Вы находитесь на странице: 1из 52

(VPN)

MPLS



MPLS . , MPLS-VPN; - -, , , , ,
-, . - , , , MPLS.
1 2 , ,
, , - .


1.
1.1.
1.2.

1.3.
2.
2.1.
2.2.
2.2.1.
2.2.1.1.
2.2.2 .
2.2.2.1.
2.2.2.2.
2.3.
2.3.1.
2.3.2
2.3.3.
2.3.4.
2.3.5.
2.4.
2.4.1.
2.4.2.
2.5.
3.
3.1.
3.2.
3.3.
3.3.1.
3.3.2.
3.3.3.
3.3.4.
3.4.
3.4.1.
3.4.2.
3.4.2.1.
3.4.2.2.
3.4.3.
3.5.
3.5.1.
3.5.2.
3.5.2.1.
3.5.2.2.
3.5.2.3.
3.6.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
, . . . . . . . . . . . . . . . . . . . .3
-, ,

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Cisco . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
(Peer Model) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
MPLS-VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
MPLS-VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
MBGP . . . . . . . . . . . . . . . . . . . . . . . . . .13
/ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
VRF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
- P- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
MPLS-VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
MPLS-VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
MPLS-VPN Hub-and-Spoke . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
MPLS-VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
- / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
() . . . . . . . . . . . . . . . . . . . . . . . . . .19
. . . . . . . . . . . . . . . . . . . . .20
. . . . . . . . . . . . . . . . . . . .21
MPLS-VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
CE- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
MPLS (P + PE) . . . . . . . . . . . . . . . . . . . . . .22
P PE VRF . . . . . . . . . . . . . . . . . . . . . . . .22
P PE . . . . . . . . . . . . . . . . . .23
: Extranet Multiple VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
CE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
( ) . . . . . . . . . . . . . . . . . . . . . . .25
( ) . . . . . . . . . . . . . . . . . . . . . . . . . .26
- . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

3.6.1.
3.6.2.
3.6.3.
3.7.
3.7.1.
3.7.2.
3.7.3.
3.7.4.
3.7.5.
3.7.6.
3.7.7.
3.8.
3.8.1.
3.8.2.

4.
4.1.
4.2.
4.3.
4.4.
4.5.
4.6.
4.7.

4.8.

4.9.
5.
5.1.
5.2.
5.3.
5.4.
5.5.
5.6.
5.6.1.
5.6.2.
5.6.3.

-
( ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
-
( ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
- . . . . . . . . . . .29
(QoS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Committed Access Rate (CAR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Weighted Random Early Detection (WRED) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Weighted Fair Queuing (WFQ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32
Class Based Weighted Fair Queuing (CBWFQ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
WFQ IP Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Modified Deficit Round Robin (MDRR) GSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
. . . . . . . . . . . . . . . . . . . . . . . . .35
MPLS Diff-Serv (
GB TE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
MPLS-VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
( ISDN) . . . . . . . . . . . . . . .37
DSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .39
(BBFW) . . . . . . . . . . . . . . . . . .39
Frame Relay/ATM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

CoS/QoS PE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40

(CE PE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .40
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
RIPv2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
IS-IS OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
MP-BGP4 ( BGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
BGP (BGP Route Reflectors) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42
(Customer Equipment CE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
VPN Solutions Center ( VPN) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
(Fault Management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46
. MPLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47

1.
,
IP-
-
. -, ,
( ), ,
(
),
.

, - , , , .
,
.
, ,
(),
. ,


,
,
.
(VPN)
. -
VPN. ,
(e-commerce), , -

. , -
.

1.1. ,

-
,

(VPN), ,
(.
1 2). 1 Yankee Group, 2
Infonetics.
VPN.
1: Yankee Group VPN

2: Infonetics VPN
( . )

VPN
VPN

, Infonetics ( 2000 )
MPLS -,
VPN. , 2004 - 9,1 . , MPLS
, 83% MPLS
2001 (. 3).

3: Infonetics VPN 2001



(% 2001 )

Web-


MPLS

, , -, VPN , , .

Cahners In-stat Group , 2003


VPN ( ,
) VPN.
(SLA), VPN. VPN ,

.
4: Cahners In-stat Group VPN-,

, ( ),
VPN,

: Cahners In-stat Group, 1999

VPN
, , 2 3. VPN 3
-

. VPN ,
,
( IP) 2.
VPN , , ,
.
,
VPN , Frame Relay ATM.
VPN 2. IP- 3 -
() ,
,
. , .
-
, - IP . , ,

IP-,
. IP-.
VPN
. , ,
- VPN,
,

. ,
,
. ,
, - VPN ,
.
- MPLS
MPLS-VPN
VPN
IP. -

.
, (QoS)
MPLS, (connectionless features),
VPN . ,
(, IPSec),
, .

