MPLS Basics and InDepth Overview of MPLS Fundamentals

MPLS Basics and In-Depth Overview of MPLS Fundamentals, Basic Operation, and In. Depth overview of Service Capabilities BNL Update June 29, 2004 Craig Hill Email: crhill@cisco. com Consulting SE – IP Core Federal Area Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All rights reserved. 1

MPLS Brief – Overview and In-depth Session MPLS Overview • This session will provide the fundamentals for understanding MPLS technology basics. The discussion will include MPLS evolution, terminology, functions of labels, label format, label distribution, as well as encapsulations and basic operation of an MPLS-enabled network. Cisco products supporting MPLS will also be briefly covered. MPLS In-Depth • Difficulty understanding what advantages MPLS can offer and "why" network architects would consider implementing MPLS into the core of their network? • This section will provide in-depth answers to these questions and explain the advantages and "Services" MPLS can offer Federal customers who are either looking to build an MPLS enabled core or utilize a service offering that is MPLS enabled. Services discussed will include VPN, Layer-2 transport, Qo. S, and IPv 6 transport among others. MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 2

Agenda • MPLS History • Technology Basics • Operation Examples • Cisco Product Overview

Evolution of MPLS • Origins from Tag Switching • Proposed in IETF—Later combined with ideas from other proposals from IBM (ARIS), Toshiba (CSR) Cisco Calls a BOF at IETF to Standardize Tag Switching Time 1996 MPLS Intro and Services Update MPLS Croup Formally Chartered by IETF Cisco Ships Traffic Engineering Deployed MPLS TE Cisco Ships MPLS (Tag Switching) 1997 1998 ATo. M, VPLS, DS-TE Deployed MPLS VPN Deployed 1999 © 2004, Cisco Systems, Inc. All rights reserved. Large Scale Deployments 2000 2001 2004 4

Why MPLS? • Integrate best of Layer 2 and Layer 3 -Intelligence of IP Routing - performance of high-speed switching -Legacy service transport -Qo. S -VPN Semantics -Link layers include: -Ethernet, Po. S, ATM, FR Note: MPLS and IP could be optimal solution for overall IP Services Architecture. MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 5

MPLS as a Foundation for Value Added Services VPNs Traffic Engineering IP+ATM IP+Optical GMPLS Any Transport Over MPLS Network Infrastructure MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 6

MPLS Technology Basics Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc.

MPLS Technology Basics • IP Routing • Labels • Control and Forwarding Plane Separation • Label Distribution • MPLS Environment • Label-based Forwarding MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 8

IP Routing Address Prefix I/F 128. 89 1 128. 89 0 171. 69 1 … … Route Update 0 0 1 128. 89. 25. 4 Data Packets Forwarded Based on IP Address MPLS Intro and Services Update 128. 89 171. 69 © 2004, Cisco Systems, Inc. All rights reserved. 9

MPLS Technology Basics • IP Routing • Labels • Control and Forwarding Plane Separation • Label Distribution • MPLS Environment • Label-based Forwarding MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 10

Encapsulations Frame Relay Label Header Layer 3 Header PPP Header (Packet over SONET/SDH) PPP Header Label Header Layer 3 Header * LAN MAC Label Header MAC Header Label Header Layer 3 Header * LAN MAC Label Header also used for MPLS packets over an ATM Forum PVC SNAP Header. (Ethertype = 0 x 8847/8848) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 11

Label Header for Packet Media 0 1 2 3 4 5 6 7 8 9 0 1 Tag Label = 20 bits S = Bottom of Stack, 1 bit COS S TTL COS/EXP = Class of Service, 3 bits TTL = Time to Live, 8 bits • Can be used over Ethernet, 802. 3, or PPP links • Uses two new Ethertypes/PPP PIDs (in MAC hdr) • Contains everything needed at forwarding time • One word per label MTU beyond 1518 for Ethernet can be accounted for when adding labels by the “mpls mtu” command. MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 12

Label Stacking • Arrange labels in a stack • Inner labels can be used to designate services/FECs, etc. E. g. VPNs, fast re-route, alternate forwarding • Outer label used to route/switch the MPLS packets in the network (e. g. for VPN, outer label used forwarding to remote PEs and bottom label for differentiating VPN at remote PE). Outer Label • Allows building services such as: TE Label MPLS VPNs IGP Label Traffic engineering and fast re-route VPN Label VPNs over traffic engineered core Any transport over MPLS Intro and Services Update Inner Label © 2004, Cisco Systems, Inc. All rights reserved. IP Header 13

MPLS Technology Basics • IP Routing • Labels • Control and Forwarding Plane Separation • Label Distribution • MPLS Environment • Label-based Forwarding MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 14

Control and Forward Plane Separation RIB Routing Process Route Updates/ Adjacency Control Plane LIB MPLS Process Label Bind Updates/ Adjacency Data Plane LFIB MPLS Traffic MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. IP Traffic 15

MPLS Technology Basics • IP Routing • Labels • Control and Forwarding Plane Separation • Label Distribution • MPLS Environment • Label-based Forwarding MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 16

Label Distribution Protocol (LDP) • Defined in RFC 3036 and 3037 • Used to distribute labels in a MPLS network • Forwarding Equivalence Class (FEC) How packets are mapped to LSPs (Label Switched Paths) • Advertise labels per FEC Reach destination a. b. c. d with label x (per IPL 3 DA in RIB) • Neighbor discovery UDP and TCP Ports UDP port for LDP Hello messages = 646 TCP port for establishing LDP session connections = 646 MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 17

TDP and LDP • Tag Distribution Protocol Pre-cursor to LDP Used for Cisco tag switching • TDP and LDP supported on the same box Per neighbor/link basis Per target basis MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 18

RSVP and Label Distribution • Used in MPLS Traffic Engineering • Additions to base RSVP signaling protocol • Leverage the admission control mechanism of RSVP • Label requests are sent in PATH messages and binding is done with RESV messages Note: CR-LDP is another option for label distribution, but is no longer used or implemented MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 19

BGP-Based Label Distribution • Used in the context of MPLS VPNs • Need multi-protocol extensions to BGP Referred to at M-BGP Uses AFI/SAFI • Extension to the BGP protocol in order to carry routing information about other protocols Multicast MPLS IPv 6 VPN-IPv 4 Labeled IPv 6 unicast (6 PE) VPN-IPv 6 (6 VPE) • Exchange of Multi-Protocol NLRI must be negotiated at session set up Utilizes BGP Capabilities Advertisement negotiation procedures • VPN edge routers need to be BGP peers • Label mapping info carried as part of NLRI (Network Layer Reachability Information) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 20

