introducción a mpls y mpls vpn - sp wan ip-atm/intro... · multiprotocol bgp and mpls virtual...
TRANSCRIPT
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 1
1Presentation_ID © 2001, Cisco Systems, Inc.
Introducción a MPLS y MPLS VPN
IntroducciIntroduccióón a MPLS y n a MPLS y MPLS VPNMPLS VPN
Nelson Muñ[email protected]
Nelson Nelson MuMuññozoz
2Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
AgendaAgendaAgenda
• Introducción
• Que es una VPN ?
• IP+ATM
• Conceptos básicos de MPLS
• MPLS VPN
• QoS en MPLS
• Ventajas de las VPN MPLS
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 2
3Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Small /Medium & Large Sites
Small /Medium & Large Sites
VoiceVoice VideoVideoDataData
1001100110011001
Customers/Partners & PublicCustomers/Partners & Public
Telecommuters & Mobile Users
Telecommuters & Mobile Users
Universal AccessUniversal Access
Platform Independence
Platform Independence
Immediate UserCompetence
Immediate UserCompetence
Reduced Capital and Operational Costs
Reduced Capital and Operational Costs
Dominance of IP Protocol
Dominance of IP Protocol
Reduced ApplicationDevelopment Time
Reduced ApplicationDevelopment Time
JANFEB
MARAPR
MAYJUN
JUL
Market Drivers for IP-VPN’sMarket Drivers for IPMarket Drivers for IP--VPN’sVPN’s
4Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Customer communitiesdeployed on a shared infrastructure
with the same policies as a private network
Service ProviderShared Network
Virtual Private Network Services Definition
Virtual Private Network Virtual Private Network Services DefinitionServices Definition
• Access VPNEnterprise accessWholesale
• Intranet VPNBranch offices
• Extranet VPNBusiness-to-businessIndustry groups
VPNVPN
Internet, IP, IPsec FR, ATM, MPLS
Internet, IP, IPsec FR, ATM, MPLS
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 3
5Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
EnterpriseWAN
EnterpriseAccess VPNEnterpriseEnterprise
Access VPNAccess VPN
Remote SitesRemote Sites
InternetInternetAccessAccess
WAN RouterVPN Concentrator
FirewallAppliance
IntranetIntranet
Core SiteCore Site
HFC
Internet
DialISDN
DSL
Cable
Wireless
6Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
EnterpriseIntranet/Extranet VPN
EnterpriseEnterpriseIntranet/Extranet VPNIntranet/Extranet VPN
InternetInternet
WAN RouterVPN Router
FirewallAppliance
IntranetIntranet
Company ACore Site
Company ACore Site
FirewallAppliance
VPNRouter
Extranet VPNExtranet VPN
Intranet VPNIntranet VPN
Internet
Company BCompany B
Company ARemote SiteCompany ARemote Site
Integrated VPN router w/ BB Access
VPN Access BroadbandAccess
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 4
7Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
IP VPN TaxonomyIP VPN TaxonomyIP VPN Taxonomy
Client-Initiated
NAS-Initiated
IP Tunnel
VirtualCircuit
Network-Based VPNs
Network-Based VPNs
SecurityAppliance
Router FR ATM
IP VPNs
DIAL DEDICATED
RFC 2547RFC 2547 Virtual Router
8Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
New Applications for VPNNew Applications for VPNNew Applications for VPN
73%64%
27%
0%
20%
40%
60%
80%
IndividualRemote Access
Site-to-site Extranets
VPN Types Implemented by 2002
Source: Infonetics April 2000
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 5
9Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Advantages to Outsourcing IP-VPNsAdvantages to Outsourcing IPAdvantages to Outsourcing IP--VPNsVPNs
39%
44%
47%
50%
53%
54%
59%
Want to decrease hardware expenditures
Want to reduce costs of training IT staff
Focus company on core competencies
Want to improve VPN performance
Want to increase employee productivity
Not enough staff or decrease expenses
Complexity of VPN technology
Percent of Outsourcing Respondents
Source: Infonetics April 2000
There are multiple reasons for enterprise customers to choose outsourcing over in-house IT solutions
10Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Enterprise Customer BenefitsEnterprise Customer BenefitsEnterprise Customer Benefits
• Reduced costs• Universal access to
IP-based services on global basis
• Adds, removes, and changes as needs evolve
• Access to expertise through outsourcing
• Focus on core competencies
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 6
11Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
US VPN SpendingUS VPN SpendingUS VPN Spending
0
500
1000
1500
2000
2500
1997 1998 1999 2000 2001 20020
5000
10000
15000
20000
25000
30000
1999 2000 2001 2002 2003
VPN Products
VPN Services
Yankee Group Predictions for VPN Spending
($US Millions)
