MPLS

Whats in it for Research & Education Networks?

John Jamison University of Illinois at Chicago November 17, 2000
1

Juniper Networks Product Family

Sept 2000 M10 Sept 2000 M5 Nov 1999 M20 Mar 2000 M160

Sept 1998 M40

Juniper Networks Research and Education Customers

MCI Worldcom vBNS/vBNS+ Department of Energy ESnet DANTE - TEN-155 (Pan-European Research & Education Backbone) NYSERNet New York State Education & Research Network Georgia Tech SOX GigaPoP

University of Illinois NCSA (National Center for Supercomputing Applications)

University of California, San Diego SDSC (San Diego Supercomputer Center)

University of Southern California, Information Sciences Institute Indiana University Stanford University University of California, Davis California Institute of Technology North Carolina State University University of Alaska University of Hiroshima, Japan Korea Telcom Research Lab ETRI (Electronic and Transmission Research Institute), Korea

University of Washington Pacific/Northwest GigaPoP STAR TAP (International Research & Education Network Meet Point) APAN (Asia Pacific Advanced Network) Consortium NOAA (National Oceanographic and Atmospheric Administration) NASA Goddard Space Flight Center
NIH (National Institutes of Health) DoD (Department of Defense) US Army Engineer Research and Development Center
3

Original Agenda

MPLS Fundamentals Traffic Engineering Constraint-Based Routing Refreshment Break Virtual Private Networks

Optical Applications for MPLS Signaling (GMPLS/MPS)

Juniper Networks Solutions

Questions and Comments

4

Our Agenda

MPLS Overview Traffic Engineering VPNs

What are we missing out on?

A bunch of pure marketing slides A bunch of filler slides Slides with content that is of interest mainly to ISPs
Here is how you can use MPLS to bring in more revenue,

offer different services, etc.

Some Details of MPLS Signaling Protocols and RFC 2547 VPNs

You can (and should) only cover so much in one talk

Some MP(Lambda)S Details

Seems too much like slide ware right now
6

What are we gaining?

Besides being spared marketing and ISP centric stuff:

We will see some examples from networks and

applications we are familiar with

information

We will save some time and cover almost as much

Why Is MPLS an Important Technology?

Fully integrates IP routing & L2 switching

Leverages existing IP infrastructures

Optimizes IP networks by facilitating traffic engineering

Enables multi-service networking

Seamlessly integrates private and public networks The natural choice for exploring new and richer IP service offerings Dynamic optical bandwidth provisioning
8

What Is MPLS?

IETF Working Group chartered in spring 1997 IETF solution to support multi-layer switching:
IP Switching (Ipsilon/Nokia)

Tag Switching (Cisco)

IP Navigator (Cascade/Ascend/Lucent) ARIS (IBM)

Objectives
Enhance performance and scalability of IP routing
Facilitate explicit routing and traffic engineering Separate control (routing) from the forwarding mechanism

so each can be modified independently

Develop a single forwarding algorithm to support a wide

range of routing and switching functionality

9

MPLS Terminology

Label
Short, fixed-length packet identifier Unstructured Link local significance

Forwarding Equivalence Class (FEC)

Stream/flow of IP packets:
Forwarded Treated Mapped

over the same path

in the same manner to the same label based on destination IP address prefix

FEC/label binding mechanism

Currently Future

mappings based on SP-defined policy

10

MPLS Terminology
Connection Table

IP 25

Port 1

Port 2

In Out Label (port, label) (port, label) Operation

(1, 22) (1, 24) IP 19 (1, 25) (2, 23)

(2, 17) (3, 17) (4, 19) (3, 12)

Swap

Swap
Swap Swap

Port 3

Port 4

Label Swapping
Connection table maintains mappings Exact match lookup Input (port, label) determines: Label operation Output (port, label) Same forwarding algorithm used in Frame Relay and ATM
11

MPLS Terminology

New York San Francisco

LSP

Label-Switched Path (LSP)

Simplex L2 tunnel across a network
Concatenation of one or more label switched hops Analogous to an ATM or Frame Relay PVC
12

MPLS Terminology
LSR LSR San Francisco New York LSR LSR

LSP

Label-Switching Router (LSR)

Forwards MPLS packets using label-switching Capable of forwarding native IP packets Executes one or more IP routing protocols Participates in MPLS control protocols