MPLS Technology Basics • IP Routing • Labels • Control and Forwarding Plane Separation • Label Distribution • MPLS Environment • Label-based Forwarding MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 21

General Context • At Edge (ingress): Classify packets Label them (CE) – Customer Edge • In Core: Forward using labels (as opposed to IP addr) Label indicates service class and destination Edge Label Switch Router (LSR) (PE) – Provider Edge (P) – Provider Label Distribution Protocol (LDP/TDP, RSVP, BGP) • At Edge (egress): Remove Label (PE) – Provider Edge MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 22

Operation • Traditional routing Each router holds entire routing table and forwards to next hop (destination based routing); routes on L 3 Destination address • MPLS combines L 3 routing with label swapping and forwarding • MPLS Forwarding Label imposed at ingress (ingress to label-switched portion of network) router. Generally, all forwarding decisions then made on label only – no routing table lookups but TFIB table lookups. Tag stripped at egress MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 23

MPLS Technology Basics • IP Routing • Labels • Control and Forwarding Plane Separation • Label Distribution • MPLS Environment • Label-based Forwarding MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 24

MPLS Example: Routing Information Out In Address Out Label I’face Label Prefix 128. 89 1 128. 89 0 171. 69 1 … … Out In Address Out Label I’face Label Prefix 128. 89 0 … … 0 0 1 You Can Reach 128. 89 and 171. 69 Thru Me Routing Updates (OSPF, EIGRP, …) MPLS Intro and Services Update 128. 89 You Can Reach 128. 89 Thru Me 1 You Can Reach 171. 69 Thru Me © 2004, Cisco Systems, Inc. All rights reserved. 171. 69 25

MPLS Example: Assigning Labels Out In Address Out Label I’face Label Prefix - 128. 89 1 4 4 128. 89 0 9 - 171. 69 1 5 5 171. 69 1 7 … … … … Out In Address Out Label I’face Label Prefix 9 128. 89 0 - … … 0 128. 89 0 1 Use Label 9 for 128. 89 Use Label 4 for 128. 89 and Use Label 5 for 171. 69 Label Distribution Protocol (LDP) (downstream allocation) MPLS Intro and Services Update 1 171. 69 Use Label 7 for 171. 69 © 2004, Cisco Systems, Inc. All rights reserved. 26

MPLS Example: Forwarding Packets Out In Address Out Label I’face Label Prefix - 128. 89 1 4 4 128. 89 0 9 - 171. 69 1 5 5 171. 69 1 7 … … … … Out In Address Out Label I’face Label Prefix 9 128. 89 0 - … … MPLS network egress point 0 128. 89 0 1 128. 89. 25. 4 9 128. 89. 25. 4 Data 1 128. 89. 25. 4 Data 4 128. 89. 25. 4 Data Label Switch Forwards Based on Label MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 27

Cisco Products Supporting MPLS Intro to MPLS – AT Seminar © 2004, Cisco Systems,

Cisco Platforms Supporting MPLS (in a Single Slide) Platform Support • 2691 Notes • 3631 • Platforms shown were derived for • 3640 supporting MPLS-VPN and LDP. • 3660 • Some lower-end platforms support • 3725 several basic MPLS CE features • 3745 Multi-VRF CE (aka VRF-Lite). These • 7200 include: • 7300 • 3550 (Requires EMI) • 7400 • 7500 • 2600 Series Routers • 10000 • Cisco 7600 Supports L 2/L 3 MPLS • 10700 Features w/ MSFC 2/PFC 2 • 12000 • New SUP 720 -3 b. XL processor, • 12000 -PRP primary choice for MPLS function • AS 5350 in Catalyst 6500/Cisco 7600 • IGX 8400 -URM/RPM-RP/XF • Catalyst 6 K/7600 SUP 2/MSFC 2 • Cisco 7600 – SUP 720 -3 BXL Important: Some features are dependent on product model, interface modules (i. e. Line Cards & Port Adapters), and/or require a software feature license. MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 29

MPLS In-Depth Overview of MPLS Services and Applications currently being Deployed Intro to MPLS

Agenda • MPLS Drivers - Reasons for deploying MPLS • • MPLS Intro and Services Update MPLS Applications - MPLS VPN – Layer-3 - Detailed Overview - IOS Examples - MPLS Layer-2 Transport - PWE 3/ATo. M - Application Example - MPLS Traffic Engineering - Fast-Re. Route for Bandwidth Protection - MPLS Qo. S - Diffserv over MPLS - Diffserv TE (DS-TE) - Guaranteed Bandwidth Service Applications -Useful Implementations Combining Multiple MPLS Services -IP version 6 (IPv 6) Transport Methods over MPLS - 6 PE/6 VPE (IPv 6 Edge and VPN Support) Useful URL’s (Reference Information) © 2004, Cisco Systems, Inc. All rights reserved. 31

Why MPLS? - Major Drivers • Provide IP VPN Services Scalable IP VPN service – Build once and sell many Managed Central Services – Building value add services and offering them across VPNs (i. e. Multicast, Address Mgmt) • Managing traffic on the network using MPLS Traffic Engineering Providing tighter SLA/Qo. S (Guaranteed B/W Services) Protecting bandwidth - Bandwidth Protection Services are enabling Service Providers to look at alternate approaches to SONET APS • Integrating Layer 2 & Layer 3 Infrastructure Layer 2 services such as Frame Relay and ATM over MPLS Mimic layer 2 services over a highly scalable layer 3 infrastructure MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 32

Customer Deployment • We are now up to 225+ (Total – SP+Enterprise) deployed customers in production networks Some case studies Documented Very large deployments include a single customer requiring: 30 K CEs, ~1000 PEs • MPLS VPNs continues to be majority deployments • ATo. M is the majority in the recent deployments • TE Catching on fast Simple mechanism – unequal cost load balancing • Qo. S Service offering in the MPLS Services MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 33

MPLS Applications Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All

MPLS Layer 3 VPNs Intro to MPLS – AT Seminar © 2004, Cisco Systems,

Virtual Network Models Virtual Networks Virtual Private Networks Overlay VPN Layer-2 VPN X. 25 F/R ATM MPLS Intro and Services Update Virtual LANs Peer-to-Peer VPN Layer-3 VPN GRE Virtual Dialup Networks Access lists (Shared router) Split routing (Dedicated router) MPLS/VPN IPSec © 2004, Cisco Systems, Inc. All rights reserved. 36

