mpls an 9march2018-wide · multi-protocol label switching the m in mpls stands for multi-protocol,...
TRANSCRIPT
MPLS is not alone
Multi-Protocol Label Switching
MPLS-TP MP-BGP H-VPLS OSPF-TE LIB
LSP ISIS-TE EVPN GMPLS MPLS-TE
T-MPLS LFIB LABEL LDP TAG
RSVP-TE VPLS FEC LER SR
• Used in many (most?) provider networks • to provide all kinds of different services
Multi-Protocol Label Switching
• Designed in the ATM era • better performance was
needed • Different services
transported over MPLS core
• Fixed size “label” • pre-established • Faster lookup • Label added to packet header
• No expensive (and recursive) lookups needed • Routing was (too) slow
Multi-Protocol Label Switching
Basically:★ edge device of MPLS network applies “tag”★ switch forwards according to label swapping table★ edge device removes tag and forwards packet
• Designed in the ATM era • better performance was
needed • Different services
transported over MPLS core
• Fixed size “label” • pre-established • Faster lookup • Label added to packet header
• No expensive (and recursive) lookups needed • Routing was (too) slow
Label switching started in 1996
• Back then ATM was popular, only encapsulations
for flows over ATM were defined • ATM did not become the big hit and is mostly
replaced now by IP/Ethernet devices
A bit of history
• Next Cisco came with Tag Switching (1997) • This was brought to the IETF for open standardisation • IETF working group involved other vendors and MPLS was defined • Tag renamed to Label
Because:• Back then traffic was growing faster than router vendors and providers could keep up with• Existing routing equipment was very expensive• Performance was not enough (no in hardware forwarding of packets)• Fixed length label lookup was faster
RFC-3031: Multiprotocol Label Switching Architecture [June 2001]
A bit of history
...because its techniques are applicable to ANY network layer protocol
• Designed to provide a unified data-carrying service for both circuit-based clients and packet-switching clients which provide a datagram service model (converged networks). • To carry many different kinds of traffic, including IP packets, as well as native ATM, SONET,
Frame Relay, PPP, HDLC and Ethernet frames, but also Pseudo Wires (PW), VPLS, IP VPNs. • Label Switched Paths are similar to circuit-switched paths (virtual circuit) in ATM or FR networks,
except not dependent on a particular Layer-2 technology. •MPLS defines specific label formats for ATM and Frame Relay, and a generic label format
intended for use with most other media.
• ATM labels correspond to VPI/VCI numbers and may be as long as 24 bits - Frame Relay labels correspond to DLCI numbers and are either 10 or 23 bits long. • The generic label is 20 bits long.
Multi-Protocol Label Switching The M in MPLS stands for Multi-Protocol, which allows all kinds of different services and encapsulations to be transported over MPLS enabled backbones
4.4.4.4
Destination Based Routing
inet.0
R1 R2
R3
R4
inet.0
inet.0
inet.0
10.0.1.0/31
10.0.2.0/31 10.0.3.0/31
1.1.1.1 2.2.2.2
3.3.3.3
4.4.4.4
Destination Based Routing
inet.0
R1 R2
R3
R4
inet.0
inet.0
inet.0
10.0.1.0/31
10.0.2.0/31 10.0.3.0/31
Lookup destination address in forwarding table
Lookup destination address in forwarding table
Lookup destination address in forwarding table
Lookup destination address in forwarding table
1.1.1.1 2.2.2.2
3.3.3.3
mpls.0
mpls.0
mpls.0
mpls.0
Label switching
R1 R2
R3
R4
10.0.1.0/31
10.0.2.0/31 10.0.3.0/31
4.4.4.41.1.1.1 2.2.2.2
3.3.3.3
mpls.0
mpls.0
mpls.0
mpls.0
Label switching
R1 R2
R3
R4
10.0.1.0/31
10.0.2.0/31 10.0.3.0/31
Lookup label in label database
4.4.4.41.1.1.1 2.2.2.2
3.3.3.3
mpls.0
mpls.0
mpls.0
mpls.0
Label switching
R1 R2
R3
R4
10.0.1.0/31
10.0.2.0/31 10.0.3.0/31
Lookup label in label database
Lookup label in label database
Lookup label in label database
Lookup label in label database
4.4.4.41.1.1.1 2.2.2.2
3.3.3.3
Rx 100K IPv4 routes Tx 100K IPv4 routes
Rx 100K Labeled routes Tx 100K Labeled routes
