Advanced MPLS Design and Implementation

An in-depth guide to understanding advanced MPLS implementation, including packet-based VPNs, ATM-based VPNs, traffic engineering, and quality of service Who Should Read This Book Scope and Definition Command Conventions Illustration Iconography A New Forwarding Paradigm What Is MPLS Summary WAN Technologies and MPLS Inside the Cloud Layer 3 Routing Label Switching Integration of IP and ATM Challenges Faced by Service Providers Summary MPLS Architecture MPLS Operation MPLS Node Architecture...

Advantages of the Cisco VPN Solutions Center

The following are some advantages of the Cisco VPN Solutions Center A provisioning subsystem for MPLS VPN service provisioning with a scheduler for time-based provisioning. Support for provisioning of quality of service (QoS) parameters for effectively policing and enabling differentiated classes of service. A wizard-based service request entry offering ease of use for operators. CVPNSC provides easy-to-use wizard-based setup and administration of VPN memberships. It also checks and reduces...

Assured Forwarding AF PHB

The DSCP marking of AF packets specifies an AF class and drop preference for IP packets. Packets with different drop preferences within the same AF class are dropped based on the their relative drop precedence values within the AF class. RFC 2587 recommends 12 AF PHBs representing four AF classes with three drop-preference levels in each. The Assured Forwarding PHB defines a method by which BAs can be given different forwarding assurances. The AFxy PHB defines four classes AF1y, AF2y, AF3y, and...

Atm

Asynchronous Transfer Mode is derived from standards developed by the ITU-T that were based on BISDN (Broadband ISDN) technology. ATM is a connection-oriented service in which transmitted data is organized into fixed-length cells. Upper-layer protocols and user data such as an IP packet are segmented into 48-byte protocol data units (PDUs). These PDUs are prepended with a 5-byte ATM header, and the resulting 53-byte cells are input into an ATM switch and multiplexed together. These cells then...

ATM Cell Generation

User information such as voice, data, and video traffic is passed from the upper layers to the convergence sublayer (CS) portion of the ATM adaptation layer being used. At the CS, header and trailer information is added and subsequently passed to the segmentation and reassembly (SAR) sublayer. The SAR sublayer is responsible for generating the 48-octet payloads, which are then passed to the ATM layer. The ATM layer adds the appropriate header (UNI or NNI), resulting in a 53-octet cell. That...

ATM Cells at the NNI

The ATM header at the NNI is also five octets in length and is identical to the UNI format with the exception of the first octet, as shown in Figure 2-9. The 4 bits used for the generic flow control (GFC) field have been replaced by 4 additional bits for the VPI field. The NNI, which provides bundles of VCIs between switches, defines an additional 4 bits for the VPI. In other words, the NNI has 12 bits for the VPI and 16 for the VCI, whereas the UNI header has only 8 bits for the VPI and 16...

ATM Layers

The ATM layers explain data flow to and from upper-layer protocols such as TCP IP. These layers are as follows Physical layer Analogous to the physical layer of the OSI reference model, the ATM physical layer manages the medium-dependent transmission. The physical layer is responsible for sending and receiving bits on the transmission medium, such as SONET, and for sending and receiving cells to and from the ATM layer. ATM operates on various media from clear-channel T1 (1.544 Mbps) upward. ATM...

ATM Management

One of the significant elements of the BISDN architecture is the management plane. The ATM Forum developed the Interim Local Management Interface (ILMI) to address those management requirements. The ILMI assumes that each ATM device that is supporting at least one UNI has a UNI Management Entity (UME) associated with each UNI. Network management information is then communicated between UMEs, as shown in Figure 2-13. The protocol chosen for the ILMI communication is the Simple Network Management...

ATM Quality of Service QoS

Traffic management is the key feature of ATM that distinguishes it from current networking protocols and makes it suitable for deployment in high-speed networks and for providing performance guarantees in an integrated environment. ATM supports QoS guarantees composed of traffic contract, traffic shaping, and traffic policing. A traffic contract specifies an envelope that describes the intended data flow. This envelope specifies values for peak bandwidth, average sustained bandwidth, and burst...

ATMBased Mpls Vpns

ATM-based MPLS VPNs use ATM LSRs in the core and a combination of ATM routers or other ATM LSRs (performing the Edge LSR or PE function) at the various points of presence. The various combinations are shown in Figure 9-2. The core ATM LSRs use Label Virtual Circuits (LVCs) to communicate with other core LSRs and the PE ATM routers. In Figure 9-2, you might notice that the core ATM LSRs are BPX 8650s with 7200 or 7500 Label Switch Controllers (LSCs). The LSC in the service provider's PoP-1 can...

Benefits of MPLS

Label-based switching methods allow routers and MPLS-enabled ATM switches to make forwarding decisions based on the contents of a simple label, rather than by performing a complex route lookup based on destination IP address. This technique brings many benefits to IP-based networks VPNs Using MPLS, service providers can create Layer 3 VPNs across their backbone network for multiple customers, using a common infrastructure, without the need for encryption or end-user applications. Traffic...

BGP Confederation Inter Provider Mpls Vpn Configuration

The network topology in Figure 5-12 shows a single Internet service provider (ISP) that is partitioning the backbone with confederations. Figure 5-12. BGP Confederation Inter-Provider MPLS VPN Figure 5-12. BGP Confederation Inter-Provider MPLS VPN The provider's AS number is 100. The two ASs run their own IGPs and are configured with AS1, which includes PE1, P1, and EBGP1. The IGP used for AS1 is OSPF. AS2 includes PE2, P2, and EBGP2. The IGP used for AS2 is IS-IS. CE1 and CE2 belong to the...