1.2. -,
,
, -,
,
MPLS ,
. - MPLS , .
, - ,
, ,

.

, , MPLS (fast re-route).
MPLS ,

. :
MPLS, , -
.
,
VPNSC (Cisco VPN Solutions Center),

,
VPN 2.
MPLS
ATM (IP+ATM), PNNI
MPLS, .

,

.
MPLS, QoS . , ,
.
MPLS-VPN
, :
;
( CAR);
VRF ;
(CoS), ..
;
VRF;
VPN;
PECE.
-
:
-
MPLS 75% Frame Relay DLCI;
MPLS , . .

1.3. Cisco
Cisco Managed MPLS-VPN
Solutions -,

VPN,
.
MPLS
ATM
IP. MPLS IP ATM PNNI VCI/VPI. (Label Distribution Protocol), ,
VPI/VCI ATM,
ATM
(Label Switch Routers LSR). -

, , MPLS , ,
, , SONET/SDH, DWDM
.
ATM, MPLS ATM
( LSR) ,
,
(
VC-merge).
MPLS
,
5.
, , MPLS.
A, , .

(core network)
P- ( P
). MPLS P- (Label Switch Routers LSR). , ATM, ATM
MPLS,
3, . P- -

(),
MPLS.
, (Label Distribution Protocol).
(VPN) BGP-, -.
PE- ( PE )
MPLS (MPLS core) , . CE-
(CE ) PE- MPLS-VPN. PE- BGP VPN. , PE- ,
. PE-
Route-Reflector (RR). RR- , PE-.
. PE- .

5. MPLS

iBGP

VPNA
2.2.0.0

VPNA
2.5.0.0

CE

VPNB
1.2.0.0

VPNA
2.1.0.0
CE

PE
PE

CE

VPN
2.6.0.0

VPNB
1.3.0.0
CE
PE

VPNB
1.1.0.0
CE

PE

CE

MPLS PE
VRF ( VPN)
VPN. VRF
,
VPN. MPLS- , VPN
(Route Distinguisher RD),
CE. (RD) PE-, P- ,
.

VRF PE, , , VPNA.

,
P-,
, CE-.
. PE- , VRF,
VPN,
CE. VRF
(import policy), , PE
, (export policy), , .

2. MPLS

, VPNA VPNB. ,
MPLS-VPN,
, , .

MPLS ,
IP VPN. MPLS -
, IP VPN
, . MPLS - IP VPN
, ( Frame
Relay ATM WAN)
( ).

PE-
MPLS, ,
.
, LDP ,

P- ,
. MPLS , .

MPLS , Cisco (Cisco Tag Switching). IETF.


(Internet Draft),

http://www.ietf.org/internetdrafts/draft-ietf-mpls-arch-07.txt. Cisco MPLS


MPLS.
.


VRF, MPLS-
VPN. , ,
VPN. , BGP,
OSPF RIPv2. 4 VPNA, 2.0.0.0
A. , 2.2.0.0,
VPN.
. -

MPLS
.
, .
, ,
. . ,
. , (,
), ,
.
. - -

6. MPLS
MPSL: (forwarding)
1. (, OSPF, IGPR)
2. LDP ,

2b. LDP LFIB


LSR

5. LSR

3. LSR
,
3

4. LSR
,

8
IP-. , .

2.1. MPLS
, MPLS,
-, .
6.
1.
. IP+ATM,
-. , OSPF
IS-IS.
2. (Label
Distribution Protocol LDP)

, . (Label Switched Paths
LSP)
.
MPLS ATM PVC, VCI/VPI.

3.
Label Switch Router (LSR), , 3- (,
QoS ).
(policies), LSR , , .
4. LSR, ,
,
( ) .
.
5. LSR,
,
.
LSR MPLS 3- .
LSR IP-. ,
.
(,
-

); MPLS . MPLS
(policy mechanisms),
IP. ,
. IP- MPLS
, .
,
.

2. LSR , , 4 9
0.


MPLS, 7, (MPLS forwarding tables).

2.2. VPN

7. MPLS (MPLS forwarding tables)

In
Lbl

Address
Prefix
128.89
171.69

Out
Int
1
1

Out
Lbl
4
5

In
Lbl
4
8
5

IN
I/F
2
1
2

Address
Prefix
128.89
128.89
171.69

Out
Int
0
0
1

Out
Lbl
9
10
7

In
Lbl
9
10

IN
I/F
1
1

Address
Prefix
128.89
128.89

Out
Int
0
0

Out
Lbl

LSR
1
128.89.25.4 Data

2
4 128.89.25.4 Data

9 128.89.25.4 Data

MPLS-VPN ,
VPN,
. , , ,
.
2.2.1.
-
WAN IP-.
- IGP-
. , - (private network
backbone).