Analogous to an ATM or Frame Relay Switch (that also

knows about IP)

13

MPLS Terminology
Egress LSR
Ingress LSR San Francisco Transit LSR New York Transit LSR

LSP

Ingress LSR (head-end LSR)

Examines inbound IP packets and assigns them to an FEC Generates MPLS header and assigns initial label

Transit LSR
Forwards MPLS packets using label swapping

Egress LSR (tail-end LSR)

Removes the MPLS header
14

MPLS Header
Label (20-bits) CoS S TTL

L2 Header

MPLS Header
32-bits

IP Packet

Fields
Label Experimental (CoS) Stacking bit Time to live

IP packet is encapsulated by ingress LSR IP packet is de-encapsulated by egress LSR

15

IP Packet Forwarding Example

134.5.6.1 Routing Table
Destination 134.5/16 200.3.2/24 Next Hop 134.5.6.1 200.3.2.1

134.5.1.5

200.3.2.7 12.29.31.1 Routing Table

Destination 134.5/16 Next Hop 12.29.31.5

2
200.3.2.7

200.3.2.7 12.29.31.4

3
12.29.31.5 200.3.2.7

5
12.29.31.9 200.3.2.7

200.3.2/24 12.29.31.5

Routing Table
Destination 134.5/16 Next Hop 12.29.31.5

Routing Table
Destination 134.5/16 Next Hop 12.29.31.5

200.3.2.1

200.3.2.7

200.3.2/24 12.29.31.9

200.3.2/24 12.29.31.4 16

MPLS Forwarding Example

MPLS Table
In Out

134.5.6.1

(2, 84)

(6, 0)

2
200.3.2.7

134.5.1.5 Egress Routing Table

Destination 134.5/16 200.3.2/24

Next Hop 134.5.6.1 200.3.2.1

3
Ingress Routing Table
Destination 134.5/16 200.3.2/24 Next Hop (2, 84) (3, 99)

5
200.3.2.7

MPLS Table
In Out

MPLS Table
In Out

200.3.2.1 200.3.2.7

(1, 99)

(2, 56)

(3, 56)

(5, 0)

17

How Is Traffic Mapped to an LSP?

AS 45 AS 63 134.5.1.5 BGP BGP

E-BGP peers

134.5.1.5 I-BGP peers

AS 77 Transit SP

E-BGP peers

BGP Ingress LSR Routing Table LSP 32 Egress LSR

BGP

134.5/16 LSP 32

Map LSP to the BGP next hop FEC = {all BGP destinations reachable via egress LSR}
18

How are LSPs Set Up?

Egress LSR

Ingress LSR

LSP

Two

approaches:

Manual Configuration
Using a Signaling Protocol

19

MPLS Signaling Protocols

The IETF MPLS architecture does not assume a single label distribution protocol LDP
Executes hop-by-hop Selects same physical path as IGP Does not support traffic engineering

RSVP
Easily extensible for explicit routes and label distribution
Deployed by providers in production networks

CR-LDP
Extends LDP to support explicit routes

Functionally identical to RSVP

Not deployed
20

How Is the LSP Physical Path Determined?

Egress LSR

Ingress LSR

LSP

Two approaches:
Offline path calculation (in house or 3rd party tools)
Online path calculation (constraint-based routing)

A hybrid approach may be used

21

Offline Path Calculation

Simultaneously considers
All link resource constraints All ingress to egress

traffic trunks

Benefits
Similar to mechanisms used

in overlay networks Global resource optimization Predictable LSP placement Stability Decision support system

In-house and third-party tools

22

Offline Path Calculation

R6 R1 R2 R4 R7 R9

Egress LSR

Ingress LSR

R8 Explicit route = {R1, R4, R8, R9} R3 R5 LSP

Input to offline path calculation utility:

Ingress and egress points Physical topology Traffic matrix (statistics about city - router pairs)

Output:
Set of physical paths, each expressed

as an explicit route

23

Explicit Routes: Example 1

R6 R1 R2 R4 R7 R9

Egress LSR

Ingress LSR

R8 R3 R5

LSP from R1 to R9 Partial explicit route:

{loose R8, strict R9}

LSP physical path

R1 to R8 follow IGP path R8 to R9 directly connected
24

Explicit Routes: Example 2

R6 R1 R2 R4 R7 R9

Egress LSR

Ingress LSR

R8 R3 R5

LSP from R1 to R9 Full explicit route:

{strict R3, strict R4, strict R7, strict R9}

LSP physical path

R1 to R3 directly connected R3 to R4 directly connected R4 to R7 directly connected

R7 to R9 directly connected
25

Constraint-Based Routing
Egress LSR Ingress LSR

User defined LSP constraints

Online LSP path calculation Operator configures LSP constraints at ingress LSR
Bandwidth reservation
Include or exclude a specific link(s) Include specific node traversal(s)

Network actively participates in selecting an LSP path that meets the constraints
26

Constraint-Based Routing

Thirty-two named groups, 0 through 31 Groups assigned to interfaces

Silver

San Francisco
Bronze

Gold

27

Constraint-Based Routing
Choose

the path from A to I using:

admin group { include [gold sliver]; }

B
G I A D F E H

28

Constraint-Based Routing

A-C-F-G-I uses only gold or silver links

G I

A D

1
C

6
2
F H

29

Constraint-Based Routing: Example 1

Seattle

Chicago

San Francisco
Kansas City Los Angeles Atlanta

New York

label-switched-path SF_to_NY { to New_York; from San_Francisco; admin-group {exclude green} cspf}

Dallas

30

Constraint-Based Routing: Example 2

label-switched-path madrid_to_stockholm{ to Stockholm; from Madrid; admin-group {include red, green} cspf} Stockholm London

Paris Munich Geneva

Madrid

Rome

31 31

Other Neat MPLS Stuff

Secondary Fast

LSPs

Reroute

Label

Stacking

GMPLS

32

MPLS Secondary LSPs

San Francisco Data Center

New York Data Center

Primary LSP Secondary LSP

Standard LSP failover

Failure signaled

Standby Secondary LSP

Pre-established LSP Sub-second failover

to ingress LSR Calculate & signal new LSP Reroute traffic to new LSP
33

MPLS Fast Reroute

San Francisco Data Center

New York Data Center

Primary LSP Active Detour

Ingress signals fast reroute during LSP setup Each LSR computes a detour path (with same constraints) Supports failover in ~100s of ms

34

MPLS Label Stacking

3 Trunk LSP LSP 1 2 3 6 LSP 2 2 5 4 2 5 1

1 3 5

Label (20-bits)

CoS S

TTL

A label stack is an ordered set of labels Each LSR processes the top label Applications
Routing hierarchy Aggregate individual LSPs into a trunk LSP

VPNs
35

MPLS Label Stack: Example 1

Trunk LSP

1 3

2 5

MPLS Table
In (1, 25) (3, 35) Out (2, Push [42]) (2, Push [42])

MPLS Table
In (5, 42) Out (6, 18)

MPLS Table
In (2, 18) Out (5, Pop)

MPLS Table
In (4, 25) (4, 35) Out (2, 56) (5, 17)

36

MPLS Label Stack: Example 2

Trunk LSP

1 3

2 5

MPLS Table
In (1, 25) (3, 35) Out (2, Push [42]) (2, Push [42])

MPLS Table
In (5, 42) Out (6, 18)

MPLS Table
In (2, 18) Out (5, Pop)

MPLS Table
In (4, 25) (4, 35) Out (2, 56) (5, 17)

37

Label Stacking allows you to Reduce the Number of LSPs

LSP 1 LSP 2 LSP 1 LSP 2

LSP Trunk

LSP 3

LSP Trunk of Trunks

LSP Trunk

LSP 3

LSP 4

LSP 4

Label stacking to create a hierarchy of LSP trunks

38

Generalized MPLS (GMPLS) Formally known as MPL(amda)S

IP Service (Routers) Optical Core

Optical Transport (OXCs, WDMs)

Reduce complexity Reduce cost Router subsumes functions performed by other layers
Fast router interfaces eliminate the need for MUXs MPLS replaces ATM/FR for traffic engineering MPLS fast reroute obviates SONET APS restoration

Dynamic provisioning of optical bandwidth is required for growth and innovative service creation
39

GMPLS: LSP Hierarchy

PSC Cloud TDM Cloud LSC Cloud FSC Cloud
Fiber 1 Fiber n FA-PSC FA-TDM FA-LSC

LSC Cloud

TDM Cloud

PSC Cloud

Bundle

Explicit Label LSPs

Time-slot LSPs

l LSPs

Fiber LSPs

l LSPs

Time-slot Explicit LSPs Label LSPs

(multiplex low-order LSPs)

(demultiplex low-order LSPs)

Nesting LSPs enhances system scalability LSPs always start and terminate on similar interface types LSP interface hierarchy
Packet Switch Capable (PSC)

Lowest Time Division Multiplexing Capable (TDM) Lambda Switch Capable (LSC) Fiber Switch Capable (FSC) Highest
40

AGENDA

MPLS Overview Traffic Engineering VPNs

41

What Is Traffic Engineering?

