Athanassios Liakopoulos Constantinos Kotsokalis JorgeA SanchezP Dimitrios Kalogeras

Presentation Outline n The SEEREN Network Connected NRENs ¨ Physical & Network Topology –

The SEEREN Network South Eastern European Research & Educational Network n SE Europe NRENs:

The SEEREN Topology Physical Topology: Local connections to an International Service Provider (OTEglobe) Poznan,

The SEEREN Topology n VPN Connectivity: via a Carrier-Supporting. Carrier (CSC) MPLS VPN CSC:

IPv 6 in SEEREN n Native IPv 6: Ruled out by the topology ¨

X MPLS Simplified CE P IP n Terminology n n ¨ ¨ Poznan, 6.

X MPLS VPNs Simplified n PE Interfaces are declared to belong to the same

What is Cs. C? How it Works? CE n Labels Lv P Lv IP

What is 6 PE? How it Works? CE n PE L 6 IPv 6

SEEREN 6 PE Configuration #1 hostname athens-2 ! ipv 6 unicast-routing ipv 6 cef

SEEREN 6 PE Configuration #2 MP-BGP CSC: Send Labels for IPv 4 routes. (Ote.

6 PE verification & troubleshooting athens-2#sh ip bgp nei 147. 91. 0. 112 BGP

6 PE verification & troubleshooting athens-2#sh bgp ipv 6 u labels | b 2001:

6 PE verification & troubleshooting athens-2#sh ipv 6 route 2001: 4170: : IPv 6

Conclusions n Fact: CSC was chosen for SEEREN ¨ ¨ For the Carrier ISP:

Questions? Thank You! Andreas Polyrakis A. Polyrakis@noc. ntua. gr Contact the Authors: Athanassios Liakopoulos,

Slides: 24

Download presentation

Athanassios Liakopoulos, Constantinos Kotsokalis, Jorge-A. Sanchez-P. Dimitrios Kalogeras, Andreas Polyrakis Gunter Van de Velde Greek Research & Technology Network (GRNET) National Technical University of Athens (NTUA) Cisco Systems IPv 6 Deployment Challenges on the SEEREN Infrastructure (… or 6 PE over CSC VPNs) presented by Andreas Polyrakis National Technical University of Athens Terena Networking Conference, June 2005, Poznan

Presentation Outline n The SEEREN Network Connected NRENs ¨ Physical & Network Topology – the CSC solution ¨ IPv 6 Deployment Scenarios ¨ n Introduction to CSC and 6 PE MPLS & MPLS VPNs short introduction ¨ What is CSC? ¨ What is 6 PE? ¨ n 6 PE over CSC - The SEEREN Case The Idea: Combining CSC and 6 PE ¨ How it works - Label Distribution and Packet Forwarding ¨ Configuration & Troubleshooting ¨ n Conclusions Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

The SEEREN Network South Eastern European Research & Educational Network n SE Europe NRENs: ¨ ¨ ¨ n n (SEEREN v 1 - Jan. ’ 04) GRNET (Greece) AMREJ (Serbia & Montenegro) ISTF (Bulgaria) MARNET (FYR of Macedonia) INIMA (Albania) BIHARNET (Bosnia - Herzegovina) Upstream: GRNET Backup Upstream: Ro. Edu. Net (via Athens’ POP ) Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

The SEEREN Topology Physical Topology: Local connections to an International Service Provider (OTEglobe) Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

The SEEREN Topology n VPN Connectivity: via a Carrier-Supporting. Carrier (CSC) MPLS VPN CSC: a special type of an MPLS VPN ¨ CSC is Layer 3 ¨ Resulting L 3 Topology: Full Mesh Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

IPv 6 in SEEREN n Native IPv 6: Ruled out by the topology ¨ ¨ n IPv 6 over IPv 4 tunnels: Last resort solution ¨ ¨ ¨ n Carrier network was not dual stack Even if it was, IPv 6 is not supported at CSC VPNs Simple, tested and it does work! Full mesh of tunnels are required, 2 n complexity (but n=5 ) Some features are not supported, eg. IPv 6 Qo. S 6 PE: An MPLS-based technology that allows customers to exchange IPv 6 traffic over an ipv 4 -only MPLS core network Transparent to the carrier (no upgrades/configuration changes) Qo. S would be possible through the MPLS EXP bits Minor upgrades and configuration changes, small disruption to the production ipv 4 network ¨ 6 PE is indented for inter-domain use! ¨ 6 PE over CSC? ? ? ¨ ¨ ¨ n n ¨ Will the label exchange protocols work over different domains? Will label swapping and packet forwarding work? Well, it does work! n Poznan, 6. 6. 2005 But it was not easy, lab setup (@cisco) was required to ensure that it works TNC 2005 GRNET / NTUA