LSR

LSR

3. 9 ,
, 0. , IP
.

0
128.89.25.4 Data

1
LSR

1.
LSR, , 128.89. LSR
4,
1.

, ,
.
-
. ,
, (VPN).
VPN ,
, ,
.
. Frame Relay ATM . -

, -, . , , .

IP-, , IPSec GRE.

- ( ). , ,
. .

10

-, ,
, , . ,
, . , -.
, IP-
, .
,
. . .
2.2.1.1.
, ,
(meshed network). ,
,
, .
(meshed), ,
, () ,

()
. ( -), ,
, , .
(fully
meshed), , .
(
),
. , IP-
.
2.2.2. (Peer Model)
, VPN, . -,
, . VPN -.
VPN C
,
.
C1 ()
C2, , (
). , (CE), (PE).
CE-
. - CE-. CE- PE- - P-. PE- - CE-.

.
CE-
,
. ,
IP- ,
Frame Relay, CE-.
IP-.
. .
2.2.2.1.
:
, - VPN,
,
VPN. , VPN.

-,
CE-.

. CE- .

.
, , ISP.
, -.
- ,
.

,
P-.
C-. . ,
,
.
IP- -

, P- .
. CE- (
IPSec). ,

CE-.
,
CE- , .

, -, . , .

2.3. MPLS-VPN

2.2.2.2.
, ,
:
-
.
IP- (, , ), . IP-
, P-
.
() . -- (ISP)

,
IP VPN
, - , ,
(QoS) ,
, , IP- (VC-meshed networks).
, VPN, IP, . , IP- , VPN , . . , IP,

11

TCP/IP.

12

E-.

VPN , (, SNA,
).
. , VPN- (VPN-aware), , . MPLS , VPN-. - VPN
.


.
PE-.
, PE- .

, MPLS
. MPLS ,
, Frame Relay ATM
. VPN
, MPLS VPN,
IP- VPN.
- - ,
.

2.3.1. MPLS-VPN
MPLS-VPN MPLS
, BGP . , IP- . , .
, -
. ,
VPN IP- .

MPLS-VPN VPN, 3 IP VPN . MPLS-VPN


,
VPN
(VPN ID).
, ATM Frame Relay,
VPN , .

MPLS-VPN:

BGP IPv4
VPN-IPv4 NLRI.
MPLS. PE-, . ,

- (IP forwarding). PE
CE (forwarding table), , CE-.

CE- PE- ( ),
,
CE-, . , ,
, CE (
, ).
VPN (.. VPN
), .
C-
P-. - PE- P-.

. , CE ( -

-).

C- ; CE-, ,
, , External BGP PE- . EBGP OSPF,
RIP II . C- (IGP) P-.
,
VPN P-, .
2.3.2. MBGP
- IPv4 C- VPN-IPv4. VPN-IPv4 12 . 8 (Route Dis-tinguisher RD). 4 IPv4.
- C-
IP- C-, PE-, C-, IPv4 VPNIPv4 ( RD). , C-
IPv4, VPN-IPv4
. P- , , C-,
VPN-IPv4.
, C-
P-.
, ,
VPN,
,
VPN-IPv4 .
-
IP- -. ,
-
BGP4 , IBGP- .
,
.
, -

.
VPN - BGP,
, VPN-IPv4, .
MPLS-VPN
PE-. VPN
. ,
VPN.
VPN-IPv4 C-
( BGP) PE-, C-. PE-, C-, .
,
PE-, VPN,
P-.
VPN, PE.
2.3.3. /
MPLS-VPN PE-
(forwarding table)
C-, . ,
C-. IBGP PE,
C-.
PE-
IP- -.
VPN B FIB, iBGP
(PE2)
: + .
P-
. PE-
,
VPN/CE .
, CE-.
,
PE-,
P--

13

. P- VPN IP-.
P- .
PE-,
. PE-
( ), (
P-) PE-. P- ,
IP-. P- C.
VPN-IPv4. , P- MPLS-VPN
LSR, .

14

, P-, PE-. ,
PE-,
( ),
. PE- IP-, .
MPLS-VPN
P-
VPN
, P-.
VPN, VPN
. ,
, VPN.
,
, .
,
P- .
2.3.4. VRF
PE- (route/forwarding
tables VRF).
, PE-. IP- ,
A, (forwarding table)
, , -

(forwarding table) .
VPN, VRF
. , CE1
VPNA VPNB. VRF
PE1
VPNA VPNB. , 1
VRF. PE VRF , . ,
,
VRF.
VRF PE , , PE. , , -.
,

, . ,
, ( ), .
2.3.5 - P-
P- P- PE-. P- .
MPLS.
MPLS-VPN - , VPN .
P-
IGP- (,
IS-IS OSPF) , , PE-.
PE- IP-/32
IGP. MPLS , , PE-.
PE CE,
VRF .

