedited Forwarding EF PHB

The DSCP marking of EF results in expedited forwarding with minimal delay and low loss. These packets are prioritized for delivery over others. The EF PHB in the DiffServ model provides for low packet loss, low latency, low jitter, and guaranteed bandwidth service. Applications such as VoIP, video, and online ecommerce require such guarantees. EF can be implemented using priority queuing, along with rate limiting on the class. Although EF PHB when implemented in a DiffServ network provides a...

Extending the Thread

Consider the network shown in Figure 3-14. Assume that LSR1 tries to establish an LSP using downstream-on-demand label allocation. LSR1 extends a thread by issuing a LABEL REQUEST message. This thread includes a color that is LSR1's IP address along with a unique identifier. As the LSP gets built and the LABEL REQUEST message proceeds over nodes LSR2, LSR3, LSR4, and LSR5, each node stores the color of the incoming thread and passes on the same color in the outgoing label request. Eventually, a...

External LSC

The LSC may also be a separate piece of external hardware. The Cisco BPX 8650 ATM LSR switch consists of a BPX 8600 ATM switch shelf and an LSC based on a Cisco 7200 series router. The LSC and switch are interconnected by a switch control link. For the BPX 8650, the switch control link is an ATM link. This link is used in a different way with the other ATM interfaces. On the LSR, it is used to connect the signaling LVCs from all other interfaces on the switch to the LSC, but it does not often...

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers' feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at...

Figure 210 Atm Uni and NNI Interfaces

CPS CPS ATM' Asynchronous Transfer Wade isyw ATM' Asynchronous Transfer Wade isyw A public UNI connects a private ATM switch to a public ATM service provider's network. A private UNI connects ATM users to the ATM switch. The term trunk is used to indicate the ATM link between carrier switches, and the term line is used to indicate the link between the customer equipment to the carrier's closest point of presence (POP) ATM switch. UNI ATM headers are typically used between the CPE and the...

Figure 213 ATM Interim Local Management Interface ILMI

The management information defined by the ILMI provides status and configuration information from the UME regarding the UNI. This information is organized into a Management Information Base (MIB), which contains several groups of managed objects. Examples include physical layer details, such as the transmission media type (SONET, DS3, and so on) and ATM layer statistics, such as the number of ATM cells transmitted or received.

Figure 41 Leased Line VPNLogical View

Figure 4-2 shows the physical connectivity among Customer A, Customer B, and the service provider network. Figure 4-2. Leased Line VPN Physical View Figure 4-2. Leased Line VPN Physical View The TDM network is the simplest form of a Virtual Private Network that assures high-quality fixed bandwidth to customers. Most carriers offer bandwidth as multiples of 64 kbps, which is the bandwidth of a single DS0 channel. For more information on TDM, refer to the section Circuit Switching and TDM in...

Figure 43 Logical Frame Relay VPN Architecture

Figure 4-4 shows the physical Frame Relay network. Customers A and B both connect to various Frame Relay points of presence (POPs) using TDM local loops. The Frame Relay protocol is run between the local CPE FRAD (router) and the Frame Relay switch. The Frame Relay interworking function converts Frame Relay frames into ATM cells for transport across the ATM backbone. Figure 4-4. Physical Frame Relay VPN Architecture Figure 4-4. Physical Frame Relay VPN Architecture For more details on Frame...

Figure 45 Logical Atm Vpn Architecture

Figure 4-6 shows the physical ATM network. Customers A and B both connect to various ATM points of presence (POPs) using clear-channel TDM local loops or SONET SDH. The ATM routers at the CPE use ATM virtual circuits as a Layer 2 transport mechanism to carry IP or any other Layer 3 protocol. Figure 4-6. Physical ATM VPN Architecture

Figure 48 Virtual Private Dialup Network VPDN

The remote users initiate a dial-up connection to the Network Access Server (NAS) using PPP. The NAS authenticates the call and forwards the call via L2F or L2TP to the customer's home gateway. The home gateway accepts the call forwarded by the NAS, performs additional authentication, authorization, and terminates the user PPP session. The AAA (Authentication, Authorization and Accounting) function can also be performed by an AAA server such as a TACACS+ server. All PPP session parameters are...

Figure 510 Route Reflector Design

When considered as a whole, the route reflector and its clients are called a cluster. Other IBGP peers of the route reflector that are not clients are called nonclients. An AS can have more than one route reflector. When an AS has more than one route reflector, each route reflector treats other route reflectors as normal IBGP speakers. There can be more than one route reflector in a cluster, and there can be more than one cluster in an AS. The BGP configuration for the PE routers in Figure 5-10...

Figure 513 Backbone Carrier Supporting an ISP

M *usrior rt)u 0f inlwmation (IPv4 NLflJs I6GP-* j In order to solve the scalability problem, the backbone carrier is configured so that it allows only internal routes of the customer carrier (IGP routes) to be exchanged between the CE routers of the customer carrier and the PE routers of the backbone carrier. MPLS is enabled on the interface between the CE router of the customer carrier and the PE router of the backbone carrier. Internal routes go to any of the routers within the ISP, and...

