Cisco MPLS portfolio napredne generacije u SBB mreži · Cisco MPLS portfolio napredne generacije u...

Cisco MPLS portfolio napredne generacije u SBB mreži

Dragoljub SpasojevidLeading Network Engineer

Department of IP operationsSerbia BroadBand

Cisco ISP & Cable konferencijaBeograd, 16.06.2011

Osnovne informacije o kompanijiOsnovne informacije o IP/MPLS mreži i INTERNET topologija ASR9K u lab okruženju Instalacija ASR-a u Bosni (Telemach BH) ASR9k u SBB mreži (Interxion Beč) – IGW & MPLS PE ASR9k u SBB mreži – MPLS PEME6524 i ME-3600X u SBB mreži – MPLS PE

AGENDA

Vodedi kablovski operater u regionu Jedan od najznačajnijih ISP i servis provajdera u Srbiji Nacionalna pokrivenost Ponuda širokog spektra servisa za rezidencijalne i poslovne korisnike Regionalno (IP) prisustvo: Slovenija (Telemach Si), BiH (Telemach BH), Hrvatska Brendovi: D3, Total TV, SPORT Klub, Video Zona, SBB HotSpot

KO SMO MI ?

>2500 km FO (HFC, wireless mreže)

28 gradova u Srbiji

Regionalno: Srbija, Slovenija, Bosna, Hrvatska, Crna Gora, Makedonija ...

KO SMO MI ?

KO SMO MI ?

Osnovan 2002 godine.Vlasnik akcija: Investicioni fond “Mid Europa partners” od juna 2007

Osnovna HFC mreža kapaciteta: 750.000 Home passedServisi:- Cable TV (preko 70 TV programa u osnovnom paketu) - Digital TV (“D3” brand sa preko 100 TV programa + 50 radio programa) servis- VOD (“Video Zona”) servis – video na zahtev- DTH (“Total TV” brand) servis prisutan u Srbiji, Crnoj Gori, Sloveniji, Bosni i Hercegovini i Hrvatskoj, a prodaje se preko partnera u Austriji i Makedoniji.

- Internet (Cable, ADSL, Ethernet leased line)- VPNs (MPLS/VPNs, IPSec VPN)

Preko 95% kablovskih korisnika je spremno za Internet servis (dvosmerna HFC mreža)Cable Internet: >130.000 korisnika

•Flat i tarifni paketi, •Prepaid i Postpaid tipa pladanja•Rezidencijalni i Biznis profil paketa

Preko 250 Biznis korisnika sa Ethernet pristupom preko optičkog ili UTP kabla ima iznajmljenu fiksnu Internet konekciju.HotSpot u Srbiji - “SBB CaffeNetwork” sa preko 100 HotSpot lokacija sa besplatnim pristupom.Ukupni protok broadband saobradaja u SBB pristupnoj mreži dostiže 12/3 Gb/s Beograd, 6/2 Gb/s Srbija i 7/2 Gb/s Vojvodina.Uspostavljen je Peering sa najrelvantnijim domadim ISP-ovima (Eunet, BeotelNET, Orion, YUBC, B92Net, Neobee, Akademska mreža, Telenor, Verat).

GRUPE SERVISA

U osnovi svih SBB servisa se nalazi HFC (Hibryd Fiber-Coax) mreža na fizičkom nivou. Za razliku od IP servisa koja za deo svoje mreže koristi i iznajmljene kapacitete Telekoma, za transportne servise se koristi isključivo sopstvena optička mreža kablova i transportna oprema bazirana na DWDM platformi. Na ovoj platformi se grade grupe servisa:

UMUX mreža i TDM servisi:leased line digitalni vodovi tipa tačka-tačkakapaciteta E1, NxE1, E3, STM1, STM4, STM16 i STM64SBB pristupne tačke u Beogradu,Novom Sadu, Nišu,Kragujevcu ...Nezavisni međunarodni iznajmljeni vodovi u Evropi

FC mreža i Disaster recovery servisi:FiberChannel (FC) leased line preko DWDM mreže kapaciteta 1Gb, 2Gb i 4Gb sa (ring topologija) ili bez zaštitne putanjeTelehouse/Co-Location servisi

MPLS mreža i IP servisi:InternetVPNsIPSec VPN over InternetManaged servisiMulticast video distribucija

Video distribucija preko satelita

IP MPLS MREŽA

MPLS mreža je multiservisna platforma koja podržava sve IP bazirane servise u SBB-u. Nova MPLS platforma je u funkciji sa prvim korisnikom od novembra 2006. Struktura:

•Sopstvena optička i DWDM platforma (17 gradova).