CE, PE-,
CE .
CE,
PE, (BGP Next Hop), ,
BGP next-hop . .
IGP (IBGP OSPF)
BGP, . ,
BGP, . ( BGP IGP, ).
MPLS
CE
MPLS. ,
P- PE- MPLS, IP-
, PE-.
P- ( PE-), PE-,
MPLS PE-. PE-
CE. , CE IP-, MPLS.
VPN ,

, ,
:

P- ( ) ;
P- ( ) ,

IP.
, VPN , .

2.4. MPLS-VPN
, MPLS-VPN. ,
. Huband-Spoke (. ).
2.4.1. MPLS-VPN
MPLS-VPN , VPN, CE- PE- ( LSR), , P- ( LSR). 8
MPLS-VPN.
8 CE- -

8. MPLS-VPN

VPN A/ 2
VPN B/ 2

10.2/16
VPN B/ 1
10.1/16

CEB1

10.2/16

CEA2
CEB2
P1

PE2
P2
PE3

PE1
CEA1
10.1/16
VPN A/ 1

CEA3

VPN A/ 3

10.3/16
CEB3
10.4/16

VPN B/ 3

15

9. MLS-VPN Hub-and-Spoke
VPN A

1
Site-1

CE1

PE1
BGP/RIPv2

3
CE3-Hub

VPN A
PE3

CE3-Spoke

2 CE2
PE2

16

-. CE- .
PE-
-
EBGP. CEA1 PE1 . CEA1 PE1

( IP-, ). PE-
CE EBGP,
OSPF, RIPv2 .
LSR (PE-) CE-,
VPN
VPN. , 8, PE2 VPNA/Site 2 (CEA2), VPNB/Site 1
Site 2 (CEB1 CEB2). PE2 MPLS
VPN A B VPN-Ipv4 VRF .
MPLS-VPN (meshed topology). CEA1 VPN A/Site 3,
PE1. PE1 P3. P3
PE3. PE3
MPLS, IP- CEA3. CEA3 , .
,
, , , .
2.4.2. MPLS-VPN Hub-and-Spoke
MPLS-VPN Hub-and-Spoke.
MPLS-VPN , -

BGP/RIPv2

Hub-and-Spoke.
(spokes)
(hub). ,
VPN . Huband-Spoke MPLS-VPN 9.

CE3-Hub.
, , 2
1, -, CE3-Hub,
-
1.
CE2 PE2, PE1
1.
9
Hub-and-Spoke. VPN ,
. , - ,
Hub-and-Spoke.

.
Huband-Spoke MPLS-VPN.

2.5. MPLS-VPN
, , , MPLS-VPN , Frame Relay ATM.
MPLS-VPN

BGP IP-.
BGP- . ,
community. VPN , VPN BGP Route
Distinguisher (RD). RD
,
. VPN
. VPN MPLS BGP FIB (Forwarding
Information Base) VPN VPN, .
,
VPN . RD, VPN. , RD. Cisco
MPLS-VPN .

Interior Gateway
Protocol (IGP), OSPF IS-IS.
PE
-, LDP .
() PE-
LDP,
BGP. Community BGP , . BGP PE, ,
FIB PE, VPN.

,
. , IP- .

VPN .
MPLS-VPN , ,

VPN , () PE-.
IP- (forwarding table) VPN.
VPN . ,
.
VPN, .

3.

MPLS-VPN MPLS-VPN, - .
MPLS-VPN

.
:
Intranet VPN .
Extranet VPN .
VPN
CE, P PE.
.
-.
(QoS) .
.

3.1. - /
MPLS, (..
-), 10.
MPLS
(Edge LSR),

(Core LSR). LSR
.
10 -

17

10. MPLS-VPN

CE

PE

PE

LSR

LSR

LSR

LSR

CE

LSR

LSR

LSR

LSR
LDP


( )

18


( )

MPLS-VPN.
MPLS - ( ).
MPLS-VPN
Edge LSR, VPN-MPLS, PE.
(CE-)
IP- ( ) , , MPLS.
, PE
. -, .
PE LSR.
MPLS-VPN LSR P-. P-


( )

-.

3.2. VPN
Intranet VPN VPN MPLS.
. (). ,

. IP-
, , .
11 . (VPN Route/Forwarding VRF)

11. ()
CE
3

CE
2

CE
1

. , , VRF.
VFR , -.

VRF
.
VRF 1 A C1 (C1a, C1b ).
VRF 2 B
C2 (C2a, C2b).