BGP Route Reflectors

BGP requires that all of the IBGP speakers be fully meshed. However, this requirement does not scale when there are many IBGP speakers. A BGP speaker does not advertise a route learned from another IBGP speaker to a third IBGP speaker. Route reflectors ease this limitation and allow a router to advertise or reflect IBGP-learned routes to other IBGP speakers, thereby reducing the number of IBGP peers within an Autonomous System (AS). BGP confederations can be used to reduce the IBGP full mesh as...

Book Advanced MPLS Design and Implementation Section Virtual Private Networks

To address the unique needs and requirements of varied enterprise customers, service providers should consider using both MPLS and IPSec in their VPN deployment mix. Each of these technologies has its relative strengths and complements the other in an end-to-end secure VPN environment extending over the service provider's secure infrastructure as well as circuits over the public Internet. The decision matrix in Table 4-1 provides a comparison of the various VPN technologies and recommendations...

BPX Switch Configuration

The partition's BPX switch resources must be distributed between the associated BXM trunk ports. This is set up with the cnfrsrc command. The Qbin CoS buffer parameters on the BXM trunks are set up using the cnfqbin command. Finally, the LSC is linked to the BPX with the addshelf command to allow the router's LSC function to control the MPLS operation of the BPX node. Refer to Figure 6-25 for BPX1 connectivity and addressing information. In this case study, BPX1 has a four-port BXM 155-4 in...

Carrierover Carrier Mpls Vpns

The carrier-supporting-carrier feature lets one MPLS VPN-based service provider allow other service providers to use a segment of its backbone network. Carrier-supporting-carrier is a term used to describe a situation in which one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the...

Case Study of a Packet Based MPLS over Atm Vpn

Consider the service provider shown in Figure 6-19. It has points of presence (PoPs) in Chicago, Seattle, San Diego, Miami, and Washington. The service provider can offer Layer 3 IP VPN services across its MPLS backbone. The service provider offers MPLS VPN services to three customers A, B, and C. Backbone ATM switches have replaced the core P routers. The customers are each operating a single VPN. Figure 6-19. Case Study Packet-Based MPLS over ATM VPN Configuration T72 lfl. HO fli 172 17. l 0...

Case Study of an Mpls Vpn Design and Implementation

Consider a service provider with points of presence in Chicago, Seattle, San Diego, Miami, and Washington. The service provider offers layered IP VPN services across its MPLS backbone. The service provider offers MPLS VPN services to three customers A, B, and C. The detailed architecture is shown in Figure 5-3. The customers are operating a single VPN each. Figure 5-3. Case Study Service Provider Network Figure 5-3. Case Study Service Provider Network The service provider has provisioned the...

CE1 Configuration

A partial configuration for the customer edge router CE1 is as follows Figure 5-17. Internet Connectivity Using EBGP Multihop Sessions Figure 5-17. Internet Connectivity Using EBGP Multihop Sessions interface loopbackO ip address 10.2.2.1 255.255.255.0 interface ethernet0 0 ip address 150.100.2.1 255.255.255.0 interface serial0 0 ip address 20.2.2.1 255.255.255.0 router bgp 2 neighbor 64.2.2.2 remote-as 25431 neighbor 64.2.2.2 ebgp-multihop 255 neighbor 64.2.2.2 update-source loopbackO neighbor...

Cell Interleaving

Label VC allocation over ATM for multiple sources transmitting data to the same destination causes a few challenges. An ATM LSR that receives binding requests from different upstream neighbors toward the same prefix has to request multiple outbound labels from its downstream neighbor. If the ATM LSR allocates only one outgoing VCI, cells from different AAL5 frames are potentially interleaved and dropped at the receiving end. Allocating different outbound VCIs for the same destination ensures...

Cell Based VPNs

Cell-based VPNs such as ATM and SMDS use logical paths as defined by switched and permanent virtual circuits. As shown in Figure 4-5, multiple closed user groups or customers share the Service Providers Switched infrastructure. Customers perceive virtual circuits that have been exclusively provisioned for their private use. These PVCs or SVCs can be provisioned with a class of service such as CBR, VBR-RT, VBR-NRT, ABR, or UBR. ATM also enables the provisioning of soft PVCs, which are a hybrid...

Centralized Service

Building VPNs in Layer 3 allows delivery of targeted services to a group of users represented by a VPN. A VPN must give service providers more than a mechanism for privately connecting users to intranet services. It must also provide a way to flexibly deliver value-added services to targeted customers. Scalability is critical, because customers want to use services privately in their intranets and extranets. Because MPLS VPNs are seen as private intranets, you may use new IP services such as...

Introduction to MPLS

This chapter covers the following topics A New Forwarding Paradigm This section discusses conventional technologies versus Multiprotocol Label Switching (MPLS) techniques that are being implemented in carrier and service provider networks. MPLS is the technology that is driving future IP networks, including the Internet. MPLS gives the Internet a new forwarding paradigm that affects its traffic engineering and the implementation of VPNs. What Is MPLS This section discusses MPLS as an improved...

Advanced MPLS Architectures

This chapter covers the following topics Optical Networking This section discusses the requirement for fiber-optic network infrastructures in which switches and routers have integrated optical interfaces and are directly connected by fiber or optical network elements, such as Dense Wavelength Division Multiplexers (DWDMs). Conventional fiber-optic systems and DWDM technology are also discussed. Optical Transport Network Elements Technical details of Optical Transport Network (OTN) elements such...

MPLS Architecture

This chapter covers the following topics MPLS Operation This section describes the operation of MPLS networks and discusses the advantages of MPLS over conventional Layer 3 forwarding. MPLS Node Architecture This section describes the architecture of MPLS nodes. These nodes include MPLS-enabled routers and ATM switches. MPLS nodes consist of a control plane and a forwarding plane. MPLS Elements The various elements that constitute an MPLS network are described here. The MPLS Label-Switched...