Figure 516 Internet Connectivity Using a Static Default Route

CE2 and CE3 have full intranet connectivity with CE1. In this example, static default routes have been configured in the VPN1 VRF on PE2 and PE3 that point to the Internet gateway connected to PE1. The IP address of the Internet gateway (64.1.1.2) must be advertised within the backbone IGP so that it is present in the global routing table. This ensures that packets destined for the Internet can be properly forwarded to the gateway. Because there is no...

Figure 61 MPLS Network Elements

Label-Switched Router (LSR) A device that implements the MPLS control and forwarding components as already described. Label-Controlled ATM interface (LC-ATM interface) An ATM interface controlled by the MPLS control component. Cells traversing such an interface carry labels in the VCI field of a user-selected range of VPIs. The control component could be integrated in the switch or on an outside controller. ATM LSR An LSR based on an ATM switch. It has LC-ATM interfaces. Packet-based LSR An...

Figure 612 Connection Setup with Endpoints on the Same VSI Slave

However, a command for connection setup would require the local slave in turn to communicate with a remote slave in order to set up both endpoints of the connection. This is demonstrated in Figure 6-13. Figure 6-13. Connection Setup with Endpoints on Different VSI Slaves Figure 6-13. Connection Setup with Endpoints on Different VSI Slaves Figure 6-12 shows a simplified example of a connection setup with endpoints on the same VSI slave, and Figure 6-13 shows a connection setup with endpoints on...

Figure 63 Atm Mpls Encapsulation Technique

The ATM LSR is controlled by a routing engine such as a 7500 or 7200 in case of a BPX or the RPM in case of the MGX. In Figure 6-4, an unlabeled IP packet with a destination address of 172.16.2.5 arrives at Edge LSR1. LSR1 looks into its label forwarding information base (LFIB) and matches the destination with prefix 172.16.0.0 16 and a label value of 40. LSR1 sends an ATM adaptation Layer 5 (AAL5) frame as a sequence of cells on VCI 40. LSR2, which is an ATM LSR controlled by a Label Switch...

Figure 65 Ordered Mode Downstreamon Demand Label Allocation

The following are the steps that occur in Figure 6-5 1. LSR1 sends a label binding request toward LSR2 in order to bind prefix 172.16.0.0 16 to a specific VCI. 2. LSR2 allocates VCI 20 and creates an entry in its LFIB with VCI 20 as the incoming label. 3. LSR2 sends a bind request toward LSR3. 4. LSR3 issues VCI 25 as a label. 5. LSR3 sends a reply to LSR2 with the binding between prefix 172.16.0.0 16 and the VCI 25 label. 6. LSR2 sets the outgoing label to VCI 25. This information is now used...

Figure 711 R8 to R1 Traffic Engineering Tunnels

Tunnel1 has been configured to utilize R8-R4-R1 (the OC3 path) as its first path (in order of priority) and R8-R7-R5-R2-R1 (the OC12 path) as its second path (in order of priority). The dynamic path is the fallback path if the first and second paths are unavailable due to link or node failure. The dynamic path is normally the IGP derived path. In this case study, the IGP used is IS-IS. Similarly, as shown in Figure 7-12, Tunnel2 and Tunnel3 steer traffic between Rc and Rb through the...

Figure 78 R1 to R8 Traffic Engineering Tunnels

Tunnel1 has been configured to utilize R1-R4-R8 (the OC3 path) as its first path (in order of priority) and R1-R2-R5-R7-R8 (the OC12 path) as its second path (in order of priority). It uses the dynamic path in the same way as Tunnel0. The network has also been traffic-engineered to load-balance across Tunnel0 and Tunnel1. The load balancing is achieved by configuring bandwidth statements within each tunnel interface. The ratio of these values is used by CEF to make load-balancing decisions.

Figure 810 Mpls Llsp

PHE inlcrivtl Iron t bcl viiluf AF droppreieneru inSerned Irorn anp-bris PHE inlcrivtl Iron t bcl viiluf AF droppreieneru inSerned Irorn anp-bris Ruft loomed irom lat rtvalLie in tfw VCI fkHd AF drop preference stored Hwn ATM Clp bit. Ruft loomed irom lat rtvalLie in tfw VCI fkHd AF drop preference stored Hwn ATM Clp bit. In the case of DiffServ AF, packets sharing a common PHB can be aggregated into a FEC, which can be assigned to an LSP. This is known as a PHB scheduling class. The drop...

Figure 92 ATMBased Mpls Vpn

Traffic at the service provider's PoP-2 from customers B and C can be aggregated using an MGX 8220 AXIS shelf and can be backhauled over ATM PVCs to the nearest ATM Edge LSR. In this case, the closest Edge LSR is PE3. ATM MPLS networks with router-based Edge LSRs may also use separate access devices such as the MGX 8220 if access is required through a device that does not support MPLS services. This might be required if access is required to both IP services and ATM PVC services through a...

