PWE + VPLS Yaakov (J) Stein June 2006 Chief Scientist RAD Data Communications.
-
Upload
meghan-bridges -
Category
Documents
-
view
214 -
download
1
Transcript of PWE + VPLS Yaakov (J) Stein June 2006 Chief Scientist RAD Data Communications.
PWE + VPLSPWE + VPLS
Yaakov (J) Stein June 2006Chief ScientistRAD Data Communications
Y(J)S PWE-VPLS Slide 2
ContentsContents Interworking VPNs PWs TDM PWs Ethernet PWs Other PWs PWE control protocol L2VPNs LDP vs. BGP Provisioning VPLS Generalizations L3VPNs
Y(J)S PWE-VPLS Slide 3
InterworkingInterworking
Y(J)S PWE-VPLS Slide 4
Tunneling - interworkingTunneling - interworking
mating different network protocols is called interworking
protocol converter goes by various names :– interworking function (IWF)– gateway (GW)
simplest case is network interworkingeasily provided by tunneling
nativenetwork
nativenetwork
infrastructurenetwork
Y(J)S PWE-VPLS Slide 5
Tunneling - provider networksTunneling - provider networks
users traditionally have private networks
they interconnect their sites using leased lines– no contention with outside users– guaranteed privacy– complex and costly maintenance
service providers (SPs) can provide virtual private networksprovided by (once again by) tunneling edge-to-edge
customernetwork
customernetwork
leased line
Y(J)S PWE-VPLS Slide 6
Basic emulation by tunnelingBasic emulation by tunneling
customernetwork
customernetworkphysical link
customernetwork
customernetwork
emulated link
providernetwork
provider network edge provider network edge
end to end
edge to edge
Y(J)S PWE-VPLS Slide 7
Interworking motivationInterworking motivationthere are many different types of network traffic (voice, video, file-xfer, etc)
all types fall into one of three classes:– Real-time constant bit-rate– Real-time variable bit-rate– Non-real-time (packet)
there are many different types of network (IP,ATM,FR,Eth,etc)
most were originally designed for a specific type of traffic
providers with one type of network infrastructure want to fully exploit it they desire to carry all types of network traffic
Y(J)S PWE-VPLS Slide 8
Service InterworkingService Interworking
Service interworking:
direct conversion between 2 native service formats
serviceinterworking
function
NativeService
A
NativeService
B
Y(J)S PWE-VPLS Slide 9
VPNsVPNs
Y(J)S PWE-VPLS Slide 10
Conventional Ethernet-IP modelConventional Ethernet-IP model
conventional model:
Ethernet is a LAN technology – last 100m– 10s of hosts
IP is a WAN technology– data transported in native IP– different L2 technologies for last segment
modern Ethernet wants to be more
IPEthernet Ethernet
Y(J)S PWE-VPLS Slide 11
Virtual Private NetworksVirtual Private Networks
SPs want to offer customers site interconnect service
since the private networks are interconnected overa public PSN this results in a Virtual Private Network
unlike the traditional WAN architecturethe entire native packet/frame must be tunneled
Example: Transparent LAN Service (TLS)
serviceprovider network
Y(J)S PWE-VPLS Slide 12
Basic (L2,L3)VPN modelBasic (L2,L3)VPN model
ProviderEdge
(PE)
CustomerEdge
(CE)
providernetwork
customernetwork
ProviderEdge
(PE)
CustomerEdge
(CE)
customernetwork
customernetwork
customernetwork
physical link
AC = Attachment Circuit AC = Attachment Circuit
emulated link
provider network may be L3 (e.g. IP) or L2 (e.g. Ethernet)
Y(J)S PWE-VPLS Slide 13
(L2,L3)VPN in more detail(L2,L3)VPN in more detail
customer 2 networkcustomer 1 network
C C
C
CC
C
CC
C
CE
PPE
PP
CE
PE
P
P
CEprovider network
customer 2 network customer 1 network
KeyC Customer router/switchCE Customer Edge router/switchP Provider router/switchPE Provider Edge router/switch
CCE
C
C
Y(J)S PWE-VPLS Slide 14
L3 encapsulationL3 encapsulationfor simplicity, let’s think of an IP network :
the traditional architecture uses the following packet formats:
a VPN model (Ether-IP) uses the following packet formats:
Eth hdr IP hdr payload Eth FCS Eth hdr IP hdr payload Eth FCS
IP hdr payloadWAN L2 hdr
WAN
WAN
Eth hdr IP hdr payload Eth FCS Eth hdr IP hdr payload Eth FCS
IP hdr payloadWAN L2 hdr Eth hdr Eth FCS*IP hdr