Virtual Private Networks

This chapter covers the following topics Overview of VPNs Virtual Private Networks identify closed user groups over a common network infrastructure. This section examines and compares TDM, X.25, Frame Relay, SMDS, and ATM services. It also discusses private IP VPNs. Connection-oriented VPNs Connection-oriented VPNs can be built on Layer 2 or Layer 3 infrastructures. This section discusses Layer 2 VPNs built using connection-oriented point-to-point overlays such as Frame Relay and ATM virtual...

MPLS Traffic Engineering

This chapter covers the following topics The Need for Traffic Engineering on the Internet Through the deployment of traffic engineering, the traffic flowing across the service provider's backbone can be optimized, and traffic flows over underutilized paths can be optimized. Unequal-Cost Load Balancing via Metric Manipulation This technique allows routers to take advantage of load sharing over multiple unequal-cost paths to a given destination. This can be achieved by manipulating the parameters...

MPLS Quality of Service

This chapter covers the following topics Quality of Service Service providers that offer IP services over an MPLS backbone must support IP quality of Service (QoS) over their MPLS infrastructure. This means supporting IP QoS over MPLS VPNs or MPLS traffic-engineered paths. MPLS can help service providers offer IP QoS services more efficiently over a wider range of platforms, such as ATM LSRs. Integrated Services Integrated Services (IntServ) refers to an overall QoS architecture developed by...

MPLS Design and Migration

This chapter covers the following topics MPLS VPN Design and Topologies The various design approaches to practical MPLS VPN deployment are described in this section. MPLS VPNs can be implemented in a variety of ways, using a combination of packet-based and ATM MPLS Label-Switched Routers (LSRs). Migrating MPLS into an ATM network This section describes how MPLS can be deployed into a traditional ATM network gradually, starting with just a single pair of ATM LSRs in an otherwise purely ATM...

Circuit Switching and TDM

Time-division multiplexing combines data streams by assigning each stream a different time slot in a set. TDM repeatedly transmits a fixed sequence of time slots over a single transmission channel. Within T-carrier systems, such as T1 E1 and T3 E3, TDM combines pulse code modulated (PCM) streams created for each conversation or data stream. TDM circuits such as T1 E1 or T3 E3 lines can be used for voice as well as data. PCM is used to encode analog signals into digital format. Voice calls need...

Class Selector PHB

Many current implementations of IP QoS use IP precedence due to its simplicity and ease of implementation. In order to preserve backward compatibility with the IP precedence scheme, DSCP values of the form xxx000 are defined (where x equals 0 or 1). Such codepoints are called class-selector codepoints. The default codepoint 000000 is a class-selector codepoint. The PHB associated with a class-selector codepoint is a class-selector PHB. These PHBs retain almost the same forwarding behavior as...

Colored Thread CT Algorithm

The Colored Thread method of loop prevention requires the use of the ordered control method of LSP establishment. The colored thread method can be modeled by considering a colored thread extended from the ingress to the egress of the LSP. Any intermediate LSR would sense a loop if the thread loops back on itself. This would trigger the LSR to prevent the looping LSP from being built. The LSRs would then wait for the routing tables to converge and stabilize before attempting to extend another...

Configuration Case Study of an MPLS Traffic Engineered Network ISIS

Consider a service provider that has the network topology shown in Figure 7-7. In this example, the network is running over an ATM backbone, and the link-state routing protocol being used is IS-IS. The links between R1-R2-R6-R8 are OC48 (2.5 Gbps). The rest of the links within the service provider cloud are OC3 (155 Mbps) and OC12 (622 Mbps). Based on the link-state routing algorithm, traffic traversing from Network A to Network C is routed across the best path determined on the basis of an...

Configuration for AS1 EBGP1

The following is the configuration used for Exterior Border Gateway Protocol router 1 (EBGP1). EBGP1 is configured with the redistribute connected subnets command and interfaces with AS2. interface LoopbackO ip address 10.0.0.4 255.255.255.255 interface Ethernet0 0 description EBGP1 to P1 ip address 10.2.1.2 255.255.255.0 tag-switching ip interface Serial0 0 description EBGP1 to EBGP2 ip address 12.0.0.1 255.255.255.252 router ospf 1 log-adjacency-changes redistribute connected subnets network...

Configuration for AS1 P1

The following is the configuration used for the provider (P) router P1. P1 acts as a route reflector for all IBGP devices within AS1. interface LoopbackO ip address 10.0.0.2 255.255.255.255 interface Ethernet0 0 description P1 to EBGP1 ip address 10.2.1.1 255.255.255.0 tag-switching ip interface Ethernet0 1 description P1 to PE1 ip address 10.2.2.1 255.255.255.0 tag-switching ip router ospf 1 log-adjacency-changes network 10.0.0.0 0.255.255.255 area 0 router bgp 1 no synchronization bgp...

Configuration for AS2 CE2

The following is the configuration used for the customer edge (CE) router CE2. CE1 and CE2 are both members of Virtual Private Network VPN1. interface Loopback0 ip address 172.16.0.2 255.255.255.255 interface Serial0 0 description CE2 to PE2 ip unnumbered Loopback0 router ospf 1 network 172.16.0.0 0.0.255.255 area 0 Copyright 2002 O'Reilly & Associates, Inc. All rights reserved. 1005 Gravenstein Highway North Sebastopol, CA 95472

Configuration for AS2 PE2

The following is the configuration used for the provider edge (PE) router PE2. interface Loopback0 ip address 20.0.0.9 255.255.255.255 ip router isis interface Loopback1 ip vrf forwarding VPN1 ip address 172.16.0.9 255.255.255.255 interface Serial0 0 description PE2 to CE2 no ip address ip vrf forwarding VPN1 ip unnumbered Loopback1 interface Ethernet0 0 description PE2 to P2 ip address 20.9.1.1 255.255.255.0 ip router isis tag-switching ip router ospf 10 vrf VPN1 log-adjacency-changes...

