Скачать презентацию MPLS-VPN BGP Approach Hari Rakotoranto Technical Marketing Engineer hrakotor cisco Скачать презентацию MPLS-VPN BGP Approach Hari Rakotoranto Technical Marketing Engineer hrakotor cisco

eadffe35aa00fd7c186aa0b9e15ec302.ppt

  • Количество слайдов: 22

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer hrakotor@cisco. com MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer hrakotor@cisco. com

Agenda MPLS Business Perspective VPN Concept MPLS VPN Agenda MPLS Business Perspective VPN Concept MPLS VPN

Virtual Private Networking: A $24 B Opportunity Barriers? 1998 VPN Service Distribution Source: CIMI Virtual Private Networking: A $24 B Opportunity Barriers? 1998 VPN Service Distribution Source: CIMI Corp. VPNs Opportunity WW VPN Service Revenues ($B)

Business Perspective Businesses are building on IP Businesses need private IP services IP Intranet Business Perspective Businesses are building on IP Businesses need private IP services IP Intranet Remote Offices Telecommuters Mobile Users IP Extranet Customers Suppliers Partners

Agenda MPLS Business Perspective VPN Concept MPLS VPN Agenda MPLS Business Perspective VPN Concept MPLS VPN

Virtual Private Networks Concepts NW’ 00 Paris © 2000, Cisco Systems, Inc. 6 Virtual Private Networks Concepts NW’ 00 Paris © 2000, Cisco Systems, Inc. 6

Virtual Private Networks • A network infrastructure delivering private network services over a public Virtual Private Networks • A network infrastructure delivering private network services over a public infrastructure Certainly not a new concept

VPN - Overlay Model Layer-3 Routing Adjacency Virtual Circuit CPE (CE) Device VPN Site VPN - Overlay Model Layer-3 Routing Adjacency Virtual Circuit CPE (CE) Device VPN Site Provider Edge (PE) device Service Provider Network CPE (CE) Device VPN Site

VPN - Overlay Model • Private trunks across a telco/SP shared infrastructure leased/dialup lines VPN - Overlay Model • Private trunks across a telco/SP shared infrastructure leased/dialup lines FR/ATM virtual circuits IP(GRE) tunnelling • Point-to-point solution between customer sites how to size inter-site circuit capacities ? full mesh requirement for optimal routing CPE routing adjacencies between sites

VPN - Peer-to-Peer Model Layer-3 Routing Adjacency CPE (CE) Router VPN Site Provider Edge VPN - Peer-to-Peer Model Layer-3 Routing Adjacency CPE (CE) Router VPN Site Provider Edge (PE) Router Service Provider Network CPE (CE) Router VPN Site

VPN - Peer-to-Peer Model • Provider edge (PE) device exchanges routing information with CPE VPN - Peer-to-Peer Model • Provider edge (PE) device exchanges routing information with CPE all customer routes carried within SP IGP simple routing scheme for VPN customer routing between sites is optimal circuit sizing no longer an issue • Private addressing is not an option • Addition of new site is simpler no overlay mesh to contend with

The Solution: MPLS • A new paradigm that delivers the best of both worlds: The Solution: MPLS • A new paradigm that delivers the best of both worlds: Privacy of ATM, Frame Relay flexibility and scalability of IP • Foundation for IP business services flexible grouping of users and value-added services • Low cost managed IP services scales to large and small private networks • Based on RFC 2547 bis.

Agenda MPLS Business Perspective VPN Concept MPLS VPN Agenda MPLS Business Perspective VPN Concept MPLS VPN

Basic Intranet Model VPN A SITE-1 VPN A Site-1 & Site-2 routes RT=VPN-A Site-3 Basic Intranet Model VPN A SITE-1 VPN A Site-1 & Site-2 routes RT=VPN-A Site-3 & Site-4 routes RT=VPN-A MP-i. BGP SITE-3 P Router SITE-2 VPN A MPLS/VPN Backbone Site-1 routes Site -2 routes Site-3 routes Site-4 routes SITE-4 VPN A

