juniper mpls for r&e nets

7/30/2019 Juniper MPLS for R&E Nets

1/68

1

MPLS

John Jamison

University of Illinois at Chicago

November 17, 2000

Whats in it for Research& Education Networks?


2/68

2

Juniper Networks Product Family

Nov 1999M20

Sept 1998M40

Mar 2000M160

Sept 2000

M5

Sept 2000M10


3/68

3

Juniper NetworksResearch and Education Customers

MCI Worldcom vBNS/vBNS+

Department of Energy ESnet

DANTE - TEN-155 (Pan-EuropeanResearch & Education Backbone)

NYSERNet New York State Education& Research Network

Georgia Tech SOX GigaPoP

University of WashingtonPacific/Northwest GigaPoP

STAR TAP (International Research &Education Network Meet Point)

APAN (Asia Pacific Advanced Network)Consortium

NOAA (National Oceanographic andAtmospheric Administration)

NASA Goddard Space Flight Center

NIH (National Institutes of Health)

DoD (Department of Defense)

US Army Engineer Research and

Development Center

University of Illinois NCSA (NationalCenter for Supercomputing

Applications)

University of California, San Diego -SDSC (San Diego SupercomputerCenter)

University of Southern California,

Information Sciences Institute

Indiana University

Stanford University

University of California, Davis

California Institute of Technology

North Carolina State University

University of Alaska

University of Hiroshima, Japan

Korea Telcom Research Lab

ETRI (Electronic and TransmissionResearch Institute), Korea


4/68


5/68

5

Our Agenda

MPLS Overview

Traffic Engineering

VPNs


6/68

6

What are we missing out on?

A bunch of pure marketing slides

A bunch of filler slides

Slides with content that is of interest mainly to

ISPs Here is how you can use MPLS to bring in more revenue,

offer different services, etc.

Some Details of MPLS Signaling Protocols and RFC

2547 VPNsYou can (and should) only cover so much in one talk

Some MP(Lambda)S Details

Seems too much like slide ware right now


7/687

What are we gaining?

Besides being spared marketing and ISP centricstuff:

We will see some examples from networks andapplications we are familiar with

We will save some time and cover almost as muchinformation


8/688

Why Is MPLSan Important Technology?

Fully integrates IP routing & L2 switching

Leverages existing IP infrastructures

Optimizes IP networks by facilitating

traffic engineering

Enables multi-service networking

Seamlessly integrates private and public networks

The natural choice for exploring new and richerIP service offerings

Dynamic optical bandwidth provisioning


9/689

What Is MPLS?

IETF Working Group chartered in spring 1997

IETF solution to support multi-layer switching:

IP Switching (Ipsilon/Nokia)

Tag Switching (Cisco)

IP Navigator (Cascade/Ascend/Lucent)

ARIS (IBM)

Objectives

Enhance performance and scalability of IP routing

Facilitate explicit routing and traffic engineering

Separate control (routing) from the forwarding mechanismso each can be modified independently

Develop a single forwarding algorithm to support a widerange of routing and switching functionality


10/6810

MPLS Terminology

Label Short, fixed-length packet identifier

Unstructured

Link local significance

Forwarding Equivalence Class (FEC)

Stream/flow of IP packets:

Forwarded over the same path

Treated in the same manner

Mapped to the same label

FEC/label binding mechanism

Currently based on destination IP address prefix

Future mappings based on SP-defined policy


11/68

11

MPLS Terminology

Label Swapping Connection table maintains mappings

Exact match lookup Input (port, label) determines:

Label operation

Output (port, label)

Same forwarding algorithm used in Frame Relay and ATM

Port 1

Port 3

Port 2

Port 4

Connection Table

In(port, label)

Out(port, label)

(1, 22)

(1, 24)

(1, 25)(2, 23)

(2, 17)

(3, 17)

(4, 19)(3, 12)

LabelOperation

Swap

Swap

SwapSwap

25IP

19IP


12/68

12

MPLS Terminology

Label-Switched Path (LSP)

Simplex L2 tunnel across a network

Concatenation of one or more label switched hops

Analogous to an ATM or Frame Relay PVC

SanFrancisco

New York

LSP


13/68

13

MPLS Terminology

SanFrancisco

New York

LSP

LSR

LSR

LSRLSR

Label-Switching Router (LSR)

Forwards MPLS packets using label-switching

Capable of forwarding native IP packets

Executes one or more IP routing protocols

Participates in MPLS control protocols

Analogous to an ATM or Frame Relay Switch (that also

knows about IP)