Infonetics VPN Spend Projections ($US Millions)
12Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Business PerspectiveBusiness PerspectiveBusiness Perspective
Businesses are building on IPBusinesses are building on IP Businesses need Businesses need privateprivateIP servicesIP services
CustomersSuppliersPartners
TelecommutersMobile Users
RemoteOffices
IP Intranet IP Extranet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 7
13Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Business IP: The Untapped MarketBusiness IP: The Untapped Market
8
8
PublicIP
BusinessBusinessIPIP
Con
nect
ivity
Privacy/QoS
ATM/FrameRelay
Flexibility of IP;Privacy and QoS ofFrame Relay
Flexibility of IP;Privacy and QoS ofFrame Relay
14Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
The BarriersThe BarriersThe Barriers
• Carriers’ customers need IP services:
–They need connectionless IP services
–They need more flexible IP quality of service guarantees
–But they need more privacy than the Internet provides
• Frame Relay and ATM services are available:
–They provide connection-oriented service
–They have inflexible point-to-point bandwidth guarantees
–But they have good privacy
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 8
15Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
MPLS: The First Complete IP SolutionMPLS: The First Complete IP SolutionMPLS: The First Complete IP Solution
AnyAny--toto--Any ConnectivityAny Connectivity
Leased LinesLeased Lines
Frame Relay/Frame Relay/ATMATM
IPIP
MPLSMPLS
UserUserNN22
NN22
(logical)(logical)
NN
NN
NetworkNetworkNN22
NN22
(logical)(logical)
NN
NN
QoSQoS??
??
??
PrivacyPrivacy??
??
??
Low CostLow CostManagedManagedServicesServices
??
MPLS is the MPLS is the first first solution that delivers on solution that delivers on allall the requirementsthe requirementsfor new world private IP networks.for new world private IP networks.
16Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Three Key TechnologiesThree Key TechnologiesThree Key Technologies
1. Multiprotocol Label Switching (MPLS)MPLS allows carriers to offer carrier-class IP services on the same infrastructure as older, circuit & virtual circuit services
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 9
17Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Three Key TechnologiesThree Key TechnologiesThree Key Technologies
2. Standard IP Routing ProtocolsMPLS still relies on standard IP routing protocols for finding routes for traffic:
– Open Shortest Path First (OSPFOSPF) or Interior System to Interior System (ISIS--ISIS) inside a carrier or ISP network
– Border Gateway Protocol (BGPBGP) between providers’ networks
18Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Three Key TechnologiesThree Key TechnologiesThree Key Technologies
=
3. Multiprotocol BGP and MPLS Virtual Private NetworksThe standard Multiprotocol Border Gateway Protocol (BGP) extends MPLS to provide Virtual Private Networks (VPNs).This means that a carrier can provide many private IP networks on one carrier network.
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 10
19Presentation_ID © 2001, Cisco Systems, Inc.
Primera version: IP+ATM
PrimeraPrimera version: version: IP+ATMIP+ATM
20Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Traditional IP over ATMTraditional IP over ATM
• Put routers around the edge of an ATM network
• Connect routers using Permanent Virtual Circuits
• This does not provide optimal integration of IP and ATM
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 11
21Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
ATM MPLS ATM MPLS
• MPLS adds IP Routing Control to an ATM Switch
• MPLS enables ATM switches to also act like routers
- Fully support IP, along with Frame Relay and ATM, on shared ATM backbone
- Provides optimal IP forwarding capability on an ATM network
22Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
IP over ATM IntegrationIP over ATM IntegrationMPLS: ScalabilityMPLS: Scalability
• MPLS gives routing scalability
- Limited peerings between routers
• MPLS gives Internet routing scalability
- Full BGP4 support, with all the extras
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 12
23Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
IP over ATM IntegrationIP over ATM IntegrationMPLS: IP FundamentalsMPLS: IP Fundamentals
• MPLS puts IP services directly on ATM switches
- ATM switches support IP protocols directly
- Avoids complex translations which occur with MPOA
• Full support for IP CoS, RSVP, IP multicast, future IP services IP Multicast
IP CoS
RSVP
24Presentation_ID © 2001, Cisco Systems, Inc.