Configure a Rate Limit on an Input Interface to Set MPLS Packets

Configure a rate limit on the input interface that will throttle back the preclassified IP packets Step 1. Designate the input interface Router(config) interface interface-name Step 2. Specify the action to take on packets during label imposition Router(config-int) rate-limit input access-group rate-limit acl-index bps burst-normal burst-max conform-action set-mpls-exp-transmit exp exceed-action set-mpls-exp-transmit exp Step 3. Exit interface configuration mode Here is an example. The...

Configure the Service Policy to Attach to an Interface

The service-policy interface configuration command is used to attach the service policy to an interface and to specify the direction in which the policy should be applied. The service-policy command syntax is as follows service-policy input output policy-map-name no service-policy input output policy-map-name Step 1. Designate the input interface Router(config) interface interface-name Step 2. Attach the specified policy map to the input interface Router(config-int) service-policy input...

Congestion Control

Frame Relay networks have two methods of congestion control Explicit congestion notification Implicit congestion notification Explicit congestion notification uses the forward (FECN) and backward (BECN) bits that are included in the T1.618 address field. The use of these bits is determined by the direction of traffic flow. The FECN bit is sent to the next-hop Frame Relay switch in the direction of the data flow, and the BECN bit is sent in the opposite direction of the data flow. Implicit...

Connection Oriented VPNs

Connection-oriented VPNs can be built on Layer 2 or Layer 3 infrastructures. VPNs built using connection-oriented, point-to-point overlays such as Frame Relay and ATM virtual connections are examples of Layer 2 connection-oriented VPN networks. VPNs built using a full or partial mesh of tunnels utilizing IPSec (with encryption for privacy) or Generic Routing Encapsulation (GRE) are examples of Layer 3 connection-oriented VPN networks. Access VPNs are circuit-switched, connection-oriented VPNs...

Control Component

The control component of MPLS consists of link-state IP routing protocols such as Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS) running in conjunction with MPLS label allocation and maintenance procedures. The control component is responsible for setting up label forwarding paths along IP routes. The control component also maintains accuracy for the paths, because network topologies are prone to change. ATM LSRs use the downstream-on-demand allocating...

Control Plane

The MPLS control plane is responsible for populating and maintaining the LFIB. All MPLS nodes must run an IP routing protocol to exchange IP routing information with all other MPLS nodes in the network. MPLS enabled ATM nodes would use an external Label Switch Controller (LSC) such as a 7200 or 7500 router or use a Built-in Route Processor Module (RPM) in order to participate in the IP routing process. Link-state routing protocols such as OSPF and IS-IS are the protocols of choice, because they...

Conventional IP VPNs

Many carriers provide a managed IP services offering that basically lets customers hook up their CPE IP routers to a service provider's private IP backbone. Most IP service providers run an IP network over a Layer 2 infrastructure such as an ATM or Frame Relay network. An example of a conventional IP VPN is shown in Figure 4-9. Figure 4-9. Conventional IP Router-Based VPN Network Figure 4-9. Conventional IP Router-Based VPN Network The service provider typically configures multiple routing...

Conventional Layer 3 Routing Versus MPLS

As Layer 3 packets are forwarded from one router to the next, each router makes an independent forwarding decision for that packet. Each router analyzes the destination Layer 3 address in the packet's header and runs a network layer routing algorithm. Each router independently chooses a next hop for the packet based on its analysis of the packet's header and the results of running the routing algorithm. Forwarding decisions are the result of two functions Classification of Layer 3 packets into...

CoS feature optional Configuration of PE routers

You must perform the following tasks on the PE router to configure and verify MPLS VPN operation Configure your ATM interfaces and IGP Configure PE to PE routing sessions Configure PE to CE routing sessions. There are four ways to do this - Static PE to CE routing configuration - RIPv2 PE to CE routing configuration - BGP4 PE to CE routing configuration - OSPF PE to CE routing configuration Configuration of CE Routers CE routers can be configured with one of four options The PE router must be...

Credits

Michael Hakkert, Tom Geitner, William Warren Managing Editor Development Editor Andrew Cupp Project Editor Copy Editor Gayle Johnson Technical Editors Ibrahim Bac Brian Beck Matthew J. Cat Castelli Mark Gallo Brian Melzer David Rosedale Team Coordinator Tammi Ross Book Designer Gina Rexrode Octal Publishing, Inc. Indexer Tim Wright Ginny Bess Corporate Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http www.cisco.com Tel 408 526-4000 800 553-NETS (6387) Fax...

Data Link Connection Identifier DLCI

A data-link connection identifier (DLCI) identifies the Frame Relay PVC. Frames are routed through one or more virtual circuits identified by DLCIs. Each DLCI has a permanently configured switching path to a certain destination. Thus, by having a system with several DLCIs configured, you can communicate simultaneously with several different sites. The User-Network Interface (UNI) provides the demarcation between the FRAD and the Frame Relay network. The combination of the UNI and the DLCI...

Dedications

This book is dedicated to my wife Sarita C. Alwayn for her continuous support, without which this book would not have been possible. I thank you. In memory of my father, Urban Alwayn, whose words of encouragement are still with me, and continue to be my inspiration. To my mother, Belinda Alwayn, whose support and prayers have made this endeavor possible. These fundamentals have got to be simple. Lord Ernest Rutherford, Circa 1908 Copyright 2002 O'Reilly & Associates, Inc. All rights...

Deployment Options

IP-based service providers who own and manage their own router, fiber, and OTN infrastructure are more inclined to go with a peer model implementation of MP S. Providers who offer multiple services over their OTN will probably choose an overlay solution. As noted earlier, providers have the flexibility to use any combination. For example, a provider could configure a domain of IP routers and OXCs all running an MPLS- or MPA,S-based control plane to support ISP services. Some OXCs might also...