Overlay Network • Provider sells a circuit service • Customers purchases circuits to connect sites, runs IP • N sites, (N*(N-1))/2 circuits for full mesh—expensive Provider (FR, ATM, etc. ) • The big scalability issue here is routing peers— N sites, each site has N-1 peers • Hub and spoke is popular, suffers from the same N-1 number of routing peers • Hub and spoke with static routes is simpler, still buying N-1 circuits from hub to spokes • Spokes distant from hubs could mean lots of long-haul circuits MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 37

Peer Network • Provider sells an MPLS-VPN service • Customers purchases circuits to connect sites, runs IP • N sites, N circuits into provider • Access circuits can be any media at any point (FE, POS, ATM, T 1, dial, etc. ) • Full mesh connectivity without full mesh of L 2 circuits • Hub and spoke is also easy to build • Spokes distant from hubs connect to their local provider’s POP, lower access charge because of provider’s size • The Internet is a large peer network MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. Provider (MPLS-VPN) 38

MPLS L 3 VPNs using BGP (RFC 2547) • End user perspective Virtual Private IP service Simple routing – just point default to provider Full site-site connectivity without the usual drawbacks (routing complexity, scaling, configuration, cost) • Major benefit for provider – scalability VPN B VPN A VPN C VPN B VPN A VPN C VPN B MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 39

MPLS VPN Topology CEA 2 VPN B/Site 1 CE 1 B 1 11. 1/16 12. 1/16 CEB 2 Static RIP CE B 1 RIP BGP PE 1 PE 2 VPN B/Site 2 P 2 CEA 3 RIP Static CEA 1 11. 2/16 RIP P 1 2 VPN C/Site 2 P 3 BGP PE 3 CEB 3 16. 1/16 VPN A/Site 1 MPLS Intro and Services Update 12. 2/16 16. 2/16 VPN A/Site 2 VPN C/Site 1 © 2004, Cisco Systems, Inc. All rights reserved. 40

VPN Routing and Forwarding Instance (VRF) • PE routers maintain separate routing tables Global routing table Contains all PE and P routes (perhaps BGP) Populated by the VPN backbone IGP VRF (VPN routing and forwarding) Routing and forwarding table associated with one or more directly connected sites (CE routers) VRF is associated with any type of interface, whether logical or physical (e. g. sub/virtual/tunnel) Interfaces may share the same VRF if the connected sites share the same routing information Not virtual routers, just virtual routing and forwarding MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 41

PE Router – Global Routing Table Output PE 2#sh ip route Gateway of last resort is not set C 192. 168. 1. 0/24 is directly connected, Ethernet 0/0 192. 168. 100. 0/32 is subnetted, 3 subnets O 192. 168. 100. 1 [110/11] via 192. 168. 1. 1, 00: 04: 27, Ethernet 0/0 C 192. 168. 100. 2 is directly connected, Loopback 0 O 192. 168. 100. 3 [110/11] via 192. 168. 1. 3, 00: 04: 27, Ethernet 0/0 Routes from PE 1’s Global Routing Table 192. 168. 100. 2 CE 2 MPLS Intro and Services Update PE 2 192. 168. 100. 1 OSPF © 2004, Cisco Systems, Inc. All rights reserved. PE 1 42

PE Router – VRF Routing Table Output PE 2#sh ip route vrf RED Routing Table: RED Gateway of last resort is 192. 168. 100. 1 to network 0. 0 172. 16. 0. 0/16 is variably subnetted, 8 subnets, 3 masks C 172. 16. 25. 0/30 is directly connected, Serial 4/0 C 172. 16. 25. 2/32 is directly connected, Serial 4/0 B 172. 16. 20. 0/24 [20/0] via 172. 16. 25. 2, 00: 07: 04 10. 0/24 is subnetted, 1 subnets B 10. 0 [200/307200] via 192. 168. 100. 1, 00: 06: 28 B* 0. 0/0 [200/0] via 192. 168. 100. 1, 00: 07: 03 Routes from PE 1 172. 16. 20. 0/24 CE 2 172. 16. 25. 2 PE 2 i. BGP VPNv 4 PE 1 10. 0/24 172. 16. 25. 1 MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 43

Virtual Routing and Forwarding Instances • Define a unique VRF for interface 0 • Define a unique VRF for interface 1 • Packets will never go between int. 0 and 1 • Uses VPNv 4 to exchange VRF routing information between PE’s VPN Routing Table 195. 12. 2. 0/24 VPN-A CE VRF for VPN-A PE 1 VRF for VPN-B CE 146. 12. 7. 0/24 • No MPLS yet… MPLS Intro and Services Update 0 © 2004, Cisco Systems, Inc. All rights reserved. Global Routing Table 44

VRF Route Population Separate Physical Links VPN 1 Customer-2 CE MPLS Domain CE Customer-1 e. BGP, EIGRP, OSPF, RIPv 2, Static PE i. BGP Domain Separate router per Customer/VPN • • VRF is populated locally through PE and CE routing protocol exchange RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing “connected” is also supported (i. e. Default-gateway is PE) Separate routing context for each VRF routing protocol context (BGP-4 & RIP V 2) separate process (OSPF) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 45

Carrying VPN Routes in BGP • VRFs by themselves aren’t all that useful • Need some way to get the VRF routing information off the PE and to other Pes • This is done with BGP MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 46

Additions to BGP to Carry MPLS-VPN Info • RD: Route Distinguisher • VPNv 4

Route Distinguisher ! ip vrf red rd 1: 1 route-target export 1: 1 route-target import 1: 1 • To differentiate 10. 0/8 in VPN-A from 10. 0/8 in VPN-B • 64 -bit quantity • Configured as ASN: YY or IPADDR: YY Almost everybody uses ASN • Purely to make a route unique Unique route is now RD: Ipaddr (96 bits) plus a mask on the IPAddr portion So customers don’t see each others routes MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 48

! ip vrf red rd 1: 1 route-target export 1: 1 route-target import 1: 1 Route Target • To control policy about who sees what routes • 64 -bit quantity (2 bytes type, 6 bytes value) • Carried as an extended community • Typically written as ASN: YY • Each VRF ‘imports’ and ‘exports’ one or more RTs Exported RTs are carried in VPNv 4 BGP Imported RTs are local to the box • A PE that imports an RT installs that route in its routing table MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 49

VPNv 4 • In BGP for IP, 32 -bit address + mask makes a unique announcement • In BGP for MPLS-VPN, (64 -bit RD + 32 -bit address) + 32 -bit mask makes a unique announcement • Since the route encoding is different, need a different address family in BGP • VPNv 4 = VPN routes for IPv 4 As opposed to IPv 4 or IPv 6 or multicast-RPF, etc… • VPNv 4 announcement carries a label with the route “If you want to reach this unique address, get me packets with this label on them” MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 50