Y(J)S PWE-VPLS Slide 15
VPN ChallengesVPN Challenges
Security
Private IP addresses
Multiple higher-layer protocols
SP resource requirements
Complex provider - customer relationship
192.115.243.19
192.115.243.19 192.115.243.79
SP network
Y(J)S PWE-VPLS Slide 16
MPLS solves IP address problemMPLS solves IP address problem
assume customers 1 and 2 use overlapping IP addresses
then C-routers have inconsistent tables
ingress PE-router pushes a label
P-routers see only MPLS label
P-routers don’t see IP addresses - no ambiguity
P-routers see only the MPLS label - not LAN IP addresses
PE routers know how to map CE LANs
MPLS label
IP header
payload
192.115.243.19
192.115.243.19
MPLS network
2
1
1
Y(J)S PWE-VPLS Slide 17
VPN typesVPN types Legacy
– proprietary leased-line (not virtual)– Frame Relay over E1/T1– ATM over E1 or multiple-E1
Pure IP– IPSec tunnel– L2TP tunnel
MPLS L3VPN– RFC4364 (ex 2547bis)
MPLS L2VPN– VPWS / VPLS
Y(J)S PWE-VPLS Slide 18
PseudowiresPseudowires
Pseudowire (PW): Pseudowire (PW): A mechanism that emulates the A mechanism that emulates the essential attributes of a native service while transporting essential attributes of a native service while transporting over a packet switched network (PSN)over a packet switched network (PSN)
Y(J)S PWE-VPLS Slide 19
PseudowiresPseudowires
Packet Switched Network (PSN)– network that forwards packets– IPv4, IPv6, MPLS, Ethernet (although IETF does not touch)
a pseudowire (PW) is a mechanism to tunnel through a PSN
PWs are bidirectional (unlike MPLS LSPs)
PW architecture is an extension of VPN architecture
Y(J)S PWE-VPLS Slide 20
Pseudowire EmulationPseudowire EmulationEdge to EdgeEdge to Edge
ProviderEdge
(PE)Customer
Edge
(CE)
CustomerEdge
(CE)
CustomerEdge
(CE)
nativeservice
provider’sPSN
PseudoWires (PWs)
CustomerEdge
(CE)
CustomerEdge
(CE)
ProviderEdge
(PE)nativeservice
Y(J)S PWE-VPLS Slide 21
Provider Network ArchitectureProvider Network Architecture
nativeservice
A tunnel may contain many PWs
nativeservice
PE
router
P router
P router
P router
PE
router
P router
provider network is composed of: • Provider routers (P routers)• Provider edge routers (PE routers)
Y(J)S PWE-VPLS Slide 22
IETF PWE3 WGIETF PWE3 WG
In the Internet Area of the Internet Engineering Task Force
Native (layer 1,2) services : ATM (port mode, cell mode, AAL5-specific modes) FR Ethernet (DIX, 802.3, VLAN) TDM (SONET/SDH, E1, T1, E3, T3) …
Supported Packet Switched Networks (PSNs) IPv4 IPv6 MPLS L2TPv3 (not Ethernet …)
Y(J)S PWE-VPLS Slide 23
PWE3 WG CharterPWE3 WG Charter
Edge-to-edge emulation and maintenance of PWs– tunnel creation and placement out of scope
Network interworking, not service interworking Must not exert controls on underlying PSN
– but diffserv, RSVP-TE can be used
Use RTP when necessary– for real-time functions, clock recovery
Realize that emulation will not be perfect– need applicability statement for each native service
WG will produce the following documents– requirements (RFC 3916), architecture (RFC 3985) documents– control protocol definition– service specific encapsulation documents for each native service
Y(J)S PWE-VPLS Slide 24
MPLSMPLS
Much of the PWE work is focused on MPLS Emulated services have QoS and TE requirements
– IP is basically a “best effort” service– diffserv and RSVP extensions not prevalent– MPLS can provide TE guarantees – RSVP-TE (CR-LDP) allows TE signaling
IP provides no standard “bundle” multiplexing method– UDP/TCP ports provide application multiplexing– RTP uses ports in a nonstandard way– L2TP includes a multiplexing mechanism– MPLS label stack provides natural multiplexing method– Using “inner labels” provides two layers of switching (like ATM VP/VC)
MPLS-f inner label outer label(s)Dictionary: ITU-T interworking label transport label(s)
IETF PW label tunnel label(s)
Y(J)S PWE-VPLS Slide 25
Simple MPLS solutionSimple MPLS solution
each customer network mapped to pair of (unidirectional) LSPs
supports various AC technologies
each native packet/frame encapsulated with MPLS label
scaling problem: requires large number of LSPs P-routers need to be aware of customer networks