Aspectos Tecnicos de MPLS
Aspectos Tecnicos Aspectos Tecnicos de de MPLSMPLS
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 13
25Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
MPLS ConceptMPLS ConceptMPLS Concept
• Enable ATM switches to act as routers
• Create new IP capabilities via flexible classification
• In Core:Forward using labels (as opposed to IP addr)Label indicates service class and destination
Label Switch Router (LSR)
RouterATM switch + Tag Switch ControllerLabel Distribution
Protocol (LDP)
Edge Label Switch Router(ATM Switch or Router)
• At Edge:Classify packetsLabel them
26Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
MPLS OperationMPLS OperationMPLS Operation1a. Existing routing protocols (e.g. OSPF, IS-IS) establish reachability to destination networks
1b. Label Distribution Protocol (LDP) establishes label to destination network mappings
2. Ingress Edge LSR receives packet, performs Layer 3 value-added services, and “labels” packets
3. LSR switches packets using label swapping
4. Edge LSR at egress removes label and delivers packet
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 14
27Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
NonNon--ATM MPLS Example:ATM MPLS Example:Routing InformationRouting Information
128.89
171.69
1
01
0
You can reach 171.69 through me
You can reach 128.89 and 171.69 through me
(Example shows RIP updates for simplicity: OSPF or IS-IS are more likely. Routing tables for this network will be identical in any case.)
You can reach 128.89 through me
In In LblLbl
Address Address PrefixPrefix
128.89128.89
171.69171.69
......
OutOutI’faceI’face
00
11
......
Out Out LblLbl
In In LblLbl
Address Address PrefixPrefix
128.89128.89
171.69171.69
......
OutOutI’faceI’face
11
11
......
Out Out LblLbl
In In LblLbl
Address Address PrefixPrefix
128.89128.89
......
OutOutI’faceI’face
00
......
Out Out LblLbl
28Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
NonNon--ATM MPLS Example:ATM MPLS Example:Assigning LabelsAssigning Labels
1
01
0
Use label 7 for 171.69
Use label 4 for 128.89 andUse label 5 for 171.69
Label Distribution Protocol (LDP)(Downstream Allocation)
Use label 9 for 128.89
128.89
171.69
In In LblLbl
Address Address PrefixPrefix
128.89128.89
171.69171.69
......
OutOutI’faceI’face
00
11
......
Out Out LblLbl
In In LblLbl
Address Address PrefixPrefix
128.89128.89
171.69171.69
......
OutOutI’faceI’face
11
11
......
Out Out LblLbl
In In LblLbl
Address Address PrefixPrefix
128.89128.89
......
OutOutI’faceI’face
00
......
Out Out LblLbl
--
--
44
55
44
55
99
77
99 --
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 15
29Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
NonNon--ATM MPLS Example:ATM MPLS Example:Forwarding PacketsForwarding Packets
128.89
171.69
1
01
128.89.25.4 Data4128.89.25.4 Data
128.89.25.4 Data
128.89.25.4 Data9
0
Label Switch Forwards Based on Label
In In LblLbl
Address Address PrefixPrefix
128.89128.89
171.69171.69
......
OutOutI’faceI’face
00
11
......
Out Out LblLbl
In In LblLbl
Address Address PrefixPrefix
171.69171.69
......
OutOutI’faceI’face
11
11
......
Out Out LblLbl
In In LblLbl
Address Address PrefixPrefix
128.89128.89
......
OutOutI’faceI’face
00
......