MPLS Layer-3 VPN Operation Example Intro to MPLS – AT Seminar © 2004, Cisco

VRF Population of MP-BGP Paris London CE CE BGP, OSPF, RIPv 2 update 149. 27. 2. 0/24, NH=CE-1 PE-1 VPN-v 4 update: RD: 1: 27: 149. 27. 2. 0/24, Next-hop=PE-1 RT=VPN-A Label=(28) PE-2 Service Provider Network • PE routers translate into VPN-V 4 route Assigns an RD, SOO (if configured) and RT based on configuration Re-writes Next-Hop attribute (to PE loopback) Assigns a label based on VRF and/or interface Sends MP-BGP update to all PE neighbors MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 52

VRF Population of MP-BGP VPN-v 4 update is translated into IPv 4 address and put into VRF VPN-A as RT=VPNA and optionally advertised to any attached sites Paris CE BGP, OSPF, RIPv 2 update 149. 27. 2. 0/24, NH=CE-1 PE-1 VPN-v 4 update: RD: 1: 27: 149. 27. 2. 0/24, Next-hop=PE-1 RT=VPN-A Label=(28) London CE PE-2 Service Provider Network • Receiving PE routers translate to IPv 4 Insert the route into the VRF identified by the RT attribute (based on PE configuration) • The label associated to the VPN-V 4 address will be set on packets forwarded towards the destination MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 53

MPLS/VPN Packet Forwarding • Between PE and CE, regular IP packets (currently) • Within the provider network—label stack Outer label: “get this packet to the egress PE” Inner label: “get this packet to the egress CE” • MPLS nodes forward packets based on TOP label!!! any subsequent labels are ignored • Penultimate Hop Popping procedures used one hop prior to egress PE router (shown in example) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 54

MPLS/VPN Packet Forwarding In Label FEC Out Label - 197. 26. 15. 1/32 41 VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 41 28 149. 27. 2. 27 Paris 149. 27. 2. 0/24 149. 27. 2. 27 London • Ingress PE receives normal IP packets • PE router performs IP Longest Match from VPN FIB, finds i. BGP next-hop and imposes a stack of labels <IGP, VPN> MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 55

MPLS/VPN Packet Forwarding In Label 28(V) FEC Out Label In Label FEC Out Label 149. 27. 2. 0/24 - 41 197. 26. 15. 1/32 POP VPN-A VRF 149. 27. 2. 0/24, NH=Paris VPN-A VRF 149. 27. 2. 0/24, NH=197. 26. 15. 1 Label=(28) PE-1 149. 27. 2. 27 28 149. 27. 2. 27 41 28 149. 27. 2. 27 Paris 149. 27. 2. 0/24 149. 27. 2. 27 London • Penultimate PE router removes the IGP label Penultimate Hop Popping procedures (implicit-null label) • Egress PE router uses the VPN label to select which VPN/CE to forward the packet to • VPN label is removed and the packet is routed toward the VPN site MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 56

Things to Note • Core does not run VPNv 4 BGP! Same principle can be used to run a BGP-free core for an IP network • CE does not know it’s in an MPLS-VPN • Outer label is from LDP/RSVP Getting packet to egress PE is mutually independent to MPLS-VPN • Inner label is from BGP Inner label is there so the egress PE can have the same network in multiple VRFs MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 57

VRF Route Population Separate Physical Links VPN 1 Customer-2 CE MPLS Domain CE Customer-1 e. BGP, EIGRP, OSPF, RIPv 2, Static PE i. BGP Domain Separate router per Customer/VPN • VRF is populated locally through PE and CE routing protocol exchange RIP Version 2, OSPF, BGP-4, EIGRP, & Static routing “connected” is also supported (i. e. Default-gateway is PE) • Separate routing context for each VRF routing protocol context (BGP-4 & RIP V 2) separate process (OSPF) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 58

Multi-VRF CE (VRF-lite) VPN 1 • Single Physical Link • Logical Link per VRF • Layer-2 must support logical separation • 802. 1 q, FR/ATM VC’s NO Labels Required MPLS Domain VPN 2 CE Routing Updates PE i. BGP Domain Single router supporting Multiple VRF Instances • Each VRF separation on the PE is extended to the CE • Separation is maintained via layer-2 transport that support “logical” separation (e. g. 802. 1 Q, FR/ATM VC’s • CE router must be capable of supporting VRF’s • CE is not required to support MPLS labels • Routing protocol options from CE-PE remain the same (e. g. BGP, RIPv 2, OSPF, EIGRP, static) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 59

Customers Connecting to a Layer-3 VPN Service • What routing protocol is supported by the carrier (CE-PE)? • What address space do they allow for CE-PE subnet? • What layer-2 transport is required/supported from CE-PE? • Do they provide a Qo. S SLA? • Concerning Qo. S, do they require DSCP or To. S settings from the CE to their PE? • Do they manipulate DSCP/To. S based on congestion in their network? • What other services do they have on their roadmap of “Service Offerings” (Example: IPv 6, IP Multicast, Tighter Qo. S SLA offering, other? ? ) • Understand the resiliency in the core • Do they offer LEC diversification or “bypass”? MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 60

Validating Cisco MPLS Based IP-VPN as a Secure Network Miercom independent testing confirmed Cisco MPLS VPN is secure: ü Customers network topology is not revealed to the outside world ü Customers can maintain own addressing plans and the freedom to use either public or private address space ü Attackers cannot gain access into VPNs or Service Provider’s network Test Network Topology ü Impossible for attacker to insert Security “spoofed” label into a Cisco MPLS network and thus gain access to a VPN or the MPLS core http: //mier. com/reports/cisco/MPLS-VPNs. pdf MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 61

Managed Shared Services Are The Future of Centralized Services Cisco IOS® - Key enabler to Centralized Add-on Services in MPLS-VPN’s Centralized Hosting Services Co-Location Centralized Services L 2/L 3 Connectivity For VPNs Data Center Space Basic Hosting Managed Security Managed Network Services Platform Services Centralized Application Services E-Comm App Mgmt Business Logic Customer Relation Multicast VPN IP Address Management VPN Aware NAT VPN Aware HSRP/VRRP VPN Select Value Added Services MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 62

m. VPN : Concept & Fundamentals Receiver 4 Join high bandwidth source CE CE A Receiver 1 PE A San Francisco E PE PE MPLS VPN Core B Default MDT E • The MPLS Core forms a Default MDT for a given Customer CE • A High-bandwidth source for that customer starts sending traffic F For low Bandwidth & control traffic only. Los Angeles CE New York B 2 B 1 • Customer CE devices joins the MPLS Core through provider’s PE devices CE Data MDT PE For High Bandwidth traffic only. D CE PE D C Dallas C Receiver 3 High bandwidth multicast source MPLS Intro and Services Update Join high bandwidth source CE • Interested receivers 1 & 2 join that High Bandwidth source • Data-MDT is formed for this High-Bandwidth source Receiver 2 © 2004, Cisco Systems, Inc. All rights reserved. 63

MPLS Layer-2 Transport Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc.

