Fiber@Home Ltd.

Md. Arafat Nazmul

IP Transmission Network Planning
 MPLS

Multiprotocol Label Switching

 Multiprotocol Label Switching

Multi
MPLS has the ability to carry Any PayLoad
Protocol
IPv4, IPv6, Frame Relay, ATM, Ethernet
Label
MPLS uses label to forward packets
Switching
Packets are switched from ingress to egress instead of routing lookups
for IPv4 and IPv6
Why MPLS ???
Limitation of Traditional IP Routing

• Routing protocols are used to

distribute Layer 3 routing
information
• Forwarding is based on the
destination address only
• Routing lookups are performed on
every hop.
 Limitation of Traditional IP Routing

• Every router may need full Internet

routing information
– Global Internet routing table size
500,000+ routes
• Destination-based routing lookup is
needed on every hop.
 Limitation of Traditional IP Routing

IP over ATM
• Layer 2 devices have no
knowledge of Layer 3 routing
information—virtual circuits must
be manually established.
• Layer 2 topology may be different
from Layer 3 topology, resulting in
suboptimal paths and link use.
• Even if the two topologies overlap,
the hub-and-spoke topology is
usually used because of easier
management.
 Limitation of Traditional IP Routing
Traffic Engineering
• Most traffic goes between large
sites A and B, and uses only the
primary link.
• Destination-based routing does
not provide any mechanism for
load balancing across unequal
paths.
• Policy-based routing can be
used to forward packets based
on other parameters, but this is
not a scalable solution.
 How MPLS Enhanced Traditional IP Routing Limitation?

• MPLS is a new forwarding mechanism in

which packets are forwarded based on labels.
• Labels usually correspond to IP destination
networks (equal to traditional IP forwarding).
• Labels can also correspond to other
parameters, such as QoS or source address.
• MPLS was designed to support forwarding of
other protocols as well.
 Basic MPLS Concepts

• Only the edge routers will perform a

routing lookup
• Core routers switch packets based on
simple label lookups and swap labels
MPLS Basics

>> Each router assigns a locally significant label for each IP route, and
advertises these labels to neighbors. (Labels are assigned only to IGP
learn routes).

>> Label Distribution Protocol (LDP) is used to exchange labels.(Labels

till 0-15 are reserved and rest of 16-2^20 are used) .

>> Uses the IP routing information to determine the direction and next
hop to forward a labeled packet

>> Does this before first packet ever arrives.

Evolution of MPLS
Technology Evolution and Main Growth Areas Today

§ Evolved from tag switching in 1996 to full

IETF standard, covering over 130 RFCs Optimize MPLS
for Cloud
§ Key application initially were Layer-3
Optimize MPLS for
VPNs, followed by Traffic Engineering (TE), packet transport

and Layer-2 VPNs

Optimize MPLS for video

Complete base MPLS portfolio

Bring MPLS to Market

First Large Scale

First L2VPN
L3VPNs L2VPN
Deployments
Deployed Deployments

Cisco Large Scale First LSM First MPLS

First MPLS TE Large Scale
ships L3VPN Deploym TP
Deployments MPLS TE
MPLS Deployment ents Deployments
Deployments
s

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012
2013 2014
Market Segments
Business Drivers Business Goals MPLS Capabilities

• Networking service • Leverage single network for

reliability scalable delivery of multiple
• Cost effective service services Layer-3 VPN
Service bandwidth • Optimize network capacity to Layer-2 VPN
• Flexible enablement of meet current and future MPLS TE
Provider growth of service bandwidth
existing and new MPLS OAM, QoS
services • Deliver premium services
with guaranteed SLAs
• Mergers and • Network Segmentation
acquisitions • Network integration
• Network consolidation
Enterprise Layer-3 VPN
• Shared services
• Compliance
• Multi-tenant hosting • Leverage single datacenter
• Data Center infrastructure for multiple
Interconnect users and services Layer-2 VPN
Data Center • Deliver geographic Layer-3 VPN
independent services from
any datacenter
 Terminology

LSR: label switch router

LSP: label switched path

• The chain of labels that are swapped at each hop to get from one LSR to another