--
--
44
55 55
99
77
--4 9128.89
Out Out LblLbl
30Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
EncapsulationsEncapsulations
Label HeaderLabel HeaderPPP HeaderPPP Header Layer 3 HeaderLayer 3 HeaderPPP Header
(Packet over SONET/SDH)
ATM Cell Header HECHEC
LabelLabel
DATADATACLPCLPPTIPTIVCIVCIGFCGFC VPIVPI
Label HeaderLabel HeaderMAC HeaderMAC Header Layer 3 HeaderLayer 3 HeaderLAN MAC Label Header
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 16
31Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Provider MPLS NetworkProvider MPLS NetworkProvider MPLS Network
ATM SwitchIP Router
Service Class (QoS)Privacy (VPN)Traffic Engineering
Label Data
MPLS LabelsDestination and Service Attributes
MPLS LabelsMPLS LabelsDestination Destination andand Service AttributesService Attributes
• Forwarding based on Labels
• Labels are applied at the edge of the Network
• Interoperability of ATM switches and IP routers
• Labels Indicates Service attributes withoutper-hop decisions:
32Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Key MPLS CapabilitiesKey MPLS Capabilities
IP/ATM Integration Traffic Engineering
VPN’s
IP Multicast IP CoS
RSVP
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 17
33Presentation_ID © 2001, Cisco Systems, Inc.
Provider Provisioned VPNs
Provider Provisioned Provider Provisioned VPNsVPNs
34Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
VPN A
VPN B
VPN CVPN A VPN B
VPN C
VPN A
VPN BVPN CVPN A
VPN C VPN BHosting
Multicast
VoIP
Intranet
Extranet
Service Provider Benefitsof MPLS-Based VPNs
Service Provider BenefitsService Provider Benefitsof MPLSof MPLS--Based VPNsBased VPNs
• Overlay VPN
Pushes content outside the network
Costs scale exponentially
Transport dependent
Groups endpoints, not groups
Complex overlay with QoS, tunnels, IP
• MPLS-based VPNs
Enables content hosting insidethe network
“Flat” cost curve
Transport independent
Easy grouping of users and services
Enables QoS inside the VPNs
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 18
35Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Managed IP Services Scale to Large and Small Customers
Managed IP Services Scale to Managed IP Services Scale to Large and Small CustomersLarge and Small Customers
Single carrier networkSingle carrier networksupporting multiple supporting multiple customer IP VPNscustomer IP VPNs
Separately engineeredSeparately engineeredcustomer private IP networks
BGP/MPLSVPN Network
Vs.
36Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Single carrier networkSingle carrier networksupporting multiple supporting multiple customer IP VPNscustomer IP VPNs
Separately engineeredSeparately engineeredcustomer private IP networks
BGP+ MPLSNetwork
Vs.
Build once,Sell onceBuild once,Sell once
Build once,Sell manyBuild once,Sell many
Virtual Private NetworksVirtual Private NetworksVirtual Private Networks
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 19
37Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
BGP/MPLS VPNs: Overview 1BGP/MPLS VPNs: Overview 1BGP/MPLS VPNs: Overview 1
• Customer sites are in many different Virtual Private Networks.
• They run ordinary IP, not MPLS or any special VPN functions.
• Customer sites run RIP, OSPF, BGP or static routing
• Customer sites are connected by Frame Relay, ATM, serial, PPP, ethernet, xDSL, etc.
38Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
BGP/MPLS VPNs: Overview 2BGP/MPLS VPNs: Overview 2BGP/MPLS VPNs: Overview 2
• Network core runs ordinary MPLS
• Network core requires no knowledge or state for VPNs: highly scaleable
• Network core can be an ATM MPLS or router-based MPLS
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 20
39Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
BGP/MPLS VPNs: Overview 3BGP/MPLS VPNs: Overview 3BGP/MPLS VPNs: Overview 3
• Edge LSRs have an extra function, ‘Provider Edge’ function, which deals with VPNs
• Provider Edge function is based on MPLS plus BGP v4 with Multiprotocol Extensions
• Multiprotocol BGP is a standards-track document from the IETF, RFC 2283.
40Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
MPLS VPNMPLS VPNRouting ArchitectureRouting Architecture
• P router = Provider Router (Core LSR )
• PE router = Provider Edge router (Edge LSR) knows which VPN each CE belongs to (by sub-interface)
• CE router = Customer Edge router
• RD (Route Distinguisher) = uniquely identify a VPN (AS#,VPN_ID)
• IPv4 Addresses are unique within VPN
• IPv4 Addresses might overlap across VPN’s
VPN_A
VPN_A
VPN_B
10.3.0.0
10.1.0.0
11.5.0.0
P P
PP PE
PE CE
CE
CE
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CEPE
PECE
CE
VPN_A
10.2.0.0
CE
Service ProviderVPN Aware Network
ConnectionlessIP VPNs
ConnectionlessConnectionlessIP VPNsIP VPNs
Privacy withouttunnels
Privacy withoutPrivacy withouttunnelstunnels
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 21
41Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
MPLS-Based IP-VPN SecurityMPLSMPLS--Based IPBased IP--VPN SecurityVPN Security
“Cisco MPLS-Based VPNs: Equivalent to the Security of Frame Relay
and ATM.”Security
http://www.mier.com/reports/cisco/MPLS-VPNs.pdfMiercom, March 30, 2001
42Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Validating Cisco MPLS-Based IP-VPN as a Secure Network
Validating Cisco MPLSValidating Cisco MPLS--Based Based IPIP--VPN as a Secure NetworkVPN as a Secure Network
• Customers network topology is not revealed to the outside world
• Customers can maintain own addressing plans and the freedom to use either public or private address space
• Attackers cannot gain access into VPNs or service provider’s network
• Impossible for attacker to insert “spoofed” label into a Cisco MPLS network and thus gain access to a VPN or the MPLS core
RED-Glascow2611
100.200.200.104
3.4.4.4
10.4.4.4
SER 5/0:0100.200.104.1
POS 1/0100.200.106.2
T1 FRdlci 102
eBGP AS72 T1 FRdlci 104RIP v2
Ser 3/0100.200.102.1
SiSi
SiSi
SER 1/0:0100.200.104.2
ATM2/0/0100.200.111.1
SER 1/0/1:0100.200.110.1
POS 2/1/0100.200.112.2
3.5.5.5
RED-Dover1750
100.200.200.10910.3.3.3
T1 FRdlci 109RIP v2T1 FR
dlci 110Static
10.3.3.3
DOVER7505
100.200.200.112
ATM1/0100.200.111.2
Ser 0100.200.109.2
BLUE-Dover2611
100.200.200.110 YELLOW-Dover3640
100.200.200.111
Ser 1/0100.200.110.2
Ser 5/0:0100.200.101.1
BLUE-Oxford1750
100.200.200.101
Ser 0100.200.101.2
T1 FRdlci 101
OSPF
10.4.4.4
pvc 0/11eBGP AS71
BLUE-Glascow3640
100.200.200.105
SER 1/0/0:0100.200.109.1
ATM1/0100.200.105.2
10.5.5.5
ATM 1/0100.200.105.1
pvc 1/1OS PF
OC3 POS
GLASCOW7206
100.200.200.106
OXFORD7206
100.200.200.103
LONDONGSR12008
100.200.200.107
POS 1/0100.200.103.1POS 1/1
100.200.106.1
POS 1/0100.200.112.1
POS 2/0100.200.110.1
OC3 POSOC3 POS
YELLOW-Oxford3640
100.200.200.102
Ser 0/0100.200.102.2
SiSi
POS 2/0100.200.103.2
Test Network Topology
Miercom Independent Testing Confirmed Cisco MPLS VPN Is SecureMiercom Independent Testing Confirmed Cisco MPLS VPN Is Secure
Security
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 22
43Presentation_ID © 2001, Cisco Systems, Inc.
QoS en MPLS VPNQoS QoS en MPLS VPNen MPLS VPN
44Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Differentiated IP Services
BronzeBronze
Silver
GoldGoldGuaranteed: Latency and Delivery
Best-Effort Delivery
Guaranteed DeliveryTrafficClassification
TrafficClassification
Application-Level QoS and Bandwidth Management
ApplicationApplication--Level Level QoSQoS and and Bandwidth ManagementBandwidth Management
Quality of Service
Real-time Applications
Mission Critical,Interactive, Data Applications
Best effort Data Applications
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 23
45Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Motivation Behind QoSMotivation Behind QoSMotivation Behind QoS
• Applications are sensitive to delay, jitter and packet loss
• There are non-adjustable components (e.g. propagation delay, switching delay, CRC errors)
• There are adjustable components associated with link congestion (buffering delay andpacket loss)
• Some Congestion is likely in most networks
• Service provider can manage situation and offer value-added service
46Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Classification
Identifyand split
traffic intodifferent classes
Prioritize, protect
andisolate traffic
Mark traffic if
necessary
PolicingMarking
Queuing &Dropping
Shaping
Discard misbehaving
traffic tomaintain network integrity
Control bursts and
conform traffic
How does a router implement different qualities of service?