X MPLS Simplified CE P IP n Terminology n n ¨ ¨ Poznan, 6. 6. 2005 TNC 2005 Lt IP P Lr Rb Labels Rc Labels IP PE Rd CE C 1 LDP ¨ ¨ ¨ One label is imposed on ingress based on destination IP Packets are forwarded based on that label Labels are swapped while packet is forwarded Penultimate Hop (in most cases) performs Penultimate Hop Popping (PHP); in this case the last hop receives an IP packet Last hop forwards the packet to the appropriate egress interface P LDP n MPLS: Packet Forwarding based on a Label between L 2 and L 3 header Labels are created for all ipv 4 IGP routes Labels are exchanged (with a Label Distribution Protocol – LDP or BGP) Packet Forwarding Ra Labels IP MPLS Cloud n PE CE: Customer Edge Router (C 1, C 2) PE: Provider Edge Router (Ra, Rd) P: Provider Core Router (Rb, Rc) LDP ¨ ¨ ¨ C 2 IP GRNET / NTUA

X MPLS VPNs Simplified n PE Interfaces are declared to belong to the same VPN Labels Inner: The label of the VPN route Outer: The label towards the egress router Lt Lv IP P Rc Labels Penultimate Hop Popping (PHP) Last Hop: Packet received with interior label only which identifies VPN & egress interface The last label is popped, the IP packet is forwarded to the CE router Poznan, 6. 6. 2005 Labels TNC 2005 Lr Lv IP PE Rd CE C 1 LDP Forwarding: Swap exterior label Rb LDP n P Packet Forwarding based on two labels imposed at the ingress point of the MPLS network ¨ n IP MPLS Cloud n Lv VPN Labels - MP-BGP VPN Routes + VPN Label are exchanged between PEs ¨ Protocol: MP-BGP (Multi-Protocol BGP) ¨ ¨ Ra LDP Label Distribution for VPNs ¨ n C 2 P IP VPN definition ¨ n CE IP GRNET / NTUA

What is Cs. C? How it Works? CE n Labels Lv P Lv IP How? The CSC-CE receives routes+labels for reaching all the other CSC-CEs ¨ A label is imposed between Cs. C-CE and Cs. C-PE ¨ This label is swapped with the two VPN labels by the CSC-PE ¨ The carrier only needs to maintain routing & label information about the CSC-CEs P Rb Labels LDP Cs. C-CEs exchange limited labels with Cs. CPE MPLS Cloud A VPN with very small virtual routing table (VRF) Lt n IP MPLS between Cs. C-CE and Cs. C-PE ¨ Ra Rc VPN Labels - MP-BGP Implements a L 3 MPLS VPN Designed for ISPs that are VPN customers of other (larger MPLS) ISP. ¨ n PE LDP n C 2 P IP CSC = Carrier-Supporting-Carrier X ¨ TNC 2005 Lr Lv IP PE Lc Rd IP CE LDP Poznan, 6. 6. 2005 Labels C 1 CSC Labels Via LDP or BGP GRNET / NTUA

What is 6 PE? How it Works? CE n PE L 6 IPv 6 P Rc Labels IPv 6 IP private one (This is not an ipv 6 Virtual Private Network!!!) Technical detail: IPv 4 addresses are mapped to IPv 6 for BGP nexthop Poznan, 6. 6. 2005 TNC 2005 PE 6 PE Rd CE C 1 LDP Differences with MPLS VPNs ¨ Refers to v 6, not v 4 Lr a L 6 Lv ¨ The IPv 6 global table is exchanged – not a virtual or n Labels LDP L 6 MPLS Cloud n Lt Rb IPv 6 Labels - MP-BGP P Table” (instead of the “VPN routing table”) ¨ PEs are reffered to as 6 PE Ra Labels 6 PE is similar to MPLS VPNs model in terms of technical implementation and complexity. IPv 6 Labels (+Routes) are exchanged again through MP-BGP P IPv 6 ¨ An outer label forwarding ¨ An inner label that corresponds to the “IPv 6 Routing n C 2 LDP n An MPLS-based method that allows an MPLSbased ISPs to offer IPv 6 interconnection services to their customers without upgrading the entire network to dual stack. X IPv 6 GRNET / NTUA

