Está en la página 1de 105

Capitulo 9

MPLS:
Multi-Protocol Label
Switching
Ing. Jos Patio Snchez

IP
The first defined and used
protocol
De facto the only protocol for
global Internet working
but there are disadvantages

IP Routing disadvantages
Connectionless
Each router has to make independent
forwarding decisions based on the IPaddress
Large IP Header (at least 20 bytes)
Routing in Network Layer
- Slower than Switching
Usually designed to obtain shortest
path
- Do not take into account additional
metrics

ATM
connection oriented
fast packet switching with fixed length
packets (cells)
integration of different traffic types (voice,
data, video)
but there are also disadvantages

ATM disadvantages
Complex
Expensive
Not widely adopted

Motivation (cont.)
Idea: Combine the forwarding algorithm used in
ATM with IP.

MPLS Basics
Multi Protocol Label Switching is arranged
between Layer 2 and Layer 3

MPLS concept
Packet forwarding is done based on Labels.
Labels are assigned when the packet
enters into the network.
Labels are on top of the packet.
MPLS nodes forward packets/cells based
on the label value (not on the IP
information).

MPLS concept
MPLS allows:
Packet classification only where the packet
enters the network.
The packet classification is encoded as a
label.
In the core, packets are forwarded without
having to re-classify them.
No further packet analysis
Label swapping

Route At Edge, Switch In


Core

IP

IP

IP Forwarding

#L1

IP

#L2

LABEL SWITCHING

IP

#L3

IP

IP Forwarding

Basic Concept of MPLS


Routing Table

In
label

Out
label

3
4

Address Prefix N/w


Int.

128.89.10.
x
179.69.x.x

1
1

In
label

Out
label

3
4

5
7

Address Prefix N/w


Int.

128.89.10.
x
179.69.x.x

1
2

1
R1

128.89.10.
128.89.10.x
12
Label Table
R3

Advertises
binding
<5, 128.89.10.x>

R2

198.168.7.
6
Advertises
bindings
<3, 128.89.10.x>
<4, 179.69.x.x>

Routing fills routing table


Signaling fills label forwarding table

Advertises
binding
<7, 179.69.x.x>
179.69.x.x
R4

179.69.42.
311

Basic Concept of MPLS


In
label

Out
label

3
4

Address Prefix N/w


Int.

128.89.10.
x
179.69.x.x

1
1

In
label

Out
label

3
3
4

5
7

Address Prefix N/w


Int.

128.89.10.
x
179.69.x.x

Swap
Label
3

R1
3
Packet arrives
DA=128.89.10.
25

Pop
labe
l

1
2

128.89.10.
12

128.89.10.
x

R3
5

R2
Push
Label

198.168.7.
6

179.69.x.x
R4

R3

Forwar
d
packet

179.69.42.
312

Generic label format

Stack
The stack is the collection of labels that
are found on top of the packet.
The stack can consist of just one label, or
it might have more.
The number of labels (that is, the 32-bit
field) that you can find in the stack is
limitless, although you should seldom see
a stack that consists of four or more
labels.

Label Stack
MPLS-capable routers might need more than one
label on top of the packet to route that packet
through the MPLS network. This is done by packing
the labels into a stack. The first label in the stack
is called the top label, and the last label is called
the bottom label. In between, you can have any
number of labels.

Position on MPLS label

Label
IETF has also defined a new protocol known
as the Label Distribution Protocol (LDP) for
explicit signaling and management
Extensions to the base LDP protocol have also
been defined to support explicit routing based
on QoS requirements.

Label Edge Router - LER


Resides at the edge of an MPLS
network and assigns and removes
the labels from the packets.
Support multiple ports connected
to dissimilar networks (such as
frame relay, ATM, and Ethernet).
Ingress Node and Egress Node

Label Switching Router LSR

Is a high speed router in the core on


an MPLS network.
Transit node

Positions of LERs & LSRs

MPLS Router Roles

1. Customer edge (CE) - A router that


has no knowledge of MPLS protocols and
does not send any labeled packets but is
directly connected to an LSR (PE).
2. Provider edge (PE) - An LSR that
shares a link with at least one CE router.
3. Provider (P) - An LSR that does not
have a direct link to a CE router, which
allows the router to just forward labeled
packets.