Faster lookups
inet.0
mpls.0
100K IPv4 FIB entries
1 MPLS FIB entry
• It was invented for fast(er) “routing" (more like L2 switching) • IDEA: • All packets with same label follow the same path • Fixed length label lookup is faster than longest match lookups
MPLS is sometimes called: Layer 2.5 protocol
Applications
TCP UDP SCTP, MPTCP, DCCP, …
MPLS
Ethernet
Physical
ATM FR PPP…
IP
Multi-Protocol Label Switching
Layer 2
Layer 3
Each flow might be special but numerous flows share the same forwarding behaviour
Multi-Protocol Label Switching
Label EXP S TTLLabel = a number
EXP = experimental bits, for Class of Service (*) S = Bottom of Stack TTL = Time-to-Live (to detect loops)
This header is put between Layer-2 and Layer-3 header (a.k.a. shim header) in IP
(*) Renamed to Traffic Class field RFC-5462
Ethernet header
IP header Data
Ethernet header
IP header DataMPLS
header
original packet
20 bits 3 bits 1 bit 8 bits
L2 header L3 header
Routing vs Switching
• Switch switches within the subnet/within the network • Router routes between the networks
•Switching makes packet (frame) forwarding decisions based on Layer 2 data
•Routing makes packet forwarding decision based on Layer 3 data
Switches switch and Routers route …
recursive lookup - to determine the next hop + outbound interface
MAC address
IP address
SID
E TR
ACK
physical layer-2 address
logical, hierarchical layer-3 address
MPLS
OSPF / ISIS BGP
RIBRouting Information Base
FIBForwarding Information Base
Topology Database
“IP Routing table”
“Forwarding table”
• Not all entries in RIB have next hops that are directly
connected
• OSPF/ISIS route has an outgoing interface; it’s computed by
the SPF algorithm and transferred into the IP routing table
• BGP route has no outgoing interface and its next hop is not
directly connected; the router has to perform recursive
lookups to find the outgoing interface
• IP routes are copied to Forwarding Information Base (FIB) and
their next hops are resolved, outgoing interfaces are
computed and multiple entries are created when the next-hop
resolution results in multiple paths to the same destination
Simplified view
SID
E TR
ACK
Routing vs Switching
Routing vs Switching
Juniper specific
See: https://www.juniper.net/documentation/en_US/junos/topics/concept/mpls-routing-tables.html
SID
E TR
ACK
RIB
FIB
Useful for MPLS lab
Routing vs Switching
Regardless of how you decide to call the physical (or virtual) device that forwards the data across your network, it’s important to understand whether it forwards the data based on physical layer-2 addresses (we called that bridging) or based on logical, hierarchical layer-3 addresses (what we called routing 20 years ago).
•Switching makes packet (frame) forwarding decisions based on Layer 2 data •Routing makes packet forwarding decision based on Layer 3 data
Switches switch and Routers route….
Bridging
http://blog.ipspace.net/2010/07/bridging-and-routing-is-there.htmlhttp://blog.ipspace.net/2011/02/how-did-we-ever-get-into-this-switching.html
• Ivan Pepelnjak Blog: http://blog.ipspace.net/2009/12/lies-damned-lies-and-product-marketing.html
MPLS is somewhere in between… (Layer 2.5) unless used with ATM or Frame Relay, i.e. L2 protocols that also use something like a label
SID
E TR
AC
K
Routing vs Switching
MPLS-based networks scale better than those using ATM or Frame Relay because of two major improvements:
• Automatic setup of virtual circuits based on network topology (core IP routing information), both between the core switches and between the core (P-routers) and edge (PE-routers) devices. Unless configured otherwise, IP routing protocol performs topology autodiscovery and LDP establishes a full mesh of virtual circuits across the core.
• VC merge: Virtual circuits from multiple ingress points to the same egress point can merge within the network. VC merge significantly reduces the overall number of VCs (and the amount of state the core switches have to keep) in fully meshed networks.