Design Criteria for Selecting Atm Lsrs

There are five main considerations when selecting ATM LSRs The different types of trunks supported by the ATM LSR The number of trunks supported by the switch The number of connections supported Requirements for redundancy and reliability Copyright 2002 O'Reilly & Associates, Inc. All rights reserved. 1005 Gravenstein Highway North Sebastopol, CA 95472

Designing MPLS Networks

MPLS network design must be accomplished prior to network installation in order to ensure that the network will operate reliably and optimally. Customer traffic must be properly estimated, because IP traffic is inherently connectionless, and customers will not be able to tell the service provider exactly which traffic they want to send where. This leads to a situation in which the network must be approximately sized with the option for scalability. The following design steps must be taken into...

Differentiated Services

The DiffServ model divides traffic into a small number of classes and allocates resources on a per-class basis. This model is similar to the IP precedence model discussed in the previous section. A 6-bit differentiated services code point (DSCP) marks the packet's class in the IP header. The DSCP is carried in the ToS byte field in the IP header. 6 bits can result in the implementation of 64 different classes however, in practice, only a few classes are normally implemented. As shown in Table...

Differentiated Services Architecture

The DiffServ (DS) region is composed of one or more DS domains. Each DS domain in turn is configured using the DSCP and the different PHBs. The entire IP path that a packet travels must be DiffServ-enabled. A DS domain itself is made up of DS ingress nodes, DS internal nodes in the core, and DS egress nodes. A DS ingress or egress node might be a DS boundary node, connecting two DS domains. Typically, the DS boundary node performs traffic conditioning. As shown in Figure 8-7, a traffic...

Distribution of Constraint Based Routing Information

The distribution of constraint-based information must be performed in order to find appropriate paths through the network. LSP traffic-engineered tunnels must be routed with an understanding of the traffic load they need to carry. The constraint information must be distributed across the MPLS network in a consistent way. The flooding mechanism used by link-state routing protocols such as OSPF and IS-IS can help create an integrated constraint and forwarding database. Distance vector (DV)...

DS Framing

Two kinds of framing techniques are used for DS-level transmissions The frame formats are shown in Figure 2-3 and Figure 2-4. D4 typically uses alternate mark inversion (AMI) encoding, and ESF uses binary 8-zero substitution (B8ZS) encoding. Figure 2-3. D4 Super Frame (SF) Format Figure 2-3. D4 Super Frame (SF) Format Figure 2-4. Extended Super Frame (ESF) Format As shown in Figure 2-3, the SF (D4) frame has 12 frames and uses the least-significant bit (LSB) in frames 6 and 12 for signaling (A,...

Ease of VPN Creation

Specific point-to-point connection maps or topologies are not required. Sites can be added to VPN intranets and extranets to form closed user groups. When VPNs are managed in this manner, it enables membership of any given site in multiple VPNs, maximizing flexibility in building intranets and extranets. MPLS functionality resides in the provider network, requiring little or no configuration on the customer premises. MPLS is transparent to the CPE router and customer CPE devices and do not need...

Evolution of MPLS

The initial goal of label-based switching was to bring the speed of Layer 2 switching to Layer 3. This initial justification for technologies such as MPLS is no longer perceived as the main benefit, because newer Layer 3 switches using application-specific integrated circuit (ASIC)-based technology can perform route lookups at sufficient speeds to support most interface types. The widespread interest in label switching initiated the formation of the IETF MPLS working group in 1997. MPLS has...

Expedited Forwarding EF PHB

The DSCP marking of EF results in expedited forwarding with minimal delay and low loss. These packets are prioritized for delivery over others. The EF PHB in the DiffServ model provides for low packet loss, low latency, low jitter, and guaranteed bandwidth service. Applications such as VoIP, video, and online ecommerce require such guarantees. EF can be implemented using priority queuing, along with rate limiting on the class. Although EF PHB when implemented in a DiffServ network provides a...

Extending the Thread

Consider the network shown in Figure 3-14. Assume that LSR1 tries to establish an LSP using downstream-on-demand label allocation. LSR1 extends a thread by issuing a LABEL REQUEST message. This thread includes a color that is LSR1's IP address along with a unique identifier. As the LSP gets built and the LABEL REQUEST message proceeds over nodes LSR2, LSR3, LSR4, and LSR5, each node stores the color of the incoming thread and passes on the same color in the outgoing label request. Eventually, a...

External LSC

The LSC may also be a separate piece of external hardware. The Cisco BPX 8650 ATM LSR switch consists of a BPX 8600 ATM switch shelf and an LSC based on a Cisco 7200 series router. The LSC and switch are interconnected by a switch control link. For the BPX 8650, the switch control link is an ATM link. This link is used in a different way with the other ATM interfaces. On the LSR, it is used to connect the signaling LVCs from all other interfaces on the switch to the LSC, but it does not often...

Feedback Information

At Cisco Press, our goal is to create in-depth technical books of the highest quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the unique expertise of members from the professional technical community. Readers' feedback is a natural continuation of this process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through e-mail at...

Figure 210 Atm Uni and NNI Interfaces

CPS CPS ATM' Asynchronous Transfer Wade isyw ATM' Asynchronous Transfer Wade isyw A public UNI connects a private ATM switch to a public ATM service provider's network. A private UNI connects ATM users to the ATM switch. The term trunk is used to indicate the ATM link between carrier switches, and the term line is used to indicate the link between the customer equipment to the carrier's closest point of presence (POP) ATM switch. UNI ATM headers are typically used between the CPE and the...

