1 / 23

Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks. Luyuan Fang IP Network Architecture AT&T. Outline. Requirements Associated with the Deployment of MPLS VPN in an ISP Network Strategy for the Incremental Deployment of MPLS VPN MPLS VPN - Implementation Options

annamorgan
Télécharger la présentation

Deployment of MPLS VPN in Large ISP Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deployment of MPLS VPN in Large ISP Networks Luyuan Fang IP Network Architecture AT&T

  2. Outline • Requirements Associated with the Deployment of MPLS VPN in an ISP Network • Strategy for the Incremental Deployment of MPLS VPN • MPLS VPN - Implementation Options • Carrier’s Carrier and Inter-provider Backbone VPN • Deployment Issues and Future Work

  3. Requirements Associated with the Deployment of MPLS VPN in an ISP Network • Preservation of network integrity • the new service features must not entail the risk of degrading the reliability and availability of the existing network • Scalability • Scaleable to large number of provider-based VPN • Network of network VPN services • Carrier’s Carrier and Inter-provider backbone VPN • Satisfaction of customers’ security requirements • Proactive management and fast restoration in case of failure

  4. Strategy for the Incremental Deployment of MPLS VPN • The steps described here are simplified for illustrative purposes • The steps may not be followed in the exact order proposed in a production environment • Different steps may also be taken simultaneously, depending on the business needs, feature availability, and interoperability

  5. Strategy for the Incremental Deployment of MPLS VPN (2) • Step 1. Preparation: • Extensive lab test: feature, regression, network integration • Potential hardware and software upgrade on all routers (P’s - Provider backbone routers, and PE’s - Provider Edge routers) for supporting MPLS LDP, VPN, RSVP features • Routing • IGP - link state protocol, e.g. OSPF or IS-IS • BGP - multiple BGP sessions for VPN PE routers

  6. Strategy for the Incremental Deployment of MPLS VPN (3) • Step 2. Enable MPLS in the core • Enable LDP on all backbone routers if possible • MPLS TE may be enabled in certain areas as necessary • The distribution and access routers may not be all MPLS enabled at this time

  7. Strategy for the Incremental Deployment of MPLS VPN (4) • Step 3. Basic MPLS VPN connectivity with limited sites and limited number of VPN’s: • Upgrade the hardware and software on the VPN PE routers only • Enable LDP and VPN on the selected PE’s • Step 4. Expand the MPLS VPN footprint • Enable MPLS LDP in more (or all) router locations • Enable VPN in additional PE routers as needed • Step 5. MPLS VPN General Availability

  8. Strategy for the Incremental Deployment of MPLS VPN (5) • Step 6. Inter-AS MPLS VPN and Carrier’s Carrier • Interconnect different AS’s of the same provider providing MPLS VPN services • Interconnect with international partners for Global reachability • Provide VPN services to other ISP’s– Carrier’s Carrier VPN • Step 7. QoS-enabled MPLS VPN • Enable QoS features for the MPLS network, including VPN • Using QoS VPN for potential VoIP, Video services

  9. MPLS VPN - Implementation Options

  10. VPN A VPN B VPN B P3 P5 P1 VPN A VPN A P2 P4 LDP LDP LDP VPN VPN VPN VPN Case Study 1: VPN (PE) + LDP (P, PE) • Configuration: • IGP (e.g. OSPF, or IS-IS) routing in the core • MPLS (e.g. LDP) enabled for all P and PE routers • MP-iBGP fully meshed between PE’s • VPN configured on VPN PE’s • PE-CE can be e-BGP, OSPF, RIP or Static LSP - Label Switched Path PHP: Penultimate Hop Popping PHP LDP • Setting up LSP through LDP, LSP path = IGP path - Simplicity • Requires LDP interoperability; VPN/LDP inter-working • No control on LSP, label failure on IGP path can cause VPN failure

  11. OSPF area 1 OSPF area 0 OSPF area 2 VPN A VPN B VPN B P3 P5 P1 VPN A VPN A P2 P4 TE TE TE VPN VPN VPN VPN Case Study 2: VPN (PE) + RSVP TE Tunnel (PE-PE) • Configuration: • Using RSVP TE Tunnel (PE-PE) to set up the LSP • Set up back-up tunnel for failure protection • IGP, BGP, VPN, and PE-CE link configuration as in Case 1 PHP TE • Requires RSVP TE tunnel, potentially across multi-OSPF areas • Requires RSVP TE interoperability; VPN / TE inter-working • End-to-end LSP control - better failure protection, fast re-route may be used