• Important purpose of MPLS: reduces routes in routers and forwarding table entries •Multiple IP prefixes “into one tag”SI
DE
TRA
CK
LSP - Label Switched Path LER - Label Edge Router
LSR - Label Switching Router FEC - Forwarding Equivalence Class
LIB - Label Information Base
LER and LSP
R1 CE
R3 LSR
R8 LER
R7 LSR
R6 LER
R5 LSR
R4 LSR
R2 LER
R9 CETransit
R10 CETransit
LER = Label Edge Router (or PE = Provider Edge router)
See also: http://blog.ipspace.net/2011/10/mpls-is-not-tunneling.html
CE = Customer Edge router
LER and LSP
R1 CE
R3 LSR
R8 LER
R7 LSR
R6 LER
R5 LSR
R4 LSR
R2 LER
R9 CEIngress Transit
R10 CETransit
LER = Label Edge Router (or PE = Provider Edge router)
See also: http://blog.ipspace.net/2011/10/mpls-is-not-tunneling.html
CE = Customer Edge router
LER and LSP
R1 CE
R3 LSR
R8 LER
R7 LSR
R6 LER
R5 LSR
R4 LSR
R2 LER
R9 CEIngress Transit
R10 CETransit
LSP
LER = Label Edge Router (or PE = Provider Edge router)
See also: http://blog.ipspace.net/2011/10/mpls-is-not-tunneling.html
CE = Customer Edge router
LER and LSP
EgressR1 CE
R3 LSR
R8 LER
R7 LSR
R6 LER
R5 LSR
R4 LSR
R2 LER
R9 CEIngress Transit
R10 CETransit
LSP
LER = Label Edge Router (or PE = Provider Edge router)
LSP = Label Switched Path: unidirectional path between LERs “Virtual circuit” between pair of routers
See also: http://blog.ipspace.net/2011/10/mpls-is-not-tunneling.html
CE = Customer Edge router
Egress
LSR
R1CE
R3LSR
R8LER
LSR = Label Switching Router (or P = Provider router)
R7LSR
R6LER
R5LSR
R4LSR
R2LER
R9CE
LSP
Ingress Transit
Label push
Label swap
Label pop
R10CETransit
Label swap
• Label locally significant on router • Labels only valid between LSRs •Actions: push, swap, pop
Before any MPLS forwarding will occur you need to build an LSP!
Forwarding Equivalence Class FEC
• The ingress router receives packet and determines to which FEC it belongs • Forwarded with the same label (over the same LSP) • FEC only determined once - at ingress LSR
A FEC is a set of packets that a single router: • Forwards to the same next hop • Out the same interface • With the same treatment (such as queuing)
≈ normal routing
EgressR1CE
R3LSR
R8LER
R7LSR
R6LER
R5LSR
R4LSR
R2LER
R9CE
LSP
Ingress Transit
Label push
Label pop
R10CETransit
FEC lookup
FEC can be based on destination prefix, incoming interface, traffic class, source address, …
Forwarding Equivalence Class FEC
• The ingress router receives packet and determines to which FEC it belongs • Forwarded with the same label (over the same LSP) • FEC only determined once - at ingress LSR
A FEC is a set of packets that a single router: • Forwards to the same next hop • Out the same interface • With the same treatment (such as queuing)
≈ normal routing
EgressR1CE
R3LSR
R8LER
R7LSR
R6LER
R5LSR
R4LSR
R2LER
R9CE
LSP
Ingress Transit
Label push
Label pop
R10CETransit
FEC lookup
FEC can be based on destination prefix, incoming interface, traffic class, source address, …
Forwarding Equivalence Class FEC
• The ingress router receives packet and determines to which FEC it belongs • Forwarded with the same label (over the same LSP) • FEC only determined once - at ingress LSR
A FEC is a set of packets that a single router: • Forwards to the same next hop • Out the same interface • With the same treatment (such as queuing)
≈ normal routing
EgressR1CE
R3LSR
R8LER
R7LSR
R6LER
R5LSR
R4LSR
R2LER
R9CE
LSP
Ingress Transit
Label push
Label pop
R10CETransit
FEC lookup
FEC can be based on destination prefix, incoming interface, traffic class, source address, …
From: RFC3031 Multiprotocol Label Switching ArchitectureForwarding Equivalence Class FEC
Packet headers contain considerably more information than is needed simply to choose the next hop. Choosing the next hop can therefore be thought of as the composition of two functions. The first function partitions the entire set of possible packets into a set of "Forwarding Equivalence Classes (FECs)". The second maps each FEC to a next hop. Insofar as the forwarding decision is concerned, different packets which get mapped into the same FEC are indistinguishable. All packets which belong to a particular FEC and which travel from a particular node will follow the same path (or if certain kinds of multi-path routing are in use, they will all follow one of a set of paths associated with the FEC).
In conventional IP forwarding, a particular router will typically consider two packets to be in the same FEC if there is some address prefix X in that router's routing tables such that X is the "longest match" for each packet's destination address. As the packet traverses the network, each hop in turn reexamines the packet and assigns it to a FEC.
In MPLS, the assignment of a particular packet to a particular FEC is done just once, as the packet enters the network. The FEC to which the packet is assigned is encoded as a short fixed length value known as a "label". When a packet is forwarded to its next hop, the label is sent along with it; that is, the packets are "labeled" before they are forwarded.
