
eadffe35aa00fd7c186aa0b9e15ec302.ppt
- Количество слайдов: 22
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer [email protected] com
Agenda MPLS Business Perspective VPN Concept MPLS VPN
Virtual Private Networking: A $24 B Opportunity Barriers? 1998 VPN Service Distribution Source: CIMI Corp. VPNs Opportunity WW VPN Service Revenues ($B)
Business Perspective Businesses are building on IP Businesses need private IP services IP Intranet Remote Offices Telecommuters Mobile Users IP Extranet Customers Suppliers Partners
Agenda MPLS Business Perspective VPN Concept MPLS VPN
Virtual Private Networks Concepts NW’ 00 Paris © 2000, Cisco Systems, Inc. 6
Virtual Private Networks • A network infrastructure delivering private network services over a public infrastructure Certainly not a new concept
VPN - Overlay Model Layer-3 Routing Adjacency Virtual Circuit CPE (CE) Device VPN Site Provider Edge (PE) device Service Provider Network CPE (CE) Device VPN Site
VPN - Overlay Model • Private trunks across a telco/SP shared infrastructure leased/dialup lines FR/ATM virtual circuits IP(GRE) tunnelling • Point-to-point solution between customer sites how to size inter-site circuit capacities ? full mesh requirement for optimal routing CPE routing adjacencies between sites
VPN - Peer-to-Peer Model Layer-3 Routing Adjacency CPE (CE) Router VPN Site Provider Edge (PE) Router Service Provider Network CPE (CE) Router VPN Site
VPN - Peer-to-Peer Model • Provider edge (PE) device exchanges routing information with CPE all customer routes carried within SP IGP simple routing scheme for VPN customer routing between sites is optimal circuit sizing no longer an issue • Private addressing is not an option • Addition of new site is simpler no overlay mesh to contend with
The Solution: MPLS • A new paradigm that delivers the best of both worlds: Privacy of ATM, Frame Relay flexibility and scalability of IP • Foundation for IP business services flexible grouping of users and value-added services • Low cost managed IP services scales to large and small private networks • Based on RFC 2547 bis.
Agenda MPLS Business Perspective VPN Concept MPLS VPN
Basic Intranet Model VPN A SITE-1 VPN A Site-1 & Site-2 routes RT=VPN-A Site-3 & Site-4 routes RT=VPN-A MP-i. BGP SITE-3 P Router SITE-2 VPN A MPLS/VPN Backbone Site-1 routes Site -2 routes Site-3 routes Site-4 routes SITE-4 VPN A
MPLS VPN mechanisms VRF and Multiple Routing Instances Site-4 Logical view Site-1 VPN-C VPN-A Site-3 Site-2 VPN-B Multihop MP-i. BGP P P PE VRF for site-1 Site-1 routes Site-2 routes Site-1 Routing view PE VRF for site-2 Site-1 routes Site-2 routes Site-3 routes Site-2 VRF for site-3 Site-2 routes Site-3 routes Site-4 routes Site-3 VRF for site-4 Site-3 routes Site-4
MPLS VPN Connection Model P P PE-2 PE-1 VPN Backbone IGP BGP, RIPv 2 update for Net 1, Next-Hop=CE-1 Site-1 CE-1 P P VPN-IPv 4 update is translated into IPv 4 address (Net 1) put into VRF green since RT=Green and advertised to CE-2 Site-2 VPN-IPv 4 update: RD: Net 1, Next-hop=PE-1 SOO=Site 1, RT=Green, Label=(int. CE 1) PE routers receive IPv 4 updates (EBGP, RIPv 2, OSPF, Static) PE routers translate into VPN-IPv 4 Assign a SOO and RT based on configuration Re-write Next-Hop attribute Assign a label based on VRF and/or interface Send MP-i. BGP update to all PE neighbors
MPLS VPN Connection Model P P PE-2 PE-1 VPN Backbone IGP BGP, RIPv 2 update for Net 1, Next-Hop=CE-1 Site-1 CE-1 P P VPN-IPv 4 update is translated into IPv 4 address (Net 1) put into VRF green since RT=Green and advertised to CE-2 Site-2 VPN-IPv 4 update: RD: Net 1, Next-hop=PE-1 SOO=Site 1, RT=Green, Label=(int. CE 1) Receiving PEs translate to IPv 4 Insert the route into the VRF identified by the RT attribute (based on PE configuration) The label associated to the VPN-IPv 4 address will be set on packet forwarded towards the destination
MPLS/VPN Packet Forwarding
MPLS/VPN Packet Forwarding In Label - FEC 197. 26. 15. 1/32 Out Label - In Label FEC Out Label 41 197. 26. 15. 1/32 POP In Label - FEC Out Label 197. 26. 15. 1/32 41 PE-1 P router Use label implicit-null for destination 197. 26. 15. 1/32 Paris 149. 27. 2. 0/24 Use label 41 for destination 197. 26. 15. 0/24 VPN-v 4 update: RD: 1: 27: 149. 27. 2. 0/24, NH=197. 26. 15. 1 SOO=Paris, RT=VPN-A, Label=(28) London • PE and P routers have BGP next-hop reachability through the backbone IGP • Labels are distributed through LDP corresponding to BGP Next. Hops or RSVP with Traffic Engineering
MPLS/VPN Packet Forwarding In Label FEC Out Label - 197. 26. 15. 1/32 41 VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 41 28 149. 27. 2. 27 Paris 149. 27. 2. 0/24 149. 27. 2. 27 London • Ingress PE receives normal IP packets • PE router performs IP Longest Match from VPN FIB, finds i. BGP next-hop and imposes a stack of labels
MPLS/VPN Packet Forwarding In Label 28(V) FEC Out Label In Label FEC Out Label 149. 27. 2. 0/24 - 41 197. 26. 15. 1/32 POP VPN-A VRF 149. 27. 2. 0/24, NH=Paris VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 149. 27. 2. 27 28 149. 27. 2. 27 41 28 149. 27. 2. 27 Paris 149. 27. 2. 0/24 • 149. 27. 2. 27 London Penultimate PE router removes the IGP label Penultimate Hop Popping procedures (implicit-null label) • Egress PE router uses the VPN label to select which VPN/CE to forward the packet to • VPN label is removed and the packet is routed toward the VPN site
NW’ 00 Paris © 2000, Cisco Systems, Inc. 22