VRF: VPN routing and forwarding

• Mechanism in Cisco IOS® used to build per-customer RIB and FIB

MP-BGP: multiprotocol BGP

PE: provider edge router interfaces with CE routers

P: provider (core) router, without knowledge of VPN

VPNv4: address family used in BGP to carry MPLS-VPN routes

RD: route distinguisher

• Distinguish same network/mask prefix in different VRFs

RT: route target

• Extended community attribute used to control import and export policies

of VPN routes

LFIB: label forwarding information base

FIB: forwarding information base

MPLS Domain Routers

Label Switch Router(LSR)

LER or
Provider Router (P)
LSR
LSR

LSR
Label Edge Router(LER)
LSR or
LER LER
Provider Edge Router (PE)

LSR LSR MPLS

Networ
k
LER
The Ingress Label Edge Router :: Adding a label

IP
Ingress LER
MPLS
Domain Domain

Table of Forwarding
Equivalence Class
IP Header Info Label
xxx.xxx.xxx.xxx 17
yyy.yyy.yyy.yyy 18
zzz.zzz.zzz.zzz 19
The Ingress Label Edge Router :: Adding a label

IP Label is Ingress LER

“pushed” MPLS
Domain Domain

2
17

Table of Forwarding
Equivalence Class
IP Header Info Label
xxx.xxx.xxx.xxx 17
yyy.yyy.yyy.yyy 18
zzz.zzz.zzz.zzz 19
The Label Switch Router :: Swapping a label

MPLS
LSR
MPLS
Domain Domain

Label Info Base

OLD Label New Label
17 27
18 28
19 29
The Label Switch Router :: Swapping a label

MPLS Label is LSR

“swapped” MPLS
Domain Domain

2
17

Label Info Base

OLD Label New Label
Check LIB 17 27
18 28
19 29
The Label Switch Router :: Swapping a label

MPLS
LSR
MPLS
Domain Domain
3

27

Label Info Base

OLD Label New Label
17 27
18 28
19 29
The Edges Label Edge Router :: Removing a label

MPLS
Egress LER
IP
Domain Domain
3

27
 Label Switched Path

LER
LSR Label Switched Path (LSP)
LSR established by LDP (Label
Distribution Protocol or RSVP-
LSR TE (Resource Reservation
LSR Protocol – Traffic Engineering)
LER LER
LSPs are Uni-Directional.
LSR LSR MPLS The return path is a
separated path.
Networ
k
LER
Label Operations (PUSH, SWAP, POP)

LSR

MPLS
Networ
Dat I k
a P
LER
Egress
CPE CPE
LER
Ingress

Incoming label is replaced

with outgoing label
(SWAP)
LSR
LSR
MPLS Building Blocks : Control Plane & Forwarding Plane
Forward Equivalent Class (FEC)

A packet can be mapped to a particular FEC based on the following criteria:

• destination IP address,

• source IP address,

• TCP/UDP port,

• class of service (CoS) or type of service (ToS),

• application used,

• …

• any combination of the previous criteria.

Ingress Label FEC Egress Label

6 138.120.6.0/24 9
The Shim Header
The Shim Header

PayLoad Data IP (Layer-3) Layer-2

The Shim Header holds the

MPLS label value

Time-to-Live
Label Value Exp. S
(TTL)

20-bits: Label value used by LSR to lookup 3-bits: Reserved 1-bits: 8-bits:TTL
either next-hop, operation to perform, or for experimental Bottom decremented
Outgoing data-link encapsulation use of label by each LSR
stack Flag
 MPLS Reference Architecture

• Different Type of Nodes in a MPLS Network

P (Provider) router MPLS Domain

• Label switching router (LSR)

P P
• Switches MPLS-labeled packets CE PE PE CE

PE (Provider Edge) router

• Edge router (LER)

CE CE
• Imposes and removes MPLS labels
PE P P PE
CE (Customer Edge) router

Label switched traffic

• Connects customer network to MPLS network
How labels are assigned and How labels are advertised

P-1
CE-B1

CE-A2

PE-1 PE-2

CE-A1 CE-B2
IP/VPN Technology Overview

MPLS VPN functionality is enabled at the edge of an MPLS network. The provider
edge (PE) device performs the following