Source Destination

Layer 3 Routing

Traffic Engineering

Ability to control traffic flows in the network

Optimize available resources Move traffic from IGP path to less congested path

42

Brief History
Early

1990s

Internet core was connected with T1 and T3

links between routers Only a handful of routers and links to manage and configure Humans could do the work manually Metric-based traffic control was sufficient

43

Metric-Based Traffic Engineering

Traffic

sent to A or B follows path with lowest metrics

A
1

44

Metric-Based Traffic Engineering

Drawbacks
Redirecting traffic flow to A via C causes traffic

for B to move also! Some links become underutilized or overutilized

A
1

45

Metric-Based Traffic Engineering

Drawbacks
Complexity made metric control tricky Adjusting one metric might destabilize network

46

Discomfort Grows
Mid

1990s

ISPs became uncomfortable with size of

Internet core Large growth spurt imminent Routers too slow Metric engineering too complex IGP routing calculation was topology driven, not traffic driven Router based cores lacked predictability

47

Overlay Networks are Born

ATM switches offered performance and predictable behavior ISPs created overlay networks that presented a virtual topology to the edge routers in their network Using ATM virtual circuits, the virtual network could be reengineered without changing the physical network Benefits

Full traffic control Per-circuit statistics More balanced flow of traffic across links

48

Overlay Networks
ATM

core ringed by routers PVCs overlaid onto physical network

A Physical View B

Logical View

A C B

49

vBNS ATM Design

Full UBR PVP mesh between terminal switches to carry Best Effort traffic
Cleveland Chicago Boston

Denver

New York City

Seattle

Perryman, MD

San Francisco

Washington DC

Los Angeles Houston 50

Atlanta

vBNS Backbone Network Map

Seattle
C

Boston

National Center for Atmospheric Research

C A

Ameritech NAP C Chicago

Cleveland A C

C C New York City

C Pittsburgh C A Supercomputing Center C National Center for Supercomputing Applications

C
C

Sprint NAP Perryman, MD

San Francisco C J Los Angeles C A C San Diego Supercomputer Center Denver C

C MFS NAP

Washington, DC

C Atlanta

A
C J

Ascend GRF 400 Cisco 7507 Juniper M40

DS-3

C
OC-3C OC-12C

Houston

FORE ASX-1000
NAP

OC-48

51

Overlay Nets Had Drawbacks

Growth in full mesh of ATM PVCs stresses everything Router IGP runs out of steam Practical limitation of updating configurations in each switch and router ATM 20% Cell Tax ATM SAR speed limitations OC-48 SAR very difficult/expensive to build OC-192 SAR?

52

In the mean time:

Routers

caught up

Current generation of routers have High speed, wire-rate interfaces Deterministic performance Software advances

MPLS

came along

Fuses best aspects of ATM PVCs with high-

performance routing engines Uses low-overhead circuit mechanism Automates path selection and configuration Implements quick failure recovery
53

MPLS for Traffic Engineering

Low-overhead virtual circuits for IP Originally designed to make routers faster

Fixed label lookup faster than longest match used by IP

routing Not true anymore

Value of MPLS is now in traffic engineering Other MPLS Benefits:

No second network

A fully integrated IP solution no second technology

Traffic engineering Lower cost A CoS enabler Failover/link protection Multi-service and VPN support
54

AGENDA

MPLS Overview Traffic Engineering VPNs

55

What Is a Virtual Private Network?