•Iznajmljeni Telekom kapaciteti (9 gradova) u Srbiji.

•Zakup internacionalnih kapaciteta

• MPLS mreža u Beču (SBB) i Sarajevu (Telemach BA)

• VPN prisustvo u Ljubljani/Mariboru (Telemach), Zagrebu (partner).

Performanse:MPLS mreža: 45 POP-ova u 28 gradova u Srbiji. Međunarodno prisustvo u 4 države.Core capacitet: 10Gig i NxGigabit Ethernet (na DWDM i/ili pure optical platformi)Access:

•Cable: Svi CMTS-ovi u MPLS gradovima su uključeni kao PE ili VRF lite ruteri

•Ethernet: više desetina L2 metro svičeva u distribuiranoj arhitekturi

•ADSL: ADSL ruter PPPoE terminacija u korisnikov VRF (VPN)

•Dedicated Wireless: WiFi 5,4MHz (AbsolutOK partner) bridge na VRF (VPN)Tier 1 Internet upstream na 4 x 10GE (4 fizički različite putanje), regionalni peering, Google Global Cache

INTERNET TRENUTNO STANJE

• Tri dobavljača (upstream – “Tier 1” ISP) u četiri pravca kapaciteta 4xSTM64: 2xTelia, Global Crossing i Tinet.

• U toku realizacija nxSTM64 upstream kapaciteta.

• Prisustvo u VIX-u. DE-CIX u planu.

• Veleprodaja (downstream ISP) dostigla 4Gb/s i 31 “Tier 3” IP tranzitnih korisnika.

• Peering razmena u Srbiji prelazi 700Mbps, ukupna razmena >1.5Gbps.

• Veliki rast prosečnog protoka po broadband korisniku.

IOS XR PLATFORME

CRS GSR ASR

IOS XR (neke) razlike u odnosu na IOS

- Ne postoji User EXEC i Privileged EXEC mod.- Nakon logovanja ulazi se u privilegovani EXEC mod. Dostupne komande zavise od

privilegija korisnika. - Umesto privilege level 1-15 kod IOSa, postoji fleksibilniji sistem privilegija.- Taskovi su grupisani u task grupe. - Korisnici pripadaju grupama korisnika. Određenim grupama korisnika je dodeljeno pravo

izvršavanja taskova iz pripadajucih task grupa.- Komandom "configure" (parametar "terminal" nije neophodan) se ulazi u global

configuration mod. Iz global configuration moda mogu da se izvrsavaju ”show” komande.- Svaka izmena konfiguracije mora da se potvrdi sa "commit“.- Mogude je poništiti neku raniju izmenu (rollback).- Servisi kao sto su CDP, Telnet su po defaultu isključeni.- Interfejsi sa default konfiguracijom se ne vide u ispisu "show running-config“.- eBGP ne razmenjuje podatke o rutama dok se ne primeni polisa (makar bilo samo "pass")- Umesto route-map koristi se RPL.- Konfiguracija ruting protokola vezana za interfejs nalazi se pod router xxx, ne pod interface xxx.

ASR9K LAB TEST

• ASR kao P/PE u MPLS mreži

• ASR kao IGW (IPv4 i IPv6)

• Multicast rutiranje

• Funkcionalnosti L2VPN, L3VPN, VPLS, OAM, BFD

• L2 f-je : QinQ, port mirroring, port bundling

• Ruting protokoli : OSPF, BGP, IS-IS

• Mcast: PIM, IGMPv2/3, SSM ( static and dynamic mapping ), IGMP snooping

• QOS: Classification, Marking, Congestion Management Tools i Policing and Shaping.