Figure 213 ATM Interim Local Management Interface ILMI

The management information defined by the ILMI provides status and configuration information from the UME regarding the UNI. This information is organized into a Management Information Base (MIB), which contains several groups of managed objects. Examples include physical layer details, such as the transmission media type (SONET, DS3, and so on) and ATM layer statistics, such as the number of ATM cells transmitted or received.

Figure 41 Leased Line VPNLogical View

Figure 4-2 shows the physical connectivity among Customer A, Customer B, and the service provider network. Figure 4-2. Leased Line VPN Physical View Figure 4-2. Leased Line VPN Physical View The TDM network is the simplest form of a Virtual Private Network that assures high-quality fixed bandwidth to customers. Most carriers offer bandwidth as multiples of 64 kbps, which is the bandwidth of a single DS0 channel. For more information on TDM, refer to the section Circuit Switching and TDM in...

Figure 43 Logical Frame Relay VPN Architecture

Figure 4-4 shows the physical Frame Relay network. Customers A and B both connect to various Frame Relay points of presence (POPs) using TDM local loops. The Frame Relay protocol is run between the local CPE FRAD (router) and the Frame Relay switch. The Frame Relay interworking function converts Frame Relay frames into ATM cells for transport across the ATM backbone. Figure 4-4. Physical Frame Relay VPN Architecture Figure 4-4. Physical Frame Relay VPN Architecture For more details on Frame...

Figure 45 Logical Atm Vpn Architecture

Figure 4-6 shows the physical ATM network. Customers A and B both connect to various ATM points of presence (POPs) using clear-channel TDM local loops or SONET SDH. The ATM routers at the CPE use ATM virtual circuits as a Layer 2 transport mechanism to carry IP or any other Layer 3 protocol. Figure 4-6. Physical ATM VPN Architecture

Figure 48 Virtual Private Dialup Network VPDN

The remote users initiate a dial-up connection to the Network Access Server (NAS) using PPP. The NAS authenticates the call and forwards the call via L2F or L2TP to the customer's home gateway. The home gateway accepts the call forwarded by the NAS, performs additional authentication, authorization, and terminates the user PPP session. The AAA (Authentication, Authorization and Accounting) function can also be performed by an AAA server such as a TACACS+ server. All PPP session parameters are...

Figure 510 Route Reflector Design

When considered as a whole, the route reflector and its clients are called a cluster. Other IBGP peers of the route reflector that are not clients are called nonclients. An AS can have more than one route reflector. When an AS has more than one route reflector, each route reflector treats other route reflectors as normal IBGP speakers. There can be more than one route reflector in a cluster, and there can be more than one cluster in an AS. The BGP configuration for the PE routers in Figure 5-10...

Figure 513 Backbone Carrier Supporting an ISP

M *usrior rt)u 0f inlwmation (IPv4 NLflJs I6GP-* j In order to solve the scalability problem, the backbone carrier is configured so that it allows only internal routes of the customer carrier (IGP routes) to be exchanged between the CE routers of the customer carrier and the PE routers of the backbone carrier. MPLS is enabled on the interface between the CE router of the customer carrier and the PE router of the backbone carrier. Internal routes go to any of the routers within the ISP, and...

Figure 516 Internet Connectivity Using a Static Default Route

CE2 and CE3 have full intranet connectivity with CE1. In this example, static default routes have been configured in the VPN1 VRF on PE2 and PE3 that point to the Internet gateway connected to PE1. The IP address of the Internet gateway (64.1.1.2) must be advertised within the backbone IGP so that it is present in the global routing table. This ensures that packets destined for the Internet can be properly forwarded to the gateway. Because there is no...

Figure 61 MPLS Network Elements

Label-Switched Router (LSR) A device that implements the MPLS control and forwarding components as already described. Label-Controlled ATM interface (LC-ATM interface) An ATM interface controlled by the MPLS control component. Cells traversing such an interface carry labels in the VCI field of a user-selected range of VPIs. The control component could be integrated in the switch or on an outside controller. ATM LSR An LSR based on an ATM switch. It has LC-ATM interfaces. Packet-based LSR An...

Figure 612 Connection Setup with Endpoints on the Same VSI Slave

However, a command for connection setup would require the local slave in turn to communicate with a remote slave in order to set up both endpoints of the connection. This is demonstrated in Figure 6-13. Figure 6-13. Connection Setup with Endpoints on Different VSI Slaves Figure 6-13. Connection Setup with Endpoints on Different VSI Slaves Figure 6-12 shows a simplified example of a connection setup with endpoints on the same VSI slave, and Figure 6-13 shows a connection setup with endpoints on...

Figure 63 Atm Mpls Encapsulation Technique

The ATM LSR is controlled by a routing engine such as a 7500 or 7200 in case of a BPX or the RPM in case of the MGX. In Figure 6-4, an unlabeled IP packet with a destination address of 172.16.2.5 arrives at Edge LSR1. LSR1 looks into its label forwarding information base (LFIB) and matches the destination with prefix 172.16.0.0 16 and a label value of 40. LSR1 sends an ATM adaptation Layer 5 (AAL5) frame as a sequence of cells on VCI 40. LSR2, which is an ATM LSR controlled by a Label Switch...

Figure 65 Ordered Mode Downstreamon Demand Label Allocation

The following are the steps that occur in Figure 6-5 1. LSR1 sends a label binding request toward LSR2 in order to bind prefix 172.16.0.0 16 to a specific VCI. 2. LSR2 allocates VCI 20 and creates an entry in its LFIB with VCI 20 as the incoming label. 3. LSR2 sends a bind request toward LSR3. 4. LSR3 issues VCI 25 as a label. 5. LSR3 sends a reply to LSR2 with the binding between prefix 172.16.0.0 16 and the VCI 25 label. 6. LSR2 sets the outgoing label to VCI 25. This information is now used...