QoS Building BlocksQoS Building BlocksQoS Building Blocks
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 24
47Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Using the EXP Bits – Diffserv Support
Using the EXP Bits Using the EXP Bits –– Diffserv Diffserv SupportSupport
• Copy of precedence into EXP
• Mapping of DSCP into EXP
MPLS EXP: xyz
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Label | EXP |S| TTL |
IPv4 PacketIPv4 Packet MPLSMPLS
Prec: xyz Prec: xyz
Non-MPLS Domain
Non-MPLS Domain
MPLS DomainMPLS Domain
HdrHdr
48Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
IPv4 PacketIPv4 Packet
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+| Label | EXP |S| TTL |
Label-Inferred CoS – Diffserv Support
LabelLabel--Inferred Inferred CoS CoS –– Diffserv Diffserv SupportSupport
• DSCP/precedence to label mapping
Prec: xyz
DestDest--CoS CoS Label Label P/p CoS1P/p CoS1 17 17
P/p CoS2P/p CoS2 2222
P/p CoS3P/p CoS3 25 25
P/p CoS4P/p CoS4 1212
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 25
49Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
MPLSPE
PE
PE
PE
P
P
P
P
DiffServ
CE
CEDiffServ
MPLS Traffic Engineering with QoS
MPLS Traffic Engineering with MPLS Traffic Engineering with QoSQoS
• Traffic is routed using explicit and constrain-based routing
• Aggregate admission control against a particular bandwidth pool
• Packets are scheduled at every hop according to EXP marking regardless of LSP
50Presentation_ID © 2001, Cisco Systems, Inc.
Ventajas de lasMPLS VPN
VentajasVentajas de de laslasMPLS VPNMPLS VPN
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 26
51Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Key FeaturesKey FeaturesKey Features
• No constraints on addressing plans used by VPNs—A VPN customer may:
Use globally unique and routable/non-routable addresses
Use private addresses (RFC1918)
• Security:
Basic security is comparable to that provided by FR/ATM-based VPNs without requiring data encryption
VPN customer may use IPSec-based mechanisms
E.g., CE— CE IPSec-based encryption
52Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Key Features (Cont.)Key Features (Cont.)Key Features (Cont.)
• Quality of Service:
Flexible and scaleable support for a CoS-based networks
• Scalability:
Total capacity of the system isn’t bounded by the capacity of an individual component
Scale to virtually unlimited number of VPNs per VPN Service Provider and scale to thousands of sites per VPN
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 27
53Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
Key Features (Cont.)Key Features (Cont.)Key Features (Cont.)
• Connectivity to the Internet:
VPN service providers may also provide connectivity to the Internet to its VPN customers
Common infrastructure is used for both VPN and the Internet connectivity services
• Simplifies operations and management for VPN service providers:
No need for VPN service providers to set up and manage a separate backbone or “virtual backbone” for each VPN
54Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
BGP/MPLS VPN— SummaryBGP/MPLS VPNBGP/MPLS VPN—— SummarySummary
• Supports large scale VPN service
• Increases value add by the VPN service provider
• Decreases service provider cost of providing VPN services
• Mechanisms are general enough to enable VPN service provider to support a wide range of VPN customers
Copyright © 1998, Cisco Systems, Inc. All rights reserved. Printed in USA.Presentation_ID.scr 28
55Presentation_ID © 2001, Cisco Systems, Inc. www.cisco.com
MPLS as a Foundation for Value-Added Services
MPLS as a Foundation MPLS as a Foundation for Valuefor Value--Added ServicesAdded Services
Traffic Engineering
Traffic Engineering
Provider Provisioned
VPNs
Provider Provisioned
VPNsIP+ATMIP+ATM IP+Optical
GMPLSIP+Optical
GMPLS
Any Transport over MPLS
Any Transport over MPLS
MPLSMPLS
Network InfrastructureNetwork Infrastructure
56© 2001, Cisco Systems, Inc.