Transcript
Netmanias 기술 문서: PoC (Proof of Concept) of MPLS VPN
Contents
목 차
Physical & Logical Topology (including Router configuration)
I.MPLS L3VPN Packet Flow
II.LDP Convergence Test
III.MPLS L2VPN Packet Flow
V.Appendix
2
RSVP Convergence
IV.
Juniper 라우터(M & J series)를 이용하여 MPLS VPN (L3 & L2 VPN) 망을 구성하고, 그 망에서 패킷 전달, 라우팅 정보, Convergence 테스트 등을 통해 MPLS VPN 기본 개념을 이해한다.
목 적
1.1 Physical Topology for MPLS L3VPN PoC
Netmanias 기술 문서: PoC (Proof of Concept) of MPLS VPN
3
사각형.140
PE1.J6300
PE / P router
PE2.J4300
Juniper J6300
PE / P router
Juniper J4300
PE3.J6300
PE / P router
PE4.M5
Juniper J6300
PE / P router
Juniper M5
BR1.C3550
Internet Border router
Cisco 3550
BR2.C3550
Internet Border router
Cisco 3550
CE1.VPN-A
CE1 router for VPN A
Dasan 5124
CE2.VPN-A
CE2 router for VPN A
Dasan 5124
CE3.VPN-A
CE3 router for VPN A
Dasan 5124
CE4.VPN-B
CE4 router for VPN B
Dasan 5124
CE5.VPN-B
CE5 router for VPN B
Dasan 5124
CE6.VPN-B
CE6 router for VPN B
Dasan 5124
L2SW1.V1124
L2 switch
Dasan 1124
L2SW2.V1124
L2 switch
Dasan 1124
L2SW3.V1124
L2 switch
Dasan 1124
NE Info
Sheet.57
Config and route info on L3VPN lab.xls
1.2 Logical Topology for MPLS L3VPN PoC
2.1 MPLS L3VPN Network (Logical Topology)
VPN-A (Full mesh topology)
1) CE1.VPN-A & PE1.J6300 - RD: 1:100 - RT: 1:400 - Routing: eBGP, AS 65530(CE), 65500(PE)
2) CE2.VPN-A & PE3.J6300 - RD: 1:100 - RT: 1:400 - Routing: eBGP, AS 65531(CE), 65500(PE)
3) CE3.VPN-A & PE1.J6300 - RD: 1:100 - RT: 1:400 - Routing: Static
VPN-B (Hub and spoke, CE6.VPN-B is Hub site)
1) CE4.VPN-B & PE1.J63002) CE5.VPN-B & PE3.J63003) CE6.VPN-B & PE2.J4300
Internet VPN
1) BR1.C3550 & PE4.M5 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.1(BR1), 0.0.0.0(PE)
2) BR2.C3550 & PE3.J6300 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.2(BR2), 0.0.0.0(PE)
3) PC1 & PE2.J4300 - RD: 1:300 - RT: 1:700 - Routing: Static
2.2 MPLS L3VPN Connectivity
2.3 MPLS L3VPN Packet Flow: Between CEs (Ping Request from 172.16.10.2 to 172.17.11.2)
ping_ce1_to_ce2.pcap
2.3 MPLS L3VPN Packet Flow: Between CEs (Ping Reply from 172.16.11.2 to 172.17.10.2)
ping_ce2_to_ce1.pcap
2.4 MPLS L3VPN Packet Flow: Internet VPN (Ping Request from 10.10.12.2 to Internet)
3.1 Physical Topology for MPLS L3VPN with SmartBits600
사각형.140
PE1.J6300
PE / P router
PE2.J4300
Juniper J6300
PE / P router
Juniper J4300
PE3.J6300
PE / P router
PE4.M5
Juniper J6300
PE / P router
Juniper M5
BR1.C3550
Internet Border router
Cisco 3550
BR2.C3550
Internet Border router
Cisco 3550
CE1.VPN-A
CE1 router for VPN A
Dasan 5124
CE2.VPN-A
CE2 router for VPN A
Dasan 5124
CE3.VPN-A
CE3 router for VPN A
Dasan 5124
CE4.VPN-B
CE4 router for VPN B
Dasan 5124
CE5.VPN-B
CE5 router for VPN B
Dasan 5124
CE6.VPN-B
CE6 router for VPN B
Dasan 5124
L2SW1.V1124
L2 switch
Dasan 1124
L2SW2.V1124
L2 switch
Dasan 1124
L2SW3.V1124
L2 switch
Dasan 1124
NE Info
3.2 MPLS L3VPN Network (Logical Topology) with SmartBits600
VPN-A (Full mesh topology)
1) CE1.VPN-A & PE1.J6300 - RD: 1:100 - RT: 1:400 - Routing: eBGP, AS 65530(CE), 65500(PE)
2) CE2.VPN-A & PE3.J6300 - RD: 1:100 - RT: 1:400 - Routing: eBGP, AS 65531(CE), 65500(PE)