14/68

14

MPLS Terminology

SanFrancisco

NewYork

LSP

Ingress LSR (head-end LSR)

Examines inbound IP packets and assigns them to an FEC

Generates MPLS header and assigns initial label

Transit LSR

Forwards MPLS packets using label swapping

Egress LSR (tail-end LSR)

Removes the MPLS header

IngressLSR Transit

LSR TransitLSR

EgressLSR


15/68

15

MPLS Header

Fields Label

Experimental (CoS)

Stacking bit Time to live

IP packet is encapsulated by ingress LSR

IP packet is de-encapsulated by egress LSR

TTLLabel (20-bits) CoS S

IP Packet

32-bits

L2 Header MPLS Header


16/68

16

134.5.1.5

200.3.2.7200.3.2.1

134.5.6.1

Routing Table

Destination Next Hop

134.5/16

200.3.2/24

12.29.31.5

12.29.31.5

Destination

Routing TableNext Hop

134.5/16

200.3.2/24

134.5.6.1

200.3.2.1

IP Packet Forwarding Example

200.3.2.7

200.3.2.7

3 5

2

12.29.31.412.29.31.1

Routing Table


134.5/16

200.3.2/24

12.29.31.5

12.29.31.9

12.29.31.5

Routing Table


134.5/16

200.3.2/24

12.29.31.5

12.29.31.4

12.29.31.9

200.3.2.7

200.3.2.7

200.3.2.7


17/68

17

134.5.1.5

200.3.2.7

1 2

200.3.2.1

134.5.6.1

Ingress Routing Table


134.5/16

200.3.2/24

(2, 84)

(3, 99)

MPLS TableIn Out

(1, 99) (2, 56)

MPLS TableIn Out

(3, 56) (5, 0)

DestinationEgress Routing Table

Next Hop

134.5/16

200.3.2/24

134.5.6.1

200.3.2.1

MPLS Forwarding Example

200.3.2.7

MPLS TableIn Out

(2, 84) (6, 0)

200.3.2.7

3 5

2

3

2 6


18/68

18

How Is Traffic Mappedto an LSP?

Map LSP to the BGP next hop

FEC = {all BGP destinations reachable via egress LSR}

134.5.1.5

Egress LSR

AS 45 AS 63

AS 77

Transit SP

LSP 32

I-BGP peers

134.5.1.5 E-BGPpeers

E-BGPpeers

BGP BGP

BGP BGP

Routing Table134.5/16 LSP 32

Ingress LSR


19/68


20/68

20

MPLS Signaling Protocols

The IETF MPLS architecture does not assumea single label distribution protocol

LDP

Executes hop-by-hop

Selects same physical path as IGP Does not support traffic engineering

RSVP

Easily extensible for explicit routes and label distribution

Deployed by providers in production networks

CR-LDP

Extends LDP to support explicit routes

Functionally identical to RSVP

Not deployed


21/68

21

How Is the LSP PhysicalPath Determined?

Two approaches:

Offline path calculation (in house or 3rd party tools)

Online path calculation (constraint-based routing)

A hybrid approach may be used

LSP

IngressLSR

EgressLSR


22/68

22

Offline Path Calculation

Simultaneously considers

All link resource constraints

All ingress to egresstraffic trunks

Benefits Similar to mechanisms used

in overlay networks

Global resource optimization

Predictable LSP placement

Stability

Decision support system

In-house and third-party tools


23/68

23

IngressLSR

EgressLSR

LSP

Offline Path Calculation

Input to offline path calculation utility:

Ingress and egress points Physical topology

Traffic matrix (statistics about city - router pairs)

Output: Set of physical paths, each expressed

as an explicit route

R1

R3

R2

R4

R5

R6

R7

R8

R9

Explicit route ={R1, R4, R8, R9}


24/68

24

Explicit Routes: Example 1

LSP from R1 to R9

Partial explicit route: {loose R8, strict R9}

LSP physical path

R1 to R8 follow IGP path

R8 to R9 directly connected

IngressLSR

EgressLSRR1

R3

R2

R4

R5

R6

R7

R8

R9


25/68

25

IngressLSR

EgressLSRR1

R3

R2

R4

R5

R6

R7

R8

R9

Explicit Routes: Example 2

LSP from R1 to R9

Full explicit route:

{strict R3, strict R4, strict R7, strict R9} LSP physical path






26/68

26

Constraint-Based Routing

IngressLSR

EgressLSR

Online LSP path calculation

Operator configures LSP constraints at ingress LSR Bandwidth reservation

Include or exclude a specific link(s)

Include specific node traversal(s)