Pseudo Wire – Cisco IETF Technology Adoption • Layer 2 Transport – L 2 TPv 3 • draft-ietf-l 2 tpext-l 2 tp-base-07. txt • draft-ietf-l 2 tpext-l 2 tpmib-base-01. txt – MPLS (P 2 P, formerly draft-martini) • draft-ietf-pwe 3 -control-protocol-01. txt • draft-ietf-pwe 3 -[atm, frame-relay, ethernet, etc. ] • Layer 2 VPN (VPLS) – draft-lasserre-vkompella-ppvpn-vpls-02. txt • Auto-Provisioning – draft-ietf-ppvpn-bgpvpn-auto-02. txt (BGP auto-discovery) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 65

ATo. M Any Transport Over MPLS Layer 2 Transport for MPLS Networks • HDLC/PPP • Frame Relay • Ethernet (802. 1 Q) • ATM AAL 5 & Cell Relay MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 66

Motivation for ATo. M • Protect existing investment while building packet core Frame Relay and ATM Non-IP protocols – SNA, IPX • Trunk customer traffic Trunk customer’s IGP across the provider backbone Especially when the customer is connecting over disparate media • Provider devices forward customer packets based on Layer 2 information Circuits (ATM/FR), MAC address CPE-based Tunnels (e. g. IPSEC) analogous to circuits Possibility of a new service (VPLS – emulated LAN) • Good fit for customers that either Simply want connectivity Have non-IP protocols MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 67

ATo. M – VC Information Exchange • VC labels are exchanged across a directed LDP session between PE routers Carried in Generic Label TLV within LDP Label Mapping Message (RFC 3036 -LDP) • New LDP FEC element defined to carry VC information FEC element type ‘ 128 – Virtual Circuit FEC Element’; Carried within LDP Label Mapping Message • VC information exchanged using Downstream Unsolicited label distribution procedures Described in draft-martini-l 2 circuit-trans-mpls MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 68

ATo. M – Label Mapping Exchange PE 2 repeats steps 1 -5 so that bidirectional label/VCID mappings CE are established CE 1 1. L 2 transport route entered on ingress PE 3. PE 1 allocates VC label for new interface & binds to configured VCID PE 1 4. PE 1 sends label mapping message containing VC FEC TLV & VC label TLV PE 2 2. PE 1 starts LDP session with PE 2 if one does not already exist Tunnel Label VC Label 5. PE 2 receives VC FEC TLV & VC label TLV that matches local VCID PDU Bi-directional Label/VCID mapping exchange MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 69

Layer 2 Integration – ATM/FR over MPLS • Qo. S Options, Mapping: L 2 IP EXP Two different requirements for the transport of ATM across an MPLS backbone Any Transport over MPLS (ATo. M) Tunnel - Transport of AAL 5 encapsulated frames (RFC 1483); - Transport of ATM cells (cell relay) Cells/frames with labels MPLS Backbone PE Virtual Leased Line PE ATM/FR Virtual Circuits • ATo. M FR will support DLCI to DLCI switching CPE Router Both local and distributed connectivity; PE will act as DCE or NNI Interface; CPE Router Different encapsulation may be used on both ends of the PVC e. g Cisco encapsulation on one end and IETF (RFC 1490) encapsulation on the other end MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 70

Layer 2 Integration - Ethernet over MPLS Ethernet Segment ISP C MPLS Network Enterprise LAN ISP A PE ISP 2 ISP B PE PE PE ISP 1 PE ISP 3 PE Ethernet Segment Enterprise LAN • Port-mode Allows a frame coming into an interface to be packed into an MPLS packet • VLAN-mode Forwards frames from a SRC 802. 1 Q VLAN to a DST 802. 1 Q VLAN MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 71

PPP/HDLC over MPLS End to End PPP Session DSL Cable BBFW Remote Hosting & Backhaul Content Cache DNS, AAA Broadband Access MPLS Network Customer Edge PPP/HDLC over MPLS End to End PPP/HDLC Session MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 72

Example: ATM KG connection over ATM Cell Relay (ATo. M) 7505 -ATo. M-PE#sh atm vc VCD / Interface Name 2/0/0. 100 4 VPI 0 Peak Avg/Min Burst Kbps Cells Sts 149760 N/A UP ATM KG P OC-3 . 2 PE 1 7505 2. 0/24. 1. 1 L 0: 192. 168. 100. 10/32 FE OC-3 7507 192. 168. 0. 0/24 . 1 4. 0/24 3. 0/24 PVC 0/200 . 2 FE interface ATM 2/0/0 no ip address no atm ilmi-keepalive no atm enable-ilmi-trap! ! interface ATM 2/0/0. 200 point-to-point no atm enable-ilmi-trap pvc 0/200 l 2 transport encapsulation aal 0 xconnect 192. 168. 100. 12 200 encapsulation mpls MPLS Intro and Services Update Encaps AAL 0 L 0: 192. 168. 100. 11/32 ATM KG PVC 0/200 VCI Type 100 PVC PE 2 7200 Pseudo-wire LSP L 0: 192. 168. 100. 12/32 interface ATM 2/0/0 no ip address no atm ilmi-keepalive no atm enable-ilmi-trap! ! interface ATM 2/0/0. 200 point-to-point no atm enable-ilmi-trap pvc 0/200 l 2 transport encapsulation aal 0 xconnect 192. 168. 100. 10 200 encapsulation mpls © 2004, Cisco Systems, Inc. All rights reserved. 73

MPLS ATo. M “show” Output 7200 -ATo. M-PE# show mpls l 2 vc detail 7200 -ATo. M-PE# show mpls l 2 vc Local intf Local circuit -------------------AT 4/0 ATM VPC CELL 0 Dest address -------- VC ID Status ---------- 192. 168. 100. 10 200 UP Local interface: AT 2/0/0 up, line protocol up, ATM VPC CELL 0 Destination address: 192. 168. 100. 10, VC ID: 200, VC status: up Preferred path: not configured Default path: active Tunnel label: imp-null, next hop point 2 point Output interface: Tu 200, imposed label stack {16} Create time: 23: 16: 48, last status change time: 16: 53: 49 Signaling protocol: LDP, peer 192. 168. 100. 12: 0 up MPLS VC labels: local 16, remote 16 Group ID: local 0, remote 0 MTU: local n/a, remote n/a Remote interface description: Sequencing: receive disabled, send disabled VC statistics: packet totals: receive 9693985, send 777914411 byte totals: receive 581639100, send 3725191700 packet drops: receive 0, send 0 MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 74