3) CE3.VPN-A & PE1.J6300 - RD: 1:100 - RT: 1:400 - Routing: Static
VPN-B (Hub and spoke, CE6.VPN-B is Hub site)
1) CE4.VPN-B & PE1.J63002) CE5.VPN-B & PE3.J63003) CE6.VPN-B & PE2.J4300
1) CE1.VPN-A & SMB600 Port A - Routing: OSPF, area 02) CE2.VPN-A & SMB600 Port B - Routing: OSPF, area 0
Internet VPN
1) BR1.C3550 & PE4.M5 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.0(BR1), 0.0.0.0(PE)
2) BR2.C3550 & PE3.J6300 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.0(BR2), 0.0.0.0(PE)3) PC1 & PE2.J4300 - RD: 1:300 - RT: 1:700 - Routing: Static
1) BR1.C3550 & SMB600 Port B - Routing: eBGP, 65532 (BR1), 60000 (SMB)
2) BR2.C3550 & SMB600 Port C - Routing: Ebgp, 65533 (BR2), 60001 (SMB)
3.3 LDP Convergence Test Environment
3.4 LDP Convergence Test 1: Port 17/Port 18 Failure
VPN-A (Full mesh topology)
1) CE1.VPN-A & PE1.J6300 - RD: 1:100 - RT: 1:400 - Routing: eBGP, AS 65530(CE), 65500(PE)
2) CE2.VPN-A & PE3.J6300 - RD: 1:100 - RT: 1:400 - Routing: eBGP, AS 65531(CE), 65500(PE)
3) CE3.VPN-A & PE1.J6300 - RD: 1:100 - RT: 1:400 - Routing: Static
VPN-B (Hub and spoke, CE6.VPN-B is Hub site)
1) CE4.VPN-B & PE1.J63002) CE5.VPN-B & PE3.J63003) CE6.VPN-B & PE2.J4300
1) CE1.VPN-A & SMB600 Port A - Routing: Static2) CE2.VPN-A & SMB600 Port B - Routing: Static
3.5 Result of LDP Convergence Test 1
Test Input Condition
1. # of routes = 12. Traffic bandwidth = (a)1Mbps, (b)5Mbps3. spf-delay (OSPF parameters) on PE1 = (a)200ms (default), (b)1000ms (in case of 1Mbps)4. Point of link failure = (a)Port 17, (b)Port 18 in MIRROR.SW
[T1-case01.trt]: 1Mbps / 200ms / Port 17[T1-case02.trt]: 1Mbps / 1000ms / Port 17[T1-case03.trt]: 1Mbps / 200ms / Port 18[T1-case03.pcap]: data captured in Port 2, 18 and 15 in MIRROR.SW[T1-case04.trt]: 1Mbps / 1000ms / Port 18[T1-case05.trt]: 5Mbps / 200ms / Port 17[T1-case06.trt]: 5Mbps / 200ms / Port 18
[T1-case01.trt]
10.57s
13.60s
Sheet.15
Sheet.16
Rate-derived Convergence Time = 13.60 . 10.57 = 3.02 secLoss-derived Convergence Time = 689 lost frames / 850 PPS = 811 ms
Sheet.18
[T1-case02.trt]
17.85s
20.88s
Sheet.22
Sheet.23
Rate-derived Convergence Time = 20.88 . 17.85 = 3.03 secLoss-derived Convergence Time = 552 lost frames / 850 PPS = 650 ms
[T1-case03.trt]
Lost Frames = 412Lost Frames = 793
[T1-case04.trt]
Lost Frames = 1118Lost Frames = 1047
Sheet.12
3.6 LDP Convergence Test 2-1: INTERNET VPN with Per-Flow ECMP . Port 16 Failure
Internet VPN
1) BR1.C3550 & PE4.M5 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.0(BR1), 0.0.0.0(PE)
2) BR2.C3550 & PE3.J6300 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.0(BR2), 0.0.0.0(PE)
3) PC1 & PE2.J4300 - RD: 1:300 - RT: 1:700 - Routing: Static
1) BR1.C3550 & SMB600 Port B - Routing: eBGP, 65532 (BR1), 60000 (SMB)
2) BR2.C3550 & SMB600 Port C - Routing: Ebgp, 65533 (BR2), 60001 (SMB)
3.7 LDP Convergence Test 2-2: INTERNET VPN with Per-Flow ECMP . Link of BR1 Failure
Internet VPN
1) BR1.C3550 & PE4.M5 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.0(BR1), 0.0.0.0(PE)
2) BR2.C3550 & PE3.J6300 - RD: 1:300 - RT: 1:700 - Routing: OSPF, area 0.0.0.0(BR2), 0.0.0.0(PE)
3) PC1 & PE2.J4300 - RD: 1:300 - RT: 1:700 - Routing: Static