Network actively participates in selecting an LSP

path that meets the constraints

User defined LSPconstraints


27/68

27


Thirty-two named groups, 0 through 31 Groups assigned to interfaces

San

Francisco

Gold

Bronze

Silver


28/68

28


Choose the path from A to I using:admin group {

include [gold sliver];

}

C

D

E

F

G

H

B

A

I

6


29/68

29


A-C-F-G-I uses only gold or silver links

C

D

E

F

G

H

B

A

I

16

2

C t i t B d R ti


30/68

30

NewYork

Atlanta

Chicago

Seattle

LosAngeles

SanFrancisco

KansasCity

Dallaslabel-switched-path SF_to_NY {to New_York;from San_Francisco;admin-group {exclude green}cspf}

Constraint-Based Routing:Example 1

C t i t B d R ti


31/68

31

Paris

London

Stockholm

Madrid

Rome

Geneva

Munich

label-switched-path madrid_to_stockholm{to Stockholm;from Madrid;admin-group {include red, green}cspf}

Constraint-Based Routing:Example 2

31


32/68

32

Other Neat MPLS Stuff

Secondary LSPs

Fast Reroute

Label Stacking

GMPLS


33/68

33

MPLS Secondary LSPs

Standard LSP failover

Failure signaledto ingress LSR

Calculate & signal new LSP

Reroute traffic to new LSP

Standby Secondary LSP

Pre-established LSP

Sub-second failover

New YorkData CenterSan Francisco

Data Center

Primary LSP

Secondary LSP


34/68

34

MPLS Fast Reroute

Ingress signals fast reroute during LSP setup Each LSR computes a detour path

(with same constraints)

Supports failover in ~100s of ms

New YorkData CenterSan Francisco

Data Center

Primary LSP

Active Detour


35/68

35

MPLS Label Stacking

A label stack is an ordered set of labels

Each LSR processes the top label Applications

Routing hierarchy

Aggregate individual LSPs into a trunk LSP

VPNs

21

3

LSP 1

LSP 2

Trunk LSP

2

54

TTLLabel (20-bits) CoS S

3 6 2 5

3

5 2

1


36/68

36

3

5 2

1

21

3

2

5

4

Trunk LSP

MPLS Label Stack: Example 1

MPLS Table

In Out

(5, 42) (6, 18)

MPLS Table

In Out(2, 18) (5, Pop)

MPLS Table

In Out(4, 25) (2, 56)

In Out

(1, 25) (2, Push [42])

MPLS Table

(4, 35) (5, 17)(3, 35) (2, Push [42])

5 6 2 5


37/68

37

3

5 2

1

21

3

2

5

4

Trunk LSP

MPLS Label Stack: Example 2

MPLS Table

In Out

(5, 42) (6, 18)

MPLS Table

In Out(2, 18) (5, Pop)

MPLS Table

In Out(4, 25) (2, 56)

(4, 35) (5, 17)

In Out

(1, 25) (2, Push [42])

(3, 35)

MPLS Table

(2, Push [42])

5 6 2 5

Label Stacking allows you to


38/68

38

Label stacking to create a hierarchy of LSP trunks

LSP 4

LSP 3

LSP 1

LSP 2

LSP 1

LSP Trunkof Trunks

LSP 2

LSP 4

LSPTrunk

LSP 3LSP

Trunk

Label Stacking allows you toReduce the Number of LSPs

Generalized MPLS (GMPLS)


39/68

39

IP Service(Routers)

Optical Transport(OXCs, WDMs)

Optical Core

Generalized MPLS (GMPLS)Formally known as MPL(amda)S

Reduce complexity

Reduce cost

Router subsumes functions performed by other layers

Fast router interfaces eliminate the need for MUXs MPLS replaces ATM/FR for traffic engineering

MPLS fast reroute obviates SONET APS restoration

Dynamic provisioning of optical bandwidth is requiredfor growth and innovative service creation


40/68

40

GMPLS: LSP Hierarchy

Nesting LSPs enhances system scalability

LSPs always start and terminate on similar interface types

LSP interface hierarchy Packet Switch Capable (PSC) Lowest

Time Division Multiplexing Capable (TDM)

Lambda Switch Capable (LSC)

Fiber Switch Capable (FSC) Highest

FA-LSC

FA-TDM

FA-PSC

BundleFiber n

Fiber 1

FSC CloudLSCCloudTDMCloudPSCCloud LSCCloud TDMCloud PSCCloud

ExplicitLabel LSPs

Time-slotLSPs Fiber LSPsLSPs

ExplicitLabel LSPs

Time-slotLSPsLSPs

(multiplex low-order LSPs) (demultiplex low-order LSPs)


41/68

41

AGENDA

MPLS Overview

Traffic Engineering

VPNs


42/68

42

What Is Traffic Engineering?

