1. No category

I-AS MPLS VPN Solutions
Sangita Pandya, [email protected]
Hari Rakotoranto, [email protected]
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
Agenda
¾I-AS MPLS L3VPN Deployment
Models
¾I-AS MPLS L2VPNs Deployment
Models
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
Global IP Inter-provider VPN Services
ISP C
MPLS
ISP A
MPLS
Inter-AS
IP/MPLS
Backbone
ISP B
MPLS
ISP B
MPLS
CSC VPN
ƒ Inter-AS VPNs scale to large networks and span multi-domain networks
ƒ Two methods of inter-connecting multi-domain networks
¾ MPLS Inter-AS VPNs and Carrier Supporting Carrier VPNs
ƒ Allows Time-to-Service, Global Reach, Reduced Cost
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
End-to-End Service Continuity via I-AS Networks
Mobile
Residential
BT
S
MSC
Retail
BSC
Node B
Regio
nal
Customer
NWs
Ethernet
ACs
Residential
Static
IGP
LDP
Ethernet
ACs
uPE
BSC
Residential
Ethernet
ACs
uPE
p
AS1
ASBR
L2
ASBR
AS2
PE
PE
Corp
Static
IGP
LDP
PE
Business
Customer
NWs
Mobile
p
PE
ASBR
uPE
Static
IGP
LDP
uPE
p
Node B
Business
MPLS
Aggregation
PE
PE
Mobile
MSC
Ethernet
ACs
MPLS
Core
uPE
BTS
Commercial
Business
uPE
L2
BTS
PE
ASBR
MSC
AS3
uPE
P
Regional
uPE
Commercial
ƒ Growing needs to support Multi-Domain networks as MPLS/IP NWs are
becoming predominant
ƒ VPN service transported over multiple MPLS segments
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
Node B
Business
MPLS VPNs
division
BSC
Retail
4
Inter-AS L3VPN
Deployment
Models
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Inter-AS VPNv4 Distribution Options
Back-to-Back VRFs
Option A
ASBR1
ASBR2
Data forwarding on
per VRF interface
Option B
MP-eBGP for All
AS #2
AS #1
PE1
RR1
Option C
VPNv4 updates
Multihop MP-eBGP
between RRs
RR2
PE2
AND
eBGP IPv4 + Labels
OR IGP + LDP
between ASBRs
ƒ Option A offers better security but not scalable for high #s of VPNs as it
requires per VRF routing session
ƒ Option B removes per VRF routing sessions but VPN traffic forwarded over
the same interface(s)
ƒ Option C offers a scalable way to extend VPN services
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
MPLS VPN Inter-AS Option AB
MP-eBGP between ASBRs
on a control plane interface
in global table
ASBR1
ASBR2
vpn-B
vpn-G
PE-1
CE-1
VPN-B1
AS 1
Data forwarding on
per VRF interface
as in Option A
AS 2
CE-3
CE-2
VPN-G2
VPN-G1
PE-2
CE-4
VPN-B2
ƒ Combines the benefits of Option A & Option B.
ƒ Single MP-eBGP peer session between ASBRs leads to better scaling and
reduced configurations.
ƒ Separate per VRF interfaces between ASBRs forward data as in Option A.
This provides security and QoS benefits of IP forwarding on the I-AS link.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
MPLS VPN Inter-AS Option AB
Control & Forwarding Plane
VPN-v4 update:
RD2:P, NH=ASBR1
RT=100:1, Label=(L2)
ASBR2
ASBR1
VPN-v4 update:
RD1:P, NH=PE1
RT=100:1, Label=(L1)
vpn-B
PE-1
P=152.12.4.0/24,
NH=CE1
IP
AS 1
AS1
eBGP, OSPF, RIPv2
VPN-v4 update:
RD3:P, NH=ASBR2
RT=100:1, Label=(L3)
L1 IP
IP
AS 2 PE-2
AS2
eBGP, OSPF, RIPv2
L3 IP
P=152.12.4.0/24,
NH=PE2
IP
CE-4
CE-1
VPN-B2
VPN-B1
ƒASBR installs VPN-IPv4 routes into VRFs as described in RFC4364.
