Mpls L3_vpn
Download as PPT, PDF•1 like•1,613 views
MPLS L3 VPN allows companies to offer Layer 3 VPN services with advantages like scalability, security, and support for duplicate IP addresses and different network topologies. The key components that enable this are VRF tables on PE routers that separate routing information for each customer to avoid duplicate IP issues, and MP-BGP which customizes VPN routing information using a Route Distinguisher, VPN label, and Route Target to support different VPN topologies. MPLS L3 VPN provides services like multi-homed sites for redundancy, hub-and-spoke networks, internet access with security, and extranets for inter-company communication.
Mpls L3_vpn
- 1. MPLS L3_VPN By : Reza Farahani
- 2. MPLS VPN Models MPLS L3 VPN Multi Point BGP/MPLS IP VPNPoint to Point Layer3 VPNLayer2 VPN MPLS VPNs VPLSVPWS
- 3. INTRODUCTION L3VPN One of the usage of MPLS for companies MPLS VPNs allow a service provider, or even a large enterprise, to offer Layer 3 VPN services. Advantages: Scalability Security Support duplicate IP Support different Topology Easy to create Flexible Addressing Integrated by QoS
- 4. Terminology What is P, PE and CE routers? What is main feature of L3 VPN ? Support duplicate IP Support different topology
- 5. What is duplicate IP ? What’s solution for this problem? VRF
- 6. VRF The MPLS VPN RFCs define the concept of using multiple routing tables, called Virtual Routing and Forwarding (VRF) tables which separate customer routes to avoid the duplicate address range issue. Where is Define ? On PE routers To keep track of the possibly overlapping prefixes, PE routers do not put the routes in the normal IP routing table—instead, PEs store those routes in separate per-customer routing tables, called VRFs.
- 7. Routing Protocol between PEs Then the PEs use IBGP to exchange these customer routes with other PEs—never advertising the routes to the P routers. Why ?
- 8. Multi-Protocol BGP MP-BGP customizes the VPN Customer Routing Information as per the Locally Configured VRF Information at the PE using: VPN Label Route Distinguisher (RD) Route Target (RT)
- 9. VPN Label The extra work for the PE relates to the fact that the MPLS VPN data plane causes the ingress PE to place two labels on the packet, as follows: One label change to two label Inner and outer label by s-flag 1 for MPLS and 0 for VPN
- 10. VPN Label Where is PHP in this picture !!!
- 11. VPN Label • PE add another label
- 12. Route-Distinguisher (RD) MPLS deals with the overlapping prefix problem by adding another number in front of the original BGP network layer reachability information (NLRI). Each different number can represent a different customer, making the NLRI values unique. To do this, MPLS took advantage of a BGP RFC, called MP-BGP (RFC 4760), which allows for the redefinition of the NLRI field in BGP Updates. This redefinition allows for an additional variable-length number, called an address family , to be added in front of the prefix. RD for support duplicate IP ? How it help us?
- 13. Route-Distinguisher (RD) Route distinguisher is an 8-octet field prefixed to the customer's IPv4 address. RD makes the customer’s IPv4 address unique inside the SP MPLS network RD is configured in the VRF at PE
- 14. VPNV4 In particular, the new NLRI format, called VPN-V4, has the following two parts: A 64 bit RD A 32 bit IPv4 prefix
- 15. VPNV4 LDP defines a set of procedures and messages by which one LSR (Label Switched Router) informs another of the label bindings it has made. PEs use MPBGP for Advertise VPNV4
- 16. ROUTE TARGET (RT) MPLS RTs enable MPLS to support all sorts of complex VPN topologies PEs advertise RTs in BGP Updates as BGP Extended Community path attributes (PA). RT values follow the same basic format as the values of an RD. However, note that while a particular prefix can have only one RD, that same prefix can have one or more RTs assigned to it. MPLS uses Route Targets to determine into which VRFs a PE places IBGP-learned routes.
- 17. ROUTE TARGET (RT) RT types : Import export
- 18. Different Topology by RT In a full-mesh VPN, each site in the VPN can communicate with every other site in that same VPN
- 19. Different Topology by RT In a hub-and-spoke VPN, the spoke sites in the VPN can communicate only with the hub sites; they cannot communicate with other spoke sites
- 20. ROUTE TARGET (RT) It is sometimes helpful to think of the term export to mean “redistribute out of the VRF into BGP” and the term import to mean “redistribute into the VRF from BGP.”
- 22. MPLS VPN Scenario Next session •
- 23. MPBGP Config
- 24. FEC Forwarding Equivalence Class (FEC) is a set of packets that receives the same forwarding treatment by a single LSR. For simple MPLS unicast IP forwarding, each IPv4 prefix is an FEC. For MPLS VPNs, each prefix in each VRF is an FEC It’s useful for apply QoS For example, MPLS traffic engineering (TE) allows MPLS networks to choose to send some packets over one LSP and other packets over another LSP, based on traffic loading.
- 25. FEC
- 26. MPLS L3VPN Services 1. Multi-Homed VPN Sites Link redundancy 2. Hub and Spoke Service 3. Internet Access Service Security mechanism in PE and CE 4. Extranet Service External intercompany communication
- 27. Question ?