MPLS Router Roles

Label-Switched Paths LSPs


A label switched path (LSP) is a
sequence of LSRs that switch a
labeled packet through an MPLS
network or part of an MPLS
network. Basically, the LSP is the
path through the MPLS network or
a part of it that packets take.
A path is a representation of a
FEC.

Label-Switched Paths LSPs

Forward Equivalence
Class - FEC
A Forwarding Equivalence Class
(FEC) is a group or flow of packets
that are forwarded along the
same path and are treated the
same
with
regard
to
the
forwarding treatment. All packets
belonging to the same FEC have
the same label.

Forward Equivalence
Class - FEC
However, not all packets that have
the same label belong to the same
FEC, because their EXP values might
differ; the forwarding treatment
could be different, and they could
belong to a different FEC. The router
that decides which packets belong
to which FEC is the ingress LSR. This
is logical because the ingress LSR
classifies and labels the packets.

Examples of FECs
Packets with Layer 3 destination IP addresses
matching a certain prefix
Multicast packets belonging to a certain group
Packets with the same forwarding treatment, based
on the precedence or IP DiffServ Code Point (DSCP)
field
Layer 2 frames carried across an MPLS network
received on one VC or (sub)interface on the ingress
LSR and transmitted on one VC or (sub)interface on
the egress LSR
Packets with Layer 3 destination IP addresses that
belong to a set of Border Gateway Protocol (BGP)
prefixes, all with the same BGP next hop

Forwarding
Equivalence Classes
LSR

LER

LSR

LER

LSP
IP1

IP2

IP1
IP1 #L1

IP1 #L2

IP1 #L3

IP2 #L1

IP2 #L2

IP2 #L3

Packets
Packets are
are destined
destined for
for different
different address
address prefixes,
prefixes,
but
but can
can be
be
mapped
mapped to
to common
common path
path

IP2

FEC = A subset of packets that are all treated the same way by a router
The concept of FECs provides for a great deal of flexibility and scalability
In conventional routing, a packet is assigned to a FEC at each hop (i.e. L3
look-up), in MPLS it is only done once at the network ingress

Different MPLS Modes

Different MPLS Modes


An LSR can use different modes
when distributing labels to other
LSRs. This section covers three
distinct modes, as follows:
Label distribution mode
Label retention mode
LSP control mode

Label Distribution Modes


The MPLS architecture has two
modes to distribute label bindings:
Downstream-on-Demand
(DoD)
label distribution mode
Unsolicited
Downstream
(UD)
label distribution mode

Label Distribution Modes


In the DoD mode, each LSR
requests its next-hop (that is,
downstream) LSR on an LSP, a
label binding for that FEC. Each
LSR receives one binding per FEC
only from its downstream LSR on
that FEC. The downstream LSR is
the next-hop router indicated by
the IP routing table.

Label Distribution Modes


In the UD mode, each LSR
distributes a binding to its
adjacent LSRs, without those LSRs
requesting a label. In the UD
mode, an LSR receives a remote
label binding from each adjacent
LSR.

Label Distribution Modes

Label Distribution Modes

Upstream LSRs request labels to downstream


neighbors
Downstream LSRs distribute labels upon request

Label Retention Modes


Liberal retention mode
LSR retains labels from all neighbors
Improve convergence time, when next-hop is
again available after IP convergence
Require more memory and label space

Conservative retention mode


LSR retains labels only from next-hops
neighbors
LSR discards all labels for FECs without nexthop

Label Retention Modes

Label Control Modes


LSRs can create a local binding for a FEC
in two ways:
Independent LSP Control mode
Ordered LSP Control mode

Label Control Modes


Independent LSP control: The LSR
can create a local binding for a FEC
independently from the other LSRs. In this
control mode, each LSR creates a local
binding for a particular FEC as soon as it
recognizes the FEC. Usually, this means
that the prefix for the FEC is in its routing
table.