3.3. VPN

, VRF / , route-target. ,
VRF 1 A
C2b 2 B, VRF 2 B
C1a 1 A.

3.3.1.
() / VRF . IP-, IP- , VRF.

3.3.2. ()
, ,

,
() ,
.
13 -

12 , 1
2, ,
A B. , : 1
A 2 B. ,

12.

2
B
VRF

VRF
2
A
1
B
VRF
1
A
/

19

13.

2
B
VRF

VRF
2
A

1
B
VRF
1
A
/

20

C. 1 A

2 B, (NAT), C1A
C2B .
MPLS PE-
VRF,
( ,
CE-).
3.3.3.

14 .
(NAT gate-

way), VRF
Intranet VPN. VRF,
NAT, . Ct1 VRF 2
B, Ct2 VRF
1 .
NAT.
NAT
NAT.
, .

3.3.4.
2
B

14.

VRF

NAT

VRF

2
A

VRF
1
A
/

1
B


15 . Extranet/NAT Intranet/nonNAT , PE-.
CE- ,
, VRF,
. -

VRF
, .
,
CE NAT, , . , C.

, ,
,

2
B

15.

VRF

21
VRF
2
A

VRF

1
B

1
A
/

VRF ( ,
).
, - . - CE-
CE-
(end-to-end) NAT.
15 : 1
A (C1A) 2 B (C2B),
(NAT).
C1A C2B,
, Ct1, . C2B , , C1A , Ct2.

Extranet_overlapping_nat13

. , , NAT- x.

3.4. MPLS-VPN
3.4.1. CE-
-
, . , - CE, CE ( )
.
.
VRF, VPN_Network_Management,

16. VRF CE
VRF 1

VRF 2

VRF 3

VRF

()

22

CE-. - (
)
VRF. , VRF - ( ),
CE-.
VRF CE- .

CE-. 16 VRF.
CE- ,
, -.
3.4.2. MPLS
(P + PE)
, P- PE- VPN Solutions Center.
CE-, PE- VRF, (Global Routing Table).
PE.

P- PE- VRF,
.
3.4.2.1. P PE
VRF
P- PE- VRF 17.
loopback P PE , VRF. -

17. VRF PE

VRF
()

MPLS ,
VRF ,
MPLS, , .

18. PE-
(Global Routing Table)

3.4.2.2. P PE


, .
,
VRF.
. 18.

()

3.4.3. : Extranet Multiple VPN


Extranet Multiple VPN ( Rainbow Management)
VPN Solutions Center -
(management router MCE).
19 , MPE.

MCE, PE-, non-MPLS-VPN MPLSVPN . MPLSVPN Extranet Multiple VPN. VPN VRF

19. VPN Solutions Center: Extranet Multiple VPN



(Out of Band)

, MPLS-VPN
,
MPLS-VPN (In-Band)
VPN
VPN

(In-Band)

, VPN
, VRF VPN

CE
VPN 1

VPN
VPN

CE
VPN 2

PE
:
MPLS

PE

(staged)

PE
CE

Netflow Collector

PE

VPN 2

MPLS-VPN

CE

MCE

LAN



,
VPN 1

VPN SC IP Manager

23

CE, VPN
Solutions Center. non-MPLS-VPN MCE Netflow
Collector PE-. CE Extranet Multiple VPN, non-MPLS-VPN link PE.
MCE MPE MPLS-VPN . ,
.
VPN Solutions Center
,
MCE, PE-
VPN
.

24

VPN Solutions Center VPN PE, CE


(Management VPN) (VPN). ,
, (access-lists)
PE, . CE
(spoke) VPN ,
MCE.
VPN VPN .

3.5.
MPLS-VPN ,
IP- , -.
.

, VPN . :
(), ;
(DNS, web, web-,
);
(, ).

3.5.1.
IP, . ,
, VRF. , . , MPLS-VPN, , -
.
, -
,
. -, ,
.
, (NAT)
.
3.5.2.
(RFC 1918), VPN
- . ,
- , .
, VPN (
).
CISCO
(Network Address Translation NAT), IOS.
, . :
(Service Access at
the CE);
(Service Access at a
Gateway) -.
3.5.2.1. CE
NAT ,
-, .
NAT CE.