X CE C 2 P IP PE Ra C 1 Rc Labels Lr Lv L 6 IPv 6 IP CSC Labels Via LDP or BGP PE 6 PE Rd CE C 1 IPv 6 Labels - MP-BGP Poznan, 6. 6. 2005 P Rd IP CE IPv 6 Labels LDP Lc L 6 Rb LDP PE Lt LDP Labels IP + MPLS Cloud Lv IPv 6 P LDP Lr Rc 6 PE Ra Labels VPN Labels - MP-BGP P LDP IP MPLS Cloud Lv Rb C 2 P PE L 6 Labels CE IPv 6 IP P Lt The Idea LDP Labels Lv CSC Labels Via LDP or BGP X IPv 6 TNC 2005 GRNET / NTUA

X The Idea CE L 6 6 PE C 2 P IPv 6 Ra IPv 6 Lv L 6 IPv 6 Labels P Rc Lv L 6 IPv 6 PE Lc L 6 Poznan, 6. 6. 2005 Rd IPv 6 CE !!! LDP Labels Lc LDP Lb Rb VPN Labels - MP-BGP P MPLS Cloud = L 6 LDP Labels IPv 6 Labels - MP-BGP PE Lv CSC Labels Via LDP or BGP 6 PE C 1 TNC 2005 CSC Labels Via LDP or BGP GRNET / NTUA

X 6 PE over Cs. C CE L 6 IPv 6 Lv L 6 IPv 6 P Labels Rc Lv L 6 IPv 6 PE L 6 TNC 2005 Rd IPv 6 CE LDP Labels Lc LDP Lb Rb VPN Labels - MP-BGP P IPv 6 Labels - MP-BGP L 6 LDP Lv Lc Poznan, 6. 6. 2005 Ra Labels MPLS Cloud 6 PE functionality is installed on the CEs instead of the PEs! ¨ 6 PE peers belong to different administrative domains. ¨ Three Label Stack !!! ¨ Feasible, because CEPE connection uses MPLS. PE ¨ CSC Labels Via LDP or BGP P IPv 6 Integration of two techniques: 6 PE C 2 6 PE C 1 CSC Labels Via LDP or BGP GRNET / NTUA

SEEREN 6 PE Configuration #1 hostname athens-2 ! ipv 6 unicast-routing ipv 6 cef ! interface Loopback 0 ip address 194. 177. 210. 40 255 ! interface ATM 1/0/0. 1 point-to-point description SEEREN via Ote. Globe VPN ip address 62. 75. 33. 246 255. 252 ! interface Gigabit. Ethernet 3/0/0 description Athens 2 - Athens 3 ipv 6 address 2001: 648: 2 FFF: 106: : 2/126 ipv 6 router isis ! router isis … … Poznan, 6. 6. 2005 TNC 2005 Enable IPv 6 IPv 4 Link with Ote. Globe IPv 4 Loopback: Necessary for multihop BGP IPv 6 GRNET Network IPv 6 Routing Protocol. Populates the IPv 6 Routing Table GRNET / NTUA

SEEREN 6 PE Configuration #2 MP-BGP CSC: Send Labels for IPv 4 routes. (Ote. Globe) 6 PE: Send Labels for IPv 6 routes (AMREJ) Poznan, 6. 6. 2005 router bgp 5408 neighbor 62. 75. 33. 245 remote-as 12713 neighbor 62. 75. 33. 245 description OTEGLOBE PE neighbor 147. 91. 0. 112 remote-as 13092 neighbor 147. 91. 0. 112 description AMREJ-YUGOSLAVIA neighbor 147. 91. 0. 112 ebgp-multihop 5 neighbor 147. 91. 0. 112 update-source Loopback 0 ! address-family ipv 4 neighbor 62. 75. 33. 245 activate neighbor 62. 75. 33. 245 send-community neighbor 62. 75. 33. 245 remove-private-as neighbor 62. 75. 33. 245 soft-reconfiguration inbound neighbor 62. 75. 33. 245 send-label neighbor 147. 91. 0. 112 activate neighbor 147. 91. 0. 112 send-community neighbor 147. 91. 0. 112 remove-private-as neighbor 147. 91. 0. 112 soft-reconfiguration inbound ! address-family ipv 6 neighbor 147. 91. 0. 112 activate neighbor 147. 91. 0. 112 send-community neighbor 147. 91. 0. 112 remove-private-as neighbor 147. 91. 0. 112 soft-reconfiguration inbound neighbor 147. 91. 0. 112 send-label exit-address-family TNC 2005 GRNET / NTUA

