Transcript
1
MPLS L2VPN(VPWS, VPLS)기본개념
2003년7월25일
NMC Consulting Group(tech@netmanias.com)
2
.Overview
.Virtual Private Wire Services .VPWS
.Martini Draft
.Virtual Private LAN Services .VPLS
Contents
3
Overview of Layer 2 MPLS VPN
4
.Tunnel Header determines path through network
.Demux Field identifies VLAN, VPN, or connection at the end point
Customer Site A
Customer Site B
VPN C
VPN C
Tunnel Header
Demux
Demux
Concept
5
Network Architecture
Router_A_
Router_A_
Router_A_
Router_A_
Attachment VC
Emulated VC
Attachment VC
Pseudo-wire (PW)
Emulated Service (ES)
PE
PE
CE
CE
CE
CE
MPLS
icon_c_router_ppt
icon_c_router_ppt
6
.Layer 3 IP is not the only traffic
.Still a lot of legacy SNA, IPX etc
.Large enterprises have legacy protocols
.Layer 3 IP VPNs are not the whole answer
.IP VPNs cannot handle legacy traffic
.Layer 2 legacy traffic widely deployed
Carriers need to support Layer 2 and Layer 3 VPNs
MPLS L2 VPN Market Drivers
7
Label Stacking
.Three Layers of Encapsulation
1)Tunnel Header:Contains information needed to transport the PDU across the IP or MPLS network
2)Demultiplexer Field:Used to distinguish individual emulated VCs within a single tunnel
3)Emulated VC Encapsulation:Contains the information about the enclosed PDU (known as Control Word)
.Tunnel Header determines path through network
.Demultiplexer Field identifies VLAN, VPN, or connection at the end point
TunnelHeader
Demux
Field
Layer 2 payload
VC Encaps Information
8
.Layer 2 header fields may be discarded at ingress
.Control word carries “flag”bits depending on encapsulation
.(FR; FECN, BECN, C/R, DE, ATM; CLP, EFCI, C/R, etc)
.Length required when padding small frames on links which have a minimum frame size
Rsvd
Flags
00
Length
Sequence Number
4 4 2 6 16
4 byte Control Word
VC EncapsInformation Field
9
.Point-to-point layer 2 solutions -VPWS
.Virtual Private Wire Services-similar to ATM / FR services, uses tunnels and connections (LSPs)
.Customer gets connectivity only from provider
.Ongoing work to encapsulate Ethernet, ATM, FR, TDM, SONET, etc
.Multi-point layer 2 solutions -VPLS
.Virtual Private LAN Services(VPLS) aka TLS
.Ethernet Metro VLANs / TLS over MPLS
.Independent of underlying core transport
.Differences in drafts for discovery and signaling
Point-to-Point/Multi-Point
10
IETF
Where does this work fit in the Standards bodies?
11
VPN -the basics
Components:
.A core network
.VPN peers (typically at the edge of the core network)
.Steps for VPN set up:
.Peer discovery mechanism
.Control protocol exchange (VPN specific)
.Data transport mechanism
.necessary encapsulation
.encapsulation and “de-encapsulation”capability
.Necessary protocol exchange for the core network
12
IETF Layer 2 Solution Drafts
.Point-to-Point Drafts
.Martini Draft”
.Describes the encapsulation of L2 frames in MPLS
.MPLS labels are signaled between PEs using “targeted”LDP.
.Kompella Draft
.Now has the same encapsulation as “Martini”(it was different in an earlier version of the “Kompella”draft)
.MPLS labels are signaled between PEs using BGP.
.Signaling is “VPN-aware”: less provisioning to add a site.