20 NAT, CE

. , (), ,
. ,
- (ISP)
(ASP).
VRF C,
VRF, . VRF,
,
Intranet VPN.
VRF CT.
, P1 P3 VRF
, .
, CT VRF, , (ASP) .
, , 20. CE

C VPN , CE-
( ) IP-
PE.
C1 - P1, CE- C1 C1T, PE-, VRF, P1.
, CE .
, CE
, Hub-andSpoke. Hub-and-Spoke -, - , .
3.5.2.2.
( )
-
.
. ,
. ,
. -

25

21. ( )

26


( VRF ),
. ,
VRF,
PE- .
,
,
(service gateway router).
VRF . ,
, . ,
. .
21 ,
, Service
Gateway 1.
.
(A, B, C), , VRF (Public
Service 1 Public Service 2).
PE-. IP-.
-

. PE-, VRF ,
, .
3.5.2.3
( )
, , .
(service gateway)
VRF . VRF , . ,
. , , (service
gateway), , (
, ).
, , (routetarget),
VRF. , VRF

.
VRF , . ,

.
22 (service gateway),
,
, VRF, ,
VRF . 2
P2, P2 (route-target). 1
P1 A,
P1 A.
(service gateway),
, VRF Cxt . . Cxt VRF (P1 P2),
.
VRF PE-I
(P1 P2), . A, B C 22. ( )

MPLS-VPN.

3.6. -
3.6.1. - (
)
, .
, - . - ( ).
IP-, (NAT)
, NAT .
, .
23 . I -

27

23. - NAT

28

VRF ,
, , Internet Gateway.
VRF - PE-I.
Internet Gateway IP-,
(Cx -> Cxt),
. .
, ,
, ,

, .
, , ,

. -
, , , 23.
3.6.2. - (
)
- (..
)
, .
(double NAT). CE- , .

(
) .
24. - NAT

24.
4 , 2, (Internet
NAT Gateway) . ,
4 ,
. C2T. -.
, (NAT
Gateway), C2T
4 , .
3.6.3. -

VRF,
(Internet
Gateway).
. :
MPLS , .

BGP . , BGP . P-
BGP.
, , ,
VRF.
loopback-
Internet Gateway. , global. .

, CE.

BGP.
,
, , -.

3.7. (QoS)
QoS , -


, ,
. QoS 3 , . , QoS (,
) IP VPN , (Service Level Agreements SLA).
MPLS QoS
, , . MPLS
. , IP Precedence, Type-of-Service (ToS)
DiffServ. QoS Cisco IP+ATM
MPLS. QoS . QoS , .
QoS,
MPLS
VPN.
VPN QoS -
IP- . QoS VPN (Layer 3 CoS). , - :
premium , mission-critical , , besteffort. - , ,
. , ,

.
QoS , . QoS , Cisco LSR LSR .
, -

29

. , ,
. -, -
LSR (PE),
,
. ,
, ,
, . , . -, ,
, (CoS), . -, , , .
.
VPN.

30

(Type-of-Service), (CoS)
, 25. MPLS-VPN
.
(
).
1 IP Precedence.
. Weighted Random Early Detect (drop precedence), , , 25. IP Precedence
IPv4

TOS (1 )

Cisco IOS QoS 3,


VPN. MPLS Cisco IOS QoS:

IP Precedence
Committed Access Rate (CAR)
Weighted Random Early Detection (WRED)
Weighted Fair Queuing (WFQ)
Class-Based Weighted Fair Queuing (CBWFQ)
Modified Deficit Round Robin (M-DRR)

3.7.1. IP Precedence
IP Precedence
(precedence bits) IPv4.

3 IP Precedence

( ).
(IP Precedence) ,
.
3.7.2. Committed Access Rate (CAR)
Committed Access Rate

1. , IP Precedence

IP Precedence
,
, IP (VoIP),

4
5

2,3

web-/
IP-

0,1

Cisco, QoS
(edge). CAR
.

(policies) , ,
.
CAR
. ,
, , / .. CAR , . ,
(IP Precedence), IP (IP access control lists),
MAC-. CAR
,
.
, (PVC) Frame
Relay ATM, ,
(CIR, PCR .), ,
. , CAR
,
.
Ethernet ,

(policing/shaping), ,
2.
10M Ethernet, 512 /,
.
,
DSL. (CE)
DOCSIS.

:
CE ( / PE);
PE ( / ,
CE-).

CE, PE--

. CAR CE , CE ,
PE .
CAR
:
, .
( )
. , , .
(normal burst size),
, , ,
.
, .
, ,
,
,
. CAR .
.
( ) CAR . ,
2 3.
3.7.3. Weighted Random Early Detection (WRED)
WRED , . , .
WRED
.

. WRED , , , , .. .
WRED :
;
, ;
,
,
;
, -

31

.
(
).
. ,
10% , 25% 40%. , , - , .
2.
,
( 64 ). , ,
75%
. 25%
, .
,

.

32
WRED
. , .
WRED .
, .
, , -

( = 0) ( ,
).
WRED 26.