At subsequent hops, there is no further analysis of the packet's network layer header. Rather, the label is used as an index into a table which specifies the next hop, and a new label. The old label is replaced with the new label, and the packet is forwarded to its next hop.
In the MPLS forwarding paradigm, once a packet is assigned to a FEC, no further header analysis is done by subsequent routers; all forwarding is driven by the labels. This has a number of advantages over conventional network layer forwarding.
Label Information Base
• Labels are stored in Label Information Base •Database with all label and forwarding information • LIB is populated by static entries or dynamic label distribution protocols
•Mapping between previous hop (incoming port, label) and FEC •Mapping between FEC and next hop (outgoing port, label)
LIB
Label Forwarding Information Base - LFIB: • Forwarding table mapping between labels
to outgoing interfaces • Only the labels for the best path of FEC
•Each router has its own LIB, and generates the LFIB • (Similar to RIB and FIB)
LIB
LFIB
Z PE1YPE2 Xingress egress
FEC = loopback address PE1LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
Z PE1YPE2 Xingress egress
FEC = loopback address PE1LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
Z PE1YPE2 Xingress egress(PE1,L1)
FEC = loopback address PE1LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
Z PE1YPE2 Xingress egress(PE1,L1)
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
Z PE1YPE2 Xingress egress(PE1,L1)(PE1,L2)
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 Xingress egress(PE1,L1)(PE1,L2)
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 Xingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 Xingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
PE1-push L4
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
ingress router PE2 adds label L4 to
packets
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 Xingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
swap (L4, L3) PE1-push L4
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
ingress router PE2 adds label L4 to
packets
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 Xingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
swap (L3, L2) swap (L4, L3) PE1-push L4
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
ingress router PE2 adds label L4 to
packets
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 X
swap (L2, L1)
ingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
swap (L3, L2) swap (L4, L3) PE1-push L4
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
ingress router PE2 adds label L4 to
packets
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 X
swap (L2, L1)
ingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
swap (L3, L2) swap (L4, L3) PE1-push L4
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
ingress router PE2 adds label L4 to
packets
pop (L1)
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 X
swap (L2, L1)
ingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
swap (L3, L2) swap (L4, L3) PE1-push L4
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transitLSP
Prefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
ingress router PE2 adds label L4 to
packets
pop (L1)
Y will do similar processing. The LSP setup proceeds from
egress to ingress
Z PE1YPE2 X
swap (L2, L1)
ingress egress(PE1,L1)(PE1,L2)(PE1,L3)(PE1,L4)
swap (L3, L2) swap (L4, L3) PE1-push L4
FEC = loopback address PE1
X evaluates whether PE1 is on the IGP shortest path for that FEC. If successful X
assigns L2 for FEC PE1, installs forwarding state swapping L2 and L1 and advertises a
binding for L2 and FEC PE1 to Y
LSR/transit LSR/transit LSR/transit
Label actions: Push to the stack, Swap top label, PoP from the stack; S-bit is set to 1 in MPLS header if label is last label on the stack;
LSPPrefixes distributed with OSPF/ISIS
PE1 assigns a Label (L1) to its own Loopback
address (FEC) and advertises that to its LDP peer X
ingress router PE2 adds label L4 to
packets
pop (L1)
• Label 3 is announced by router B to its neighbor E • 3 is a special value, Implicit NULL label [RFC-3032];
• This triggers Penultimate Hop Popping (PHP) • the LSR (E) before the LER (B) pops the label and forwards normal IP packet to LER (B); • simplifies processing at LER (saves one lookup); •default behaviour of most implementations, not mandatory;
3
2833
28 = label
Penultimate Hop Popping
C
F
GE
D
A BPHP
But who/what assigns the labels? Goal is to build a forwarding table with mapping between FEC/incoming label and outgoing label; ➡Routers pick the label values (local significance only)
The MPLS architecture uses downstream label allocation: router expects to receive the traffic with label it picked locally
Called downstream because label L bound to FEC F at router B was picked by router C who is one hop further down in the direction of the traffic flow from B
A
C
B
downstream ->
<- upstream
LSR that is required to interpret the label is responsible for assigning it
Label allocation and distribution
28FEC F =
• LSR A receives mapping for Label L for FEC <1.2.3.4> from neighbor LSR B • LSR A will use Label L for forwarding if and only if LSR B is on the IGP shortest path for
destination <1.2.3.4> from A’s point of view • LSPs shift with IGP path changes!!!
•Danger of black-holing/looping during reconvergence
Label allocation and distribution
• Label = unsigned integer in the range 0 - 1048575 • Some reserved numbers: 0 - 15 (e.g. label 3) • A received packet with unrecognised label (unassigned) is dropped
• Packets can carry more than 1 label = label stack • Last-in, first-out stack • The forwarding decision is based on label at top of stack (see S-bit!)
