Deployment of MPLS VPN in Large ISP Networks Luyuan Fang IP Network Architecture AT&T.

Deployment of MPLS VPN in Large ISP Networks

Luyuan Fang

IP Network Architecture

AT&T

2NANOG21, February 2001, Atlanta

Outline

Requirements Associated with the Deployment of MPLS VPN in an ISP Network

Strategy for the Incremental Deployment of MPLS VPN

MPLS VPN - Implementation Options Carrier’s Carrier and Inter-provider

Backbone VPN Deployment Issues and Future Work


Requirements Associated with the Deployment of MPLS VPN in an ISP Network

Preservation of network integrity the new service features must not entail the risk of

degrading the reliability and availability of the existing network

Scalability Scaleable to large number of provider-based VPN Network of network VPN services

Carrier’s Carrier and Inter-provider backbone VPN Satisfaction of customers’ security requirements Proactive management and fast restoration in

case of failure


Strategy for the Incremental Deployment of MPLS VPN

The steps described here are simplified for illustrative purposes

The steps may not be followed in the exact order proposed in a production environment

Different steps may also be taken simultaneously, depending on the business needs, feature availability, and interoperability


Strategy for the Incremental Deployment of MPLS VPN (2)

Step 1. Preparation: Extensive lab test: feature, regression,

network integration Potential hardware and software upgrade on

all routers (P’s - Provider backbone routers, and PE’s - Provider Edge routers) for supporting MPLS LDP, VPN, RSVP features

Routing IGP - link state protocol, e.g. OSPF or IS-IS BGP - multiple BGP sessions for VPN PE routers



Step 2. Enable MPLS in the core Enable LDP on all backbone routers if

possible MPLS TE may be enabled in certain

areas as necessary The distribution and access routers

may not be all MPLS enabled at this time



Step 3. Basic MPLS VPN connectivity with limited sites and limited number of VPN’s: Upgrade the hardware and software on the VPN

PE routers only Enable LDP and VPN on the selected PE’s

Step 4. Expand the MPLS VPN footprint Enable MPLS LDP in more (or all) router

locations Enable VPN in additional PE routers as needed

Step 5. MPLS VPN General Availability



Step 6. Inter-AS MPLS VPN and Carrier’s Carrier Interconnect different AS’s of the same provider

providing MPLS VPN services Interconnect with international partners for Global

reachability Provide VPN services to other ISP’s– Carrier’s Carrier

VPN Step 7. QoS-enabled MPLS VPN

Enable QoS features for the MPLS network, including VPN

Using QoS VPN for potential VoIP, Video services

MPLS VPN - Implementation Options


Configuration:• IGP (e.g. OSPF, or IS-IS) routing in the core• MPLS (e.g. LDP) enabled for all P and PE routers• MP-iBGP fully meshed between PE’s• VPN configured on VPN PE’s• PE-CE can be e-BGP, OSPF, RIP or Static

• Setting up LSP through LDP, LSP path = IGP path - Simplicity• Requires LDP interoperability; VPN/LDP inter-working• No control on LSP, label failure on IGP path can cause VPN failure

Case Study 1: VPN (PE) + LDP (P, PE)

VPN A

VPN A

VPN B

VPN A

VPN B

VPN

LDPVPN

LDPVPN

LDPVPN

P1

P2

P3

P4

P5

LSP - Label Switched Path

PHP LDP

PHP: Penultimate Hop Popping


• Requires RSVP TE tunnel, potentially across multi-OSPF areas• Requires RSVP TE interoperability; VPN / TE inter-working• End-to-end LSP control - better failure protection, fast re-route may be used

VPN A

VPN A

VPN B

VPN A

VPN B

VPNP1

P2

P3

P4

P5

TEVPN TE

VPNTEVPN

OSPF area 0 OSPF area 1 OSPF area 2

Configuration:• Using RSVP TE Tunnel (PE-PE) to set up the LSP• Set up back-up tunnel for failure protection• IGP, BGP, VPN, and PE-CE link configuration as in Case 1

Case Study 2: VPN (PE) + RSVP TE Tunnel (PE-PE)

PHP TE


Configuration:• LDP enabled on all routers, except P4 and P5• RSVP TE Tunnels used only in OSPF area 0 (P1-P3-P5), with back-up tunnel (P1-P2-P4-P5)

• Requires RSVP TE interoperability • Requires VPN/LDP inter-working, LDP/TE inter-working• Provides feasible solutions when cases 1 and 2 cannot be realized