Corporate headquarters Intranet Shared Infrastructure Remote access

Branch office
Mobile users and telecommuters Suppliers, partners and customers

Extranet

A private network constructed over a shared infrastructure Virtual Private

An artificial object simulated by computers (not really there!) Separate/distinct environments Separate addressing and routing systems A collection of devices that communicate among themselves
56

Network

Deploying VPNs using Overlay Networks

Provider Frame Relay Network
CPE
FR switch

DLCI
FR switch

FR switch

CPE

CPE

FR switch

DLCI

FR switch

CPE

FR switch

DLCI

FR switch

CPE

CPE

Operational model Benefits

PVCs overlay the shared infrastructure (ATM/Frame Relay) Routing occurs at CPE Mature technologies Inherently secure Service commitments (bandwidth, availability, etc.)

Limitations

Scalability and management of the overlay model Not a fully integrated IP solution
57

MPLS: A VPN Enabling Technology

Service Provider Network
Site 1 Site 3

Site 2

Site 2

Site 3

Site 1

Benefits
Seamlessly integrates multiple networks Permits a single connection to the service provider Supports rapid delivery of new services Minimizes operational expenses Provides higher network reliability and availability
58

There are Three Types of VPNs

End

to End (CPE Based) VPNs

L2PT & PPTP IPSEC

Layer
CCC

2 VPNs

CCC & MPLS Hybrid

Layer3

VPNs

RFC 2547bis

59

End to End VPNs: L2TP and PPTP

V.x modem
Dial access server

L2TP tunnel

L2TP access server

PPP dial-up
Dial access server

Dial Access Provider

PPTP tunnel

Service Provider or VPN

PPTP access server

Application: Dial access for remote users Layer 2 Tunneling Protocol (L2TP) Point-to-Point Tunneling Protocol (PPTP) Both support IPSec for encryption Authentication & encryption at tunnel endpoints
60

RFC 2661 Combination of L2F and PPTP

Bundled with Windows/Windows NT

End to End VPNs: The IP Security Protocol (IPSec)

Defines the IETFs layer 3 security architecture

Applications:
Strong security requirements Extend a VPN across multiple service providers

Security services include:

Access control Data origin authentication Replay protection Data integrity Data privacy (encryption) Key management

61

End to End VPNs: IPSec Example

Public Internet Corporate HQ Branch office

CPE IPSec ESP Tunnel Mode

CPE

Routing must be performed at CPE Tunnels terminate on subscriber premise

Only CPE equipment needs to support IPSec Modifications to shared resources are not required

ESP tunnel mode

Authentication insures integrity from CPE to CPE Encrypts original header/payload across internet Supports private address space

62

Layer 2 VPNs: CCC/MPLS

CPE DLCI PE
600 ATM (or Frame Relay) DLCI 610 CCC Table
In Out

LSPs
LSP 2

LSP 5
LSP 6

PE
PE

DLCI 506

CPE
ATM (or Frame Relay)

(MPLS core)
In

DLCI 408 CCC Table

Out LSP 2 in LSP 5 DLCI 506

DLCI 600 LSP 2 in LSP 5

DLCI 610 LSP 6 in LSP 5

CCC Function

LSP 6 in LSP 5 DLCI 408

Benefits
Reduces provider configuration complexity
MPLS traffic engineered core Subscriber can run any Layer 3 protocol User Nets do not know there is a cloud in the middle

Limitations
Circuit type (ATM/FR) must be like to like
63

CCC Example: Abilene and ISP Service on one link

Big I Internet Traffic: ATM VC1 terminated, IP packets delivered to Qwest ISP

Qwest ISP Abilene

M40

University X ATM Access Abilene Traffic: ATM VC2 mapped to port facing Abilene

An M20/40/160 can both terminate ATM PVCs (layer 3 lookup) and support CCC pass-through on the same port.
64

vBNS used CCC and MPLS to tunnel IPv6 across their backbone for SC2000

CCC

vBNS/vBNS+ IPv4

CCC

Chicago
SC2000 in Dallas ATM
IPv6

ATM
IPv6

65

Layer 3 VPNs: RFC 2547 - MPLS/BGP VPNs

CPE

Service Provider Network

PE
FT

Site 1
CPE

PE

CPE
FT FT

Site 3
CPE

Site 2
CPE

P P P

Site 2
CPE
FT

Site 3

FT FT

Site 1

PE

PE

MPLS (Multiprotocol Label Switching) is used for forwarding packets over the backbone BGP (Border Gateway Protocol) is used for distributing routes over the backbone Multiple Forwarding Tables (FT) on some edge routers, one for each VPN
66

Questions?

67

Thank You
jjamison@juniper.net

http://www.juniper.net
68