MPLS VPN mechanisms VRF and Multiple Routing Instances Site-4 Logical view Site-1 VPN-C VPN-A MPLS VPN mechanisms VRF and Multiple Routing Instances Site-4 Logical view Site-1 VPN-C VPN-A Site-3 Site-2 VPN-B Multihop MP-i. BGP P P PE VRF for site-1 Site-1 routes Site-2 routes Site-1 Routing view PE VRF for site-2 Site-1 routes Site-2 routes Site-3 routes Site-2 VRF for site-3 Site-2 routes Site-3 routes Site-4 routes Site-3 VRF for site-4 Site-3 routes Site-4

MPLS VPN Connection Model P P PE-2 PE-1 VPN Backbone IGP BGP, RIPv 2 MPLS VPN Connection Model P P PE-2 PE-1 VPN Backbone IGP BGP, RIPv 2 update for Net 1, Next-Hop=CE-1 Site-1 CE-1 P P VPN-IPv 4 update is translated into IPv 4 address (Net 1) put into VRF green since RT=Green and advertised to CE-2 Site-2 VPN-IPv 4 update: RD: Net 1, Next-hop=PE-1 SOO=Site 1, RT=Green, Label=(int. CE 1) PE routers receive IPv 4 updates (EBGP, RIPv 2, OSPF, Static) PE routers translate into VPN-IPv 4 Assign a SOO and RT based on configuration Re-write Next-Hop attribute Assign a label based on VRF and/or interface Send MP-i. BGP update to all PE neighbors

MPLS VPN Connection Model P P PE-2 PE-1 VPN Backbone IGP BGP, RIPv 2 MPLS VPN Connection Model P P PE-2 PE-1 VPN Backbone IGP BGP, RIPv 2 update for Net 1, Next-Hop=CE-1 Site-1 CE-1 P P VPN-IPv 4 update is translated into IPv 4 address (Net 1) put into VRF green since RT=Green and advertised to CE-2 Site-2 VPN-IPv 4 update: RD: Net 1, Next-hop=PE-1 SOO=Site 1, RT=Green, Label=(int. CE 1) Receiving PEs translate to IPv 4 Insert the route into the VRF identified by the RT attribute (based on PE configuration) The label associated to the VPN-IPv 4 address will be set on packet forwarded towards the destination

MPLS/VPN Packet Forwarding MPLS/VPN Packet Forwarding

MPLS/VPN Packet Forwarding In Label - FEC 197. 26. 15. 1/32 Out Label - MPLS/VPN Packet Forwarding In Label - FEC 197. 26. 15. 1/32 Out Label - In Label FEC Out Label 41 197. 26. 15. 1/32 POP In Label - FEC Out Label 197. 26. 15. 1/32 41 PE-1 P router Use label implicit-null for destination 197. 26. 15. 1/32 Paris 149. 27. 2. 0/24 Use label 41 for destination 197. 26. 15. 0/24 VPN-v 4 update: RD: 1: 27: 149. 27. 2. 0/24, NH=197. 26. 15. 1 SOO=Paris, RT=VPN-A, Label=(28) London • PE and P routers have BGP next-hop reachability through the backbone IGP • Labels are distributed through LDP corresponding to BGP Next. Hops or RSVP with Traffic Engineering

MPLS/VPN Packet Forwarding In Label FEC Out Label - 197. 26. 15. 1/32 41 MPLS/VPN Packet Forwarding In Label FEC Out Label - 197. 26. 15. 1/32 41 VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 41 28 149. 27. 2. 27 Paris 149. 27. 2. 0/24 149. 27. 2. 27 London • Ingress PE receives normal IP packets • PE router performs IP Longest Match from VPN FIB, finds i. BGP next-hop and imposes a stack of labels

MPLS/VPN Packet Forwarding In Label 28(V) FEC Out Label In Label FEC Out Label MPLS/VPN Packet Forwarding In Label 28(V) FEC Out Label In Label FEC Out Label 149. 27. 2. 0/24 - 41 197. 26. 15. 1/32 POP VPN-A VRF 149. 27. 2. 0/24, NH=Paris VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 149. 27. 2. 27 28 149. 27. 2. 27 41 28 149. 27. 2. 27 Paris 149. 27. 2. 0/24 • 149. 27. 2. 27 London Penultimate PE router removes the IGP label Penultimate Hop Popping procedures (implicit-null label) • Egress PE router uses the VPN label to select which VPN/CE to forward the packet to • VPN label is removed and the packet is routed toward the VPN site

NW’ 00 Paris © 2000, Cisco Systems, Inc. 22 NW’ 00 Paris © 2000, Cisco Systems, Inc. 22