Module 1 Introduction to MPLS

Section 1. MPLS Drivers

RFC 3031 describes the Multiprotocol Label Switching (MPLS) architecture. The term multiprotocol indicates that an MPLS architecture can transport payloads from many different protocols (IPv4, IPv6, Ethernet, ATM, Frame Relay, etc). Label Switching describes that an MPLS domain switches, rather than routes, packets in the service provider core.

Routing an IP packet requires that the device process the packet up to Open Systems Interconnect (OSI) Layer 3. The router looks at the destination IP address in the IP header and compares it against the routing table entries, locating the longest, or best, match. This process can be quite resource intensive, depending on the routing table size. The MPLS label binding table lookup process is simpler. The table only contains the forwarding information associated with an exact match, rather than a longest match, so the forwarding table can be smaller than a routing table. The nodes forward traffic using a predetermined label sent down a preselected path and replaced at each hop, so they can decide much more quickly where to send the packets next. Routing protocols cannot make use of all available network resources because of their limited mechanisms for selecting the best path. Routing protocols do not provide routers with any visibility into network resource utilization, and therefore the routers do not recognize congestion on the network links, underutilized alternate paths, or idle links. Distributing the aggregate network traffic load over all available resources becomes difficult in conventional IP routing, and IP hyper-aggregation remains a problems. With reference to the above slide, using an IP-only network on router R3, traffic from both routers R1 and R2 will be forwarded to router R4, based on the IGP best path (lowest cost) decision. This can cause congestion (bottleneck) issues on the links depicted along the blue path, while the links along the red path might be under-utilized, or not used at all. IP does not have the inherent capability to tackle such issues because of its design. Equal Cost Multiple Path (ECMP) is thus offered as a possible solution. It adjusts the IGP costs of both paths equally, so that load balancing can be achieved. However, this would quickly prove to be a nonscalable and unmanageable approach for large networks. Solving the problem for a certain portion of the network, or for certain sets of traffic flows, would create problems for others. MPLS offers manageable and scalable tools that engineer the traffic flows for better utilization of network resources.

High Available MPLS networks The convergence times offered by an IP-only network depend on a number of factors but, in any case, they can be unsatisfactory, and even unacceptable, for certain mission-critical traffic types or customers. MPLS provides outstanding rerouting performance, with easily configurable features. Using fast reroute, each router can signal a protection LSP that takes a path away from the potential point of failure in advance. This can be the next-node or next-link along the path of the primary LSP. Fast reroute has a proven field record of providing less than 50 milliseconds of convergence times for large numbers of LSPs after detecting failure. The real advantage of MPLS is its versatile and unmatchet ability to support all the aforementioned services, applications, and solutions over a converged networking infraestructure. Its resiliency and security features are provided by the inherent tunneling and traffic protection mechanisms. Layer 2 Point-to-Point VPN services (VPWS) For the customer demanding service to connect two remote sites that require dedicated point-topoint connectivity, a Virtual Leased Line (VLL) or Virtual Private Wire Service (VPWS) can be utilized. As the name implies, a VLL emulates a private leased line connection over a pcket-based core infraestructure. It is the simplest type of VPN to deploy with minimal resource requirements, which is ideal for point-to-point connectivity scenarios. If the connection are Ethernet based, the service is called an ePipe. An important benefit of MPLS is its ability to support legacy access technologies such as ATM, FR or TDM. These traffic types can easily be transported through aPipe, fPipe and cPipe respectively, thanks to the transparent nature of the VLL connection. A similar service can be provided over a pure IP-network, as well by using Generic Routing Encapsulation (GRE) tunnels, wich utilize an IP header. Security concerns can further be addressed using IPSec on top of the GRE tunnels via encryption. Although such solutions work, they bring operational overhead and are slow and not scalable.

Layer 2 Multipoing VPN services (VPLS) VPLS (virtual private LAN service) connects multiple customer sites, emulating a layer 2 bridged environment. All customer end devices connected to the same VPLS service appear to be on the same broadcast domain. VPLS supports features such as VLAN trunking, double tagging (also known as Q-in-Q), VLAN translation, and several variations of the Spanning Tree Protocol (STP) to avoid Layer 2 broadcast storms. The Alcatel-Lucent Service Router implementation addresses possible scalability concerns by introducing the Hierarchical VPLS (H-VPLS) and Provider Backbone Bridging (PBB) features. Layer 3 Multipoint VPN services (VPRN) Alcatel-Lucent calls this type of service a Virtual Private Routed Network (VPRN). The term peering model is also used in the industry for such solutions, because peer relationships between the customer and provider edge routers are necessary to exchange IP routing information. The privacy concerns in IP-VPN services are addressed by Virtual Routing and Forwarding (VRF) instances on the service router. Each IP-VPN customer is allocated a separate VRF, wich isolates routing information and enables the use of overlapping private IP address spaces at each customer site. Isolation is achieved inherently in the core, thanks to the tunneling concept that uses labels.