Building on theme – One Network Any Access • Any to Any connectivity (Future) Interworking between disparate transports Use ATo. M control plane to do service interworking Frame Relay to ATM Frame Relay to Ethernet to ATM Frame Relay to HDLC/PPP Ethernet to POS. . MPLS Frame Relay ATM Ethernet PPP Cisco HDLC MPLS Intro and Services Update Frame Relay ATM Ethernet PPP Cisco HDLC © 2004, Cisco Systems, Inc. All rights reserved. 75

VPLS – Building Blocks Based on: draft-lasserre-vkompella-ppvpn-vpls-02. txt Common VC ID between PEs creates a Virtual Switching Instance CE MPLS enabled core forms Tunnel LSPs PE PE CE MPLS Full Mesh of directed LDP sessions exchange VC Labels Attachment VCs are Port Mode or VLAN ID CE MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 76

MPLS Traffic Engineering Bandwidth Protection using MPLS Traffic Engineering with Fast Re. Route (FRR)

Traffic Engineering - Theory • MPLS-TE was designed to move traffic along a path other than the IGP shortest path Bring ATM/FR traffic engineering abilities to an IP network Avoid full IGP mesh and n(n – 1)/2 flooding Bandwidth-aware connection setup • Fast Re. Route (FRR) is emerging as another application of MPLS-TE Bandwidth Protection: Allows for tighter control on bandwidth – packet loss, delay & jitter Minimal packet loss (msec) when a link goes down Can be used in conjunction with MPLS-TE for primary paths, can also be used in standalone • Provide Virtual Leased Lines – DS-TE + Qo. S Intelligent network infrastructure for better bandwidth guarantees (DS-TE, Online Bandwidth Protection, Voice VPNs etc) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 78

The Problem with Shortest-Path • Some links are DS 3, some are OC-3 Node B C D E F G Next-Hop B C C B B B Cost 10 10 20 20 30 30 • Router A has 40 Mb of traffic for Route F, 40 Mb of traffic for Router G Router B Router A OC-3 b. D rop Router E s! DS 3 ffic a r T DS 3 OC-3 Router C MPLS Intro and Services Update Router F 35 M OC-3 b 80 M • Massive (44%) packet loss at Router B->Router E! • Changing to A->C->D->E won’t help DS 3 Router G OC-3 Router D © 2004, Cisco Systems, Inc. All rights reserved. 79

Path Calculation Node B C D E F G Next-Hop B C C B Tunnel 0 Tunnel 1 • PCALC takes bandwidth, other constraints into account Cost 10 10 20 20 30 30 • Link state protocol advertises “unreserved capacity” • Constraints (required bandwidth and policy) are specified for a TE “trunk” • End result: Bandwidth used more efficiently! Router B Router A OC-3 Router E DS 3 b 40 Mb OC-3 Router C MPLS Intro and Services Update Router F DS 3 Router G DS 3 OC-3 Router D © 2004, Cisco Systems, Inc. All rights reserved. 80

Forwarding Traffic Down a Tunnel • There are three ways traffic can be forwarded down a TE tunnel Auto-route Static routes Policy routing • With the first two, MPLS-TE gets you unequal cost load balancing MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 81

Fast Re. Route • FRR: A mechanism to minimize packet loss during a failure • Pre-provision protection tunnels that carry traffic when a protected resource (link/node) goes down • Use MPLS-TE to signal the FRR protection tunnels, taking advantage of the fact that MPLSTE traffic doesn’t have to follow the IGP shortest path • Used as a mechanism (along with DS-TE) for tight SLA offerings for “Guaranteed Bandwidth Services” MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 82

Link Protection* Router A Router B Router E Router D Router Y Router X Router C • Primary Tunnel: A -> B -> D -> E • Back. Up Tunnel: B -> C -> D (Pre-provisioned) • Recovery = ~50 ms *Introduced in 12. 0(11)ST MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 83

Node Protection Router A Router B Router D Router E Router F Router Y Router X Router C • Primary Tunnel: A -> B -> D -> E -> F • Back. Up Tunnel: B -> C -> E (Pre-provisioned) • Recovery = ~100 ms Introduced in 12. 0(22)S MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 84

Standardization - IETF • MPLS Working Group Fast Reroute Extensions: draft-ietf-mpls-rsvp-lsp-fastreroute-01. txt Fast Reroute MIB: draft-ietf-mpls-fastreroute-mib-01. txt • IETF Drafts Bandwidth Protection draft-vasseur-mpls-backup-computation-01. txt Path Computation (eg. Inter-AS) draft-vasseur-mpls-computation-rsvp-02. txt MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 85

MPLS Qo. S Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc.

Diff. Serv over MPLS • MPLS doesn’t define a new Qo. S architecture • Most of the work on MPLS Qo. S has focused on supporting current IP Qo. S architectures • Same traffic conditioning and Per-Hop behaviors as defined by Diff. Serv MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 87

Label Header for Packet Media 0 1 2 3 4 5 6 7 8 9 0 1 EXP S Label EXP S TTL 20 bits Experimental Field, 3 bits Bottom of Stack, 1 Bit Time to Live, 8 Bits • Can be used over other layer-2 technologies • Contains all information needed at forwarding time • One 32 -bit word per label • EXP field size limitation by standards MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 88

Diff-Serv Support Over MPLS LDP/RSVP E-LSP AF 1 EF • Diff-Serv is supported today over MPLS RFC 3270 Neither more nor less than “plain old” Diff-Serv • Example above illustrates support of EF and AF 1 on single E-LSP EF (Expedited Forwarding) and AF 1 (Assured Forwarding) packets travel on single LSP (single label) but are enqueued in different queues (different EXP values) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 89

Diff. Serv MPLS Qo. S Implementation CE CE FR Link MPLS Core Enterprise LAN CE Out FR TS LLQ WRED FRF. 12 c. RTP FR Link PE PE In Police Mark MPLS Intro and Services Update PE - P LLQ WRED P-P LLQ WRED P P P - PE LLQ WRED PE PE Out LLQ WRED © 2004, Cisco Systems, Inc. All rights reserved. Notes: -Traffic Classified by EXP - Core is MPLS Frame-mode - LLQ on MPLS packets - WRED based on EXP - No need for inbound policy in Core -LLQ for Min B/W guarantee -Unmanaged CE example shown 90