• Management : ACL access, SNMP, SYSLOG and AAA

• Video monitoring : VIDMON (posebna licenca, CBR)

ASR KAO IGW & MPLS P/PE TAČKA

HW CONFIG

- 2 x A9K-RSP-4G

- 2 x A9K-2T20GE-L


HW CONFIG

- 2 x A9K-RSP-4G

- 2 x A9K-2T20GE-L

- 1 x A9K-4T-L

BOSNA conf t

RP/0/RSP0/CPU0:sa-he-m-1#sh run int bundle-ether 2.2

interface Bundle-Ether2.2 l2transport

description bh-mgt

encapsulation dot1q 2

RP/0/RSP0/CPU0:sa-he-m-1#sh run int bundle-ether 3.2

interface Bundle-Ether3.2

description bh-mgt

vrf bh-mgt

ipv4 address 192.168.176.1 255.255.255.0


RP/0/RSP0/CPU0:sa-he-m-1#sh run int Gi0/0/0/5

interface GigabitEthernet0/0/0/5

description LINK sa-he-s-1

cdp

RP/0/RSP0/CPU0:sa-he-m-1#sh run int Gi0/0/0/5.2

interface GigabitEthernet0/0/0/5.2 l2transport

description bh-mgt


BOSNA conf t

RP/0/RSP0/CPU0:sa-he-m-1#show running-config l2vpn l2vpnbridge group telemach

bridge-domain 2


interface GigabitEthernet0/0/0/5.2

bridge-domain 70

igmp snooping profile snoop

interface Bundle-Ether2.70interface GigabitEthernet0/0/0/5.70

conf t

RP/0/RSP0/CPU0:sa-he-m-1(config)#igmp snooping profile snoop

access-group Configure group membership filter

group Configure group membership limits

minimum-version Configure minimum IGMP version (default 2)

querier Configure IGMPv2 Querier information

static Configure static group membership on a port

BOSNA conf t

control-plane

management-plane

inband

interface Bundle-Ether1

allow all peer

address ipv4 77.77.196.0/23

address ipv4 77.78.192.0/24

address ipv4 89.216.0.0/21

!

policy-map 50mbps

class class-default

shape average 50 mbps

end-policy-map



service-policy output 50mbps

service-policy input 50mbps

BOSNA conf t

route-policy UPSTREAM-OUT

if destination in pl-upstream-blackhole then

set community upstream-blackhole

elseif destination in pl-upstream-out and as-path is-local then

if destination in pl-upstream-prepend-out then

prepend as-path 42560 1

endif

pass

else

drop

endif

end-policy

BOSNA conf t

ipv4 access-list SSM

10 permit ipv4 224.0.0.0/4 any

!

ipv4 access-list wisi2

10 permit ipv4 host 239.255.2.2 any

!

multicast-routing

address-family ipv4


enable


enable

!

log-traps

ssm range SSM

!

router igmp

ssm map static 77.77.198.2 wisi2

version 3

router pim

address-family ipv4

old-register-checksum


enable

!


enable

!


enable

!


enable

!

!

!

end

ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI

HW CONFIG

- 2 x A9K-RSP-4G

- 2 x A9K-2T20GE-L

- 1 x A9K-4T-L

INTERNET TOPOLOGIJA BASR.


Funkcionalnosti ASR 9K u “Interxion Wien”

• IGW – agregacija nx10Ge WAN linkova

• MPLS P/PE – nx10Ge linkova ka koru

• MCAST – rutiranje mcast saobradaja za BH,SLO,HR

• L2VPN – transport do krajnjih tačaka u Srbiji

• L3VPN – transport do krajnjih tačaka u Srbiji

• (M)BGP – BGP sesije sa UPSTREAM provajderima (IPv4 i IPv6), IGW u BG i (m)BGP RR u BG, peering BGP sesije

• OSPF – IPv4 i IPv6

INTERNET TOPOLOGIJA


router static

address-family ipv4 unicast

89.216.7.99/32 Null0

ipv4 prefix-list blackhole

10 permit 0.0.0.0/0 eq 32

community-set cm_delete

ios-regex '.*31042:1...._.*$'