Figure 711 R8 to R1 Traffic Engineering Tunnels

Tunnel1 has been configured to utilize R8-R4-R1 (the OC3 path) as its first path (in order of priority) and R8-R7-R5-R2-R1 (the OC12 path) as its second path (in order of priority). The dynamic path is the fallback path if the first and second paths are unavailable due to link or node failure. The dynamic path is normally the IGP derived path. In this case study, the IGP used is IS-IS. Similarly, as shown in Figure 7-12, Tunnel2 and Tunnel3 steer traffic between Rc and Rb through the...

Figure 78 R1 to R8 Traffic Engineering Tunnels

Tunnel1 has been configured to utilize R1-R4-R8 (the OC3 path) as its first path (in order of priority) and R1-R2-R5-R7-R8 (the OC12 path) as its second path (in order of priority). It uses the dynamic path in the same way as Tunnel0. The network has also been traffic-engineered to load-balance across Tunnel0 and Tunnel1. The load balancing is achieved by configuring bandwidth statements within each tunnel interface. The ratio of these values is used by CEF to make load-balancing decisions.

Figure 810 Mpls Llsp

PHE inlcrivtl Iron t bcl viiluf AF droppreieneru inSerned Irorn anp-bris PHE inlcrivtl Iron t bcl viiluf AF droppreieneru inSerned Irorn anp-bris Ruft loomed irom lat rtvalLie in tfw VCI fkHd AF drop preference stored Hwn ATM Clp bit. Ruft loomed irom lat rtvalLie in tfw VCI fkHd AF drop preference stored Hwn ATM Clp bit. In the case of DiffServ AF, packets sharing a common PHB can be aggregated into a FEC, which can be assigned to an LSP. This is known as a PHB scheduling class. The drop...

Figure 92 ATMBased Mpls Vpn

Traffic at the service provider's PoP-2 from customers B and C can be aggregated using an MGX 8220 AXIS shelf and can be backhauled over ATM PVCs to the nearest ATM Edge LSR. In this case, the closest Edge LSR is PE3. ATM MPLS networks with router-based Edge LSRs may also use separate access devices such as the MGX 8220 if access is required through a device that does not support MPLS services. This might be required if access is required to both IP services and ATM PVC services through a...

Figure 94 Migration Phase

Edge LSR Edge LSR Edge LSR Figure 9-4 shows a starting position with routers connected by PVPs through an ATM cloud. This has most of the disadvantages of traditional IP-over-ATM networks, including scalability and bandwidth efficiency issues. However, it can support MPLS VPN services. Edge LSR Edge LSR Edge LSR Figure 9-4 shows a starting position with routers connected by PVPs through an ATM cloud. This has most of the disadvantages of traditional IP-over-ATM networks, including scalability...

Figure B1B VSI Controllers

The MPLS control software is implemented in the LSC. Other VSI controllers may be software running on the switch control card. In the case of the BPX 8650 and MGX 8850, AutoRoute software, which controls PVCs, runs on the switch control card. PNNI control may be added to the BPX 8650 as a separate controller on the Service Expansion Shelf (SES). The LS1010 and 8540 MSR implement functionality similar to the VSI using internal software interfaces. To ensure that the control planes can act...

Fine Tuning the Evolving Network

Fine-tuning and engineering the network design is an ongoing process. As soon as an MPLS network is deployed, continuing design activities are required to verify the assumptions used in the initial design. The network must also be fine-tuned as new customers and PoPs are added. The ongoing process involves the following steps Perform regular traffic measurements and analysis. Measure actual PoP and link traffic, and compare these measurements against the predicted traffic and link capacities....

Frame Relay

Frame Relay is a protocol and standard derived from narrowband ISDN and developed by ANSI and the International Telecommunication Union Telecommunication Standardization Sector (ITU-T), formerly the Consultative Committee for International Telegraph and Telephone (CCITT). The Frame Relay Forum (FRF) addresses various implementation issues, ensuring that multivendor networks can operate. The Frame Relay protocol operates at the data link layer only and does not include any network or...

Frame Relay Frame

The Frame Relay frame, shown in Figure 2-7, is defined by ANSI T1.618 and is derived from the High-Level Data Link Control (HDLC) standard, ISO 7809. Figure 2-7. Frame Relay Frame (ANSI T1.618 Format) Figure 2-7. Frame Relay Frame (ANSI T1.618 Format) The Frame Relay fields are as follows Flag One-octet fixed sequence containing 01111110 (binary) or 7E (hex). Address field This field includes the address and control functions for the frame. The default length is two octets, although longer...

GRE Tunneled VPNs

Generic Route Encapsulation (GRE) tunnels can be used to create point-to-point IP connections. A combination of these GRE tunnels can be used to build a VPN. However, the lack of inherent security by virtue of the lack of encryption makes GRE tunnels susceptible to security violations. As shown in Figure 4-7, GRE tunnels are useful for building VPNs within a service provider's private IP backbone network. They are also useful for tunneling non-IP Layer 3 traffic across a private IP network.

Guaranteed Bandwidth LSPs

RSVP extensions can be used to distribute labels as part of the resource reservation process and establish an LSP with reserved resources. Such an LSP is known as a guaranteed bandwidth LSP. As shown in Figure 8-4, if a reservation were established along a path from LSR1 to LSR3, LSR1 would consult its link-state database and select a path to LSR3 before sending a PATH message to node LSR3. This path would need to meet the bandwidth requirement constraint across all the links to support the...

Independent Control LSP Establishment

In the independent control method of LSP establishment, each LSR partitions its destination prefixes into FECs. Labels are assigned to each FEC, and the label bindings are advertised to the LSRs' neighbors. The LSRs create an LFIB using mappings between the FECs and their next hops. The LSR typically runs a unicast routing protocol such as OSPF or IS-IS and uses information provided by the unicast routing protocol to create the FEC-to-next-hop mapping. As shown in Figure 3-3, the LFIB stores...