The Triple Play Solution The triple play solution allows service providers to provide combined data, internet access, and video and voice applications to large numbers of customers. The triple play reference architecture in the diagram is based on two major network elements, optimized for their respective roles: the broadband service aggregator (BSA) and the broadband service router (BSR).

BSA devices have layer 2 service capabilities that forward traffic using Layer 2 mechanisms. They also have the quality of service (QoS) and packet filtering capabilities necessary to enforce higherlevel policies. BSAs terminate Layer 2 access traffic, forward the traffic over MPLS tunnels, and then terminated the tunnels on the BSRs. The BSRs are highly scalable, high throughput devices that perform routing and additional QoS and subscriber management functions. The connectivity between the BSAs and BSRs is provided through a secure and resilient VPLS infraestructure. The combined security features of this model prevent unauthorized access, deniel of service, and theft of service. Broadband service access network (BSAN) devices are typically Digital Subscriber Line Access Multiplexer (DSLAM) devices, which terminate physical connections from home user devices. The BSANs connect the home users to the BSAs. BGP-Free IP/MPLS Core BGP traffic is tunneled through the core, removing the need for the routers inside the IP/MPLS core to maintain BGP routing information.

In many typical deployments, BGP is used to bring external routing information from other autonomous systems to provide connectivity to the global internet. In the IP-only case, normally all the routers in the service provider domain need to contain these external routes in their BGP tables for packet forwarding to work end-to-end. This includes even the core (P) routers, which might not have offer directly BGP related services on themselves, unlike the PE routers. However, by using MPLS shortcut tunnels between the PE devices and the BGP Peering Router(s), external traffic can be label-switched through the tunnels in a transparent fashion from the perspective of the P or core routers; hence the term, BGP-Free core. Route reflectrors are commonly used to reduce the amount of internal BGP peering sessions. The same tunneling methodology can be applied to remove the burden of keeping and processing a high number BGP routes from core routers and relaxing the memory and CPU resources on these routers.

Section 2. Introduction to MPLS

Every router in the network builds a routing table using the routing protocols and the information that they receive from the other routers. When data arrives at the router, it uses the routing table to determine the next hop to the destination. The routing table contains a list of network destinations with the next-hop address to be used to reach them.

Packet forwarding includes the following key actions: 1. Data Link Layer Frame Validation. Performs basic frame length and FCS verification and frame sanity checks. When a router receives a frame from a LAN, it reads the destination MAC address to ensure that it is the intended recipient of the frame. Then, if it is the intended recipient, the router checks the FCS for errors related to the frame. If there are any errors, the router discards the frame. 2. Network-Layer protocol demultiplexing. Determines the upper protocol that needs to receive encapsulated data. This step is performed after the L2 information is removed so that the payload is handed to the correct upper layer. 3. IP packet validation. Performs basic IP header verification. The router verifies the packet before performing further processing. The version and ToS fields are examined and removed. The TTL field should be greater than 1; if the TTL = 1, the packet is discarded because its TTL is finished. 4. Forwarding decision. Finds a path to the destination. The router checks its routing table for a route to the packets destination. If it finds a match between the packets destination IP address and one of the prefixes (every entry is checked), it chooses the egress interface. If it does not find a match, it drops the packet. 5. Data Link Frame Construction. Encapsulates packet. The IP packet is encapsulated in the L2 frame that corrresponds to the egress interface. If the interface is Ethernet new source and destination MAC addresses are added, the router sets the frames type field and creates a new FCS. The packet is sent to the physical layer for transport. MPLS terminology: PE, P, CE, LER, LSR Costumer Edge. The CE devices are unaware of tunneling protocols or VPN services that are provided by the service provider. Provider Edge. The PE device must be able to connect to different CE devices over different access media, so it is usually able to support many different interface types. The PE device is the customers gateway to the VPN services offered by the service provider. Label Switched Router. The LSR resides within the MPLS domain. It connects the iLER and eLER to form a path for forwarding labeled traffic through the MPLS domain. When an LSR receives labeled traffic, it replaces the incoming (ingress) label with an outgoing (egress) label and forwards the labeled packet to the next hop router. Whether a router is iLER, eLER, or LSR depends on where that router resides in the MPLS domain as well as the direction in wich traffic flow.

