|
|
This chapter is an overview of Multiprotocol Label Switching (MPLS), highlighting MPLS in ATM networks and packet-based networks. It concentrates on the fundamentals of MPLS network design that apply to all ATM MPLS networks, including those supporting VPNs and traffic engineering.
Multiprotocol Label Switching (MPLS) is a high-performance method for forwarding packets (frames) through a network. It enables routers at the edge of a network to apply simple labels to packets (frames). ATM switches or existing routers in the network core can switch packets according to the labels with minimal lookup overhead.
The BPX® 8650 is an IP+ATM switch that provides ATM-based broadband services and integrates Cisco IOS® software via Cisco 7200 series routers to deliver Multiprotocol Label Switching (MPLS) services.
MPLS integrates the performance and traffic management capabilities of Data Link Layer 2 with the scalability and flexibility of Network Layer 3 routing. It is applicable to networks using any Layer 2 switching, but has particular advantages when applied to ATM networks. It integrates IP routing with ATM switching to offer scalable IP-over-ATM networks.
In contrast to label switching, conventional Layer 3 IP routing is based on the exchange of network reachability information. As a packet traverses the network, each router extracts all the information relevant to forwarding from the Layer 3 header. This information is then used as an index for a routing table lookup to determine the packet's next hop. This is repeated at each router across a network. At each hop in the network, the optimal forwarding of a packet must be again determined.
The information in IP packets, such as information on IP Precedence and Virtual Private Network membership, is usually not considered when forwarding packets. Thus, to get maximum forwarding performance, typically only the destination address is considered. However, because other fields could be relevant, a complex header analysis must be done at each router that the packet meets.
The main concept of MPLS is to include a label on each packet.
Packets or cells are assigned short, fixed length labels. Switching entities perform table lookups based on these simple labels to determine where data should be forwarded.
The label summarizes essential information about routing the packet:
With Label Switching the complete analysis of the Layer 3 header is performed only once: at the edge label switch router (LSR), which is located at each edge of the network. At this location, the Layer 3 header is mapped into a fixed length label, called a label.
At each router across the network, only the label need be examined in the incoming cell or packet in order to send the cell or packet on its way across the network. At the other end of the network, an edge LSR swaps the label out for the appropriate header data linked to that label.
A key result of this arrangement is that forwarding decisions based on some or all of these different sources of information can be achieved by means of a single table lookup from a fixed-length label. For this reason, label switching makes it feasible for routers and switches to make forwarding decisions based upon multiple destination addresses.
Label switching integrates switching and routing functions, combining the reachability information provided by the router function, plus the traffic engineering benefits achieved by the optimizing capabilities of switches. These benefits are described in more detail in the next section.
MPLS, in conjunction with other standard technologies, offers many features critical for service providers:
Cisco IP+ATM networks fully support all relevant IP routing protocols and MPLS, while fully supporting traditional ATM services. MPLS and IP routing can readily be introduced to traditional ATM networks by using PVP or PVC tunnels, as MPLS-capable switches are continuously introduced.
Cisco IP+ATM switches allow carriers to continue to meet their existing demand for virtual circuit services while adding optimized support for critically important new services: IP and IP Virtual Private Networks. Furthermore, Cisco supports all of the standards relevant to carrier-class IP services: MPLS, the Multiprotocol Border Gateway Protocol, other standard routing protocols, and MPLS Traffic Engineering.
MPLS offers many advantages over traditional IP over ATM.
When integrated with ATM switches, label switching takes advantage of switch hardware optimized to take advantage of the fixed length of ATM cells and to switch the cells at high speeds. For multiservice networks, label switching enables the BPX switch to provide ATM, Frame Relay, and IP Internet service all on a single platform in a highly scalable way. Support of all these services on a common platform provides operational cost savings and simplifies provisioning for multiservice providers.
For internet service providers (ISPs) using ATM switches at the core of their networks, label switching enables the Cisco BPX 8600 series, the 8540 Multiservice Switch Router, and other Cisco ATM switches to provide a more scalable and manageable networking solution than overlaying IP over an ATM network. Label switching avoids the scalability problem of too many router peers and provides support for a hierarchical structure within an ISPs network.
These MPLS benefits are analyzed in greater detail:
In ATM networks, MPLS allows ATM switches to directly support IP services, giving maximum efficiency compared to other approaches. Traditional IP over ATM connects routers over Permanent Virtual Circuits (PVC).
Cisco also supports an alternative IP-over-ATM scheme called Multiprotocol Over ATM (MPOA), which uses the Next Hop Resolution Protocol (NHRP). Unlike MPLS, MPOA overlays IP over ATM rather than fully integrating them. Although they do not share many of the advantages of MPLS in the WAN, MPOA and NHRP are cost-effective technologies for interconnecting nearby emulated LANs (ELANs) at high speeds. MPOA and similar proprietary approaches carry IP traffic over Switched Virtual Circuits (SVC). Traditional IP over ATM, MPOA, and proprietary approaches all have similar disadvantages:
MPLS in ATM networks avoid all of these disadvantages.