Ordered LSP control: An LSR only


creates a local binding for a FEC if it
recognizes that it is the egress LSR for the

Label Control Modes

Forwarding of Labeled
Packets

Label Operation
The possible label operations are
swap, push, and pop.

Label Operation

Label Distribution Protocol

MPLS Unicast IP Routing


MPLS introduces a new field that is used for
forwarding decisions.
Although labels are locally significant, they
have to be advertised to directly reachable
peers.
One option would be to include this parameter
into existing IP routing protocols.
The other option is to create a new protocol to
exchange labels.
The second option has been used because
there are too many existing IP routing protocols
that would have to be modified to carry labels.

Label Distribution Protocol


Defined in RFC 3036 and 3037
Used to distribute labels in a MPLS
network
Forwarding equivalence class
How packets are mapped to LSPs (Label
Switched Paths)

Advertise labels per FEC


Reach destination a.b.c.d with label x

Neighbor discovery
Basic and extended discovery

Label Distribution Protocol


The control plane is the set of
protocols that helps to set up the data
or
forwarding
plane.
The main
components of the control plane are
the routing protocols, the routing table,
and other control or signaling protocols
used to provision the data plane.
The data plane is the packet
forwarding path through a router or
switch.

MPLS Architecture
Control Plane
OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8
Label 17

OSPF
LDP

OSPF: 10.0.0.0/8
LDP: 10.0.0.0/8
Label 4

Data Plane
Labeled packet
Label 17

LFIB
417

Labeled packet
Label 4

Router functionality is divided into two major parts: control


plane and data plane

Label Information Base (LIB)


For every IGP IP prefix in its IP routing
table, each LSR creates a local binding
that is, it binds a label to the IPv4 prefix.
The LSR then distributes this binding to all
its LDP neighbors. These received bindings
become remote bindings. The neighbors
then store these remote and local bindings
in a special table, the label information
base (LIB).
This is the place where the router will keep
all known MPLS labels.

Forwarding Information Base


(FIB)
The FIB is conceptually similar to a
routing table. Its the table a router
looks at when deciding where to
actually forward traffic.

Label Forwarding Information


Base (LFIB)
This is the table that the router uses to
forward labelled packets going through the
network.

MPLS Unicast IP Routing


Architecture
LSR
Exchange of
routing information

Control Plane
Routing Protocol
IP Routing Table

Exchange of
labels

Incoming
IP packets
Incoming
labeled packets

LDP

Data Plane
IP Forwarding Table
Label Forwarding Table

Outgoing
IP packets
Outgoing
labeled packets

Unicast IP Routing: Example


LSR
Control Plane
OSPF:

10.0.0.0/8 1.2.3.4

RT:

10.0.0.0/8 1.2.3.4

OSPF: 10.0.0.0/8

LIB:

Data Plane
10.1.1.1
L=5 10.1.1.1

FIB:
LFIB:

10.0.0.0/8 1.2.3.4

10.1.1.1

MPLS Unicast IP Routing:


Example
LSR
Control Plane

LDP: 10.0.0.0/8, L=5

OSPF:

10.0.0.0/8 1.2.3.4

RT:

10.0.0.0/8 1.2.3.4

LIB:

10.0.0.0/8 Next-hop L=3, Local L=5

OSPF: 10.0.0.0/8

LDP: 10.0.0.0/8, L=3

Data Plane
10.1.1.1
L=5 10.1.1.1

FIB:
LFIB:

10.0.0.0/8 1.2.3.4 , L=3

L=3 10.1.1.1

L=5 L=3

L=3 10.1.1.1

Label Allocation in a
Packet-Mode MPLS
Environment

Label Allocation in PacketMode MPLS Environment


Label allocation and distribution in packetmode MPLS environment follows these steps:
1. IP routing protocols build the IP routing
table.
2. Each LSR assigns a label to every
destination in the IP routing table
independently.
3. LSRs announce their assigned labels to all
other LSRs.
4. Every LSR builds its LIB, LFIB data
structures based on received labels.

