enterprise mpls - juniper networksforums.juniper.net/jnet/attachments/jnet/bajug/2/1/bajug 1...
TRANSCRIPT
ENTERPRISE MPLS Kireeti Kompella
2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AGENDA
The “New VLAN”
Protocol Suite
Signaling Labels
Hierarchy
Signaling
Advanced Topics § Layer 2 or Layer 3? § Resilience and End-to-end Service Restoration § Multicast § ECMP and Entropy Labels
The New VLAN
3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WHY ARE YOU HERE?
A) because it would have been your turn to cook dinner
B) because someone mentioned “drinks”
C) because you needed an alibi
D) because you were told that MPLS stood for “More Partying, Less Studying”
E) because networking is cool
4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MPLS – THE NEW VLAN
MPLS is a very flexible forwarding paradigm
MPLS can be used for: 1. Faster forwarding (IP forwarding was believed to be too slow!) 2. Traffic engineering 3. Fast recovery from network failures 4. Uniformly transporting a number of link layer technologies 5. Scaling a network: backbone, edge, access 6. Providing VPN services
Which of these do you think attracted attention when MPLS first came out? Which spurred the first big deployment?
§ Network “virtualization” – segmentation and isolation § Just what VLANs do, but in a manner that is a whole lot more
scalable, manageable and adaptable
5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WHAT IS MULTI-PROTOCOL LABEL SWITCHING?
Forwarding paradigm: what should happen to
packets arriving at this box?
Control plane: how does this box learn
how to deal with packets?
Lesson 1: signaling flow and packet flow are almost always in opposite directions Principle: “downstream label allocation”
The MPLS protocol suite encompasses both forwarding and
signaling (control plane). The control plane shares many elements with the IP control plane (hence the term
“IP/MPLS”)
6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WHAT IS A LABEL?
Label value TC
BoS
TTL
32 bits (4 octets)
20 bits 3 1 8 bits
TC = Traffic Class BoS = “bottom of stack” TTL = “time-to-live” (as in IP)
7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WHAT IS SWITCHING?
Most common operation on labels:
Label value TC
BoS
TTL ñ
New label value TC’
BoS
TTL-1
Label value gets switched; TC generally stays the same, but may change TTL gets decremented. BoS doesn’t change
8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WHAT IS MULTI-PROTOCOL?
MPLS
IPv4, IPv6, Ethernet, ATM, Frame Relay, PPP, TDM!
IPv4, IPv6, Ethernet, ATM, Frame Relay, PPP, TDM
MPLS runs over multiple protocols (Ethernet, PPP, …) MPLS carries multiple protocols (IPv4, IPv6, …)
I.e., “multi-protocol above and below”
9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIGNALING LABELS
…
To reach FEC F, use label L1
To reach FEC F, use label Ln
FEC: Forwarding Equivalence Class = set of packets that are to be treated identically from a forwarding point of view
All packets in FEC F will be tagged with the same label (Ln) at the ingress, and will follow the same path to the egress
Lesson 2: labels are locally significant, and typically
downstream-assigned (e.g., egress chooses L1)
ingress egress
push Ln L3 è L2 pop L1
Label Switched Path (LSP)
10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
CHARACTERIZATION OF A FEC
Typically, the loopback address of a router – all packets that will be delivered to their destination via a particular egress router (e.g., BGP next hop)
§ Some signaling protocols allow the creation of multiple LSPs to an egress
§ In this case, the FEC could be further narrowed by QoS class or other contents of a packet
§ This leads to a simple implementation of policy-based routing
Determination of a packet’s FEC is done only once, at the ingress
§ Intermediate LSRs keep packets in the LSP using the label, swapping it at each hop
§ The egress pops the label and forwards based on IP or other header information
11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
FORWARDING: VERY MUCH LIKE IP!
Prefix BGP NH IGP NH Interface Label 10.1.1/24 Router Y Router X ge-1/1/1.1 22 10.1.2/24 Router Q Router P ge-2/2/2.2 33 … … … … …
Ingress
X
Y
P
Q
BGP IGP
BGP IGP LDP
12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
GE interfaces
APPLICATION: SHOW SOME OF THE BENEFITS OF MPLS
10GE interface
Lower path has capacity, but is longer (by metric)
Say upper link is saturated
Say link fails
Alternate path can be used
Local repair “Slow” IP
Fast MPLS
13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
LABEL STACKS AND HIERARCHY One can put multiple labels on a packet. The labels are called a “label stack”.