MPLS Label Switching: Push, Swap & Pop

MPLS Terminology: LSP An LSP is a logical entity that represents the MPLS label connection between label edge routers. Another commonly used synonymous term is transport tunnel. A Label switched path can be defined as a sequence of labels and label actions performed on MPLS routers to forward data packets from point A to point B, using label switching. A LSP always starts from an iLER and ends at an eLER. An LSP is thus an end-to-end, unidirectional path that can carry traffic from Router A to Router B. FEC (Forwarding Equivalence Class) in IGP A FEC is a group of IP packets forwarded in the same manner, over the same path, and with the same forwarding treatment. For IP-only networks, FECs usually correspond to an IP prefix in the route table. By definition, FECs can be based on other administrative criteria, such as the markings inside packets that indicate Class of Service information. In IP routing, packets are reclassified at each hop along their forwarding paths, according to their destination IP address. In MPLS-based forwarding, FEC lookup is done only at the ingress LER on incoming data packets. The tunnels are established before the data packets arrive on the ingress router.

When the label associations to the tunnels are also known, the ingress LER decides if the data packet will be forwarded via normal IP routing or via label switching. The choice depends on the service configuration of the router associated with the incoming interface on which the packet was received. The LSRs along the path do not need to reclassify the packets as they receive them; they merely swap the labels according the previously determined and negotiated values. If the iLER decides to use an MPLS tunnel to forward the packet, it performs an FEC lookup in its Label Binding Table. As the name implies, the Label Binding Table contains FECs received from other routers and their label associations. Through the lookup operation, the iLER finds out that the packet needs to be forwarded through LSP 1, thus a label with a value of label 1 is pushed onto the packet and sent to router R1, which is the next-hop LSR. Building Tables: IP control Plane Every router consists of a Control Plane and a Data Plane. Data packet processing and forwarding take place on the Data Plane. The control Plane is like the command center of the router; communication with other routers via protocols and maintenance functions inside the router takes place here. The control Plane, therefore always needs to be one step ahead of the Data plane. First, with the more modern link state protocols (OSPF and IS-IS), an adjacency relationship is established between the routers. If the two routers agree on the parameters, they exchange routing updates with each other to synchronize their topology databases and build their Routing Information Base (RIB). Based on their protocol metrics, the CPM chooses the best routes from the RIB and writes them into the route table. The SPF algorithm uses metrics to calculate the best path. In link-state protocols, metric is defined as a function of the physical link bandwidth. The higher the bandwidth, the lower the metric, and

the lower the cost of getting to destinations via that link. The router places the SPF chosen routes in the Route table. The routing information is transferred to the Data Plane (the Input Output Modules) and is stored in the FIB. The FIB is virtually an image of the route table that is calculated from the entries in the RIB of the control plane. Since the FIB exists on the data plane, it does not need the extra information related to the control plane. In this manner, we can loosely think of it as a lightened version of the Route table. Identical copies of the routers FIB exists on every operational IOM. Dedicated internal processes exist to keep these databases synchronized and upto-date. The command to display the forwarding table entries on a certain IOM card that is installed in slot number <x> is $show router fib <x> Building Tables: IP data forwarding IP forwarding takes place in the Data Plane using the information available in the forwarding information base.

Building Tables: MPLS Control Plane MPLS protocols Exchange label bindings for their FECs and build the LIB (Label Information Base). When an operator starts the MPLS label signaling protocol on the routers, the routers establish protocol sessions first. The routing information present in the route tables allow the routers to create these sessions. After sessions are established, routers exchange label bindings for FECs (destination IP prefixes) that are known to them. The information that is sent and received is stored in a database that is called the Label Information Base, or LIB. When this process is completed on the end-to-end path of an LSP (tunnel), label forwarding can take place.

Building Tables: MPLS control Plane Data Plane Interaction Just as a FIB is required for native IP traffic, a Label Forwarding Information Base (LFIB) needs to be stored on the data plane for forwarding label switched packets. A selection process might be performed on the LIB when constructing the LFIB. Thus, the LIB might contain some redundant entries, those are not actually used on the data plane (LFIB) at a given time. This depends on the actual MPLS label distribution protocol implementation, either Label Distribution Protocol (LDP) or Resource Reservation Protocol with Traffic Engineering Extensions (RSVP-TE). Building Tables: MPLS data forwarding on iLER and LSR When an iLER receives a packet, it makes a decision to forward the packet via an MPLS tunnel (LSP). This depends on the definition of the service with which the ingress interface is associated. If the iLER decides to use an MPLS tunnel to forward the packet, it will perform an FEC lookup in its LFIB. This process will allow the packet to be encapsulated with a label and forwarded to the next-hop LSR. For the sake of simplicity, a single label is being used to illustrate the basic concepts of MPLS label switching. In reality, however, more than one label is often imposed onto the data packet, depending on the type of service or application. This is called a label stack. The LSR then swaps the label with another, again consulting the LFIB stored locally on itself. In some exceptional cases, the LSR might impose a further label onto the incoming stack in addition to the swap operation.

Building Tables: MPLS Data Forwarding on LSR and eLER The eLER is the last MPLS hop router, where the tunnel ends (terminates). This router pops the incoming label(s), locates the outgoing interface, and forwards the original data packet outside the core MPLS network (towards the CE).