Figure 94 Migration Phase

Edge LSR Edge LSR Edge LSR Figure 9-4 shows a starting position with routers connected by PVPs through an ATM cloud. This has most of the disadvantages of traditional IP-over-ATM networks, including scalability and bandwidth efficiency issues. However, it can support MPLS VPN services. Edge LSR Edge LSR Edge LSR Figure 9-4 shows a starting position with routers connected by PVPs through an ATM cloud. This has most of the disadvantages of traditional IP-over-ATM networks, including scalability...

Figure B1B VSI Controllers

The MPLS control software is implemented in the LSC. Other VSI controllers may be software running on the switch control card. In the case of the BPX 8650 and MGX 8850, AutoRoute software, which controls PVCs, runs on the switch control card. PNNI control may be added to the BPX 8650 as a separate controller on the Service Expansion Shelf (SES). The LS1010 and 8540 MSR implement functionality similar to the VSI using internal software interfaces. To ensure that the control planes can act...

Fine Tuning the Evolving Network

Fine-tuning and engineering the network design is an ongoing process. As soon as an MPLS network is deployed, continuing design activities are required to verify the assumptions used in the initial design. The network must also be fine-tuned as new customers and PoPs are added. The ongoing process involves the following steps Perform regular traffic measurements and analysis. Measure actual PoP and link traffic, and compare these measurements against the predicted traffic and link capacities....

Flexible Addressing

To make a VPN service more accessible, customers of a service provider can design their own addressing plan, independent of addressing plans for other service provider customers. Many customers use private address spaces, as defined in RFC 1918, and do not want to invest the time and expense of converting to public IP addresses to enable intranet connectivity. MPLS VPNs allow customers to continue using their present address spaces without network address translation (NAT) by providing a public...

Forwarding Component

The forwarding component uses information held in the forwarding table and in the Layer 3 header. The forwarding component uses a set of algorithms, which define the kind of information extracted from the packet header and the procedure that the router will use to find an associated entry in the forwarding table. The router then forwards the packet based on this information. Forwarding is as follows Unicast forwarding The router uses the destination address from the Layer 3 header and the...

Forwarding Plane

The MPLS forwarding plane is responsible for forwarding packets based on values contained in attached labels. The forwarding plane uses a label forwarding information base (LFIB) maintained by the MPLS node to forward labeled packets. The algorithm used by the label switching forwarding component uses information contained in the LFIB as well as the information contained in the label value. Each MPLS node maintains two tables relevant to MPLS forwarding the label information base (LIB) and the...

Frame Relay

Frame Relay is a protocol and standard derived from narrowband ISDN and developed by ANSI and the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), formerly the Consultative Committee for International Telegraph and Telephone (CCITT). The Frame Relay Forum (FRF) addresses various implementation issues, ensuring that multivendor networks can operate. The Frame Relay protocol operates at the data link layer only and does not include any network or...

Frame Relay Frame

The Frame Relay frame, shown in Figure 2-7, is defined by ANSI T1.618 and is derived from the High-Level Data Link Control (HDLC) standard, ISO 7809. Figure 2-7. Frame Relay Frame (ANSI T1.618 Format) Figure 2-7. Frame Relay Frame (ANSI T1.618 Format) The Frame Relay fields are as follows Flag One-octet fixed sequence containing 01111110 (binary) or 7E (hex). Address field This field includes the address and control functions for the frame. The default length is two octets, although longer...

GRE Tunneled VPNs

Generic Route Encapsulation (GRE) tunnels can be used to create point-to-point IP connections. A combination of these GRE tunnels can be used to build a VPN. However, the lack of inherent security by virtue of the lack of encryption makes GRE tunnels susceptible to security violations. As shown in Figure 4-7, GRE tunnels are useful for building VPNs within a service provider's private IP backbone network. They are also useful for tunneling non-IP Layer 3 traffic across a private IP network.

Guaranteed Bandwidth LSPs

RSVP extensions can be used to distribute labels as part of the resource reservation process and establish an LSP with reserved resources. Such an LSP is known as a guaranteed bandwidth LSP. As shown in Figure 8-4, if a reservation were established along a path from LSR1 to LSR3, LSR1 would consult its link-state database and select a path to LSR3 before sending a PATH message to node LSR3. This path would need to meet the bandwidth requirement constraint across all the links to support the...

Higher Reliability

In wide-area networks with ATM infrastructures, MPLS is an easy solution for integrating routed protocols with ATM. Traditional IP over ATM involves setting up a mesh of PVCs between routers around an ATM cloud. However, there are a number of problems with this approach, all arising from the method by which the PVC links between routers are overlaid on the ATM network. This makes the ATM network structure invisible to the routers. A single ATM link failure could make several router-to-router...

I

This means that a maximum of 128 LSRs (Edge LSRs or ATM LSRs) may be used in the area, provided that the IP routing protocol supports that many routers in that area. Consider a network in which VC merge is not used. Four CoSs are in use, and the network is the core of an MPLS VPN service. There is one destination prefix per ATM LSR or Edge LSR. All links are unnumbered. The network has multiple areas, and there are at most 50 ATM LSRs and LSRs in each area. The Edge LSRs are 3600s with NM-1A...