end-set

community-set blackhole

31042:999

end-set

route-policy COMUTEL-IN

if community matches-any cm_delete then

delete community in cm_delete

elseif destination in bogons then

drop

elseif destination in pl-comutel-in and as-path in comutel then

set community customers additive

set local-preference 300

pass

elseif community matches-any blackhole and as-path in comutel then

set community blackhole

set next-hop 89.216.7.99

pass

endif

end-policy


community-set blackhole-tinet

3257:2666

end-set

prefix-set pl-upstream-sbb-out

# SBB

82.117.192.0/19,

87.116.128.0/18,

89.216.0.0/16,

94.189.128.0/17,

178.148.0.0/15,

188.2.0.0/16

end-set

prefix-set pl-tinet-prepend-out

178.148.0.0/15,

188.2.0.0/16

end-set

route-policy TINET-OUT

if destination in pl-upstream-sbb-out then

if destination in pl-tinet-prepend-out then

prepend as-path 31042 2

set community (3257:2991) additive

endif

if community matches-any blackhole then

set community blackhole-tinet

endif

pass

elseif destination in pl-upstream-out and community matches-any customers then

pass

endif

end-policy


route-policy TELIA-OUT

if destination in pl-upstream-sbb-out then

set med 0

if destination in pl-telia-prepend-out then

set med 100

endif

if community matches-any blackhole then

set community blackhole-telia

endif

pass

elseif destination in pl-upstream-out and community matches-any customers then

delete community in cm_delete

pass

endif

end-policy


prefix-set OSPF-1-U-289.216.3.0/24 le 32,89.216.5.232/30,89.216.7.0/24 le 32,89.216.12.0/24 le 32,89.216.14.0/23 le 32

end-set!prefix-set OSPF-2-U-177.77.193.0/24 le 32,77.77.196.0/24 le 32,77.77.198.0/23 le 32,10.184.0.0/13 le 24

end-set

route-policy OSPF-1-U-2if destination in OSPF-1-U-2 then

passelse

dropendif

end-policy!route-policy OSPF-2-U-1if destination in OSPF-2-U-1 then

passelse

dropendif

end-policy

router ospf 1log adjacency changes detailrouter-id 89.216.7.244default-information originate always metric 10redistribute connectedredistribute staticredistribute ospf 2 route-policy OSPF-2-U-1area 0interface TenGigE0/0/0/1network broadcast

!interface TenGigE0/1/0/1network broadcast

!!!router ospf 2log adjacency changes detailrouter-id 89.216.7.244distribute-list OSPF-2-U-1 inredistribute connected route-policy OSPF-1-U-2redistribute ospf 1 route-policy OSPF-1-U-2area 0interface GigabitEthernet0/1/0/0.850network point-to-point

!!!

ASR KAO MPLS PE TAČKA U SBB MREŽI

HW CONFIG

- 2 x A9K-RSP-4G

- 2 x A9K-2T20GE-L



description ggc 1

l2transport


description ggc1 #1

bundle id 11 mode active


description ggc1 #2

bundle id 11 mode active

interface BVI1

description ggc

ipv4 address 89.216.2.193 255.255.255.192

l2vpn

bridge group ggc

bridge-domain ggc


!

interface Bundle-EtherXX

!

routed interface BVI1

!

!

!

ASR (IOS XR) vs 760X (IOS) – L2VPN config

interface GigabitEthernet4/0/0.701

description test asr - l2vpn

encapsulation dot1Q 701

xconnect 89.216.7.90 992 encapsulation mpls

End

bg-du-m-1#show mpls l2transport vc 992

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

Gi4/0/0.701 Eth VLAN 701 89.216.7.90 992 UP

interface Bundle-Ether2.3 l2transportencapsulation dot1q 3rewrite ingress tag pop 1 symmetric

l2vpnxconnect group ciscop2p testasrinterface Bundle-Ether2.3neighbor 89.216.7.22 pw-id 992

RP/0/RSP0/CPU0:ASR9000#show l2vpn xconnect interface bundle-ether 2.3Tue Oct 26 10:50:48.782 UTCLegend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,

LU = Local Up, RU = Remote Up, CO = Connected, SB = Standby

XConnect Segment 1 Segment 2 Group Name ST Description ST Description ST------------------------ ------------------------- -------------------------cisco testasr UP BE2.3 UP 89.216.7.22 992 UP

ASR (IOS XR) vs 760X (IOS) – L3VPN config

interface GigabitEthernet4/0/0.700

description test asr - sbb-mgt

encapsulation dot1Q 700

ip vrf forwarding sbb-mgt

ip address 192.168.136.241 255.255.255.240

router bgp 31042

bgp log-neighbor-changes

neighbor 89.216.7.1 remote-as 31042

neighbor 89.216.7.1 update-source Loopback0

address-family vpnv4

neighbor 89.216.7.1 activate

neighbor 89.216.7.1 send-community extended

address-family ipv4 vrf sbb-mgt

no synchronization

redistribute static

redistribute connected

interface Bundle-Ether2.2vrf sbb-mgtipv4 address 192.168.136.225 255.255.255.240encapsulation dot1q 2