Building the IP Routing


Table
Routing table of A
Network Next-hop
X
B

Routing table of B
Network Next-hop
X
C

A
FIB on A
Network Next hop Label
X
B

Routing table of C
Network Next-hop
X
D

Routing table of E
Network Next-hop
X
C

D
Network X

IP routing protocols are used to build IP routing


tables on all LSRs.
FIBs are built based on IP routing tables with no
labeling information.

Allocating Labels
Routing table of B
Network Next-hop
X
C

Router
Router B
B assigns
assigns label
label 25
25 to
to
destination
destination X.
X.

D
Network X

Every LSR allocates a label for every destination


in the IP routing table.
Labels have local significance.
Label allocations are asynchronous.

LIB and LFIB Setup


Routing table of B
Network Next-hop
X
C

B
Label
25

LFIB on B
Action Next hop
EC
pop

LIB on B
Network
LSR label
X
local
25

Router
Router B
B assigns
assigns label
label 25
25 to
to
destination
destination X.
X.
C

Outgoing
Outgoing action
action is
is pop,
pop, as
as B
B
Network
has
for
has received
received no
no label
label
for XX
X
from
from C.
C.
Local
Local label
label is
is stored
stored in
in LIB.
LIB.

LIB and LFIB structures have to be initialized on the LSR


allocating the label.

Label Distribution
LIB on B
Network
LSR label
X
local
25

X = 25

X = 25

B
X

=
25

D
Network X

The allocated label is advertised to all neighbor LSRs,


regardless of whether the neighbors are upstream or
downstream LSRs for the destination.

Receiving Label
Advertisement
LIB on A
Network
LSR label
X
B
25

LIB on C
Network
LSR label
X
B
25

X = 25
A
FIB on A
Network Next hop Label
X
B
25

X = 25
B

25

D
Network X

LIB on E
Network
LSR label
X
B
25

Every LSR stores the received label in its LIB.


Edge LSRs that receive the label from their nexthop also store the label information in the FIB.

Interim Packet
Propagation
Label
Label lookup
lookup is
is performed
performed
in
in LFIB:
LFIB: label
label is
is removed.
removed.

Label
25

IP: X

Lab: 25

LFIB on B
Action Next hop
pop
C

FIB on A
Network Next hop Label
X
B
25

IP: X

IP
IP lookup
lookup is
is performed
performed in
in
FIB:
FIB: packet
packet is
is labeled.
labeled.

Forwarded IP packets are labeled only on the path segments


where the labels have already been assigned.

Further Label Allocation


LIB on C
Network
LSR label
X
B
25
local
47

X = 47
A

C
47

D
Router
Router C
C assigns
assigns label
label
Network
47
47 to
to destination
destination X.
X. X

Label
47

LFIB on C
Action Next hop
pop
D

Every LSR will eventually assign a label for every


destination.

Receiving Label
Advertisement
FIB on B
Network Next hop Label
X
C
47

LIB on B
Network
LSR label
X
local
25
C
47

X = 47
A

FIB on E
Network Next hop
X
C

E
Label
47

C
47

D
Network X

LIB on E
Network
LSR label
X
B
25
C
47

Every LSR stores received information in its LIB.


LSRs that receive their label from their next-hop
LSR will also populate the IP forwarding table
(FIB).

Populating LFIB
FIB on B
Network Next hop Label
X
C
47

LIB on B
Network
LSR label
X
local
25
C
47

X = 47
A

Label
25

B
LFIB on B
Action Next hop
47
C

C
47

D
Network X

Router B has already assigned a label to X and


created an entry in the LFIB.
The outgoing label is inserted in the LFIB after the
label is received from the next-hop LSR.

Packet Propagation Across


an MPLS Network
Label
Label lookup
lookup is
is performed
performed
in
in the
the LFIB,
LFIB, label
label is
is switched.
switched.

Ingress LSR
IP: X

Label
25

Lab: 25

LFIB on B
Action Next hop
47
C

FIB on A
Network Next hop Label
X
B
25

Egress LSR

Lab: 47

Label
47

IP
IP lookup
lookup is
is performed
performed in
in
the
the FIB,
FIB, packet
packet is
is labeled.
labeled.
Label
Label lookup
lookup is
is performed
performed
in
in the
the LFIB,
LFIB, label
label is
is removed.
removed.