Ability to control traffic flows in the network

Optimize available resources

Move traffic from IGP path to less congested path

Source Destination

Layer 3 Routing Traffic Engineering


43/68

43

Brief History

Early 1990s Internet core was connected with T1 and T3

links between routers

Only a handful of routers and links to manage

and configureHumans could do the work manually

Metric-based traffic control was sufficient

Metric-Based Traffic


44/68

44

Metric-Based TrafficEngineering

Traffic sent to A or B follows path withlowest metrics

1 1

1 2

A B

C

Metric-Based


45/68

45

Metric-BasedTraffic Engineering

DrawbacksRedirecting traffic flow to A via C causes traffic

for B to move also!

Some links become underutilized or

overutilized

1 4

1 2

A B

C

Metric-Based


46/68

46

Metric-BasedTraffic Engineering

DrawbacksComplexity made metric control tricky

Adjusting one metric might destabilize network


47/68

47

Discomfort Grows

Mid 1990s ISPs became uncomfortable with size of

Internet core

Large growth spurt imminent

Routers too slowMetric engineering too complex

IGP routing calculation was topology driven,not traffic driven

Router based cores lacked predictability


48/68

48

Overlay Networks are Born

ATM switches offered performance andpredictable behavior

ISPs created overlay networks that presented avirtual topology to the edge routers in theirnetwork

Using ATM virtual circuits, the virtual networkcould be reengineered without changing thephysical network

Benefits

Full traffic control Per-circuit statistics

More balanced flow of traffic across links


49/68

49

Overlay Networks

ATM core ringed by routersPVCs overlaid onto physical network

PhysicalView

A

BC

A

B

CLogicalView

BNS ATM D i


50/68

50

vBNS ATM Design

Full UBR PVP mesh between terminal switches to carry BestEffort traffic

Los

Angeles

Chicago

Cleveland

Boston

San

Francisco

Denver

Atlanta

Washington

DC

New

York City

Houston

SeattlePerryman,

MD

vBNS Backbone Network Map


51/68

51

San Francisco

National Center forAtmospheric Research

San DiegoSupercomputer Center

Houston

Denver

Ameritech NAP

Chicago

National Center forSupercomputingApplications

Cleveland

Perryman, MD

Sprint NAP

MFS NAP

PittsburghSupercomputing

Center

Los Angeles

A

Atlanta

ANew York City

vBNS Backbone Network Map

Boston

Washington, DC

Seattle

A

A

C

C

C

C

C

C

C

C

C

C

C

C

C

C

C

C

C

CJ

J

Ascend GRF 400

Cisco 7507

Juniper M40

FORE ASX-1000

NAP

A

C

DS-3

OC-3C

OC-12C

OC-48

J

l d b k


52/68

52

Overlay Nets Had Drawbacks

Growth in full mesh of ATM PVCs stresseseverything

Router IGP runs out of steam

Practical limitation of updating configurations in

each switch and routerATM 20% Cell Tax

ATM SAR speed limitations

OC-48 SAR very difficult/expensive to build

OC-192 SAR?

h i


53/68

53

In the mean time:

Routers caught upCurrent generation of routers have

High speed, wire-rate interfaces

Deterministic performance

Software advances

MPLS came along Fuses best aspects of ATM PVCs with high-

performance routing engines

Uses low-overhead circuit mechanism

Automates path selection and configuration

Implements quick failure recovery

MPLS f T ffi E i i


54/68

54

MPLS for Traffic Engineering

Low-overhead virtual circuits for IP Originally designed to make routers faster

Fixed label lookup faster than longest match used by IProuting

Not true anymore

Value of MPLS is now in traffic engineering Other MPLS Benefits:

No second network

A fully integrated IP solution no second technology

Traffic engineering

Lower cost

A CoS enabler

Failover/link protection

Multi-service and VPN support

AGENDA


55/68

55

AGENDA

MPLS Overview

Traffic Engineering

VPNs

What Is a Virtual Private


56/68

56

What Is a Virtual PrivateNetwork?

A private network constructed over a shared infrastructure Virtual

An artificial object simulated by computers (not really there!)

