![Page 2: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/2.jpg)
Observations
• Network Management Systems are growing in complexity
• VPNs used to share network resources and growing in numbers
➡ complex network management
• Growing demand for application specific VPNs
• Leading to “Dynamic VPNs”
2
![Page 3: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/3.jpg)
Dynamic VPNs
• Requirements:
• All VPN features
• Automated VPN creation, modification and deletion
• Manage member ports
• Adapt Paths to Network Resources and DVPN Requirements
3
![Page 4: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/4.jpg)
Problem
• To implement DVPNs in the network:
• Solve complexity of network management
• Allow for granular control over network resources
4
![Page 5: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/5.jpg)
Potential Solution
• OpenFlow and SDN
• Why the momentum?
• State of the art
• “Not supported”
OSI Reference Model — H. Zimmermann — 19805
![Page 6: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/6.jpg)
Research Questions
• Can DVPNs be implemented using contemporary technologies?
• Can DVPNs be implemented using OpenFlow?
• What are the differences?
6
![Page 7: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/7.jpg)
VPN Service
• Provider Provisioned VPN
• Layer 2 Ethernet broadcast domain
• Transparent to Customer
• No exchange of routing info between provider and customer
CE
C
CE
C
Customer Networks
CE
C
Provider Network
PE
PE
PE
P
7
![Page 8: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/8.jpg)
VPN Transport
• VPN “coloring”
• Ethernet frame encapsulation
SA
CE1 PE1 P PE2 CE2
DAPDU
SA DAPDU SA DAPDU
SA DAPDU
Hdr
SA DA PDU Hdr
MAC PORT
CE1 1
MAC PORT
CE2 1
CE1 PE1CE2 ???
DVPN X DVPN X
8
![Page 9: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/9.jpg)
VPN Transport
• Additional requirements for Carrier DVPN service:
• MAC Scalability
• Traffic Engineering (TE)
• Load Sharing (ECMP)
• Operations, Administration and Management (OAM)
• Fast Failover
• Rate Limiting of DVPN traffic
• Rate Limiting of BUM traffic
9
![Page 10: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/10.jpg)
DVPN Provisioning
• Base network to provide VPNs
• Install routes between PEs
• Automated VPN creation, modification and deletion:
• Manage member ports
• Adapt Paths to Network Resources and DVPN Requirements
10
![Page 11: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/11.jpg)
MPLS Implementation
• MPLS with VPLS
• Paths and VPN Coloring
• Protocol Stack Dependencies
• Complex configuration
• Requires custom NMS
• Lack of defined API
• Fast Failover using RSVP (another label)
• E-VPN MAC learning (draft)
11
LDP
OSPF
MP-BGP RSVP-TE BFD
FRR
E-VPN
VPLS
IP Addressing
![Page 12: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/12.jpg)
MPLS Implementation
• Provisioning of DVPNs through NMS
• Needs topology information to provide paths
• Installs paths in RSVP, end-points in VPLS
12
VPLS
RSVPMPLS
RSVPMPLS
RSVPMPLS
RSVPMPLS
VPLS
CE PE P P PE CE
Forwarding Plane
Control Plane
NMSDATA
LDPLDP
![Page 13: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/13.jpg)
OpenFlow Implementation
13
• SDN Architecture with OpenFlow 1.3
• Abstraction of the network
• Centralized Applications
• MAC Learning
• Traffic Engineering
• ECMP
• Fast Failover..
• MPLS labels
• Rate Limiting per Flow
CONTROLLER
APP APP APP APP
Northbound
SouthboundOpenFlow
???
![Page 14: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/14.jpg)
OpenFlow Implementation
• Provisioning of DVPNs through Applications
• Has topology information available
• Traffic Engineering Application allows rerouting
• Install Paths in all intermediate P’s
14
CE PE P P PE CE
Forwarding Plane
Control Plane
CONTROLLERDATA APPS
![Page 15: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/15.jpg)
Research Answers
• Can DVPNs be implemented using contemporary technologies?
• Yes, but management is complex and lacks control
• Can DVPNs be implemented using OpenFlow?
• Yes, using MPLS labels and custom applications
• What are the differences?
15
![Page 16: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/16.jpg)
Comparison
16
MPLS OpenFlow/SDN
Tagging of VPN Traffic VPLS MPLS
MAC Scalability yes yes
Topology Discovery OSPF centralized
Path Provisioning RSVP / LDP centralized
Traffic Engineering RSVP centralized
ECMP yes yes, using Groups
BUM limiting dependent on HW per flow
BUM traffic handling flood controller
Exchange C-MACs E-VPN (draft) centralized
Traffic Rate Limiting dependent on HW per flow
Fast Failover FRR and BFD yes, using Groups*
OAM LSP Ping centralized
![Page 17: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/17.jpg)
MPLS
Pro’s Con’s
• Known technology • Large protocol stack
• No consistent management interface
• Complex NMS
• E-VPN in draft
17
![Page 18: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/18.jpg)
OpenFlow
Pro’s Con’s
• Learn from MPLS
• MAC Exchange on PEs
• Rate Limiting per Flow
• No forwarding plane monitoring
• No Northbound standard
• Reimplement intelligence
18
![Page 19: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/19.jpg)
Conclusion
• MPLS lacks in manageability
• SDN architecture solves complexity
• OpenFlow missing essential carrier function
19
![Page 20: Architecture of dynamic VPNs in OpenFlow · MPLS Implementation • MPLS with VPLS • Paths and VPN Coloring • Protocol Stack Dependencies • Complex configuration • Requires](https://reader036.vdocuments.site/reader036/viewer/2022062402/5f0f0ecf7e708231d44247c2/html5/thumbnails/20.jpg)
Questions?
20