IP: X

LFIB on C
Action Next hop
pop
D

Per-Platform Label
Allocation
X = 25
A

B
X=

Label
25

25

LFIB on B
Action Next hop
75
D

D
Network X

An LFIB on a router usually does not contain an incoming


interface.
The same label can be used on any interfaceperplatform label allocation.
LSR announces a label to adjacent LSR only once even if
there are parallel links between them.

Benefits and Drawbacks of


Per-Platform Label Allocation
Label
Label for
for X
X is
is announced
announced
only
only to
to A.
A.

Label
25

X = 25
AA

BB

25
:
b
La

LFIB on B
Action Next hop
75
D

Lab: 47

DD

N e tw o rk X
X
Network

A
A third-party
third-party router
router can
can still
still send
send
packets
packets toward
toward network
network X,
X, even
even though
though
the
the label
label was
was not
not announced
announced to
to it.
it.

Benefits:
Smaller LFIB
Quicker label
exchange

Drawbacks:
Insecureany neighbor
LSR can send packets
with any label in the
LFIB

MPLS VPN Technology

What Is a VPN?
A data network that utilizes a portion
of a shared public network to extend
a customer's private network

What Is a VPN?
Flexible inter-site connectivity
Ranging from complete to partial
mesh
Sites may be either within the
same or in different organizations
VPN can be either intranet or extranet
Site may be in more than one VPN
VPNs may overlap
Not all sites have to be connected
to the same service provider
VPN can span multiple providers

MPLS VPN Connection Model


Site-4
Site-1

VPN-C

VPN-A
Site-2

Site-3

VPN-B

A site belonging to different VPNs may


or MAY NOT be used as a transit point
between VPNs
If two or more VPNs have a common
site, address space must be unique
among these VPNs

Why VPN?
VPNs were developed initially to deal with
security issues of transmitting clear text data
across a network.
Examples of applications that send traffic in a
clear text format are Telnet, file transfers via FTP
or TFTP.
VPN has attracted the attention of many
organizations looking to expand their networking
capabilities, secure their traffic and reduce their
costs.

VPN Categories
There are 3 basic VPN categories:

Intranet
Extranet
Internet

Intranet VPN

An intranet VPN connects resources from the


same company across that company's
infrastructure.

An example of intranet VPN is the


connections between different locations
within a company's infrastructure, such

Extranet VPN

An extranet VPN connects resources from


one company to another company, such as a
business partner.

An example of an extranet is a company


that has outsourced its help desk
functions and sets up a VPN to provide a
secure connection from its corporate

Internet
An Internet VPN uses a public network
as the backbone to transport VPN
traffic between devices.
As an example, you might use the
Internet, which is a public network, to
connect two sites together or have
telecommuters use their local ISPs to
set up a VPN connection to the
corporate network remote access
connections).

VPN Components
The VPN realm consist of the following
regions:
Customer network: Consisted of the
routers at the various customer sites
called customer edge (CE) routers

Provider network: SP devices to


which the CE routers were directly
attached were called provider edge
(PE) routers. SP network might
consist
of
devices
used
for
forwarding data in the SP backbone
called provider (P) routers.

VPN Implementations
There are many ways for the
implementation of VPN such as:

GRE
Ipsec
L2TP

MPLS

MPLS VPN
MPLS VPNs are enhancement to MPLS
MPLS uses a virtual circuit (VC) across
a private network to emulate the VPN
function.
MPLS alone won't solve security
problem; you'll have to complement it
with another VPN solution, such as
IPsec over MPLS
MPLS supports multiple protocols. In
other words, you can use MPLS to tag
IP packets, Ethernet frames, IPX
packets.

VPN Models
The VPN implementations can be
classified broadly into one of the
following:
Overlay model
Peer-to-peer model

Overlay model
The provider did not participate in
customer routing. It provides the
customer with transport of data using
virtual point-to-point links (PVC or SVC).