Private Separate/distinct environments Separate addressing and routing systems

Network A collection of devices that communicate among themselves

SharedInfrastructure Mobile users

andtelecommuters

Intranet

Extranet

Remote access

Branchoffice

Corporate

headquarters

Suppliers,partnersand customers

Deploying VPNs using Overlay


57/68

57

Deploying VPNs using OverlayNetworks

Provider Frame Relay Network

CPE

CPE

CPE

CPE

CPE

DLCI

DLCI

DLCIFR

switch

FRswitch

FRswitch

FRswitch

FRswitch

FRswitch

FRswitch

Operational model PVCs overlay the shared infrastructure (ATM/Frame Relay) Routing occurs at CPE

Benefits

Mature technologies Inherently secure Service commitments (bandwidth, availability, etc.)

Limitations Scalability and management of the overlay model Not a fully integrated IP solution

CPE

MPLS: A VPN Enabling


58/68

58

MPLS: A VPN EnablingTechnology

Benefits

Seamlessly integrates multiple networks

Permits a single connection to the service provider Supports rapid delivery of new services

Minimizes operational expenses

Provides higher network reliability and availability

Service Provider Network

Site 1

Site 1

Site 2

Site 3

Site 2

Site 3

Th Th T f VPN


59/68

59

There are Three Types of VPNs

End to End (CPE Based) VPNs L2PT & PPTP

IPSEC

Layer 2 VPNsCCC

CCC & MPLS Hybrid

Layer3 VPNsRFC 2547bis

End to End VPNs:


60/68

60

End to End VPNs:L2TP and PPTP

Dial Access Provider

V.x modem

PPP dial-upService Provider or VPN

L2TPaccess server

Dial accessserver

L2TP tunnel

Dial accessserver

PPTPaccess serverPPTP tunnel

Application: Dial access for remote users Layer 2 Tunneling Protocol (L2TP)

RFC 2661 Combination of L2F and PPTP

Point-to-Point Tunneling Protocol (PPTP) Bundled with Windows/Windows NT

Both support IPSec for encryption Authentication & encryption

at tunnel endpoints

End to End VPNs:


61/68

61

End to End VPNs:The IP Security Protocol (IPSec)

Defines the IETFs layer 3 security architectureApplications:

Strong security requirements

Extend a VPN across multiple service providers

Security services include:Access control

Data origin authentication

Replay protection

Data integrity Data privacy (encryption)

Key management

End to End VPNs:


62/68

62

End to End VPNs:IPSec Example

Routing must be performed at CPE

Tunnels terminate on subscriber premise Only CPE equipment needs to support IPSec

Modifications to shared resources are not required

ESP tunnel mode Authentication insures integrity from CPE to CPE

Encrypts original header/payload across internet

Supports private address space

Public Internet

CorporateHQ

BranchofficeCPE CPE

IPSec ESP Tunnel Mode

Layer 2 VPNs:


63/68

63

Layer 2 VPNs:CCC/MPLS

ATM (orFrame Relay)

PE

PE

PE

ATM (orFrame Relay)

LSPs

CCC Function

In Out

LSP 2 in LSP 5DLCI 600

LSP 6 in LSP 5DLCI 610

CCC Table

LSP 2LSP 6

LSP 5

In Out

LSP 2 in LSP 5 DLCI 506

LSP 6 in LSP 5 DLCI 408

CCC Table

DLCI600

DLCI610

DLCI506

DLCI408(MPLS core)

CPECPE

Benefits

Reduces provider configuration complexity

MPLS traffic engineered core

Subscriber can run any Layer 3 protocol

User Nets do not know there is a cloud in the middle

Limitations Circuit type (ATM/FR) must be like to like

CCC Example:


64/68

64

pAbilene and ISP Service on one link

University X

ATM Access

Big I Internet Traffic:ATM VC1 terminated, IP packets delivered to Qwest ISP

Abilene Traffic:ATM VC2 mapped to port facing Abilene

An M20/40/160 can both terminate ATM PVCs (layer 3 lookup) andsupport CCC pass-through on the same port.

Abilene

Qwest ISP

M40

vBNS used CCC and MPLS to tunnel


65/68

65

IPv6 across their backbone for SC2000

Chicago

SC2000

in Dallas

IPv6

IPv6

vBNS/vBNS+

IPv4

ATMATM

CCCCCC

Layer 3 VPNs:


66/68

66

yRFC 2547 - MPLS/BGP VPNs

Service Provider Network

CPE

CPE

CPE

PE PE

PE

CPE

CPE

CPE

Site 1

Site 1

Site 2

Site 3

Site 2

Site 3P

P

P

P

P

PE

FT

FT

FT

FTFT

FT


67/68

67

Questions?


68/68

Thank You

[email protected]

http://www.juniper.net

juniper mpls for r&e nets

Documents