Case Study 3: VPN + LDP + RSVP TE Tunnel

VPN A

VPN A

VPN B

VPN A

VPN B

VPNP1

P2

P3

P4

P5

OSPF area 0 OSPF area 1 OSPF area 2

LDPVPN

LDPVPN

TELDPVPN

P3PHP LDP

PHP TE


ISP A backbone provides VPN services to ISP B• Case 1. ISP B may not run MPLS in its network • Case 2. ISP B may run MPLS (LDP) in its network • Case 3. ISP B may run MPLS VPN in its network - Hierarchical VPN’s

ISP B - Site Y

ISP B’s Customers

PE2

ISP A Carrier Backbone

ISP B - Site X

ISP B’s CustomersCE2

CE1 PE1

ASBR1, RR ASBR2, RR

iBGP

MP- iBGP

LDP

VPN B

VPN B

VPN AVPN B

LDPVPN AVPN B

LDPVPN AVPN B

LDP

VPN B

LDPVPN AVPN B

LDP

VPN B

Carrier’s Carrier VPN Case 3

Carrier’s Carrier VPN


Carrier’s Carrier VPN (2) MPLS (LDP) used between PE and CE in all three

cases PE-CE routing: OSPF/RIP/Static Security mechanism needed for label “spoofing”

prevention iBGP sessions between ISP B sites Use Route Reflectors to improve scalability ISP A distributes ISP B’s internal routes through

MPLS-VPN only ISP B’s external routes advertised to all ISP B

site through ISP B’s Route Reflector iBGP session


Inter-Providers Backbone VPN

Customers have sites connected to different AS’s or ISP’s PE-ASBR’s connect the two AS’s

E-BGP sessions for VPN-IPv4 single VPN label, no LDP label no VRF assigned, based on policy agreed by the two ISP’s (AS’s)

Route reflectors reflect VPN-IPv4 internal routes within its AS Security, scalability, policies between ISP’s

PE-ASBR1 PE-ASBR2

AS B

CE1 CE2

PE1

PE2

RR-A RR-B

LDP

VPN B

VPN B

LDPVPN A LDP

VPN A

VPN AB

AS A

MP- eBGP

MP- iBGPMP- iBGP


MPLS VPN Deployment Issues MPLS Feature availability

VPN, LDP, RSVP, CR-LDP: individually, and Inter-working amongst subsets of these

Coping with reality of feature availability Multi-vendor inter-operability

Required in an heterogeneous IP network Deployment strategy

Partially enable MPLS vs. Fully enable MPLS in the entire IP backbone

TE tunnels, use only as needed vs. fully meshed QoS VPN: map VPN into guaranteed bandwidth

tunnels with class of service


MPLS VPN Deployment Issues (2)

Scalability The use of Route Reflectors Performance impact on PE’s needs to be measured Carrier of Carriers and Inter-AS backbone

Load sharing between PE-CE links Assign different RDs to different sites vs. single RD

for each VPN Security

One VPN’s route does not exist in other non-connected VPN’s VRF or the global routing table

FR/ATM equivalent security - more study needed


MPLS VPN Network Management

Available MIBs today LSR MIB, LDP MIB, VPN MIB, MBGP

MIB, RSVP TE MIB, FTN MIB,… Configuration and Provisioning

Auto-provisioning tools needed for large scale VPN deployment


MPLS VPN Network Management (2)

Performance All MPLS features impact on performance,

including basic VPN on PE routers, and need to be studied

More study needed for VPN supporting QoS Network performance: delay, jitter, loss,

throughput, availability Element performance: utilization

Security management Authentication, control access, monitoring


Traffic Management/Engineering Characterize traffic for VPN’s Profiling, correlation, and optimization

Fault management Monitoring and troubleshooting VPN failure detection and recovery

MPLS VPN Network Management (3)

PE1

PE3 P1

P3

P2

P4

PE2

PE4

CE1

VPN AX

CE2

VPN AY

Example:

Config: LDP in the core for all P and PE router; IGP: OSPF; iBGP full mesh between PE’s LSP: OSPF shortest path: PE1-P1-P3-P4-PE2; no TE tunnels.Failure: All links and nodes are up, but P3 label switching fails, LSP breaks, VPN fails.Solution need: PE1 and PE2 need to to be notified of the LSP failure; LSP needs to be re-established through recovery mechanism, restore VPN


Summary

Incremental deployment of BGP/MPLS VPN in IP backbone is feasible Implementation alternatives and

examples illustrated here are being experimented with through lab testing

Deployment Challenges Feature availability Interoperability Manageability


Summary (2)

Future work Resolve open issues on scalability,

load sharing, and security Better understand service

deployment and management

Thank You

Luyuan Fang

Principal Technical Staff Member

IP Network Architecture

AT&T

[email protected]

Date post:	14-Dec-2015
Category:	Documents
Upload:	mateo-elliott
View:	217 times
Download:	0 times

Deployment of MPLS VPN in Large ISP Networks Luyuan Fang IP Network Architecture AT&T.

Documents