6 PE verification & troubleshooting athens-2#sh ip bgp nei 147. 91. 0. 112 BGP neighbor is 147. 91. 0. 112, remote AS 13092, external link Description: AMREJ-YUGOSLAVIA BGP version 4, remote router ID 147. 91. 0. 112 BGP state = Established, up for 2 d 00 h Last read 00: 16, hold time is 90, keepalive interval is 30 seconds Configured hold time is 90, keepalive interval is 30 seconds Neighbor capabilities: Route refresh: advertised and received(new) Address family IPv 4 Unicast: advertised and received Address family IPv 6 Unicast: advertised and received ipv 6 MPLS Label capability: advertised and received athens-2#sh ipv 6 cef 2001: 4170: : /32 internal 2001: 4170: : /32 path list pointer 4355 B 5 E 0 1 path Nexthop path_pointer 43558 B 80 traffic share 1 path_list pointer 4355 B 5 E 0 nexthop : : FFFF: 147. 91. 0. 112 next_hop_len 0 adjacency pointer 4351 A 6 B 8 refcount 2 no loadinfo fast tag rewrite with AT 1/0/0. 1, point 2 point, tags imposed: {17 30} Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

6 PE verification & troubleshooting athens-2#sh bgp ipv 6 u labels | b 2001: 4170: : /32 : : FFFF: 147. 91. 0. 112 nolabel/30 athens-2#sh ip cef 147. 91. 0. 112/32, version 48051, epoch 0, cached adjacency to ATM 1/0/0. 1 0 packets, 0 bytes Flow: AS 12713, mask 32 tag information set, shared, all rewrites owned local tag: BGP route head fast tag rewrite with AT 1/0/0. 1, point 2 point, tags imposed: {18} via 62. 75. 33. 245, 4 dependencies, recursive next hop 62. 75. 33. 245, ATM 1/0/0. 1 via 62. 75. 33. 245/32 valid cached adjacency tag rewrite with AT 1/0/0. 1, point 2 point, tags imposed: {17} Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

6 PE verification & troubleshooting athens-2#sh ipv 6 route 2001: 4170: : IPv 6 Routing Table - 474 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP I 1 - ISIS L 1, I 2 - ISIS L 2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE 1 - OSPF ext 1, OE 2 - OSPF ext 2 B 2001: 4170: : /32 [20/0] via : : FFFF: 147. 91. 0. 112, IPv 6 -mpls athens-2#show bgp ipv 6 unicast 2001: 4170: : /32 BGP routing table entry for 2001: 4170: : /32, version 2313 Paths: (1 available, best #1, table Global-IPv 6 -Table) Advertised to update-groups: 2 13092, (received & used) : : FFFF: 147. 91. 0. 112 from 147. 91. 0. 112 (147. 91. 0. 112) Origin IGP, metric 0, localpref 100, valid, external, best Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

Conclusions n Fact: CSC was chosen for SEEREN ¨ ¨ For the Carrier ISP: Small virtual routing table For the NRENs: Scalability and Flexibility n IPv 6: Two deployment alternatives: 6 PE or IPv 4 tunnels n 6 PE was more elegant, but it was never deployed before over CSC ¨ ¨ n Several difficulties, lab setup first to ensure that it works Was only possible due to the MPLS existence among the 6 PE peers (NRN border routers) 6 PE is easy (after all) to deploy over CSC and it is flexible (eg, Qo. S) Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA

Questions? Thank You! Andreas Polyrakis A. Polyrakis@noc. ntua. gr Contact the Authors: Athanassios Liakopoulos, Constantinos Kotsokalis, Jorge-A. Sanchez-P. , GRNET, {aliako, ckotso, sanchez}@grnet. gr Dimitrios Kalogeras, Andreas Polyrakis, NTUA, {D. Kalogeras, A. Polyrakis}@noc. ntua. gr Gunter Van de Velde, Cisco Systems, gvandeve@cisco. com Poznan, 6. 6. 2005 TNC 2005 GRNET / NTUA