Relationship between MPLS TE and MPLS Diff-Serv • Diff-Serv specified independently of Routing/Path Computation • MPLS Diff-Serv (RFC 3270) specified independently of Routing/Path Computation • MPLS TE designed as tool to improve backbone efficiency independently of Qo. S: MPLS TE compute routes for aggregates across all Classes MPLS TE performs admission control over “global” bandwidth pool for all Classes (i. e. , unaware of bandwidth allocated to each queue) • MPLS TE and MPLS Diff-Serv: can run simultaneously can provide their own benefit (ie TE distributes aggregate load, Diff-Serv provides differentiation) are unaware of each other (TE cannot provide its benefit on a per class basis such as CAC and constraint based routing) MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 91

MPLS TE with Best Effort Network Find Route and Set-Up Tunnel for 20 Mb/s (Aggregate) From POP 1 to POP 4 Find Route and Set-Up Tunnel for 10 Mb/s (Aggregate) From POP 2 to POP 4 POP 1 POP 4 CORE MPLS Intro and Services Update POP 2 POP POP © 2004, Cisco Systems, Inc. All rights reserved. 92

MPLS TE with Diff. Serv Network Find Route and Set-Up Tunnel for 20 Mb/s (Aggregate) From POP 1 to POP 4 Find Route and Set-Up Tunnel for 10 Mb/s (Aggregate) From POP 2 to POP 4 POP 1 POP 4 CORE MPLS Intro and Services Update POP 2 POP POP © 2004, Cisco Systems, Inc. All rights reserved. 93

Diff. Serv aware Traffic Engineering (DS-TE) • DS-TE is more than MPLS TE + MPLS Diff. Serv • DS-TE makes MPLS TE aware of Diff. Serv: DS-TE establishes separate tunnels for different classes DS-TE takes into account the “bandwidth” available to each class (e. g. to queue) DS-TE takes into account separate engineering constraints for each class e. g. I want to limit Voice traffic to 70% of link max, but I don’t mind having up to 100% of BE traffic. e. g I want overbook ratio of 1 for voice but 3 for BE • DS-TE ensures specific Qo. S level of each Diff. Serv class is achieved MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 94

DS-TE Configuration Example Tunnel Midpoint Data Plane Bandwidth Allocation Control Plane Bandwidth Allocation MPLS Intro and Services Update ! class-map match-all PREMIUM match mpls experimental 5 ! class-map match-all BUSINESS match mpls experimental 3 4 ! policy-map OUT-POLICY class GOLD priority 16384 class SILVER bandwidth 65536 Bandwidth random-detect Allocation class-default random-detect ! interface POS 1/0 ip address 10. 150. 1. 1 255. 0 ip rsvp bandwidth 155000 sub-pool 16384 service-policy output OUT-POLICY mpls traffic-eng tunnels mpls ip ! © 2004, Cisco Systems, Inc. All rights reserved. 95

MPLS DS-TE with Diff. Serv Network Find Route and Set-Up Tunnel for 5 Mb/s of EF From POP 1 to POP 4 Find Route and Set-Up Tunnel for 3 Mb/s of EF From POP 2 to POP 4 POP 1 POP 4 CORE POP 2 POP Find Route and Set-Up Tunnel for 15 Mb/s of BE From POP 1 to POP 4 POP Find Route and Set-Up Tunnel for 7 Mb/s of BE From POP 2 to POP 4 MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 96

MPLS Qo. S Applications for Multi-Service Intro to MPLS – AT Seminar © 2004,

MPLS Qo. S Applications for Multi-Service • MPLS Qo. S General MPLS Diffserv MPLS TE MPLS FRR (applies to strict Qo. S) Diffserv-TE (DS-TE) Combination = Guaranteed Bandwidth Services Applications Voice Trunking over TE Virtual Leased Line Services MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 98

Solution 1: Toll Bypass with Voice Network PSTN – Traditional TDM Network FRR Protection of Tunnel Traditional Phone PBX with Packet Interface Toll Bypass PE Solution Requirements MPLS Intro and Services Update PBX with Packet Interface Qo. S on PE Router + Mapping Traffic to Tunnels TE Tunnel + Qo. S on Core Routers Traditional Phone PE + TE or DS-TE © 2004, Cisco Systems, Inc. All rights reserved. 99

Solution 2: Toll Bypass with Voice/Data Converged Network PBX with Circuit Emulation Interface PSTN – Traditional TDM Network CE Toll Bypass Enterprise LAN PE Solution Requirements CE FRR Protection of Tunnel MPLS Intro and Services Update Qo. S on CE Router + Qo. S on PE Router Enterprise LAN TE Tunnel + Mapping Traffic to Tunnels PE + Qo. S on Core Routers © 2004, Cisco Systems, Inc. All rights reserved. + TE or DS-TE 100

Solution 3: Virtual Leased Lines – ATM Networks Using ATo. M • Two different requirements for the transport of ATM across an MPLS backbone Future Qo. S Mapping: L 2 IP EXP FRR Protection of Tunnel Any Transport over MPLS (ATo. M) Tunnel Transport of AAL 5 encapsulated frames (RFC 1483); Transport of ATM cells (cell relay) MPLS Backbone PE Virtual Leased Line (DS-TE + Qo. S) DS-TE Tunnel PE ATM ATM Virtual Circuits CPE Router TE Tunnel Selection for ATo. M Attachment VCs MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 101

DS- TE - Standardization - IETF • Standardization effort initiated by Cisco mid 2000 • Now major work item of TEWG with broad support from SPs & vendors • DS-TE Requirements: on its way to RFC (IETF Last Call) draft-ietf-tewg-diff-te-reqts-06. txt • DS-TE Protocol Extensions: Working Group document Draft-ietf-tewg-diff-te-proto-02. txt Consensus on protocol extensions Selection of Bandwidth Constraints model still under discussion • Uses the Russian Dolls Bandwidth Constraint Model MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 102

IPv 6 over MPLS (6 PE/6 VPE) Intro to MPLS – AT Seminar ©

MPLS as a Foundation for Services 6 VPE 6 PE IPv 6 over MPLS VPNs Traffic Engineering Qo. S/ Tight SLA’s GMPLS Any Transport Over MPLS Network Infrastructure MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 104