(1292 ) 10%. , 5. , ( ) , .
, ,
.
.
3.7.4. Weighted Fair Queuing (WFQ)

(WFQ) ,
,
. WFQ , : , ,
.
WFQ , -

26. WRED

Prec 5
Prec 4
Prec 3
Prec 2
Prec O

Prec 1

. , , . .
WFQ . .
WFQ ,

,
E1 (2,048 /) .
, WFQ

. WFQ
(TDM),
, - . WFQ QoS IP Precedence
(QoS).
, WFQ . WFQ ,
,
. WFQ
, TCP
(slowstart features). WFQ
.
3.7.5. Class Based Weighted Fair Queuing (CBWFQ)
(CBWFQ) . , CBWFQ
.
, ,
, .
CBWFQ

27. Class Based Weighted Fair Queuing

. ,
QoS ,
35% OC3. 27 , CBWFQ:

;
;
.
, -
. , , -
.
,
.
,
, ()
.
,
.

.
3.7.6. WFQ IP Precedence
WFQ IP Precedence.
,
IP- , .

,
. WFQ , .
.

-

33

. , (..,
).
3.7.7. Modified Deficit Round Robin (MDRR) GSR
GSR
, Modified Deficit Round Robin (MDRR).
,
CBWFQ.

34

MDRR CoS/
MPLS. , IP Precedence PE , , , CoS,
MPLS. CoS
Transparency ( CoS) MPLS CoS.
, IP Precedence . IP-
CoS .
Round Robin,
.
,
. GSR
MDRR ( 0 6)
. MDRR
,
(CoS). MDRR ( ) : 0-1-2-34-5-6-0-1-2-3-4-5-6 ... - -

,
, , 36 . ,

.
, . .
,
- . . , .

: ,
, .
.

, . 1 ,
MTU. OC3/STM-1 4470 .

512 . 2 , .

3.8.

MPLS. MPLS Traffic Engineering (TE) - , 2, Frame Relay ATM. 3 , IP--

2. MDRR

20,00%

4470

30,00%

6705

50,00%

14

11175

. 3 ,
.
IP , . , ,
.
MPLS:
.
MPLS 3- , IP- ,
;

;
, ..
, () . MPLS
, , ..;
, ,
.
-
28.

.
, .
MPLS
. MPLS Traffic
Engineering, . . , MPLS Traffic
Engineering ,
.
,
(Traffic Engineering Service Restoration), MPLS
(MPLS Routing for Resource Reservation
RRR) MPLS. ,
Link State Routing Protocols (IS-IS, OSPF)
Distance Vector Routing
Protocols (RIP, EIGRP).
3.8.1.
MPLS .

(Link Protection
Fast ReRoute).

35


Fast ReRoute (FRR).
FRR
. FRR ,
SONET/SDH ( 50 ).
, LSP , ,
(head-end-router). , .
FRR, . , TE .

36

28 Fast ReRoute.
R6 R5 Fast ReRoute. R6 , ,
TE
{R2,R3,R4} R5. ,
, , , .
.
, , , .

LSP.
3.8.2. MPLS Diff-Serv
(
GB TE)

Diff-Serv.
MPLS Traffic Engineering

.
. (drafts) IETF:
a) Diff-Serv-Aware Traffic
Engineering;
b) RSVP-TE CR-LDP
Diff-Serv-Aware Traffic Engineering;
c) OSPF Diff-Serv-Aware
Traffic Engineering;
d) IS-IS Diff-Serv-Aware
Traffic Engineering.
Cisco MPLS . MPLS
, .
MPLS Diff-Serv-Aware Traffic Engineering (explicit routing), IP .


.
,
. ,

,
.
MPLS Diff-Serv-Aware Traffic Engineering
: MPLS, OSPF, ISIS Resource Reservation Protocol (RSVP). RSVP
,
RSVP. RSVP (edge routers)
unicast, . RSVP

4. MPLS-VPN

Cisco VPN . , -
. PE-,
MPLS-VPN

29. MPLS-VPN

37

. , PE-CE, MPLS-VPN.

4.1. (
ISDN)

30. MPLS L2TP

POP MPLS-VPN.
PPP,
(,
ISDN).
, PPP -

(NAS) -. . , PPP, (DNIS), , NAS 2 (Layer 2 Tunneling Protocol L2TP).


PPP PE-.
PPP PE- , VPN. VPN DNIS. PPP DNIS PE-
. , , RADIUS. PPP VPN . ,
L2TP.

38

,
PPP Ethernet PPP
ATM. Cisco
6400 PE-.
MPLS CPE. (bridged) CPE Cisco 6400
MPLS RD.
VCI/VPI.

MPLS RD.
PPP web- (dashboard). PPP,
(username). UAC ,
, MPLS-VPN,
.
Cisco 6400 UAC
VPN.