Info

CEF switching is a prerequisite for label switching Define VPN Routing instance vrfl (customer A) rd 100 1 Configure the Route Distinguisher for vrfl route-target both 100 1 Configure import and export route-targets for vrf1 Define VPN Routing instance vrf2 (customer B) rd 100 2 Configure the Route Distinguisher for vrf2 route-target both 100 2 Configure import and export route-targets for vrf2 route-target import 100 1 Configure an additional import route-target for vrf2 This optional command...

Integrated Class of Service CoS Support

CoS is an important requirement for many IP VPN customers. It provides the ability to address two fundamental VPN requirements Predictable performance and policy implementation Support for multiple levels of service in an MPLS VPN Network traffic is classified and labeled at the edge of the network before traffic is aggregated according to policies defined by subscribers and implemented by the provider and transported across the provider core. Traffic at the edge and core of the network can...

Integrated Services

IntServ provides for an end-to-end QoS solution by way of end-to-end signaling, state maintenance (for each RSVP flow and reservation), and admission control at each network element. The term Integrated Services (IntServ) refers to an overall QoS architecture developed by the IETF. IntServ specifies a number of service classes designed to meet the needs of different application types. IntServ also specifies various signaling protocols. RSVP is an IntServ signaling protocol that is used to make...

Inter Autonomous System Mpls Vpn Architectures

The following are inter-autonomous system MPLS VPN architectures Inter-Provider VPN MPLS VPNs that include two or more autonomous systems connected by separate border edge routers. The autonomous systems exchange routes using EBGP. No IGP or routing information is exchanged between the autonomous systems. BGP confederations MPLS VPNs that divide a single autonomous system into multiple subautonomous systems and classify them as a single, designated confederation. The network recognizes the...

Inter Autonomous System Mpls Vpns

An autonomous system is a single network or group of networks that is controlled by a common system administration group and that uses a single routing protocol. As VPNs increase in size, their geographical scope and requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas controlled by separate service providers. As VPNs extend across multiple service providers over various locations, the connection between autonomous systems must be...

Internet Access over Mpls Vpns

MPLS VPN networks are essentially service provider backbones that provide MPLS Layer 3 VPN services to customers. Customers normally request Internet access from an Internet service provider. In the case of MPLS VPN service provision, it is possible for the MPLS service provider to provide Internet access for its customers as well. Internet access for customer VPNs can be achieved in a variety of ways within the MPLS architecture. The major design constraint while permitting Internet access...

Internet Connectivity Using Static Default Routes

As explained earlier in this chapter, PE routers store VPN routes in VRF routing tables and global routes in the global routing table. The global routing table contains routes other than VPN routes, such as management subnets and Internet routes. If the MPLS service provider were to provide Internet connectivity over the MPLS backbone to the various customer VPNs, default routes could be used to point to an external gateway connected to a central PE router. This means that the default route...

Internet Connectivity via an External ISP

This method of connectivity is illustrated in Figure 5-15. VPN1 has a presence in three sites. CE2 and CE3 have full intranet connectivity with CE1. CE1 is connected to an ISP through a PIX firewall and screening router. CE1 has a default route pointing to the PIX, and PE1 has a default route pointing to the next-hop CE1. The default route carried by PE1 for the VPN1 VRF is propagated over MP-BGP to PE2 and PE3, which also have a presence for the VPN1 VRF. Figure 5-15. Internet Connectivity via...

Internet Routing Tables

The destination prefix limits in MPLS networks do not restrict MPLS networks from handling Internet routes. Full Internet routes are nearing the 120,000-route mark. However, ATM MPLS can still be used in networks with full Internet routing, by use of an MPLS feature known as BGP Next-Hop Labeling. BGP Next-Hop Labeling allows BGP Autonomous System Boundary Routers to exchange the full Internet routing tables with each other by way of BGP, while re-advertising only a limited subset of these...

Inter Provider Mpls Vpn Configuration

Figure 5-11 illustrates two autonomous systems, AS1 and AS2, under separate administrative management. CE1 and CE2 are CE routers that belong to the same VPN (VPN1). Autonomous system 1 (AS1) includes PE1, P1, and EBGP1. The IGP is OSPF. Figure 5-11. Inter-Provider MPLS VPN Figure 5-11. Inter-Provider MPLS VPN Autonomous system 2 (AS2) includes PE2, P2, and EBGP2. The IGP is IS-IS. The P routers are route reflectors. EBGP1 is configured with the redistribute connected subnets command, and EBGP2...

Introduction

Ever since its inception and the introduction of commercial traffic in 1992, the Internet has grown rapidly from a research network to a worldwide commercial data network. The Internet has become a convenient and cost-effective medium for user collaboration, learning, electronic commerce, and entertainment. A common consensus is that the Internet will metamorphose into a medium for the convergence of voice, video, and data communications. The Internet has seen growth in terms of bandwidth,...

Introduction to ATMBased Mpls Vpns

Service providers that currently operate ATM or Frame Relay networks over an ATM backbone can leverage the benefits provided by Multiprotocol Label Switching (MPLS). From a cost perspective, enormous savings can be realized if you do not have to build an MPLS network from the ground up. Service providers and carriers that currently provide ATM and Frame Relay services can utilize their existing infrastructure to provide managed Virtual Private Network (VPN) services using MPLS. This is possible...

IP Precedence

The IntServ RSVP per-flow approach to QoS described in the preceding section is clearly not scalable and leads to complexity of implementation. IP precedence defined by the IETF has simplified the approach to IP QoS by adopting an aggregate model for flows by classifying various flows into aggregated classes and providing the appropriate QoS for the classified flows. Packets are classified at the edge of the network into one of eight different classes. This is accomplished by setting three...