Question: Should a label be unique within MPLS domain?
MPLS so far
Multi-Protocol Label Switching
MPLS-TP MP-BGP H-VPLS OSPF-TE LIB
LSP ISIS-TE EVPN GMPLS MPLS-TE
T-MPLS LFIB LABEL LDP TAG
RSVP-TE VPLS FEC LER SR
Short break….. (15 min)
How are the labels distributed and the mappings made?
• You need routing and signalling (control plane functions)
• Manual configuration of label bindings and LSPs
• Or define a new protocol • Or extend existing protocol to carry labels
Ps. Answer: No, unique on router (if platform label space) or per interface (if interface label space)
Both were done: • New protocol: LDP (Label Distribution Protocol) • Two existing protocols: RSVP and BGP
protocols { mpls { static-label-switched-path <LSP-name> { ingress { next-hop <address of next-hop router>; to <LSP-endpoint>; push <label>; } } } }
Manual LSP config
protocols { mpls { static-label-switched-path <LSP-name> { transit <incoming-label> { next-hop <address of next-hop router>; to <LSP-endpoint>; swap <outgoing-label>; } } } }
On ingress router
On all transit routers
And on egress router: POP label
Juniper specific
human control plane
Label Distribution Protocol
• UDP discovery and TCP sessions between peers • LDP Peers inform each other of the label bindings
• An IGP protocol must br configured on all LSRs • New IGP routes (prefixes in routing table) lead to new label bindings
• Labels can be withdrawn when IGP routes are no longer valid • Hard-state - expected to work until explicitly torn down
LDP is specifically designed for label binding and distribution - does nothing else but that, no routing, in fact it relies on an IGP for all routing decisions
LDP
• Fundamental concept in MPLS: 2 LSRs must agree on meaning of labels used to forward traffic • Protocol used where one LSR informs another of the LABEL BINDINGS it has made
See https://tools.ietf.org/html/rfc5036
• LDP works between directly connected neighbors • Peers are automatically discovered (via multicast to well-known UDP port) • Builds a full mesh of LSPs between all routers • LDP establishes LSPs that follow the IGP best path
Initialization: exchange information regarding features and modes supported;
Next: information regarding binding Labels and FECs exchanged;
After discovery a TCP session is established and LDP session is set up;
Keep sessions up keep-alive messages are sent;
Label Distribution Protocol LDP
Easy config
Label messages: advertise new labels, withdraw labels
OSPF / IS-IS BGP
RIBRouting Information Base
FIBForwarding Information Base
LIBLabel Information Base
(mpls.0)
LFIBLabel Forwarding Information
Base
Topology Database
“Routing table” (inet.0)
“Forwarding table”
“Label Routing table”
FEC mapping table (inet.3)
LDP Database
LDP
Juniper specific
See also: http://blog.ipspace.net/2011/12/junos-day-one-mpls-behind-scenes.html
Resource ReserVation Protocol
• RSVP was developed before MPLS • Bandwidth reservation protocol for individual traffic flows in network as part of the int-serv model • Its mechanism is to reserve bandwidth along each hop of a network for an end-to-end session
➡Doesn't scale (create, maintain, tear-down state for each traffic flow!), so it is not/hardly used.
• RSVP extensions for MPLS to create and maintain LSPs and to create associated bandwidth reservations = RSVP-TE [RFC-3209] • Better scaling (single LSP can carry all traffic between ingress and egress router pair, not per flow)
(*) Integrated Services Architecture [RFC1633]: fine-grained Quality of Service across the Internet
(*)
RSVP
• RSVP-signaled LSP does not necessarily follow IGP shortest path • Extensions allow for explicit routing (specify entire path or specific transit nodes)
Creation of RSVP-signaled LSP:
Bandwidth reservation is optional
‣ PATH message: Label request object, Record Route Object, Sender-Tspec, Explicit Route Object (ERO)
RSVP-TE Signaling protocol, not routing protocol
• Ingress router initiates by sending an RSVP PATH message •destination is the egress router
• Egress router sends back an RSVP RESV message • follows the reverse path back to ingress • includes the allocated label
• Transit routers receiving the RESV message • allocate new local label • relay message upstream • install entry in LIB
‣ RESV message: label object, Record Route Object
• RSVP-signaled LSP does not necessarily follow IGP shortest path • Extensions allow for explicit routing (specify entire path or specific transit nodes)
Creation of RSVP-signaled LSP:
Bandwidth reservation is optional
‣ PATH message: Label request object, Record Route Object, Sender-Tspec, Explicit Route Object (ERO)
➡ ERO object contains list of addresses of nodes through which the LSP must pass (strict or loose)
RSVP-TE Signaling protocol, not routing protocol
• Ingress router initiates by sending an RSVP PATH message •destination is the egress router
• Egress router sends back an RSVP RESV message • follows the reverse path back to ingress • includes the allocated label
• Transit routers receiving the RESV message • allocate new local label • relay message upstream • install entry in LIB
‣ RESV message: label object, Record Route Object
10
• PATH and RESV messages travel hop-by-hop through network - establish state at each node • Periodic exchange of PATH and RESV messages after establishment to refresh the state (if missed LSP is torn down) • RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple available paths) • LSP still unidirectional!