If N number of routers are running OSPF and are connected in a full mesh over ATM PVCs, a single physical ATM link failure may result in ATM-layer rerouting of a large number of PVCs. If this takes too long, or if the ATM network cannot reroute PVCs at all, a large number of PVCs effectively fails.
The number of PVCs involved may be of the same order magnitude as N, and even N2 in some cases. In any case, it is likely to be seen by O(N) routers, where "O(N)" means "a number proportional to N". So, a single ATM link failure will cause each of O(N) routers to send a link state advertisement (LSA) of size (at least) O(N) to (N-1) neighbors. Thus a single event in the ATM network results in O(N3) to O(N4) traffic.
When a router receives an LSA, it must immediately recalculate its routing table because it must not forward packets based on old routing information. The processor load caused by a storm of routing updates might cause the routers to drop or not send keep-alive packets, which appears to the neighboring routers as further link failures. These lead to further LSAs being sent, which perpetuates the problem.
The net result is that a full mesh network can go persistently unstable after a single network event.
This critical failure occurs because the routers do not see the state of the ATM links and switches directly. IS-IS has somewhat better performance than OSPF in full mesh conditions because IS-IS has more sophisticated flooding capabilities (these capabilities, specifically the ability to pace flooding and block flooding on some interfaces, are also becoming available on OSPF). However this does not address the underlying problem.
The solution is to enable IP routing to directly see the state of ATM links, which is what is done by ATM MPLS.
MPLS addresses the fundamental problem underlying the instability of the full mesh network: the basic conflict between routing protocols. PNNI routing at the ATM layer can make decisions that conflict with OSPF or similar routing at the IP layer. These conflicting decisions can lead to persistent loops. (See the NHRP Protocol Applicability Statement, RFC2333, for more on this. Further investigation on router-to-router NHRP at the IETF revealed that router-to-router NHRP was not practical.)
The only reliable solution to this problem is to use the same routing protocol at the IP layer and ATM layer. This is exactly what MPLS does in ATM networks.
A typical structure for Multiprotocol Label Switching networks used by providers (carriers or ISPs) is shown in Figure 1-1.
The basic elements in a label switching network are:
An MPLS network consists of Edge Label Switch Routers (Edge LSRs around a core of Label Switch Routers (LSRs). Customer sites are connected to the provider MPLS network.
Typically there are several hundred customer sites per edge LSR. The Customer Premises Equipment (CPE) runs ordinary IP forwarding but usually does not run MPLS. If the CPE does run MPLS, it uses it independently of the provider.
It is important to note that the Edge LSRs are part of the provider network and are controlled by the provider. The edge LSRs are critical to network operation and are not intended to be CPE under any circumstances. The provider may locate and manage routers at customer sites, but these are running ordinary IP and are outside the MPLS network.
MPLS networks as shown in Figure 1-1 have three main applications. Typically, two or all three of these capabilities would be used simultaneously:
The following summarizes label switching operations in various network services. More specific descriptions are covered in subsequent chapters.
MPLS Virtual Private Networks (VPN) deliver enterprise-scale connectivity deployed on a shared infrastructure with the same policies enjoyed in a private network. A VPN can be built on the Internet or on a service provider's IP, Frame Relay, or ATM infrastructure. Businesses that run their intranets over a VPN service enjoy the same security, prioritization, reliability, and manageability as they do in their own private networks.
VPNs based on IP can extend intranets over wide-area links to remote offices, mobile users, and telecommuters. They can support extranets linking business partners, customers, and suppliers to provide better customer satisfaction and reduced manufacturing costs. VPNs can also connect communities of interest, providing a secure forum for common topics of discussion.
New IP-based services such as video conferencing, packet telephony, distance learning, and information-rich applications offer businesses the promise of improved productivity at reduced costs. As these networked applications become more prevalent, businesses increasingly look to their service providers for intelligent services based on a rich set of controls that go beyond transport to optimize the delivery of applications end to end. Today organizations want their applications to traverse a network in a secure, prioritized environment, and they want the opportunity to reduce costs, improve connectivity, and gain access to networking expertise.
Intranet VPN services link employees, telecommuters, mobile workers, remote offices, and so on, to each other with the same privacy as a private network.
Extranet VPN services link suppliers, partners, customers, or communities of interest over a shared infrastructure with the same policies as a private network.
Cisco provides a range of ATM- and IP-based choices for deploying large-scale intranet and extranet VPN services, including Multiprotocol Label Switching (MPLS)-based services, which provide secure, business-quality VPN solutions that scale to support tens of thousands of VPN customers over IP or IP+ATM networks.