1) BR1.C3550 & SMB600 Port B - Routing: eBGP, 65532 (BR1), 60000 (SMB)
2) BR2.C3550 & SMB600 Port C - Routing: Ebgp, 65533 (BR2), 60001 (SMB)
3.8 Result of LDP Convergence Test 2
Test Input Condition1. # of routes = 172.1.1.0/24, 172.1.2.0/24, ... 172.17.30.0/242. Traffic bandwidth = 1Mbps3. spf-delay (OSPF parameters) = 200ms4. Point of link failure - Test 2-1: Port 16 (between PE2.J4300 and PE4.M5) - Test 2-2: fe0/1 on BR1.C3550
[T3-case01a/b/c.trt]: Test2-1[T3-case02a.trt]: Test2-1 without Per-flow ECMP[T3-case03a/b/c.trt]: Test2-2
Sheet.11
[T3-case01a.trt]
19.13s
22.16s
435pps
409pps
Sheet.17
Rate-derived Convergence Time = 22.16 . 19.13 = 3.03 secLoss-derived Convergence Time = 627 lost frames / 844 PPS = 743 ms
Sheet.19
[T3-case01b.trt]
20.91s
23.56s
435pps
409pps
Sheet.25
Rate-derived Convergence Time = 23.56 . 20.91 = 2.65 secLoss-derived Convergence Time = 183 lost frames / 844 PPS =217 ms
[T3-case01c.trt]
Lost Frames = 273
[T3-case02a.trt]
Lost Frames = 1082
3.8 Result of LDP Convergence Test 2 (cont)
[T3-case03a.trt]
Sheet.10
22.46s
435pps
409pps
24.57s
845pps
Sheet.16
Rate-derived Convergence Time = 24.57 . 22.46 = 2.11 secLoss-derived Convergence Time = 265 / 845 = 314 ms
[T3-case03b.trt]
Lost Frames = 353
[T3-case03c.trt]
Lost Frames = 0
Test started without link of BR1 and this link is up during the test
4.1 RSVP Convergence (without Protection/FRR): Port 17 Failure
case01-rsvp-port17-failure.pcapLine 35597
4.2 RSVP Convergence (without Protection/FRR): Port 5 Failure
case02-rsvp-port05-failure.pcapLine 12623
4.3 RSVP Convergence (without Protection/FRR): Port 18 Failure
case03-rsvp-port18-failure-a.pcapLine 58012
5.1 Logical Topology for MPLS L2VPN PoC
Config and route info on L2VPN lab.xls
5.2 Tunnel & VC LSP Establishment
nmc@PE1.M7i> show l2circuit connections
Layer-2 Circuit Connections:Neighbor: 103.0.0.1
Interface Type St Time last up # Up trans
fe-0/0/2.600(vc 50) rmt Up Oct 31 11:31:52 2007 1
Local interface: fe-0/0/2.600, Status: Up, Encapsulation: VLAN
Remote PE: 103.0.0.1, Negotiated control-word: No
Incoming label: 100000, Outgoing label: 100000
fe-0/0/3.700(vc 100) rmt Up Oct 31 11:31:52 2007 1
Local interface: fe-0/0/3.700, Status: Up, Encapsulation: VLAN
Remote PE: 103.0.0.1, Negotiated control-word: No
Incoming label: 100016, Outgoing label: 100016
nmc@PE3.M5> show l2circuit connections Layer-2 Circuit Connections:Neighbor: 101.0.0.1
Interface Type St Time last up # Up trans
fe-0/0/2.600(vc 50) rmt Up Nov 1 05:29:26 2007 1
Local interface: fe-0/0/2.600, Status: Up, Encapsulation: VLAN
Remote PE: 101.0.0.1, Negotiated control-word: No
Incoming label: 100000, Outgoing label: 100000
fe-0/0/2.700(vc 100) rmt Up Nov 1 05:29:26 2007 1
Local interface: fe-0/0/2.700, Status: Up, Encapsulation: VLAN
Remote PE: 101.0.0.1, Negotiated control-word: No
Incoming label: 100016, Outgoing label: 100016
Appendix
기본적인 MPLS/LDP 설정 방법
각 라우터의 Loopback 주소만 LDP로 advertisement하는 이유는?
MPLS Label Swapping Table을 보면 Incoming Interface가 없는데… 왜?
inet.0와 inet.3
inet.0와 inet.3 (계속)
Router Preference
ECMP (LDP, IGP 공통)
ECMP (LDP, IGP 공통) (계속)
BGP next-hop & IGP next-hop
Routing Policy