P PEPE P
CE
CE
CECE
CE
CEACs ACs
Y(J)S PWE-VPLS Slide 26
(Martini) Pseudowires(Martini) Pseudowires
transport MPLS tunnel set up between PEs
multiple PWs may be set up inside tunnel
Native packet/frame encapsulated with 2 labels
P-routers are unaware of individual customer networks
PW (inner) label
payload
MPLS (outer) label
transport tunnelPE
CE
CE
CE
PE
CE
CE
CE
PWs are bidirectional
ACs ACs
Y(J)S PWE-VPLS Slide 27
PWE packet formatPWE packet format
PSN / multiplexing
optional RTP header
optional control word (CW) higher layers
payload
Y(J)S PWE-VPLS Slide 28
Example formatsExample formats
tunnel label(s)
PW label
controlword
Payload
MPLS PSN
IP header (5*4 B)
session ID (4 B)
optional cookie (4 or 8 B)
control word (4 B)
payload
L2TPv3 PSN
Y(J)S PWE-VPLS Slide 29
PWE Control WordPWE Control Word
0 0 0 0 – Identifies packet as PW (not IP)– used to ensure ECMP mechanisms don’t interfere with proper functioning– 0001 for PWE OAM (VCCV)
Flags (4 b)– not all encapsulation define– used to transport native service fault indications
FRG– may be used to indicate payload fragmentation
00 = unfragmented 01 = 1st fragment 10 = last fragment 11 = intermediate fragment
Length (6 b) – used when packet may be padded by L2
Sequence Number (16 b) – used to detect packet loss / misordering
0 0 0 0 flags FRG Length Sequence Number
Y(J)S PWE-VPLS Slide 30
Other Standards BodiesOther Standards Bodies ITU-T SG13
– Y.1411, Y.1412, Y.1413, Y.1414, Y.1415, Y.1452, Y.1453, X.84
ITU-T SG15 – G.769, G.8261
MFA Forum (MPLS – Frame Relay – ATM)– TDM over MPLS using AAL1 IA 4.0– I.366.2 over MPLS IA 5.0– af-aic-0178
MEF (Metro Ethernet Forum)– MEF 8.0.0
Y(J)S PWE-VPLS Slide 31
TDM PWsTDM PWs
Y(J)S PWE-VPLS Slide 32
TDMoIP Protocol ProcessingTDMoIP Protocol Processing
Steps in TDMoIP The synchronous bit stream is segmented The TDM segments are adapted TDMoIP control word is prepended PSN (IP/MPLS) headers are prepended (encapsulation) Packets are transported over PSN to destination PSN headers are utilized and stripped Control word is checked, utilized and stripped TDM stream is reconstituted (using adaptation) and played out
TDM TDMIP Packets
PSN
IP Packets
Y(J)S PWE-VPLS Slide 33
TDM StructureTDM Structurehandling of TDM depends on its structure
unstructured TDM (TDM = arbitrary stream of bits)
structured TDM
…
SYNC TS1 TS2 TS3signaling
bits… … TSn
(1 byte)
channelized (single byte timeslots)
SYNC
framed (8000 frames per second)SYNC
SYNC
multiframed
frame frame frame … frame
multiframe
Y(J)S PWE-VPLS Slide 34
TDM transport typesTDM transport types
Structure-agnostic transport (SAToP – RFC4553)• for unstructured TDM• even if there is structure, we ignore it• simplest way of making payload• OK if network is well-engineered
Structure-aware transport (TDMoIP, CESoPSN)• take TDM structure into account• must decide which level of structure (frame, multiframe, …)• can overcome PSN impairments (PDV, packet loss, etc)
Y(J)S PWE-VPLS Slide 35
Structure aware encapsulationsStructure aware encapsulations
Structure-locked encapsulation (CESoPSN)
Structure-indicated encapsulation (TDMoIP – AAL1 mode)
Structure-reassembled encapsulation (TDMoIP – AAL2 mode)
headers TDM structure TDM structure TDM structureTDM structure
headers AAL1 subframe AAL1 subframe AAL1 subframe AAL1 subframe
headers AAL2 minicell AAL2 minicell AAL2 minicell AAL2 minicell
Y(J)S PWE-VPLS Slide 36
Ethernet PWsEthernet PWs
Y(J)S PWE-VPLS Slide 37
Ethernet limitationsEthernet limitations
Ethernet LAN is the most popular LANbut Ethernet can not be made into a WAN
Ethernet is limited in distance between stations Ethernet is limited in number of stations on segment Ethernet is inefficient in finding destination address Ethernet only prunes network topology, does not route
so the architecture that has emerged is Ethernet private networksconnected by public networks of other types (e.g. IP)
WAN
LAN LAN
Y(J)S PWE-VPLS Slide 38
Traditional WAN architectureTraditional WAN architecture
this model is sensible when traffic contains a given higher layerEthernet header is removed at ingress and a new header added at egress