A VPN built with MPLS affords broad scalability and flexibility across any IP, IP+ATM, or multivendor backbone. MPLS forwards packets using labels. The VPN identifier in the label isolates traffic to a specific VPN. In contrast with IP tunnel and virtual-circuit architectures, MPLS-based VPNs enable connectionless routing within each VPN community. Service providers can easily scale their services to support tens of thousands of VPNs on the same infrastructure, with full QoS benefits across IP and ATM environments.
Cisco MPLS-based VPN solutions are supported on its IP+ATM WAN switch platforms including the BPX 8650 and MGX families, and on its high-end router platforms such as the Cisco 12000 series GSR.
The VPN feature for MPLS Switching allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone services. MPLS Switching VPNs provide essential characteristics and features that service providers require to deploy scalable VPNs and build the foundation to deliver these value-added services:
When MPLS VPNs are set up using ATM LSRs such as the BPX 8650, the capabilities of scalable connectionless service of IP are combined with the performance and traffic management capabilities of ATM.
A significant technical advantage of MPLS VPNs is connectionless service. The Internet owes its success to its basic technology, TCP/IP, built on the packet-based, connectionless network paradigm. This means that no prior action is necessary to establish communication between hosts, making it easy for two parties to communicate.
To establish privacy in a connectionless IP environment, current VPN solutions impose a connection-oriented, point-to-point overlay on the network. Even if it runs over a connectionless network, today's VPN cannot take advantage of the ease of connectivity and multiple services available in connectionless networks.
By creating a connectionless MPLS VPN, tunnels and encryption are not required for network privacy, thus eliminating significant complexity.
Building VPNs in Layer 3 has the additional advantage of allowing delivery of targeted services to a group of users represented by a VPN.
A VPN must give service providers more than a mechanism for privately connecting users to intranet services. It must also provide a way to flexibly deliver value-added services to targeted customers. Scalability is critical, because customers want to use services privately in their intranets and extranets.
Because MPLS Switching VPNs are seen as private intranets, it's easy to leverage new IP services:
Now myriad combinations of specialized services can be customized for individual customers, for example, a service that combines IP multicast with a low-latency service class to enable video conferencing within an intranet.
Scalability is the major deficiency of VPNs created using connection-oriented, point-to-point overlays, Frame Relay, or ATM VCs. Specifically, connection-oriented VPNs require a full N2 mesh of connections between customer sites to support any-to-any communication.
MPLS-based VPNs instead use the peer model and Layer 3 connectionless architecture to leverage a highly scalable VPN solution. The peer model requires a customer site to make peer connection with only one provider edge (PE) router as opposed to all other CPE or customer edge (CE) routers that are members of the VPN. The connectionless architecture allows the creation of VPNs in Layer 3, eliminating the need for tunnels or VCs.
Other scalability capabilities of MPLS Switching VPNs are due to the partitioning of VPN routes between PE routers and the further partitioning of VPN and IGP routes between PE routers and provider (P) routers in a core network. PE routers must maintain VPN routes for those VPNs who are members. P routers do not maintain any VPN routes. This increases the scalability of the providers core and insures that no one device is a scalability bottleneck.
MPLS Switching VPNs offer the same level of security as connection-oriented VPNs. Packets from one VPN will not inadvertently go to another VPN. Security is provided at the edge and core of a provider network:
Malicious spoofing of a provider edge (PE) router is nearly impossible because the packets received from customers are IP packets. These IP packets must be received on a particular interface or subinterface to be uniquely identified with a VPN label.
To take full advantage of VPNs, it must be easy to create new VPNs and user communities. Because MPLS VPNs are connectionless, no specific point-to-point connection maps or topologies are required.
Now it is easy to add sites to intranets and extranets and to easily form closed user groups. Managing VPNs in this manner enables membership of any given site in multiple VPNs, maximizing flexibility in building intranets and extranets.
To make a VPN service more accessible, users should be able to design their own addressing plan, independent of addressing plans for other VPN customers supported by a common service provider.
Many organizations use private address spaces, as defined in RFC 1918 today, and do not want to undertake the time and expense of implementing registered IP addresses to enable intranet connectivity. MPLS VPNs allow customers to continue to use their present address spaces without network address translation (NAT) by providing a public and private view of the address.
If two VPNs want to communicate and both have overlapping addresses, that communication requires NAT at one endpoint. This enables customers to use their own unregistered private addresses and communicate freely across a public IP network.
CoS is an essential ingredient of an IP VPN because it provides the ability to address two fundamental VPN requirements:
Network traffic is classified and labeled at the edge of the network before traffic is aggregated according to policies defined by subscribers and implemented by the provider and transported across the provider core. Traffic at the edge and core of the network can then be differentiated into different classes by drop probability or delay.
For service providers to quickly deploy these VPN services, a straightforward migration path is required. MPLS VPNs are unique because they can be built over multiple network architectures, including IP, ATM, Frame Relay, and hybrid networks.
Migration for the end customer is also simplified because there is no requirement to support MPLS on the customer edge (CE) router and no modifications are required to a customer's intranet.
Posted: Tue Jul 11 09:52:13 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.