.Multi-Point Drafts
.Lasserre-Vkompella draft
.Kompella draft
13
Virtual Private Wire Service (VPWS)
Martini draft
14
Martini IETF drafts
.Encapsulation Methods for Transport of ATM Cells/Frame Over IP and MPLS Networks
.draft-martini-atm-encap-mpls-00.txt
.Encapsulation Methods for Transport of PPP/HDLC Frames Over IP and MPLS Networks
.draft-martini-ppp-hdlc-encap-mpls-00.txt
.Encapsulation Methods for Transport of Ethernet Frames Over IP and MPLS Networks
.draft-martini-ethernet-encap-mpls-00.txt
.Encapsulation Methods for Transport of Frame-Relay Over IP and MPLS Networks
.draft-martini-frame-encap-mpls-00.txt,
.Transport of Layer 2 Frames Over MPLS
.draft-martini-l2circuit-trans-mpls-09.txt
* Please check www.ietf.orgfor latest draft versions
15
.Martini encapsulation requires a 4 byte Control Word field for some L2 media
.Control Word is inserted after the MPLS header(s)
Cloud
Mplain
switch2
switch2
Mplain
PE
PE
CE
CE
Control
Word
IP Packet
MPLS
L2
IP
L2
IP
General Encapsulation
16
Layer 2 encapsulation
.Martini defines the following encapsulations over MPLS
.Frame Relay
.Ethernet port / 802.1q VLAN
.ATM AAL5
.ATM cell
.PPP/HDLC
.Martini defines a new Control Word and a new VC FEC Element
17
Draft Martini Control Word
.Control Word is optional for:
.Ethernet
.ATM Cell Mode
.PPP/HDLC
.CW is required, but its use is optional for:
.ATM AAL5 Mode
.Frame Relay
Rsvd
Flags
00
Length
Sequence Number
4 4 2 6 16
4 byte Control Word
18
.Rsvd .Reserved for future use
.Must be set to 0s
.Flags .Varies by protocol
.Used in ATM AAL5 and Frame Relay
.00 .must be set to 0
.Length
.If payload + CW < 64 B, it must be set to packet’s length
.Otherwise, length field is set to 0
.Sequence number is optional
.Set to 0 if not used
Rsvd
Flags
00
Length
Sequence Number
4 4 2 6 16
4 byte Control Word
Draft Martini Control Word Fields
19
Frame Relay encapsulation
.Ingress device strips the Frame Relay header and FCS and appends label stack and control word
.Control word carries FECN, BECN, DE, C/R bits plus PDU length
.Sequence number is optional. It is used to guarantee in-order delivery of frames
4 octets
4 octets
Control
word
Frame Relay PDU
4 octets
bits
Rsvd
F
B
D
C
Length
Sequence Number
16
payload
Q.922
Header
FCS
Frame Relay frame
1
1
FECN
BECN
DE
EA
DLCI
DLCI
C/R
EA
Frame Relay Header
Tunnel
Header
Demux
Field
20
Ethernet encapsulation
.Ingress device strips the Ethernet preamble and CRC, but transports the entire header
.Control word is not used
.802.1q VLAN ID may be overwritten at egress
Tunnel
label
VC
label
4 octets
4 octets
Ethernet header
Ethernet payload
payload
DA
SA
T
FCS
Ethernet frame
Ethernet over MPLS
21
Draft Martini ATM Mode
.ATM AAL5 Mode
.Ingress PE reassembles AAL5 CPCS-SDUs and encapsulates with CW and MPLS labels
.OAM cells are sent as individual cells
.ATM Cell Mode
.Cells are concatenated in a MPLS frame
.CW is optional
Rsvd
Flags
00
Length
Sequence Number
4 4 2 6 16
4 byte Control Word
22
Draft Martini ATM AAL5 Mode
.ATM AAL5 Mode
.Ingress reassembles AAL5 frames and strips 8 octet AAL5 trailer
.Flag bits are used to indicate:
.T: Packet contains an ATM Cell (OAM) or AAL5
.E: EFCI for Explicit Forward Congestion Indication
.L: CLP for cell loss priority
.C: C/R for FRF 8.1 FR/ATM service interworking
Cloud
Mplain
switch2
PSN
switch2
Mplain
PE
PE
CE
CE
VCC
VCC
RES
T
E
L
C
00
Length
Sequence
Number
ATM OAM Cell or
AAL 5 CPCS-SDU
23
.Ingress performs no reassembly
.Control word is optional:
.Length may be used to infer number of cells
.Flags set to zero
Tunnel
label
VC
label
4 octets
4 octets
Control
word
ATM cell #1
minus HCS
4 octets
52 octets
ATM cell #2
minus HCS
52 octets
…
ATM cells over MPLS
ATM Cell Mode encapsulation
24
.Packet Classification
.Maps FEC to LSP
.Yields output port and label stack
.Exp/CoS marking
.Queuing/scheduling/drop policy
Original Ethernet Frame
Ethernet
Payload
Ethernet
Header
Ingress LER Processing: L2 FEC Matching
25
SA
Etype
0x8847
DA