 Exchanges routing updates with the CE device

 Translates the CE routing information into VPNV4 routes

 Exchanges VPNv4 routes with other PE devices through the MP=BGP

(Multiprotocol Border Gateway Protocol
IP/VPN Technology Overview

 More than one routing and forwarding tables

 Control plane—VPN route propagation

 Data or forwarding plane—VPN packet forwarding

 IP/VPN Technology

• MPLS IP/VPN Topology / Connection Model

P P
CE CE
PE PE
MPLS Network
P P
CE
CE

MP-iBGP Session

PE Routers P Routers
Sit at the Edge Sit inside the network
Use MPLS with P routers Forward packets by looking
Uses IP with CE routers at labels
Distributes VPN information through P and PE routers share a
MP-BGP to other PE routers common IGP
 IP/VPN Technology Overview
• Separate Routing Tables at PE
CE2
VPN 2
PE
CE1 MPLS Network IGP (OSPF, ISIS)
VPN 1

Customer Specific Routing Table

Global Routing Table
• Routing (RIB) and forwarding table (CEF)
dedicated to VPN customer • Created when IP routing is enabled on
• VPN1 routing table PE.
• VPN2 routing table • Populated by OSPF, ISIS, etc. running
• Referred to as VRF table for <named inside the MPLS network
VPN>
IOS: “show ip route”
IOS: “show ip route vrf <name>” IOS-XR:“sh route ipv4 unicast”
IOS-XR:“sh route vrf <name> ipv4 NX-OS: “sh ip route”
NX-OS: “sh ip route vrf <name>”
 IP/VPN Technology Overview
• Virtual Routing and Forwarding Instance
CE2
VPN 2 VRF Green
PE
CE1 MPLS Network IGP (OSPF, ISIS)
VPN 1 Ser0/0
VRF Blue

What’s a Virtual Routing and Forwarding (VRF) ?

• Representation of VPN customer inside the MPLS network

• Each VPN is associated with at least one VRF

VRF configured on each PE and associated with PE-CE interface(s)

• Privatize an interface, i.e., coloring of the interface

IOS_PE(conf)#ip vrf blue
No changes needed at CE
IOS_PE(conf)#interface Ser0/0
IOS_PE(conf)#ip vrf forwarding blue
 IP/VPN Technology Overview
• Virtual Routing and Forwarding Instance
EIGRP, eBGP, OSPF, RIPv2, Static

CE2
VPN 2 VRF Green
PE
CE1 MPLS Network IGP (OSPF, ISIS)
VPN 1 Ser0/0
VRF Blue

PE installs the internal routes (IGP) in global routing table

PE installs the VPN customer routes in VRF routing table(s)

• VPN routes are learned from CE routers or remote PE routers

• VRF-aware routing protocol (static, RIP, BGP, EIGRP, OSPF) on each PE

VPN customers can use overlapping IP addresses

• BGP plays a key role. Let’s understand few BGP specific details..…
 IP/VPN Technology Overview
• Control Plane = Multi-Protocol BGP (MP-BGP)

8 Bytes 4 Bytes 8 Bytes 4 Bytes MP-BGP UPDATE Message

Showing VPNv4 Address,
1:1 10.1.1.0 RT, Label only
RD IPv4 Route-Target Label
VPNv4

MP-BGP Customizes the VPN Customer Routing Information as per the Locally Configured VRF Information at the PE using:

Route Distinguisher (RD)

Route Target (RT)

Label
 IP/VPN Technology Overview: Control Plane
• Route-Distinguisher (rd)
8 Bytes 4 Bytes 8 Bytes 3 Bytes MP-BGP UPDATE Message
Showing VPNv4 Address,
1:1 200.1.64.0
RT, Label only
RD IPv4 Route-Target Label
VPNv4

VPN customer IPv4 prefix is converted into a VPNv4 prefix by appending the RD (1:1, say) to the
IPv4 address (200.1.64.0, say) => 1:1:200.1.64.0

• Makes the customer’s IPv4 address unique inside the SP MPLS network.

Route Distinguisher (rd) is configured in the VRF at PE IOS_PE#

• RD is not a BGP attribute, just a field.
!
ip vrf green
rd 1:1
!
 IP/VPN Technology Overview: Control Plane
• Route-Target (rt)

8 Bytes 4 Bytes 8 Bytes 3 Bytes

1:1 10.1.1.0 1:2

RD IPv4 Route-Target Label
VPNv4

Route-target (rt) identifies which VRF(s) keep which VPN prefixes IOS_PE#
!
• rt is an 8-byte extended community attribute.
ip vrf green
Each VRF is configured with a set of route-targets at PE
route-target import 3:3
route-target export 3:3
• Export and Import route-targets must be the same for any-to-any IP/VPN route-target export 10:3
!
Export route-target values are attached to VPN routes in PE->PE MP-iBGP advertisements
 IP/VPN Technology Overview: Control Plane
• Label
8 Bytes 4 Bytes 8 Bytes 3 Bytes

1:1 10.1.1.0 2:2 50

RD IPv4 Route-Target Label
VPNv4

PE assigns a label for the VPNv4 prefix;

• Next-hop-self towards MP-iBGP neighbors by default i.e. PE sets the NEXT-HOP attribute to its own address (loopback)

• Label is not an attribute.