RSVP-TE
10
5
5
5
5
5
55 = IGP metric
C
E
D
A B
F
G
10
• PATH and RESV messages travel hop-by-hop through network - establish state at each node • Periodic exchange of PATH and RESV messages after establishment to refresh the state (if missed LSP is torn down) • RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple available paths) • LSP still unidirectional!
RSVP-TE
10
5
5
5
5
5
55 = IGP metric
C
E
D
A B
F
G
PATH message
10
• PATH and RESV messages travel hop-by-hop through network - establish state at each node • Periodic exchange of PATH and RESV messages after establishment to refresh the state (if missed LSP is torn down) • RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple available paths) • LSP still unidirectional!
RSVP-TE
10
5
5
5
5
5
55 = IGP metric
C
E
D
A B
F
G
PATH message
10
• PATH and RESV messages travel hop-by-hop through network - establish state at each node • Periodic exchange of PATH and RESV messages after establishment to refresh the state (if missed LSP is torn down) • RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple available paths) • LSP still unidirectional!
RSVP-TE
10
5
5
5
5
5
55 = IGP metric
C
E
D
A B
F
G
PATH message RESV message
10
• PATH and RESV messages travel hop-by-hop through network - establish state at each node • Periodic exchange of PATH and RESV messages after establishment to refresh the state (if missed LSP is torn down) • RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple available paths) • LSP still unidirectional!
RSVP-TE
10
5
5
5
5
5
55 = IGP metric
C
E
D
A B
F
G
PATH message RESV message
10
• PATH and RESV messages travel hop-by-hop through network - establish state at each node • Periodic exchange of PATH and RESV messages after establishment to refresh the state (if missed LSP is torn down) • RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple available paths) • LSP still unidirectional!
RSVP-TE
10
5
5
5
5
5
55 = IGP metric
C
E
D
A B
F
G
PATH message RESV messageRESV state
10
• PATH and RESV messages travel hop-by-hop through network - establish state at each node • Periodic exchange of PATH and RESV messages after establishment to refresh the state (if missed LSP is torn down) • RSVP-signaled LSPs follow single path from ingress to egress (even in case of multiple available paths) • LSP still unidirectional!
RSVP-TE
10
5
5
5
5
5
55 = IGP metric
C
E
D
A B
F
G
PATH message RESV messageRESV state
With Record Route Object routers can check if the
path is loop-free
RSVP-TE
6.6.6.6 From: 1.1.1.1, State: Up, ActiveRoute: 0, LSPname: LSP-1 ActivePath: LSP-1-P (primary) LSPtype: Static Configured LoadBalance: Random Encoding type: Packet, Switching type: Packet, GPID: IPv4 *Primary LSP-1-P State: Up Priorities: 7 0 SmartOptimizeTimer: 180 Computed ERO (S [L] denotes strict [loose] hops): (CSPF metric: 5) 10.10.10.2 S 20.20.20.2 S 40.40.40.2 S 50.50.50.2 S 60.60.60.2 S Received RRO (ProtectionFlag 1=Available 2=InUse 4=B/W 8=Node 10=SoftPreempt 20=Node-ID): 10.10.10.2 20.20.20.2 40.40.40.2 50.50.50.2 60.60.60.230 Jun 16 19:01:39.596 Selected as active path 29 Jun 16 19:01:39.596 Record Route: 10.10.10.2 20.20.20.2 40.40.40.2 50.50.50.2 60.60.60.2 28 Jun 16 19:01:39.594 Up 27 Jun 16 19:01:39.478 Originate Call
Example output Juniper:
• It supports multiple address families, easy to define and carry new types of reachability information and associated attributes • Advertise prefix and label(s) associated with it
MP-BGP
• Can be used inter-domain (between AS-es BGP is used) • Often BGP is already used so no need for another protocol • This is used for Layer3 VPN between sites interconnected by MPLS (provider) core network • Each VPN has its own VRF (Virtual Routing and Forwarding instance); • MPLS forwarding uses stacked labels:
• outer label for LSP forwarding • inner label to differentiate between different VPNs
Multiprotocol Extensions to BGP
[RFC-3107] Carrying Label Information in BGP-4: The label mapping information for a particular route is piggybacked in the same BGP Update message that is used to distribute the route itself.