this model is not transparent Ethernet LAN interconnect Ethernet LANs with multiple higher layer packet types
(e.g. IPv4, IPv6, IPX, SNA, CLNP, etc.) can’t be interconnected raw L2 Ethernet frames can not be sent
the Ethernet layer is terminated at WAN ingressthe traffic is no longer Ethernet at all
Ethernet Ethernet
not Ethernet
WAN
Y(J)S PWE-VPLS Slide 39
Tunneling Ethernet framesTunneling Ethernet frames
users with multiple sites want to connect their LANsso that all locations appear to be on the same LAN
this requires tunneling of all Ethernet L2 frames (not only IP)between one LAN and another
the entire Ethernet frame needs to be preserved(except perhaps the FCS which can be regenerated at egress)
Ethernet Ethernet
Ethernet inside X
X
Y(J)S PWE-VPLS Slide 40
Ethernet over Ethernet over HDLC/FR/ATM/SONET/SDH/PDHHDLC/FR/ATM/SONET/SDH/PDH
Ethernet frames can be carried over various WANs
HDLC: not standardized, Cisco-HDLC
FR: RFC2427 / STD0055 (ex 1490)
ATM: RFC2684 / (ex 1483), LANE
SONET/SDH/PDH: PoS (RFC 2615 ex RFC1619),
LAPS (X.85/X.86), GFP (G.7041 )
entire Ethernet frame (or IP packet) is used as payload
Y(J)S PWE-VPLS Slide 41
Ethernet PW (RFC 4448)Ethernet PW (RFC 4448)
can transport tagged or untagged Ethernet frames
if tagged encapsulation can be “raw mode” or “tagged mode”
tagged mode processes SP tags
control word is optional
even if control word is used, sequence number if optional
standard mode – FCS is stripped and regenerated
FCS retention mode (not in 4448) allows retaining FCS
Y(J)S PWE-VPLS Slide 42
Ethernet Pseudowire packet (MPLS)Ethernet Pseudowire packet (MPLS)
tunnel label
PW label
controlword
Ethernet Frame
Ethernet Frame usually has FCS strippedSP tag may also be stripped
optional control word generation and processing of sequence number is optional
0000 reserved Sequence Number (16b)
Y(J)S PWE-VPLS Slide 43
Other PWsOther PWs
Y(J)S PWE-VPLS Slide 44
What other PW clients are there?What other PW clients are there?
ATM (4 different modes)
frame relay
SONET/SDH
HDLC / PPP
Fiber channel
X.25
Generic
????
Y(J)S PWE-VPLS Slide 45
PWE control protocolPWE control protocol
Y(J)S PWE-VPLS Slide 46
PWE (Martini) control protocolPWE (Martini) control protocol
PWE control protocol (RFC 4447) used to set up / configure PWs
used only by PW end-points (PEs in standard model)intermediate nodes (e.g. P routers) don’t participate or see
based on LDP
– targeted LDP is used to communicate with opposite end-point
– 2 new FECs for PWs
– new TLVs added for PW-specific functionality
– associates two labels with PW
LDP will be discussed later
PEPEP P
P P
P
Y(J)S PWE-VPLS Slide 47
PWE controlPWE control
a PW is a bidirectional entity (two LSPs in opposite directions)
a PW connects two forwarders
2 different LDP TLVs can be used– PWid FEC (128)– Generalized ID FEC (129)
FEC 128– both end-points of PW must be provisioned with a unique (32b) value– each PW end-point independently initiates LSP set up– LSPs bound together into a single PW
FEC 129– used when autodiscovering PW end-points– each end-point has attachment identifier (AI) …
Y(J)S PWE-VPLS Slide 48
Generalized IDGeneralized IDfor each forwarder we have a PE-unique Attachment Identifier (AI)
<PE, AI> must be globally unique
frequently useful to group a set of forwarders into a attachment groupwhere PWs may only be set up among members of a group
then Attachment Identifier (AI) consists of – Attachment Group Identifier (AGI) (which is basically a VPN-id)– Attachment Individual Identifier (AII)
the LSPs making up the (two directions of the) PW are < PE1, (AGI, AII1), PE2, (AGI, AII2) > and< PE2, (AGI, AII2), PE1, (AGI, AII1) >
we also need to define– Source Attachment Identifier (SAI = AGI+SAII)– Target Attachment Identifier (TAI = AGI+TAII) receiving PE can map TAI uniquely to AC
Y(J)S PWE-VPLS Slide 49
PWE OAMPWE OAM
Y(J)S PWE-VPLS Slide 50
VCCVVCCV
VC (old name for PW) connectivity verification
runs inside PW (same PW label) as an associated channel
differentiated by control word format (PWACH – RFC 4385)
inside VCCV several different OAM mechanisms may be used:– ICMP– LSP ping– BFD– ???