Outer Ethernet
Header
Inner
Ethernet
Header
Original Ethernet Frame
Ethernet
Payload
Tunnel
Label
VC
Label
Label stack
.Label stack
.Top label: Tunnel label
.Trunk aggregating traffic from multiple customers
.Bottom label: VC label
.Per customer “circuit”
Ingress LER Processing: Encapsulation
26
SA
Etype
0x8847
DA
Outer Ethernet
Header
Inner
Ethernet
Header
Original Ethernet Frame
Ethernet
Payload
Tunnel
Label
VC
Label
Label stack
.LSRs only look at the tunnel labelto switch the frame
.L2 header rewritten according to type of output port
LSR Processing: Label Switching
27
SA
Etype
0x8847
DA
Outer Ethernet
Header
Inner
Ethernet
Header
Original Ethernet Frame
Ethernet
Payload
Tunnel
Label
VC
Label
Label stack
.Pop tunnel label off if penultimate hop has not done so
.Infer from VC label how to process the original frame
.Policy based forwarding
.Regular L2 processing
Egress LER Processing: Label Popping and Forwarding
28
Last Mile
Provider’s MPLS Backbone
Last Mile
POP
POP
CPE
CPE
CPE
CPE
PE
PE
Penultimate Hop LSR
PE
PE
payload
DA
SA
T
FCS
802.1q
payload
DA
SA
T
802.1q
VC Label
Tunnel Label
0x8847
DA’
SA’
FCS’
payload
DA
SA
T
802.1q
VC
Label
0x8847
DA”
SA”
FCS”
payload
DA
SA
T
FCS
802.1q
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
Life of a Frame: Ethernet over Ethernet MPLS
29
Last Mile
Provider’s MPLS Backbone
Last Mile
POP
POP
CPE
CPE
CPE
CPE
PE
PE
Penultimate Hop LSR
PE
PE
Frame Relay Payload
Q.922
address
FCS
Tunnel LSP
Frame Relay Payload
Q.922
address
FCS
Tunnel
label
VC
label
Control
word
Frame Relay PDU
Rsvd
B
F
D
C
Length
Sequence Number
0x8847
DA
SA
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
Life of a Frame: Frame Relay over Ethernet MPLS
30
Last Mile
Provider’s MPLS Backbone
Last Mile
POP
POP
CPE
CPE
CPE
CPE
PE
PE
Penultimate Hop LSR
PE
PE
ATM CPCS-PDU
ATM Header
ATM Trailer
Tunnel LSP
ATM CPCS-PDU
ATM Header
ATM Trailer
Tunnel label
VClabel
4 octets
4 octets
Control word
ATM CPCS-PDU
4 octets
ATM Control Word
Rsvd
T
E
L
C
Length
Sequence Number
TransportHeader
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
Life of a Frame: ATM AAL5 over MPLS
31
Last Mile
Provider’s MPLS Backbone
Last Mile
POP
POP
CPE
CPE
CPE
CPE
PE
PE
Penultimate Hop LSR
PE
PE
ATM Cell
ATM Header
Tunnel LSP
Rsvd
T
E
L
C
Length
Sequence Number
ATM Control Word
Tunnel label
VC label
Control
word
ATM cell #1
ATM cell #2
…
TransportHeader
ATM Cell
ATM Header
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
Life of a Frame: ATM AAL1 Cell Mode over MPLS
32
.Describes method for transporting PDUs of layer 2 protocols across an MLPS network
.Uses Tunnel and VC Labels
.LSRs establish an LDP session using Extended Discovery mechanism
.Utilizes LDP in downstream unsolicited mode for label distribution
.A new type of FEC element is defined as the Virtual Circuit FEC -VC FEC
Layer 2 transport: draft-martini-l2circuit-trans-mpls
33
.LDP uses TCP as a reliable transport
.LDP Discovery
.Basic Discovery
.Periodic link hellos on well known all subnets group multicast address
.Extended Discovery
.Used between non directly connected LSRs that support extended discovery
.UDP packets sent to the well known discovery port of a specific address
LDP Sessions:(2.2.3 RFC 3036)
34
Session
TCP-Initialization
TCP-Initialization
Unsolicited LDP Label Mappings
LSR A
LSR B
Targeted UDP Hello’s
icon_c_router_ppt
icon_c_router_ppt
LDP Unsolicited Label Mapping
35
Traffic TLV (optional)
LSPID TLV (optional)
Label Request Message ID TLV
Label TLV
FEC TLV
Message ID
Label Mapping Message Length
LDP -Label Mapping Message
36
Martini VC FEC Type
VC TLV
C
VC Type
VC Info Length
Group ID
VC ID
Interface Parameters
C bit: Indicates whether or not Control Word is used.
VC type: Type of emulated VC (FR, ATM, Ethernet, HDLC,PPP, ATM cell)
VC Info Length : Length of VCID field
VC ID: Identifies the VC.
Group ID: Allows mass VC label withdraws with one message.
Interface parameters: Specifies MTU, description, etc.