ƒVPN-IPv4 routes are converted back to IPv4 routes and imported into VRFs via
Route Target (RT) based filtering policies.
ƒASBRs can be configured to set itself as a Next Hop.
ƒAfter IPv4 routes are installed in a VRF, they are converted to VPNv4 routes by the
Route Distinguisher (RD) values, along with VRF’s associated RT(s) as set on the
ASBR.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
8
Agenda
¾I-AS MPLS L3VPN Deployment
Models
¾I-AS MPLS L2VPNs Deployment
Models
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
Inter-AS Pseudowire switching options
ƒ Allows a service provider to extend an existing PW with another PW
in multi-AS environment
pwvc 11
attached-circuit 1
PE-1
ASBR1
AS 1
PW
switching
Options?
attached-circuit 3
PE-3
ASBR2
pwvc 151
AS 2
pwvc 12
pwvc 152 PE-4
PE-2
attached-circuit 6
attached-circuit 4
attached-circuit
VLAN, Ethernet
pseudo-wire
LDP / L2TPv3
pseudo-wire
LDP / L2TPv3
attached-circuit
VLAN, Ethernet
ƒ Which options to choose from?
ƒ Static vs. Dynamic Provisioning
–BGP is used to auto discover VPLS VPN end-points in dynamic I-AS
VPLS whereas VPN peers are defined statically through dLDP sessions
–dLDP is used to setup PWs in either case
ƒ Solution applicable to both Point-to-Point and Point-to-Multipoint PWs
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
Inter-AS ASBR-ASBR Switching Options
Option A:
Layer-2
Peering
between
ASBRs
Option C:
Single-Hop
PW
Option B:
Multi-Hop
PW
ƒ
Clear demarcation between ASs
facilitates management and
troubleshooting
ƒ
ƒ
Granular QoS control
ƒ
May require a large number of ACs
between ASBRs
ƒ
ƒ
ƒ
Simple provisioning on ASBRs
Significant sharing of reachability
information (unless Inter-AS TE used)
PE1
ƒ
Limited QoS control between ASBRs
(unless Inter-AS TE used)
PE2
ƒ
Clear demarcation between ASs
facilitates management and
troubleshooting
ƒ
No reachability information shared
between ASs
Pseudowire
PE1
IP/MPLS
ASBR1
ASBR2
..
ƒ
Granular QoS control possible with
per-PW QoS
ƒ
Additional provisioning (on ASBRs)
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
PE3
PE4
PE2
Pseudowire
No clear demarcation between ASs
Minimal reachability info shared (single
peering address)
IP/MPLS
IP/MPLS ASBR1 ASBR2
IP/MPLS
PE3
PE4
Pseudowire
PE1
PE2
IP/MPLS
IP/MPLS
ASBR1 ASBR2
PE3
PE4
11
Dynamic Multi-segment Point to Point PWs
Requirement:
ƒ Today a multi-segmented point-to-point pseudowire requires manual
configuration on the source and target terminating PEs as well as on the
switching PEs in between. Need a scalable way to provision point to point
PWs (AToM) in a single or multi-Segment environment
attached-circuit 3
pwvc 11
attached-circuit 1
PE-1
ASBR1
AS 1
pwvc 12
PE-2
PW
switching
Options
A, B, & C
PE-3
ASBR2
pwvc 151
AS 2
pwvc 152 PE-4
attached-circuit 6
attached-circuit 4
attached-circuit
(UNI)
pseudo-wire
LDP / L2TPv3
VPWS
pseudo-wire
LDP / L2TPv3
VPWS
attached-circuit
VLAN, Ethernet
(UNI)
Solution:
ƒ Provide a dynamic provisioning of multi-segment PWs
based on dynamic routing information
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
Multi-Segment PW Definition
ƒMS-PW: Two or more contiguous VPWS PW segments that behave and
function as a single point-to-point PW
ƒDescribed in draft-ietf-pwe3-segmented-pw-xx
ƒExtends the reach of PWs across multiple Packet Switched Networks
Emulated Service
Multi-Segment Pseudowire
AC:
AC:
CE
ATM
FR
PPP
HDLC
Ethernet
ACCESS
CORE
ACCESS
MPLS
T-PE1
S-PE1
MPLS
S-PE3
S-PE2
AS1
MPLS
T-PE2
ATM
FR
CE
PPP
HDLC
Ethernet
ƒS-PE – Switching Provider Edge – Can switch control and data planes of
preceding and succeeding segments of a MS-PW. S-PE initiates the signaling
for MS-PWs.