Label stacks create hierarchy which in turn enables a number of benefits.
L3 L2 L1 L2’ L1’
L3
pack
et
L2
pack
et
L2’ L2
pack
et
L1’ L1
pack
et
14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIGNALING
Choices for signaling: § LDP (hop-by-hop, follows IGP shortest path)
§ Mechanisms exist for multicast, local repair § RSVP-TE (hop-by-hop, follows given path)
§ Mechanisms for multicast, local repair, traffic engineering § BGP (multi-hop)
§ Used for scaling, and for various VPN technologies
15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ADVANCED TOPICS: LAYER 2 OR LAYER 3?
Layer 2 § easy to understand, configure, manage (“plug-and-play”) § fragile: flooding, loops, broadcast storms, … § VLANs make it not-so-plug-and-play: ACLs, manual policies, ... MPLS can give you a Layer 2 “look-and-feel” with a solid, robust, IP
control plane based infrastructure
Layer 3 § More protocols (more help!) § Initial investment higher; payoff greater § Robust, scalable, flexible MPLS can add resilience, segmentation, traffic engineering
With MPLS, you can choose now, change your mind, migrate to a new approach, adapt, … -- it’s MULTI-PROTOCOL!
16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MPLS Infrastructure
RESILIENCE AND END-TO-END RESTORATION
Dual-homed server complex
End user
17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MULTICAST
L1
L2
L3
This router must make 3 copies of the
incoming packet, put the appropriate label on each, and send
each to the next router
multiple destinations
18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ECMP AND ENTROPY LABELS
L1
L2
L3
This router must choose among 3 next hops in a consistent manner, put the appropriate label on the packet,
and send it to the next router
single destination
How to map a flow consistently to the same link? Typically, by hashing on some header fields
How about making the ingress do this work, encode it as a label, and allow transit LSRs to simply use that label?
EL
pack
et
L Stacking is cheap, flexible and effective!
19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
BACK TO THE NEW VLAN Th
ree
diffe
rent
use
rs o
n th
ree
diffe
rent
inte
rface
s
BGP
Incoming interface
VPN Prefix BGP NH VPN Label
ge-1/1/1 Engg 10.1.1/24 Router X 22 ge-1/1/2 HR 10.1.2/24 Router Y 33 ge-1/1/3 Finance 10.1.1/24 Router Z 44
X
Y
Z
Routers in the middle are not aware of the end-to-end “VLAN”
20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
TYPES OF VPNs – Layer 2 and Layer 3
IP VPN – RFC 2547/4364 § Forward based on IPv4/v6 addresses, but segmented (private)
Virtual Private LAN Service (VPLS) – RFC 4761/4762 § Emulation of an Ethernet segment (really a VLAN!)
Ethernet VPNs – draft-ietf-l2vpn-evpn § Emulation of an Ethernet segment, but with a BGP control plane § Scales to very large number of segments, with each segment
containing a large number of endpoints § Work in progress, both standards and implementation
Very similar signaling, forwarding mechanisms, provisioning, management, trouble-shooting, etc. across all of these
All can take advantage of ECMP, entropy labels, multicast, …
21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
VPN POLICIES AND MANAGEMENT
Overlapping addresses (IP and/or MAC) have been designed in
VPN topologies can be very flexible § Default is any-to-any § Other typical use cases include hub-and-spoke and dual h-and-s
VPNs can cross Autonomous System boundaries § For example, an internal VPN can connect to a wide-area VPN
which in turn connects to a DC VPN in the cloud
VPN management is limited to the endpoints; routers in the middle are unaware of the VPNs, and unaffected by VPN scale
22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
CONCLUSION
MPLS is a very flexible, powerful and extensible forwarding paradigm that is accompanied by an equally flexible, powerful and extensible control plane
§ MPLS’s starting point (TE) and where it is today (a host of VPN applications) is testament to this
§ MPLS is also by design compatible with IP § The MPLS control plane means more to master, but that control
plane also significantly reduces provisioning and management
MPLS allows a decoupling of “transport” and “services” (VPNs) § This uses hierarchy in the control plane and label stacking § This means that changes can be limited to edge devices
§ This in turn means less disruption to core devices, more stability, …
MPLS continues to evolve, but much more slowly now