37
.All services look like a Virtual Circuit to MPLS network
.Provision service by associating each endpoint with a common VC Identifier(VCID)
.Network automatically determines VC label and Tunnel label to push on L2 frame
Tunnel label
VC label
Layer 2 frame
MPLS L2 Transport Tunnels
38
untitled1
Encapsulation methods [ Martini vs. Kompella]
39
untitled
VPN signaling methods [ Martini vs. Kompella]
40
.“Martini Draft”:
.Describes the encapsulation of L2 frames in MPLS
.MPLS labels are signaled between PEs using “targeted”LDP.
.“Kompella Draft”:
.Now has the same encapsulation as “Martini”(it was different in an earlier version of the “Kompella”draft)
.MPLS labels are signaled between PEs using BGP.
.Signaling is “VPN-aware”: less provisioning to add a site.
.Both Drafts:
.Uses stacked tunnels for scalability.
.Can carry many L2 protocols (FR, ATM, Ethernet, PPP, etc.)
Conclusions
41
Virtual Private LAN Service (VPLS)
42
New Corporate Network
small cloud
icon_c_router_ppt
icon_c_atmswitch_ppt
icon_c_router_ppt
j0085508
icon_c_atmswitch_ppt
…
tower01
network3
small cloud
icon_c_router_ppt
icon_c_atmswitch_ppt
icon_c_router_ppt
j0085508
icon_c_atmswitch_ppt
tower01
network3
small cloud
icon_c_router_ppt
icon_c_atmswitch_ppt
icon_c_router_ppt
j0085508
icon_c_atmswitch_ppt
tower01
network3
icon_c_atmswitch_ppt
.Intra-building connectivity via Ethernet
.Broadcast domains (LANs) broken up by routers
.External connectivity via VPLS .just another Ethernet
SP network looks
like an Ethernet
switch/hub/wire
43
Why Ethernet Access?
.Corporate networks have Ethernet .this is the most common network connection
.Ethernet is cheap, fast and simple
.Routing over an Ethernet is easier and more scalable than for N point-to-point links
.For example, for RIP, one can broadcast or multicast updates
.For OSPF and IS-IS, one forms a single adjacency per LAN segment, and sends one hello and floods LSDB once each time
44
VPLS Operation
.Sending to an unknown MAC address
.“Flood”to all members of the VPLS
.Sending to a known MAC address
.Mapping to <outer label, inner label> exists
.Receiving from some MAC address y
.Identify the sender; find the label stack that will reach that sender, and map MAC address y to that label stack in the MAC address cache
.Periodically, age out unused entries from the MAC address cache
45
bluecloud
bluecloud
orange cloud
orange cloud
orange cloud
small cloud
P
P
P
PE 2
VPN ASite 3
network3
network3
VPN A
Site 1
VPN B
Site2
network3
tower01
tower01
VPN BSite 1
PE 1
network3
network3
tower01
tower01
network3
network3
VPN A
Site2
CE.A1
CE.B1
CE.A3
CE.A2
CE.B2
network3
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_m20
icon_c_router_ppt
icon_c_m160
icon_c_m160
icon_c_m160
icon_c_m160
P
icon_c_m20
icon_c_m20
PE 3
MAC
outer
inner
x
789
2001
Pktarrives with srcMAC addry and inner label 1003
PE1’s VFT for VPN A
MAC address cache
y 654 3001
site
outer
inner
rcv
A2
789
2001
1002
A3
654
3001
1003
x
y
VFT/MAC Cache for a VPLS
46
.<draft-lasserre-vkompella-ppvpn-vpls-02.txt>
.Define a learning bridge model over Martini Ethernet circuits
.Address learning / aging, Frame replication, Split-horizon
.<draft-kompella-ppvpn-vpls-01.txt>
.Describes the use of BGP for discovery and signaling
Drafts
47
Customer-1VC LSP
Customer-1 & 2VC LSPs
.Tunnel LSPs are established between PEs
.Customers designated C1 and C2 are part of two independent Virtual Private LANs
Tunnel LSP
C1
C1
C1
C1
C2
C2
C2
.Layer 2 VC LSPsare set up in Tunnel LSPs
.Core MPLS network acts as a LAN switch
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
icon_c_router_ppt
Virtual Private LAN Services: draft-lasserre-vkompella
48
VPLS Conclusion
.VPLS Standardization and convergence are happening
.One possible approach:
.Establish a full mesh of base tunnels between PEs.
.For each Virtual Private LAN establish a full mesh of VC tunnels between participating PEs (stacked on the base tunnels).
.If destination MAC is unknown: flood to all VCs.
.Learn location of MAC addresses by looking at source MAC address of frames arriving on VC tunnels.
.Also provide a method to signal the location of MAC addresses more proactively (e.g. using LDP or MP-BGP).
49
Netmanias 기술문서: MPLS L2VPN(VPWS, VPLS)기본개념
End of Document