ƒT-PE – Terminating Provider Edge – Customer facing PE, hosting the first or
last segment of a MS-PW
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Challenges for Multi-Segment PW
ƒ Dynamic end-to-end signaling for MS-PW
ƒ Scalable and inter-domain signaling and routing
ƒ How to reduce the provisioning to a minimal number of
provision touches ? (ideally provisioning only at the
T-PEs)
ƒ How to enforce and guarantee QoS Signaling, SLA…?
ƒ Resiliency (S-PEs and PW “Protection”…)
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Scenario 1: Single Switching Point
Emulated Service
Multi-Segment Pseudowires
PSN 1
Tunnel
PSN 2
Tunnel
PW
Seg 1
PW
Seg 2
CE1
CE3
AC
CE2
T-PE1
PW
Seg 3
AC
S-PE
Switching
Point
PW
Seg 4
T-PE2
AC
CE4
AC
ƒ Possible Solution:
–Automatic selection of S-PE
–Dynamic setup of MS-PW between two T-PEs
ƒ Requires knowledge of the S-PEs (ASBR) within the AS
(e.g. via IP next-hop or other techniques).
ƒ S-PE creates a pseudowire to T-PE2.
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
Scenario 1a:
Multi-Segment PW w ASBR Redundancy
Emulated Service
Multi-Segment Pseudowire
PSN 1
Tunnel
PSN 2
Tunnel
PW
Seg 1
PW
Seg 3
S-PE1.1
AC
CE
AC
T-PE1
T-PE2
PSN1
Recovery
Path
S-PE1.2
PSN2
CE
PW
Switching Points
ƒ In case of ASBR failure (e.g. S-PE1.1):
= Recovery Path
= MPLS LSP Tunnel
– PW backup pre-signaled to S-PE1.2
– When primary is down, traffic redirected to the “backup path”
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
16
Scenario 2: Multiple Switching Points
Emulated Service
Multi-Segment Pseudowire
PSN 1
Tunnel
AC
CE
PW
Seg 1
T-PE1
PSN 2
Tunnel
PW
Seg 2
S-PE1
AC
S-PE2
AS1
Provider
Edge 1
PW
Seg 3
AS2
PW
Switching Points
T-PE2
CE
Provider
Edge 2
ƒ Possible Solution:
–Automatic selection of S-PE1
–S-PE1 needs to be aware of S-PE2
–Automatic setup of MS-PW between T-PEs
ƒ Requires pre-configuration or auto-discovery of the S-PEs
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
17
Scenario 2a:
Multi-Segment PW w ASBR Redundancy
Emulated Service
Multi-Segment Pseudowire
PSN 1
Tunnel
S-PE1.1
AC
CE
PSN 2
Tunnel
PW
Seg 2
PW
Seg 1
PW
Seg 3
S-PE2.1
AC
T-PE1
T-PE2
PSN1
Recovery
Path
Provider
Edge 1
S-PE1.2
S-PE2.2
PSN2
PW
Switching Points
ƒ In case of ASBR failure (e.g. S-PE1):
CE
Provider
Edge 2
= Recovery Path
= MPLS LSP Tunnel
– Backup PW signaled between T-PE1 and S-PE1.2, S-PE1.2 to S-PE2.1
– When S-PE1.1 down, traffic redirected to the backup
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
18
Key Takeaways
ƒ Granular I-AS L3VPNs option for better scalability and
security
ƒ Several possible solution to achieve dynamic end-toend signaling for Multi-segment, I-AS pseudowires
ƒ Solution based on a combination of S-PE discovery and
PW signaling
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
19
© 2007 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
20