0 0 0 1 VER RES=0 Channel Type (0x21-IPv4 0x57-IPv6)
Y(J)S PWE-VPLS Slide 51
Multisegment PW (MS-PW)Multisegment PW (MS-PW)
Y(J)S PWE-VPLS Slide 52
Multiple PSN domainsMultiple PSN domains
Single-Segment PW (SS-PW) requires PEs to see each other
when multiple PSN domains this may not be the case
Terminal-PEs interconnect via stitching-PE
PW label becomes a true MPLS label (switching, swapping)
when more than one S-PE need to ensure that the 2 LSPs traverse the same one
T-PEP P
P P
P
S-PEP P
P P
P
T-PE
Y(J)S PWE-VPLS Slide 53
L2VPNsL2VPNs
Y(J)S PWE-VPLS Slide 54
VPWSVPWS
Virtual Private Wire Service is a L2 point-to-point service
it emulates a wire supporting the Ethernet physical layer
set up MPLS tunnel between PEsset up Ethernet PW inside tunnel
CEs appear to be connected by a single L2 circuit
(can also make VPWS for ATM, FR, etc.)
CE CEAC AC
PE PE
provider network
Y(J)S PWE-VPLS Slide 55
VPLSVPLS
VPLS emulates a LAN over an MPLS network
set up MPLS tunnel between every pair of PEs (full mesh)set up Ethernet PW inside tunnels, for each VPN instance
CEs appear to be connected by a single LAN
PE must know where to send Ethernet frames …but this is what an Ethernet bridge does
CE
CE
CE
for clarity only one VPN is shown
AC
AC
AC
PE
PE
PE
Y(J)S PWE-VPLS Slide 56
VPLSVPLS
a VPLS-enabled PE has, in addition to its MPLS functions: VPLS code module (IETF drafts)
Bridging module (standard IEEE 802.1D learning bridge)
SP network (inside rectangle) looks like a single Ethernet bridge!
Note: if CE is a router, then PE only sees 1 MAC per customer location
CE
CE
V B
V B
B V
CE
Y(J)S PWE-VPLS Slide 57
VPLS bridgeVPLS bridgePE maintains a separate bridging module for each VPN (VPLS instance)
VPLS bridging module must perform: MAC learning MAC aging flooding of unknown MAC frames replication (for unknown/multicast/broadcast frames)
unlike true bridge, Spanning Tree Protocol is not used limited traffic engineering capabilities scalability limitations slow convergence
forwarding loops are avoided by split horizon PE never forwards packet from MPLS network to another PE not a limitation since there is a full mesh of PWs
so always send directly to the right PE
Y(J)S PWE-VPLS Slide 58
CE
Bridge - both waysBridge - both ways
a packet from a CE:may be sent back to a CEmay be sent to a PE via a PW
a packet from a PE:is only sent to a CE (split horizon)is sent to a particular CE based on 802.1D bridging
CE
CE
V B
V B
B V
CE
CE
CE
CE
CE
Y(J)S PWE-VPLS Slide 59
VPLS code moduleVPLS code module
VPLS signalingestablish PWs between PEs per VPLS
VPLS autodiscoverylocates PEs participating in VPLS instance
obtain frame from bridgeencapsulate Ethernet frames and inject packet into PW
retrieve packet from PWremoves PW encapsulation and forward Ethernet frame to bridge
Y(J)S PWE-VPLS Slide 60
L2VPN vs. L3VPNL2VPN vs. L3VPN
in L2VPN CEs appear to be connected by single L2 networkPEs are transparent to L3 routing protocolsCEs are routing peers
in L3VPN CE routers appear to be connected by a single L3 networkCE is routing peer of PE, not remote CE PE maintains routing table for each VPN
CE
CE
CE
PE
PE
PE
?