VRFVRF
MP-BGP
• This is used for Layer3 VPNs between sites interconnected by MPLS (provider) core network • Each VPN has its own VRF (Virtual Routing and Forwarding instance) • MPLS forwarding uses stacked labels: outer label for LSP forwarding + inner label to differentiate between different VPNs
Multiprotocol Extensions to BGP
PE-A
PE-B
PE-C
VPN-Customer D
VPN-Customer E
VPN-Customer F
VPN-Customer D
VPN-Customer E
VPN-Customer F
VPN-Customer D
VPN-Customer E
VPN-Customer F
VRF
MPLS core
See RFC-4364: BGP/MPLS IP Virtual Private Networks (VPNs)
BGP
BGP
ISIS/OSPF
MP-BGP Multiprotocol Extensions to BGPPE-A
PE-B
PE-C
VPN-Customer D
VPN-Customer E
VPN-Customer F
VPN-Customer D
VPN-Customer E
VPN-Customer F
VPN-Customer D
VPN-Customer E
Each VRF has different VPN label
MPLS core
Route distinguisher (RD) : 64 bit field prefixed to Customer IP prefix(es) to make it unique VPN-IPv4 address space •prepended to routes in VRF to identify to which VRF they belong
Route target (RT): extended BGP community value •defines which prefixes are imported and exported on each PE
Routes from “red” VPN not imported!
VPN-IPv4 routes are transported with BGP to other PE’s - with MPLS label (inner label)
• Can you use different Label distribution protocols at the same time? • E.g LDP and RSVP-TE? And also MP-BGP?
Yes! • Depends on the built topology • Depends on services that need to be provisioned • Makes it more complex • Needs to be provisioned/configured
Label Distribution Protocols
• LSPs have to be built before traffic starts flowing • RSVP-TE LSPs need to be configured • VRF and route distinguisher and route targets in L3 VPNs need to be configured
• Can you use different Label distribution protocols at the same time? • E.g LDP and RSVP-TE? And also MP-BGP?
Yes! • Depends on the built topology • Depends on services that need to be provisioned • Makes it more complex • Needs to be provisioned/configured
Label Distribution Protocols
• LSPs have to be built before traffic starts flowing • RSVP-TE LSPs need to be configured • VRF and route distinguisher and route targets in L3 VPNs need to be configured
Network orchestrators / controllers with GUIs to make it easier
Due to Moore’s Law lookup speed is no longer the biggest problem, but since 1997 a lot of ways to use MPLS have been found...
• Very heavily used: for implementing Traffic Engineering (TE) • L3VPN (over the same core) • L2VPN (over the same core) • Improving network resiliency with MPLS fast reroute
Multi-Protocol Label Switching
What is it? • Process of manipulating traffic on an (IP) network to “enhance the performance” • Is not network engineering, but linked • Reduce overall cost of operations by more efficient use of bandwidth resources
Traffic Engineering
With “traditional” IP and IP routing protocols difficult: ➡ tweaking link cost or weight to influence IGP behaviour ➡ availability of resources (e.g. bandwidth) not taken into account
• IGPs distribute network topology information through network • Can be used to calculate the routes of LSP automatically •When required to establish LSPs not following IGP routes, with guaranteed QoS characteristics
and backup LSPs that avoid single points of failure you need more:
Traffic Engineering extensions “-TE”
TE
ISIS-TE OSPF-TE
•MPLS-TE: set of extensions to MPLS • explicit or constraint based routing • use RSVP-TE to set up explicit paths • bandwidth reservation
• Cost optimisation (better utilisation of network resources) • Congestion management • Dynamic services & traffic profiles • Efficient routing (predictable, deterministic paths) and rerouting in case of failures • Availability/ resilience / fast restoration • QoS / separate realtime latency-critical services from other traffic
“MORE CONTROL”
Traffic Engineering TE
RFC-3272: Overview and Principles of Internet Traffic Engineering RFC-2702: Requirements for Traffic Engineering over MPLS
Virtual Private LAN Service
• A VPLS is (provider) service that emulates the full functionality of traditional LAN • A Layer 2 Virtual Private Network (VPN) • VPLS is "private" in that CE devices that belong to different VPLSs cannot interact • VPLS is "virtual" in that multiple VPLSs can be offered over a common packet switched network (over
IP/MPLS network)
VPLS
PE-A
PE-B
PE-CVPN-Customer E
VPN-Customer E
VPN-Customer E
MPLS core
P
PPP
Single LAN segment
Virtual Private LAN ServiceVPLS
