Una Vpn En Mpls
Páginas: 28 (6774 palabras)
Publicado: 28 de febrero de 2013
A small MPLS VPN tutorial
(by Alexandre Ribeiro, alexandregomesribeiro@gmail.com)
Overview
I'm now half way through the MPLS and VPN Architectures book and I decided to try to make some
sense out of all the things I'm reading. As I said previously, I'm not impressed by this book, since it's
badly structured and it skips some important troubleshooting points (like one I'm going to presentin
this tutorial).
The following tutorial assumes some familiarity with MPLS and considerable IP knowledge.
The topology I used for this small tutorial is simple. It consists of two clients, A and B, each of which
has two sites, A1 and A2 for client A, and B1 and B2 for client B. Then there are three LSRs: two of
these are PE routers, PE_A connects to A1 and B1 and PE_Z connects to A2 and B2.To make things interesting I decided to make clients A and B to have totally overlapping IP networks
(isn't this the point of a VPN? :-) ). The figure below illustrates the scenario I've just described:
Figure 1: MPLS VPN scenario
Definitions
Before I begin rambling about configurations, I'll explain some important topics first, so that we're
speaking the same language when I get down toconfiguring the routers. I'm assuming that you have a
sound knowledge of IP (routing, IGPs, BGP, etc). If you don't exactly understand one of the definitions
below, don't worry, it'll become very clear in a later part of this tutorial, when actually configuring the
routers. So, let's get down to some definitions:
FEC – Forwarding equivalence class. A FEC is a group of packets that are routedthe same way (i.e. to
the same destination). In more practical terms, each entry of a router's routing table is a FEC.
Label – This is MPLS's foundation. A router will generate a label for each FEC it has. A Provider router
(the “P” router in the figure above) will switch frames purely based on the label, without ever needing
to go to L3 information on the frame.
LDP – Label distributionprotocol. After generating the labels for the FECs, a router needs to inform its
neighbors of the relationship between its FECs and the labels it has generated, so that neighbor routers
may mark packets whose destination is the FEC with the respective label. LDP is used to disseminate
label-to-FEC information.
The figure below will make the definitions above “click” together:
Figure 2: LDPat work
In figure 2 you can see router PE_Z communicating the label for FEC 172.16.1.0/20 to router P. Router
P then does the same for router A. The labels assigned to FEC are locally significant. In the figure
above router P could actually have used the same label as router PE_Z (label 16).
After the labels are known to all the routers, the P routers can switch frames purely based on labels.The
figure below illustrates this:
Figure 3: Frame forwarding with MPLS
The definitions and illustrations above define what “basic” MPLS is. Just with this it's possible to reap
tremendous benefit in a carrier's BGP core (the explanation to this is way out of this small tutorial's
scope).
Continuing with some definitions:
VPN - Virtual private network. Behaves like a physical privatenetwork, but it's "virtual" :-). There are
two types of VPNs, peer-to-peer and overlay. The peer-to-peer VPN is an L3 VPN, where the CE and
PE have to have L3 connectivity. In the overlay VPN the carrier will offer “emulated” L2 services to
connect the VPN's sites.
Site - A site is a part of one or more VPNs, or the other way around, a VPN is a set of sites, where each
site may belong to morethan one VPN. In this tutorial's scenario, each site is only a member of one
VPN (sites A1 and A2 are members of Client A's VPN and sites B1 and B2 are members of Client B's
VPN). If you now had some sort of central resource (in a different VPN) that had to be access by A1
and B1, then those sites would also be members of another VPN, to be able to access that central
resource.
VRF -...
(by Alexandre Ribeiro, alexandregomesribeiro@gmail.com)
Overview
I'm now half way through the MPLS and VPN Architectures book and I decided to try to make some
sense out of all the things I'm reading. As I said previously, I'm not impressed by this book, since it's
badly structured and it skips some important troubleshooting points (like one I'm going to presentin
this tutorial).
The following tutorial assumes some familiarity with MPLS and considerable IP knowledge.
The topology I used for this small tutorial is simple. It consists of two clients, A and B, each of which
has two sites, A1 and A2 for client A, and B1 and B2 for client B. Then there are three LSRs: two of
these are PE routers, PE_A connects to A1 and B1 and PE_Z connects to A2 and B2.To make things interesting I decided to make clients A and B to have totally overlapping IP networks
(isn't this the point of a VPN? :-) ). The figure below illustrates the scenario I've just described:
Figure 1: MPLS VPN scenario
Definitions
Before I begin rambling about configurations, I'll explain some important topics first, so that we're
speaking the same language when I get down toconfiguring the routers. I'm assuming that you have a
sound knowledge of IP (routing, IGPs, BGP, etc). If you don't exactly understand one of the definitions
below, don't worry, it'll become very clear in a later part of this tutorial, when actually configuring the
routers. So, let's get down to some definitions:
FEC – Forwarding equivalence class. A FEC is a group of packets that are routedthe same way (i.e. to
the same destination). In more practical terms, each entry of a router's routing table is a FEC.
Label – This is MPLS's foundation. A router will generate a label for each FEC it has. A Provider router
(the “P” router in the figure above) will switch frames purely based on the label, without ever needing
to go to L3 information on the frame.
LDP – Label distributionprotocol. After generating the labels for the FECs, a router needs to inform its
neighbors of the relationship between its FECs and the labels it has generated, so that neighbor routers
may mark packets whose destination is the FEC with the respective label. LDP is used to disseminate
label-to-FEC information.
The figure below will make the definitions above “click” together:
Figure 2: LDPat work
In figure 2 you can see router PE_Z communicating the label for FEC 172.16.1.0/20 to router P. Router
P then does the same for router A. The labels assigned to FEC are locally significant. In the figure
above router P could actually have used the same label as router PE_Z (label 16).
After the labels are known to all the routers, the P routers can switch frames purely based on labels.The
figure below illustrates this:
Figure 3: Frame forwarding with MPLS
The definitions and illustrations above define what “basic” MPLS is. Just with this it's possible to reap
tremendous benefit in a carrier's BGP core (the explanation to this is way out of this small tutorial's
scope).
Continuing with some definitions:
VPN - Virtual private network. Behaves like a physical privatenetwork, but it's "virtual" :-). There are
two types of VPNs, peer-to-peer and overlay. The peer-to-peer VPN is an L3 VPN, where the CE and
PE have to have L3 connectivity. In the overlay VPN the carrier will offer “emulated” L2 services to
connect the VPN's sites.
Site - A site is a part of one or more VPNs, or the other way around, a VPN is a set of sites, where each
site may belong to morethan one VPN. In this tutorial's scenario, each site is only a member of one
VPN (sites A1 and A2 are members of Client A's VPN and sites B1 and B2 are members of Client B's
VPN). If you now had some sort of central resource (in a different VPN) that had to be access by A1
and B1, then those sites would also be members of another VPN, to be able to access that central
resource.
VRF -...
Leer documento completo
Regístrate para leer el documento completo.