Y(J)S PWE-VPLS Slide 61
IPLS IPLS (IP-only LAN Service)(IP-only LAN Service)mechanisms may be simplified if Ethernet frames carry only IP traffic
enables upgrade of IP routers to support VPLS-like services
in this case CE devices are routers, not switches
frames are still forwarded based on MAC DA (not L3VPN)but MAC forwarding tables updated via PW signaling, not 802.1D
PE snoops IP and ARP frames to discover CEs connected to itcreates (AC,VPN-ID,IP-addr,MAC-addr) entrycreates PWs to all PEs participating in VPN-IDsends entries to these PEs
Address Resolution Protocol (ARP) messages are proxiedrather than being carried transparentlyPE searches entries it has received
can support different AC types (Ethernet and FR)ARP Mediation ensures proper mapping
Y(J)S PWE-VPLS Slide 62
LDP vs. BGPLDP vs. BGP
Y(J)S PWE-VPLS Slide 63
LDP vs. BGPLDP vs. BGP
both use TCP for reliable transport (LDP uses UDP for hellos)
both are hard-state protocols
both use TLV format for parameters
BGP
multiprotocol (IPv4, IPv6, IPX, MPLS)
highly complex protocol
provides routing / label distribution
built-in autodiscovery mechanism
LDP
MPLS only
simpler protocol
only label distribution
extendable for autodiscovery
Y(J)S PWE-VPLS Slide 64
BGPBGP
marker can be used for authentication (TCP MD5 signature)
length is total BGP PDU length, including header
type– OPEN (for session initialization)
– UPDATE (add, change and withdraw routes)
– NOTIFICATION (return error messages, terminate session)
– KEEPALIVE (heartbeat)
KEEPALIVE packet consists of 19B header only
marker (16B)
length (2B)
type(1B)
data (variable)
header (19B)
Y(J)S PWE-VPLS Slide 65
BGP state machineBGP state machine
idle – no session (awaiting session initialization)
connect – attempting to connect to peer
active – started TCP 3-way handshake (router busy)
open sent – have sent OPEN message
open confirm – after receiving TCP SYN for OPEN message
established – BGP session up and running
Y(J)S PWE-VPLS Slide 66
BGP OPENBGP OPEN
version (3 or 4)
my AS – identifier of autonomous system
hold time – max time (sec) between receipt of messages
BGP ID – sender’s BGP identifier
op len – length (bytes) of optional parameters
opt parameters - TLVs
version (1B)
my AS (2B)
hold time (2B)
opt parameters (variable)
BGP-ID (2B)
op len (1B)
Y(J)S PWE-VPLS Slide 67
BGP UPDATEBGP UPDATE
Withdrawn Routes – list of routes no longer to be used (NLRI format- see below)
Path Attributes – route specific information (see next page)
Network Layer Reachability Information – (classless) routing information
the NLRI is a list of address-prefixeseach prefix must be masked from the left to the length specified
WR len (2B)
withdrawnroutes(var)
PA len(2B)
NLRI(var)
path attributes
(var)
len(1B)
prefix (variable)
Y(J)S PWE-VPLS Slide 68
BGP UPDATE - Path AttributesBGP UPDATE - Path Attributes
flagsO – optional/well-known bit
if 1 must be recognized by all BGP implementationsif W=1 and unrecognized attribute, BGP sends notification and session closed
T – transitive/nontransitive bitif 1 and attribute unrecognized it is passed along, else silently ignoredwell-known attributes are always transitive
C – complete/partial bit (for optional transitive attributes only)
L – attribute length bit (=0 attribute length is 1B, =1 length is 2B)
type codeORIGIN, AS_PATH, NEXT_HOP, MED, LOCAL_PREF,AGGREGATOR, COMMUNITY, ORIGINATOR_ID…
flags(1B)
type code(1B)
Y(J)S PWE-VPLS Slide 69
BGP NOTIFICATONBGP NOTIFICATON
all notification messages cause BGP session to close
error codes include:– message header error– open message error– update message error– hold timer expired– state machine error– other fatal error
errorcode (1B)
errorsubcode(2B)
data(var)
Y(J)S PWE-VPLS Slide 70
LDPLDP
version – presently 1
length - PDU length, excluding version and length fields
LDP-ID – identifies label space of sending LDP peer– LSR-ID(4B) globally unique LSR ID– label space ID (2B) for per-port label spaces
(zero for per-platform label spaces)
messages – zero or more TLVs (see next page)
version(2B)
length(2B)
LDP-ID(6B)
messages (variable)
header (10B)
Y(J)S PWE-VPLS Slide 71
LDP messagesLDP messages
type
U – unknown message bitif message type unknown to receiverU=0 – receiver returns notification to senderU=1 – receiver silently ignores