router bgp 31042address-family vpnv4 unicastneighbor 89.216.7.1remote-as 31042password encrypted 06120A32584F1A0Bupdate-source Loopback0address-family vpnv4 unicast

vrf sbb-mgtrd 31042:2address-family ipv4 unicastredistribute connected

ASR (IOS XR) vs 760X (IOS) – BFD config

bg-du-m-1# sh run in te8/2

interface TenGigabitEthernet8/2

description ASR9000 test

mtu 1550

ip address 89.216.8.202 255.255.255.252

ip pim sparse-mode

ip ospf network point-to-point

ip ospf bfd

mpls ip

bfd interval 50 min_rx 50 multiplier 3

bg-du-m-1#show bfd neighbors

NeighAddr LD/RD RH/RS State Int

89.216.8.201 1/589826 Up Up Te8/2

bg-du-m-1#

router ospf 1interface TenGigE0/0/0/0

bfd minimum-interval 50bfd fast-detectbfd multiplier 3network point-to-point

RP/0/RSP0/CPU0:ASR9000#show bfd session Interface Dest Addr Local det time(int*mult) State

Echo Async-------------------- --------------- ---------------- ---------------- ---------Te0/0/0/0 89.216.8.202 150ms(50ms*3) 6s(2s*3) UP

Razlike u odnosu na standardne ruting mehanizme (hello paketi, tajmeri...):

- L2 protokol za detekciju dvosmerne komunikacije između susednih rutera;- BFD paketi su veličine 24 bajta, plus UDP i IP header;- Ne optereduje control-plane (na distribuiranim arhitekturama rutera);- Omogudava brže vreme konvergencije.

IOS XR 4.0.1 vs IOS v15.1.1S1 – CPU USAGE

ME 6524 u SBB mreži

U SBB IP/MPLS infrastrukturi se

koristi kao PE za “manje” HUB-ove.

Koristi se za terminaciju L2VPN i

L3VPN korisnika kao i INTERNET korisnika.

Tehnologije

L2 : IEEE 802.1Q, IEEE 802.3ad (PAgP),

IEEE 802.1Q Tunneling, VTP

IPv4 routing : Static Routing, OSPF (graceful restart),

mBGPv4, BFD

Multicast : IGMP (v2, v3), IGMP Snooping,

PIM, PIM-SM, PIM-SSM,PIM Snooping

IPv6 routing : Native IPv6, OSPFv3, ICMPv6

ME 3600X u SBB mreži

Tehnologije

L2 : IEEE 802.1Q, IEEE 802.3ad (PAgP),

IEEE 802.1Q Tunneling, VTP

IPv4 routing : OSPF (graceful restart),

mBGPv4, BFD

Multicast : IGMP (v2, v3), IGMP Snooping,

PIM, PIM-SM, PIM-SSM,PIM Snooping

NO IPv6 support (septembar 2011)

Novo u odnosu na ME6524:

Ethernet Virtual Connections (EVCs)

Hierarchical VPLS (H-VPLS)

Napredniji QOS i OAM


Metro IP Access Advanced Metro IP Access

Layer 2 (EVC, 802.1Q) All features in METROIPACCESS plus:

IP Routing (RIP, OSPF, EIGRP, IS-IS, BGP) and BFD

MPLS

PIM (SM, DM, SSM), SSM mapping MPLS traffic engineering (TE) and Fast Reroute (FRR)

Ethernet OAM (802.1ag, 802.3ah, E-LMI) MPLS OAM

MST, REP, Flexlink MPLS VPN

Synchronous Ethernet Ethernet Over MPLS (EoMPLS)

Multi-VRF CE (VRF-lite) with service awareness (ARP, ping, SNMP, syslog, traceroute, FTP, TFTP)

Pseudowire redundancy


bg-vi-m-1#show license

Index 1 Feature: AdvancedMetroIP

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Priority: Medium

License Count: Non-Counted

Index 2 Feature: MetroIPAccess

Period left: 0 minute 0 second

Index 3 Feature: 10GEUpgrade

Period left: Life time

License Type: Permanent

License State: Active, In Use

License Priority: Medium

License Count: Non-Counted

ZAKLJUČAK

HVALA NA PAŽNJI

Cisco MPLS portfolio napredne generacije u SBB mreži · Cisco MPLS portfolio napredne generacije u...

Documents

Transcript of Cisco MPLS portfolio napredne generacije u SBB mreži · Cisco MPLS portfolio napredne generacije u...