MPLS Virtual Private Networks (VPNs) - PowerPoint PPT Presentation

About This Presentation
Title:

MPLS Virtual Private Networks (VPNs)

Description:

Communicate securely between various corporate ... Route Distinguisher ... Address including the 64 bits Route Distinguisher and the 32 bits IP address. VRF ... – PowerPoint PPT presentation

Number of Views:200
Avg rating:3.0/5.0
Slides: 19
Provided by: Adm952
Learn more at: https://s2.smu.edu
Category:

less

Transcript and Presenter's Notes

Title: MPLS Virtual Private Networks (VPNs)


1
MPLS Virtual Private Networks (VPNs)
2
When VPN?
  • Internet as your own private network
  • Communicate securely between various corporate
    sites (Intranet)
  • Communicate securely between partner sites
    (Extranet)
  • Connect remote dial-up users securely to
    corporate networks

3
Advantages
  • Flexible and cost effective
  • Better business-to-business connectivity
  • business partners, service providers,
    contractors, and customers
  • Advances in security

4
Layer2 vs. Layer3 VPNs
Layer 2 VPNs
Layer 3 VPNs
  • Provider devices forward customer packets based
    on Layer 3 information (e.g., IP)
  • Provider devices forward customer packets based
    on Layer 2 information
  • Tunnels, circuits, LSPs, MAC address
  • SP involvement in routing
  • MPLS/BGP VPNs (RFC 2547), GRE, virtual router
    approaches
  • pseudo-wire concept

5
Layer2 Example
Step 2 R1 takes Ethernet frame and encapsulates
it in L2TP and routes it to tunnel destination
R2
R1
IP
L2TP
Ethernet
Ethernet
Ethernet
L2TPv3 Tunnel
Server B
Workstation A
6
Overlay Model
  • Each site has a router connected via P-T-P links
    to routers on other sites
  • Leased lines
  • Frame relay
  • ATM circuit
  • Connectivity
  • Fully connected
  • Hub-and-spoke

7
Limitations of Overlay
  • Customers need to manage the back-bones
  • Mapping between Layer2 Qos and IP QoS
  • Scaling problems
  • Cannot support large number of customers
  • (n-1) peering requirement

8
The Peer Model
  • Aims to support large-scale VPN service
  • Key technologies
  • Constrained distribution of routing info.
  • Multiple forwarding tables
  • VPN-IP addresses
  • MPLS switching

9
Terminology
  • CE router
  • Customer Edge router
  • PE router
  • Provider Edge router. Part of the P-Network and
    interfaces to CE routers
  • P router
  • Provider (core) router, without knowledge of VPN

10
Terminology (contd)
  • Route Distinguisher
  • Attributes of each route used to uniquely
    identify prefixes among VPNs (64 bits)
  • VPN-IPv4 addresses
  • Address including the 64 bits Route Distinguisher
    and the 32 bits IP address
  • VRF
  • VPN Routing and Forwarding Instance
  • Routing table and FIB table

11
Connection Model
  • The VPN backbone is composed by MPLS LSRs
  • PE routers (edge LSRs)
  • P routers (core LSRs)
  • PE routers are faced to CE routers and distribute
    VPN information through BGP to other PE routers
  • P routers do not run BGP and do not have any VPN
    knowledge

12
Model (contd)
  • P and PE routers share a common IGP
  • PE and CE routers exchange routing information
    through
  • EBGP, OSPF, RIP, Static routing
  • CE router run standard routing software

13
Routing
  • The routes the PE receives from CE routers are
    installed in the appropriate VRF
  • The routes the PE receives through the backbone
    IGP are installed in the global routing table
  • By using separate VRFs, addresses need NOT to be
    unique among VPNs

14
Forwarding
  • PE and P routers have BGP next-hop reachability
    through the backbone IGP
  • Labels are distributed through LDP (hop-by-hop)
    corresponding to BGP Next-Hops
  • Label Stack is used for packet forwarding
  • Top label indicates Next-Hop (interior label)
  • Second level label indicates outgoing interface
    or VRF (exterior label)

15
Forwarding (contd)
  • The upstream LDP peer of the BGP next-hop (PE
    router) will pop the first level label
  • The egress PE router will forward the packet
    based on the second level label which gives the
    outgoing interface (and VPN)

16
Forwarding Example
CE1
PE1
CE2
P1
P2
PE2
CE3
17
Scalability
  • Existing BGP techniques can be used to scale the
    route distribution
  • Each edge router needs only the information for
    the VPNs it supports
  • Directly connected VPNs
  • Easy to add new sites
  • configure the site on the PE connected to it, the
    network automatically does the rest

18
QoS Support
  • Pipe model
  • Similar to int-serv
  • Unidirectional as opposed to bi-directional model
    in ATMs
  • Hose Model
  • Similar to diff-serv
Write a Comment
User Comments (0)
About PowerShow.com