length - message length, excluding type and length fields
Message-ID – unique ID for message (for matching with returned notification)
if there are mandatory parameters, they most appear in a specific order
optional parameters may appear in any order
type(2B)
length(2B)
message-ID(4B)
mandatoryparameters (variable)
optional parameters (variable)
U message code
Y(J)S PWE-VPLS Slide 72
LDP message typesLDP message types
Hello (UDP, for discovery)
Initialization (specifies LDP version, label space range, parameters)
KeepAlive (heart beat)
Notification (error, e.g.unsupported version, unknown/malformed msg, timer expired)
Address (LSR advertises its interface IP address(es) to peers)
Address Withdraw (LSR revokes previously advertised interface IP address)
Label Mapping (downstream LSR advertisement of a label mapping for a FEC )
Label Withdraw (downstream LSR informing that binding is revoked)
Label Request (upstream LSR request for binding in downstream-on-demand mode)
Label Release (upstream LSR informing that binding no longer needed)
Label Abort Request (upstream LSR asks to revoke request before satisfied)
Y(J)S PWE-VPLS Slide 73
LDP state machineLDP state machine
LSR periodically transmits hello UDP messages– multicast to “all routers on subnet” group– targeted to preconfigured IP address
LSRs listen on this UDP port for hello messages
when LSR receives hello from another LSR– it opens a TCP connection to that other LSR
or (for extended discovery)– it unicast transmits a hello back to the other LSR
LSR with higher ID sends session initialization message
other LSR LDP accepts (sends keepalive) or rejects
informative or keepalive messages sent
3.2
Y(J)S PWE-VPLS Slide 74
Provisioning VPLSProvisioning VPLS
Y(J)S PWE-VPLS Slide 75
ProvisioningProvisioning
customers may want their SP to take an active role in managing their networks
Provider Provisioned VPN (PPVPN) refers to VPNfor which SP participates in management and provisioning
by provisioning we mean (at least) : setting up the ACs (often manual configuration) assigning global VPN-ID to VPN instances discovery of all PEs that participate in a VPN instance associating AC with VPN at PE providing PEs with information needed to set up tunnels configuring tunnels with necessary characteristics
Y(J)S PWE-VPLS Slide 76
AutodiscoveryAutodiscoverywe have assumed that each PE knows
which PEs participate in particular VPN instance
manual configuration is problematic logistically
autodiscovery refers to automatically finding all PEs in a given VPN
each PE "discovers" other PEs by means of some protocol BGP RADIUS (Remote Authentication Dial In User Service)
CE = RADIUS users, PEs = Network Access Servers (NAS)PE can authenticate CEs and find other PEs
targeted LDP (“Stokes draft”, “Stein-Delord draft” - expired) advertise FEC in LDPnew TLV in label mapping message contains VPN-id, P or PE, capabilities
Y(J)S PWE-VPLS Slide 77
VPWS ProvisioningVPWS Provisioning
Double Sided Provisioning each AC provisioned with local name, remote PE address, and remote nameduring signaling, local name is sent as SAII, remote name as TAII (AGI = null)to connect 2 ACs by a PW:
local name = remote name(PWid FEC) orlocal name of each must be remote name of the other
Single Sided Provisioning with Discoveryeach AC provisioned with local name (VPN-id) and AIIduring signaling, local name is sent as AGIto connect 2 ACs by a PW:
both must have the same VPN-id only one needs to be provisioned with remote name (local name of other AC)neither needs to be provisioned with the address of the remote PE
during auto-discovery procedure:each PE advertises its <VPN-id, local AII> pairseach PE compares its local <VPN-id, remote AII> pairs
with <VPN-id, local AII> pairs from other PEsif match then need to connect
local name sent as SAII, remote AII sent as TAII, VPN-id as AGI
Y(J)S PWE-VPLS Slide 78
VPLS ProvisioningVPLS Provisioning
every VPLS instance is assigned a unique VPN-id
PEs are preconfigured or find each other using auto-discovery
if PE detects VPN-id to which it belongsit sets up a PW
during signaling– VPN-id is send as the AGI field– SAII and TAII are set to null
Y(J)S PWE-VPLS Slide 79
LDP VPLSLDP VPLS
ex-“Lasserre-VKompella draft”, now draft-ietf-l2vpn-vpls-ldpauthors: Marc Lasserre - Riverstone and Vach Kompella – Alcatel