IPv 6 Edge Router (6 PE) over MPLS 2001: 0620: : MP-i. BGP sessions v 6 v 4 IPv 4 2001: 0621: : 6 PE v 6 P 6 PE P v 6 2001: 0421: : 6 PE IPv 6 OC 48/192 P IPv 6 192. 76. 170. 0 v 4 2001: 0420: : IPv 6 134. 95. 0. 0 v 6 P 6 PE IPv 4 144. 254. 0. 0 IPv 4 • Many Carriers, large ISP and Mobile SP have invested on MPLS infrastructure • Core devices may be ATM switches, GSR or other vendor’s routers • Leverages MPLS features, eg. MPLS/VPN, TE, Co. S, . . . • Multiple implementation’s options to integrate IPv 6 • IPv 6 on CE, IPv 6 over ATo. M, IPv 6 Edge router (6 PE), native IPv 6 MPLS • 6 PE allows the SP to offer IPv 6 at lower cost and risk MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 105

IPv 6 VPN Provider Edge Router: 6 VPE 2001: 0620: : 145. 95. 0. 0 V 6 and V 4 6 VPE P P Dual Stack IPv 4 -IPv 6 routers 2001: 0621: : CE 192. 76. 10. 0 V 6 and v 4 2001: 0420: : V 6 and v 4 145. 96. 0. 0 MP-i. BGP sessions 6 VPE IPv 4 MPLS 2001: 0421: : 6 VPE V 6 and v 4 192. 254. 10. 0 Dual Stack IPv 4 -IPv 6 routers 6 VPE CE v 4 CE • For VPN customers (RFC 2547 bis), IPv 6 VPN service is exactly the same as IPv 4 VPN service • IPv 6 packets transported from 6 VPE to 6 VPE inside IPv 4 LSP’s (IPv 4 Core) • For ISP offering MPLS/VPN for IPv 4 that wish to add IPv 6 services as well - No modification on the MPLS core - Support both IPv 4 and IPv 6 VPN’s concurrently on the same interfaces - Configuration and operations of IPv 6 VPN’s exactly like IPv 4 VPN’s MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 106

Generalized MPLS (GMPLS) • Reduces the multiple layers into a single, integrated, control layer • Extends MPLS control plane to address optical layer constraints and attributes • Leverages IP layer management simplicity and distributed intelligence • Provides sophisticated traffic engineering capabilities for resource management and control MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 107

UCP GMPLS Phase 4 Integrated IP+Optical Intelligence • GMPLS-Based Standard NNI • Single MPLS and GMPLS IP+Optical Control Plane • Concurrent Peer and UNI Overlay Operation • Topology Visibility for Coordinated Routing and Restoration • Advanced Smart BW Services Router NNI Client UNI Metro Multi-Service OTN IP+Optical NNI Router Management Plane NNI Metro Multi-Service OTN GMPLS Enabled Control Plane MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 108

Summary • MPLS is much more than label switching • MPLS allows an IP infrastructure to be “Service Enabled” • Allows the SP/Enterprise to offer multiple Services across a single infrastructure • ATo. M allows layer-2 transport across an MPLS infrastructure • Combining TE, TE-FRR, and DS-TE, allows very tight SLA’s offerings with high-availability for low-latency applications (e. g. Voice and Virtual Leased Line) • MPLS Services will continue to evolve and allow the integration of more Services across a single infrastructure MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 109

MPLS Further Reading Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc.

Further Reading - Books • Books MPLS: Technology and Applications by Bruce S. Davie, Yakov Rekhter ISBN: 1558606564 Traffic Engineering with MPLS by Eric Osborne, Ajay Simha ISBN: 1587050315 MPLS and VPN Architectures, Volume I by Ivan Pepelnjak, Jim Guichard ISBN: 1587050811 MPLS and VPN Architectures, Volume II by Ivan Pepelnjak, Jim Guichard, Jeff Apcar ISBN: 1587051125 Advanced MPLS Design and Implementation by Vivek Alwayn ISBN: 158705020 X MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 111

MPLS Links Link to MPLS Home Page (CCO): http: //www. cisco. com/warp/public/732/Tech/mpls/ MPLS Technical Documents (CCO): http: //www. cisco. com/warp/public/732/Tech/mpls_techdoc. shtml Link to Tunnel Builder Home Page: http: //www. cisco. com/warp/public/732/Tech/mpls/tb/ Link to MPLS Working Group Page (IETF): http: //www. ietf. org/html. charters/mpls-charter. html MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 112

Select MPLS RFCs Requirements for Traffic Engineering over MPLS (RFC 2702) Multiprotocol Label Switching Architecture (RFC 3031) MPLS Label Stack Encoding (RFC 3032) MPLS using LDP and ATM VC Switching (RFC 3035) LDP Specification (RFC 3036) Carrying Label Information in BGP-4 (RFC 3107) RSVP-TE: Extensions to RSVP for LSP Tunnels (RFC 3209) MPLS Support of Differentiated Services (RFC 3270) MPLS/BGP VPNs (RFC 2547 – Informational, de facto standard) All but the first have one or more Cisco co-authors MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 113

MPLS Links Link to MPLS Home Page (CCO): http: //www. cisco. com/warp/public/732/Tech/mpls/ MPLS Technical Documents (CCO): http: //www. cisco. com/warp/public/732/Tech/mpls_techdoc. shtml Link to Tunnel Builder Home Page: http: //www. cisco. com/warp/public/732/Tech/mpls/tb/ Link to MPLS Working Group Page (IETF): http: //www. ietf. org/html. charters/mpls-charter. html MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 114

Presentation_ID MPLS Intro and Services Update © 2001, Cisco Systems, Inc. All rights reserved.

Backup Slides Intro to MPLS – AT Seminar © 2004, Cisco Systems, Inc. All

Terminology, 1/2 • RR—Route Reflector A router (usually not involved in packet forwarding) that distributes BGP routes within a provider’s network • PE—Provider Edge router The interface between the customer and the MPLS-VPN network; only PEs (and maybe RRs) know anything about MPLS-VPN routes • P—Provider router A router in the core of the MPLS-VPN network, speaks LDP/RSVP but not VPNv 4 • CE—Customer Edge router The customer router which connects to the PE; does not know anything about labels, only IP (most of the time) • LDP—Label Distribution Protocol Distributes labels with a provider’s network that mirror the IGP, one way to get from one PE to another • LSP—Label Switched Path The chain of labels that are swapped at each hop to get from one PE to another MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 117

Terminology, 2/2 • VPN—Virtual Private Network A network deployed on top of another network, where the two networks are separate and never communicate • VRF—Virtual Routing and Forwarding instance Mechanism in IOS used to build per-interface RIB and FIB • VPNv 4 Address family used in BGP to carry MPLS-VPN routes • RD Route Distinguisher, used to uniquely identify the same network/mask from different VRFs (i. e. , 10. 0/8 from VPN A and 10. 0/8 from VPN B) • RT Route Target, used to control import and export policies, to build arbitrary VPN topologies for customers MPLS Intro and Services Update © 2004, Cisco Systems, Inc. All rights reserved. 118