  12. OSPF area 1 OSPF area 0 OSPF area 2 VPN A VPN B VPN B P3 P1 P5 VPN A P3 VPN A P2 P4 LDP LDP LDP VPN VPN VPN TE VPN Case Study 3: VPN + LDP + RSVP TE Tunnel • Configuration: • LDP enabled on all routers, except P4 and P5 • RSVP TE Tunnels used only in OSPF area 0 (P1-P3-P5), with back-up tunnel (P1-P2-P4-P5) PHP TE PHP LDP • Requires RSVP TE interoperability • Requires VPN/LDP inter-working, LDP/TE inter-working • Provides feasible solutions when cases 1 and 2 cannot be realized

  13. iBGP ISP B - Site X ISP B’s Customers CE1 PE1 ASBR1, RR ASBR2, RR VPN B VPN B VPN B VPN B VPN B VPN B VPN B VPN B MP- iBGP PE2 CE2 ISP B - Site Y ISP B’s Customers ISP A Carrier Backbone LDP LDP LDP LDP LDP LDP VPN A VPN A VPN A VPN A Carrier’s Carrier VPN • ISP A backbone provides VPN services to ISP B • Case 1. ISP B may not run MPLS in its network • Case 2. ISP B may run MPLS (LDP) in its network • Case 3. ISP B may run MPLS VPN in its network - Hierarchical VPN’s Carrier’s Carrier VPN Case 3

  14. Carrier’s Carrier VPN (2) • MPLS (LDP) used between PE and CE in all three cases • PE-CE routing: OSPF/RIP/Static • Security mechanism needed for label “spoofing” prevention • iBGP sessions between ISP B sites • Use Route Reflectors to improve scalability • ISP A distributes ISP B’s internal routes through MPLS-VPN only • ISP B’s external routes advertised to all ISP B site through ISP B’s Route Reflector iBGP session

  15. Customers have sites connected to different AS’s or ISP’s PE-ASBR’s connect the two AS’s E-BGP sessions for VPN-IPv4 single VPN label, no LDP label no VRF assigned, based on policy agreed by the two ISP’s (AS’s) Route reflectors reflect VPN-IPv4 internal routes within its AS Security, scalability, policies between ISP’s VPN B VPN B LDP LDP LDP VPN A VPN A Inter-Providers Backbone VPN RR-A RR-B AS B AS A PE1 VPN AB CE1 PE-ASBR1 CE2 PE-ASBR2 MP- eBGP PE2 MP- iBGP MP- iBGP

  16. MPLS VPN Deployment Issues • MPLS Feature availability • VPN, LDP, RSVP, CR-LDP: individually, and Inter-working amongst subsets of these • Coping with reality of feature availability • Multi-vendor inter-operability • Required in an heterogeneous IP network • Deployment strategy • Partially enable MPLS vs. Fully enable MPLS in the entire IP backbone • TE tunnels, use only as needed vs. fully meshed • QoS VPN: map VPN into guaranteed bandwidth tunnels with class of service

  17. MPLS VPN Deployment Issues (2) • Scalability • The use of Route Reflectors • Performance impact on PE’s needs to be measured • Carrier of Carriers and Inter-AS backbone • Load sharing between PE-CE links • Assign different RDs to different sites vs. single RD for each VPN • Security • One VPN’s route does not exist in other non-connected VPN’s VRF or the global routing table • FR/ATM equivalent security - more study needed

  18. MPLS VPN Network Management • Available MIBs today • LSR MIB, LDP MIB, VPN MIB, MBGP MIB, RSVP TE MIB, FTN MIB,… • Configuration and Provisioning • Auto-provisioning tools needed for large scale VPN deployment

  19. MPLS VPN Network Management (2) • Performance • All MPLS features impact on performance, including basic VPN on PE routers, and need to be studied • More study needed for VPN supporting QoS • Network performance: delay, jitter, loss, throughput, availability • Element performance: utilization • Security management • Authentication, control access, monitoring

  20. Example: P2 PE2 PE1 VPN A VPN A Y X CE1 CE2 P1 P4 PE3 PE4 P3 MPLS VPN Network Management (3) • Traffic Management/Engineering • Characterize traffic for VPN’s • Profiling, correlation, and optimization • Fault management • Monitoring and troubleshooting • VPN failure detection and recovery Config: LDP in the core for all P and PE router; IGP: OSPF; iBGP full mesh between PE’s LSP: OSPF shortest path: PE1-P1-P3-P4-PE2; no TE tunnels. Failure: All links and nodes are up, but P3 label switching fails, LSP breaks, VPN fails. Solution need: PE1 and PE2 need to to be notified of the LSP failure; LSP needs to be re-established through recovery mechanism, restore VPN

  21. Summary • Incremental deployment of BGP/MPLS VPN in IP backbone is feasible • Implementation alternatives and examples illustrated here are being experimented with through lab testing • Deployment Challenges • Feature availability • Interoperability • Manageability

  22. Summary (2) • Future work • Resolve open issues on scalability, load sharing, and security • Better understand service deployment and management

  23. Thank You Luyuan Fang Principal Technical Staff Member IP Network Architecture AT&T luyuanfang@att.com

More Related