• Ethernet service: frames sent to broadcast addresses and unknown dest MAC addresses are flooded to all ports
• all unknown unicast, broadcast and multicast frames are flooded over the corresponding Pseudo-Wires to all PE nodes participating in the VPLS
• Responsibility of service provider to create loop-free topology• Full-mesh of Pseudo-Wires connecting the edge sites
• Using LDP for Signaling [RFC-4762]• Using BGP for Auto-Discovery and Signaling [RFC-4761]
Ethernet VPN
• VPLS has number of limitations in redundancy, multicast, multihoming, provisioning simplicity • New RFC on defining the requirements for a new solution: Ethernet VPN (EVPN) [RFC-7209]
EVPN
• EVPN is Layer 2 overlay on IP/MPLS network • Virtual multipoint bridged connectivity between different Layer 2 domains
• Control plane is MP-BGP •New address family •Allows MAC addresses to be treated as routes in the BGP table •Entry can contain just a MAC address or an IP address + MAC address (ARP entry) •With or without VLAN tags
See: RFC-7432: BGP MPLS-based Ethernet VPN
• Alternative for LDP and RSVP-TE in MPLS networks • Segment routing is a new forwarding paradigm that provides source routing • The source can define the path a packet will take • SR uses MPLS to forward packets (in IPv4), but labels are distributed by IGP (OSPF, ISIS)
Source Routing: a node steers packets through an ordered list of instructions (segments) that are encoded in the packet header
SRSegment Routing
• Alternative for LDP and RSVP-TE in MPLS networks • Segment routing is a new forwarding paradigm that provides source routing • The source can define the path a packet will take • SR uses MPLS to forward packets (in IPv4), but labels are distributed by IGP (OSPF, ISIS)
Source Routing • the source chooses a path and encodes it in the packet header as an ordered list of segments• the rest of the network executes the encoded “instructions”• Segment: an identifier for any type of instruction• forwarding or service• Example segments: particular node in network, network link, prefix
Source Routing: a node steers packets through an ordered list of instructions (segments) that are encoded in the packet header
SRSegment Routing
• SR allows to enforce a flow through any topological path and service chain while maintaining per-flow state only at the ingress node to the SR domain;• Application for SR enable some kind of application controller that can steer traffic over different paths, depending on
different requirements and the current state of the network;• Doing this now requires MPLS-TE, as well as keeping state in many device, with SR, there is no need to keep state in
intermediary devices
Segment Routing – Forwarding Plane MPLS: ordered list of segments is represented as a stack of labels –Segment Routing re-uses MPLS data plane without any change–Segment is encoded as MPLS label–Applicable to IPv4 and IPv6 address familiesIPv6: an ordered list of segments is encoded in a routing extension header
The state is in the packet, not in the network
SRSegment Routing
See for more info: IETF SPRING WG and http://www.segment-routing.net/home
7
• Source routing along any explicit path Stack of “adjacency segment” labels
• Segment Routing provides entire path control
B C
N O
Z
D
P
A
9101
9105 9107
9103
9105
9101
9105
9107
9103
9105
9105
9107
9103
9105
9107
9103
9105
9103
9105 9105
segment routing with central optimization (PCE - path computation element)
Next Header Length Type Segments Left
Segment 0
Segment 1
Segment 2
First Segment Flags Reserved
Optional Type Length Value Objects (variable)
Segment n
• segment encoded as IPv6 address • ordered list of segments is encoded as ordered list of IPv6 addresses in the routing header • active segment is indicated by the Destination Address of the packet • next active segment is indicated by a pointer in the routing header
(1) Picture from: https://conference.apnic.net/data/36/apnic36-segment-routing-santanu_v2s_1377667562.pdf
(1)
SRSegment Routing
Just look at the number of RFCs after RFC-3013 and the drafts in the MPLS WG of the IETF: https://datatracker.ietf.org/wg/mpls/
• MPLS over 15 years old but…• Still heavily used• Still lot of activities on standardisation• Lot of new activities building upon or extending MPLS
MPLS et cetera …
MPLS-TP MP-BGP H-VPLS OSPF-TE LIB
LSP ISIS-TE EVPN GMPLS MPLS-TE
T-MPLS LFIB LABEL LDP TAG
RSVP-TE VPLS FEC LER SR