supported by Cisco, Nortel, Alcatel, Riverstone, Extreme, Luminous, Corrigent, Hatteras, Overture, RAD
use LDP for – PW setup and tear-down signaling– explicit withdrawal of MACs (force relearning)
full mesh of targeted LDP sessions between VPLS-enabled PEs
automatically establish a full mesh of Ethernet PWs participating PE sends an unsolicited label mapping message to every other PE, specifying VPN-ID (preferably with generalized PWid FEC element)
if receiving PE accepts, it sends a label mapping message back
Y(J)S PWE-VPLS Slide 80
BGP VPLSBGP VPLS
ex-“Kompella draft”, now draft-ietf-l2vpn-vpls-bgp authors: Kireeti Kompella, Yakov Rekhter – Juniper
uses BGP4 (with multiprotocol extensions) for: autodiscovery (uses Route Target extended community as VPN-ID) PW setup and tear-down (uses Network Layer Reachability Information) force MAC relearning (uses Relearn Sequence Number TLV)
protocol essentially identical to RFC2547bis (to be discussed later)
Y(J)S PWE-VPLS Slide 81
BGP VPLS signalingBGP VPLS signaling
define demultiplexor = VPN-ID + ingress PE
VPLS Edge (VE) advertises VPLS NLRIs for each VPLS instanceNLRI defines demultiplexors for all PEs in VPLS instance
extended attribute encodes PE capabilities
if new PE joins VPLS new NLRI seamlessly adds new labelcoalesce to a single NLRI with temporary service disruption
PE sets up PW when it receives an NLRI for VPLS
to leave VPLS instance PE withdraws NLRIremote PEs remove PWs
Y(J)S PWE-VPLS Slide 82
GeneralizationsGeneralizations
Y(J)S PWE-VPLS Slide 83
Distributed Distributed (Generic)(Generic) VPLS VPLS
L2VPN framework allows decomposition of PE User-Facing PE (U-PE) performs Bridge functions
MAC learning, forwarding decisions Network-Facing PE (N-PE) performs VPLS functions
establishes tunnels, PWs
U-PE is inexpensive CLE, good for MTU applications
PE
N-PEPE VPLSaccess
network
CE
CE
U-PE
U-PE CE
CE
V B
Y(J)S PWE-VPLS Slide 84
Hierarchical VPLSHierarchical VPLS
straight VPLS has a problem – N2 PWs are usedwhich means N2 LDP sessions, and N2 floods and replications
to improve scalability, can use hub-and-spoke topology
if VPLS is in multi-tenant buildings, local PE is MTU
HVPLS PEs are full mesh, but do not perform bridging
spoke PW set up between PE and MTU (note end-point is virtual bridge)
PE
PE
PE HVPLS
VPLS
VPLS
VPLS
MTU
MTU
MTU
Y(J)S PWE-VPLS Slide 85
L3VPNsL3VPNs
Y(J)S PWE-VPLS Slide 86
BGP MPLS VPNs (2547bis)BGP MPLS VPNs (2547bis)
presently most popular provider managed VPN
originally specified in RFC 2547, update in draft called RFC 4364
transports IPv4 (IPv6) traffic in MPLS tunnels
uses BGP for route distributionsince SPs commonly use BGP for routing
2547 is not an overlay model– CE routers at different sites are not routing peers – they do not directly exchange routing information– they don’t even need to know of each other– so customer needn’t manage a backbone or virtual backbone– no inter-site routing problems
Y(J)S PWE-VPLS Slide 87
BGP MPLS VPNs (cont.)BGP MPLS VPNs (cont.)
only PE routers maintain VPN informationP routers needn’t maintain any customer routing information
C routes either manually configured in PE or advertised to PE using BGP, OSPF, etc.
PE advertises routes to remote PEs using BGPremote PEs advertise routes to their CEs using BGP, OSPF, etc.
IP address overlap solved using Route Distinguisher (RD)
Y(J)S PWE-VPLS Slide 88
RFC 4364 RFC 4364 (2547bis)(2547bis) architecture architecture
Virtual router (peering) model, not tunneling
PE maintains Virtual Route Forwarding table for each VPN
BGP (with multiprotocol extensions) used for label distribution
in order to support private IP addressesPE prepends 8B Route Distinguisher (unique to site) to IP address
PEPE
CE peer to PE
CE not peer to CE
ext label
IP Packet
SP label
CE is IP router
P PC
CEC
C
CC
C
CE
Y(J)S PWE-VPLS Slide 89
L2VPNL2VPN vs. vs. L3VPNL3VPN
C switch connects to L2 circuits
BGP or LDP
all L3 traffic types
only Ethernet L2
Cs responsible for routing “overlay model”
simple customer-SP interface
C peering scales as VPN size scaling problem
C router peers with SP router
BGP
limited to IP traffic
supports different L2 technologies
SP responsible for routing “peer model”
complex customer-SP interface
C peering independent of VPN size scales well