Overlay model
The drawback of an Overlay model was
the full mesh of virtual circuits between
all
customer
sites
for
optimal
connectivity. N sites need N(N-1)/2
circuits.
Overlay VPNs provides either Layer 1
(physical layer) connectivity or a Layer 2
transport circuit between customer sites
for transportation of Layer 2 frames (or
cells)
which
was
traditionally
implemented using either Frame Relay or
ATM switches .

Peer-to-peer model
The peer-to-peer model was developed to
overcome the drawbacks of the Overlay
model
The service provider would actively
participate in customer routing

Peer-to-peer model
Routing
information
is
exchanged
between the customer routers and the SP
routers.
The peer-to-peer model, consequently,
does not require the creation of virtual
circuits.
Separation of customer-specific routing
information is achieved by implementing
packet filters at the routers connecting to
the customer network.

MPLS VPN Types


BGP/MPLS VPNs (Layer 3 VPNs): Use
extensions to the existing routing
protocol of the Internet (BGP-4) to
interconnect remote locations.
Layer 2 MPLS VPNs: Extends the
customers Layer 2 connectivity across
an MPLS infrastructure. Commonly called
Martini VPNs. An extension to Layer VPNs
also supports Virtual Private Services
(VPLS).

L3 MPLS VPN Architecture


MPLS VPN is an implementation of the
peer-to-peer model.
The MPLS-based
VPN model also
accommodates
customers
usingoverlapping address spaces.
However,
instead
of
deploying
a
dedicated PE router per customer,
customer traffic is isolated on the same
PE router providing connectivity for
multiple customers.
The MPLS VPN backbone and customer
sites exchange Layer 3 customer routing
information.

Components of MPLS VPN


architecture

L3 MPLS VPN Routing Model


The only requirement on the CE router is
a routing protocol or a static route that
enables the router to exchange IPv4
routing information with the connected
PE router.

L3 MPLS VPN Routing Model


PE routers Perform the following tasks:
The PE routers exchange IPv4 routes with
connected CE routers using individual
routing protocol contexts.
It must isolate customer traffic if more than
one customer is connected to the PE router.

L3 MPLS VPN Routing Model


Multiprotocol BGP is configured between PE
routers to carry customer routes.

L3 MPLS VPN Routing Model


P routers provide label switching between
provider edge
routers and are unaware of VPN routes

Virtual Routing and Forwarding


Table (VRF)
VRF is a technology included in IP
network routers that allows multiple
instances of a routing table to exist in a
router and work simultaneously.
This increases functionality by allowing
network paths to be segmented without
using multiple devices. Because traffic is
automatically segregated, VRF also
increases network security and can
eliminate the need for encryption and
authentication.
ISPs often take advantage of VRF to
create separate VPNs for customers;

Virtual Routing and Forwarding


Table (VRF)
The VRF also defines the connectivity
requirements and protocols for each customer
site on a single PE router.
The VRF defines the interfaces on the local PE
router that are part of a specific VPN.

Virtual Routing and Forwarding


Table (VRF)

Virtual Routing and Forwarding


Table (VRF)

Route Distinguisher (RD)


The RD enable overlapping address spaces in
connected customer networks.
Thus, a unique RD is configured per VRF on the
PE router.

Route Distinguisher (RD)

Route Distinguisher
A RD is a 64-bit unique identifier that is
prepended to the 32- bit customer prefix or
route learned from a CE router, which makes it
a unique 96-bit address called VPNv4 address
that can be transported between the PE
routers in the MPLS domain.
A unique RD is configured per VRF on the PE
router.

Route targets (RT)

Route targets (RT)


When a VPN route learned from a CE router is
injected into VPNv4 BGP, a list of VPN route
target extended community attributes is
associated with it.

Route targets (RT)


The export route target is appended to a
customer prefix when it is converted to a
VPNv4 prefix by the PE router and propagated
in MP-BGP updates.

Route targets (RT)


The import route target is associated with each
VRF and identifies the VPN v4 routes to be
imported into the VRF for the specific
customer.

L3 MPLS VPN Operation


Phase 1: Propagation of VPN routes and
distribution of MPLS labels (Control
Plane)
Phase 2: Packet forwarding (Data Plane)

También podría gustarte