Multi-Protocol Label Switching...
Transcript of Multi-Protocol Label Switching...
Computer Networks
Lecture20:
MPLS,andVPN Destination
Source1
Source2
Routercanforwardtrafficforthesame
destinationondifferentinterfaces/paths
Multi-ProtocolLabelSwitching(MPLS)Initialgoal:speedupintra-domainIPforwardingby
usingcircuitidentifiers(fixed-lengthlabels)instead
ofIPaddresses
• borrowideasfromVCapproach
(butIPdatagramstillkeepsIPaddress!)
LabelSwitching:CircuitAbstraction
Label-switchedpaths(LSPs):
• pre-computeapathforeach“flow”• a“flow”canrangefromasingleconnectionto
apairofAPsoraggregatedAPs,etc.
• pathsare“named”bythelabelatthepath’sentrypoint
• eachMPLSrouterusesadifferentlabeltoidentifyaflow
• “downstream”MPLSroutertellsupstreamneighboritslabel
foreachflow
LabelSwapping
Ateachhop,MPLSroutersforwardpacketsto
outgoinginterfacebasedonlyonlabelvalue
(doesn’tevenlookatIPaddress)
• uselabeltodetermineoutgoinginterface
• replaceincominglabelwithneighbor’slabelfortheflow
• MPLSforwardingtabledistinctfromIPforwardingtables
A1 2
3
A 2 D
TagOutNew
D
LabelDistribution
Signalingprotocolneededtosetupforwarding
• responsiblefordisseminatingsignalinginformation• LabelDistributionProtocol(LDP)• RSVPforTrafficEngineering(RSVP-TE)
• allowsforforwardingalongpathsnototherwise
obtainedfromIProuting(e.g.,source-specificrouting)
• mustco-existwithIP-onlyrouters
Destination
Source1
Source2
MPLSEncapsulationPutanMPLSheaderinfrontofIPpacket
• MPLSheaderincludesalabel
PPPorEthernetheader IPheader remainderoflink-layerframeMPLSheader
label ToS S TTL
20bits 3 1 5
IPpacket
MPLSheader
ToS&TTLcopiedfromIP
S:1ifbottomoflabelstack
Network(layer3):IPlayer2.5?:MPLS
DataLink(layer2):Ethernet,FrameRelay,
ATM,PPP,etc.
Physical(layer1)
BGP-FreeBackboneCore
A
B
R2
R1
R3
R4
C
D
12.11.1.0/24
eBGP
iBGP
labelbasedonthe
destinationprefix
RoutersR2andR3don’tneedtospeakBGP
VPNsWithPrivateAddressesWhyVPN?
Customerhasseveralgeographicallydistributedsites• wantsprivatecommunicationsoverthepublicnetwork
• wantsauniqueIPnetworkconnectingthesites• singleIPaddressingplan• virtualleasedlineconnectingthesites• guaranteedqualityofservice
Providershaveoverprovisionedbackbones• wanttosellpseudo-wires(leasedlines)thatallowfor
increasedbackboneutilization
• wanttechnologythathas• lowconfigurationandmaintenancecosts
• isscalabletothenumberofcustomers,i.e.,
corestatesdependontopology,notnumberofcustomers
Recall:Customer-basedVPN
Encryptpacketsatnetworkentryanddecryptatexit
Eavesdroppercannotsnoopthedata
ordeterminetherealsourceanddestination
NetworkVPNs
Customerbased:• customerbuysownequipment,
configuresIPSectunnelsacrossthe
globalInternet,manages
addressingandrouting
• ISPplaysnorole• customerhasmorecontrolover
securityandISPchoices,but
requiresskills
Site Site
Site Site
CE CE
CE CE
Internet
Providerbased:• providermanagesallthe
complexityoftheVPN,
usuallywithMPLS
• customersimplyconnectstothe
providerequipment
Site Site
Site Site
ISP PE PE
PE PE
CE
CE CE
CE
TypesofMPLSRouters
Customeredge(CE)routers:
• donotspeakMPLS,donotrecognizelabelsatall
• speakeBGPwithMPLSroutersonprovidernetwork
toadvertiseAPs
• orstaticallyconfiguredwithallocatedAPs
advertises
12.11.1.0/24 usingeBGP
reachabilityof
12.11.1.0/24 advertisedusingeBGP
CE CEA B C D
MPLSRouters
Providerrouters:
• provideredge(PE):routersAandE• push(atingress)orpop(ategress)labelontostack
• forwardIPpacketsto/fromcustomerrouters
• core(P):routersB,C,andD• swap(pop+push)labelontopofstack
• doesn’tinteractwithcustomerrouters
advertises
12.11.1.0/24 usingeBGP
reachabilityof
12.11.1.0/24 advertisedusingeBGP
CE CEA B C D
inner
label
Provider-basedVPNLayer3BGP/MPLSVPNs(RFC2547)• providesisola,on:mul,plelogicalnetworksoverasingle,sharedphysicalinfrastructure
• usesBGPtoexchangeroutes
• eBGPtoannounceAPs
toPErouters
• MPLStoforward
traffic
• tunneling:Pcoreroutersdon’thave
todorouting,just
labelswitching
PEedge
router
PEedge
router
Pcore
router
CEcustomer
router
CEcustomer
router
High-LevelOverviewofOperation
IPpacketsarriveatprovider
edge(PE)router
DestinationIPlookedupin
“virtual”forwardingtable• therearemultiplesuchtables,
onepercustomer
Datagramsenttocustomer’snetworkusing
tunneling(i.e.,anMPLSlabel-switchedpath)
ToUseLevel3BGP/MPLSVPN
Twostepsneeded:
1. setuptheVPN
2. forwardpacketsontheVPN
IdentifyingaBGP/MPLSVPN
ThreethingsareneededtoidentifyaBGP/MPLSVPN
1. innerlabel:awayfortheprovideredge(PE)routersateach
endofaVPNtoassociateaVPNwithitsowner’scustomer
edge(CE)router
2. VPN-APs:awayforthecustomer’saddressprefixes(APs)to
beadvertisedbyBGP
• theissueis:sincecustomerscanuseprivateaddressranges(10/8,172.16/12,and192.168/16),howtodifferentiatethesameprivate
addressrangethathasbeenchosenandusedbydifferentcustomers?