PE addresses used as BGP next-hop must be uniquely known in IGP

• Do not summarize the PE loopback addresses in the core

 IP/VPN Technology Overview: Control Plane
Putting it all together MP-iBGP Update:
RD:10.1.1.0
Site 1 3 Next-Hop=PE-1 Site 2
RT=1:2, Label=100
10.1.1.0/24 CE1
2 P P
CE2
10.1.1.0/24
Next-Hop=CE-1
P P
1 PE1 PE2

MPLS Backbone

PE1 receives an IPv4 update (eBGP/OSPF/ISIS/RIP/EIGRP)

PE1 translates it into VPNv4 address and constructs the MP-iBGP UPDATE message

• Associates the RT values (export RT =1:2, say) per VRF configuration

• Rewrites next-hop attribute to itself

• Assigns a label (100, say); Installs it in the MPLS forwarding table.

PE1 sends MP-iBGP update to other PE routers

 IP/VPN Technology Overview: Control Plane
Putting it all together MP-iBGP Update:
RD:10.1.1.0 10.1.1.0/24

Site 1 3 Next-Hop=PE-1 Next-Hop=PE-2 Site 2

RT=1:2, Label=100
10.1.1.0/24 CE1 5
2 P P 4
CE2
10.1.1.0/24
Next-Hop=CE-1
P P
1 PE1 PE2

MPLS Backbone

PE2 receives and checks whether the RT=1:2 is locally configured as ‘import RT’ within any VRF, if
yes, then

• PE2 translates VPNv4 prefix back to IPv4 prefix

• Updates the VRF CEF Table for 10.1.1.0/24 with label=100

PE2 advertises this IPv4 prefix to CE2 (using whatever routing protocol)
 IP/VPN Technology Overview
Forwarding Plane
Site 1 Site 2

10.1.1.0/24 CE1
P P
CE2

P P
PE1 PE2

MPLS Backbone

Customer Specific Forwarding Table Global Forwarding Table

• Stores VPN routes with associated • Stores next-hop i.e. PE routes with
labels associated labels
• VPN routes learned via BGP • Next-hop i.e. PE routes learned through IGP
• Labels learned via BGP • Label learned through LDP or RSVP
IOS:show ip cef vrf <name>
IOS:show ip cef
NX-OS: show forwarding vrf <name> NX-OS: show forwarding ipv4
IOS-XR: show cef vrf <name> ipv4 IOS-XR: show cef ipv4
 IP/VPN Technology Overview: Forwarding Plane
Packet Forwarding
Site 1 Site 2
CE1
10.1.1.0/24 CE2
P3 P4
PE1 PE2 10.1.1.1
10.1.1.1 IP Packet
100 10.1.1.1 P1 P2
IP Packet

50 100 10.1.1.1 25 100 10.1.1.1 MPLS Packet

PE2 imposes two labels (MPLS headers) for each IP packet going to site2

• Outer label is learned via LDP; Corresponds to PE1 address (e.g. IGP route)

• Inner label is learned via BGP; corresponds to the VPN address (BGP route)

P1 does the Penultimate Hop Popping (PHP)

PE1 retrieves IP packet (from received MPLS packet) and forwards it to CE1.
 IP/VPN Technology: Forwarding Plane
Reference
MPLS IP/VPN Packet Capture

This capture might be

helpful if you never
captured an MPLS
packet before.

Ethernet Header
Outer Label

Inner Label

IP Packet
 IP/VPN Services:
Hub and Spoke Service

• Many VPN deployments need to be hub and spoke

 Spoke to spoke communication via Hub site only
• Despite MPLS based IP/VPN’s implicit any-to-any, i.e.,
full-mesh connectivity, hub and spoke service
can easily be offered
 Done with import and export of route-target (RT) values
 Requires unique RD per VRF per PE
• PE routers can run any routing protocol with VPN customer’ hub and spoke sites
independently
Fiber @ Home Ltd. Thank You..