3. outerlabel:theMPLSlabelsusedbyprovider’score(P)
routerstoidentifyaVC
Setup:InnerLabelProvider-edge(PE)routers:
• setupaVirtualRoutingandForwarding(VRF)
tableforeachcustomerAP
• theVRFIDservesastheinnerlabelfortheVPN
VRFID:C1
VRFID:C2
10.0.1.0/24 VPNID(RD):Tan
10.0.1.0/24 VPNID(RD):Salmon
10.0.1.0/24
10.0.1.0/24
Customer1
Customer2
Setup:VPN-APsProvider-edge(PE)routers:
• useMulti-ProtocolBGP’sRouteDistinguisher(RD)asthe
VPNIDtodifferentiatethesameAPsofdifferentcustomers
• useMP-BGPtoannounceVPN-APsreachability,alongwith
theirinnerlabels
• runsiBGPtootheredgerouterstodistributeVPN-APreachabilities
VRFID:C1
VRFID:C2
10.0.1.0/24 VPNID(RD):Tan
10.0.1.0/24 VPNID(RD):Salmon
10.0.1.0/24
10.0.1.0/24
Customer1
Customer2
Setup:OuterLabelBothprovider-edge(PE)andcore(P)routers:
• runMPLS
• useLDP(LabelDistributionProtocol)tosetupouterlabelsforforwarding
• thePErouteradvertisingacustomerAP(i.e.,the“destination”oregress
router)initiatesLDPtodistributelabels
22
inner
label
TouseLevel3BGP/MPLSVPN
Twostepsareneededtousealevel3BGP/MPLSVPN:
1. SetuptheVPN
2. ForwardpacketsontheVPN
ForwardinginBGP/MPLSVPNs
Step1:packetarrivesfromCErouteratPErouter’s
incominginterface• lookupcustomer’sVRFtodetermineegressPEandinner
label(LabelI)
Step2:egressPElookup,addcorrespondingouterlabel(LabelO,alsoatcustomer’sVRF)
IPDatagramLabel
I
IPDatagramLabel
ILabel
O
Forwarding
IngressPErouterencapsulatesIPpacketinMPLSwithouterandinnerlabels
Two-labelstackisusedforpacketforwarding• toplabelindicatesnext-hopProuter(outerlabel)• secondlabelindicatesoutgoingCEinterface/VRF(innerlabel)
IPDatagramLabel
ILabel
OLayer2Header
Correspondstolabelof
next-hop(P)
CorrespondstoVRF/
interfaceatexit
ForwardingonBGP/MPLSVPNsSourceCEroutersendsIPpackettoingressPErouter
thatadvertisesdestinationAP
IngressPErouterlooksupegressPErouter’svirtual
interfaceaddressandtheinnerlabelfordestinationAP,
thenencapsulatesIPpacketinMPLSwithouterand
innerlabels
CoreProutersalongthepathswapouterlabels
PenultimatecoreProuterpopouterlabelonly
EgressPErouterusesinnerlabeltolookupVRFand
forwardpackettocustomerCErouter
PacketForwarding
AdvantagesofMPLSVPNCustomer’saddingorchangingAPsdoesnotrequire
manualconfigurationatprovider
CoreProutersdonotneedtoknowcustomer’sCE
routersorAPs⇒forwardingtablesonlyneedtoscale
tonumberofedgePErouters,notnumberof
customers,APs,orVPNs
Theonlymanualconfigurationsrequiredareatthe
edgePErouters:• VRFIDandcustomer’sCErouter’sIPaddress
• MP-BGPRouteDistinguisherasVPNID
StatusofMPLSDeployedinpractice
• BGP-freebackbone/core
• VirtualPrivateNetworks
• Trafficengineering
Challenges
• protocolcomplexity
• configurationcomplexity
• difficultyofcollectingmeasurementdata