4.2. DSL
(DSL)

, .
,
DSL
VPN.
DSL ,
(CPE), , .
31. PPPoX DSL MPLS-VPN, SSG

web- ,
Cisco 6400 UAC, (web
dashboard server). URL , .
MPLS-VPN.
, , -

.
MPLS-VPN.

/ (HFC),

4.3.

32. MPLS-VPN
DOCSIS SID

Hub

MPLS

ITSP

ISP

CATV

HFC
PE

PE

VPN
Cust. HQ

MS

ISP

39
.
uBR7200 PE-.

4.4.
(BBFW)
33 BBFW MPLS-VPN.
33. DOCSIS SID => MPLS-VPN

(Cisco uBR72xx/VXR ) PE- MPLS-VPN. (CPE,


Cisco 26xx/36xx BBFW), , CE-,
PE. , , , VPN -

(Service Identifiers SID),


DOCSIS. CPE SID.

4.5. Frame Relay/ATM


Frame Relay ATM .
2. Frame Relay ATM Cisco,

, Cisco 7200
Cisco 7500. -
Cisco 3600.

40

4.6. CoS/QoS PE
34 CoS/QoS
- -

34. CoS/QoS - 7500/7200

CoS.
CoS PE- :
PE , ;
,
, ,
;
PE

( : , ,
..);
;
WRED ;
WRED,
.

4.7.
(CE PE)
,

CE PE
. ,
, PE .
-
VPN (VPN Routing
and Forwarding table VRF), .
,
PE/CE.
MPLS :
;
RIPv2;
eBGP;
OSPF.

VRF.
, address families (
). VRF, .
, , PE CE, IGP, . , IGP ,
PE/CE VRF. EIGRP
(WAN)
RIPv2 PE/CE,
VRF.
,
(Customer Edge) - MPLS.
IOS. MPLS, . PE/CE ( ) ,
IGP .

(stub site), IP- .
, . CE-

,
MPLS. PE- VRF, .
, PE
,
,
IP-
PE LAN. , (LAN),
PE VRF.
RIPv2
RIPv2 ,
.

MPLS VRF. , RIPv2 CIDR ,
IP ( RIPv1 ).
RIPv2 - , RIPv2 , ,
(link state), OSPF.

4.8.
PE-PE P-P , .
P-P IS-IS OSPF.
PE-PE MP-BGP.
IS-IS OSPF
IS-IS/OSPF IGP, IP- LSR (P PE). LDP VPN (BGP4).
IS-IS OSPF
IGP . IS-IS OSPF
(link state)
RRR. - , EIRGP, RRR.

(global routing
table GRT) P- PE.

41

35. BGP

42

, VPN. loopback . GRT


, P/PE.
VRF.

VRF, - global.
MP-BGP4 ( BGP)
VPN
BGP. MPLS
VPN, -, VRF, . VRF IPv4,
VPN-IPv4, BGP ,
VPN-IPv4.

PE-. VPN VPN.


BGP
VPN. VPN
.
BGP (BGP Route Reflectors)
BGP
MPLS,
.
,
PE
PE - (BGP neighbor command), . BGP , ,
(AS),
. BGP -

(fully meshed),
,
BGP.
PE ,
PE, BGP. BGP
PE.
, , PE , . ,
VRF,
. ,
, PE,
PE.

4.9. (Customer Equipment CE)


,
non-MPLS-VPN, MPLS-VPN.
MPLS-VPN. //
.

Cisco VPN Solutions Center


MPLS-VPN .
, ,
(SLA),
. Cisco VPN Solutions Center
(API). Cisco (Cisco
Service Management CSM). -, CSM, Cisco VPN Solutions Center CSM
VPN. , Cisco Provisioning Center
Cisco Info Center, Cisco
VPN Solutions Center ,
. Cisco VPN
Solutions Center (standalone) , - ,
, VPN.

5.2.

5. VPN Solutions Center ( VPN)


, , , (Operations, Accounting, Maintentance, Provisioning
and Management OAM&P) MPLS-VPN. Cisco - VPN (VPN
Solutions Center VPNSC). - :
VPN,
, VPN MPLS.
IP VPN ,
, ,
(SLA) .

5.1.
Cisco VPN Solutions Center MPLS SLA, - MPLSVPN .

,
MPLS-VPN.
QoS .
(wizards), .
(scheduler) .
VPN (hub-and-spoke
full-mesh).
IP-VPN
.

,
VPN .
(SLA)
SLA VPN.
API , ,
OSS (Operations
Support Systems).

43

, (GSR)
Cisco.
Cisco IOS
.

5.3.
VPN
VPN
(wizards).
VPN .
web- -

44
36. VPN

, .
.
, .
.
VPN .
VPN
QoS.

5.4.
(Provisioning). Cisco VPN
Solutions Center , .

(Service auditing). VPN Solutions Center



(
pending deployed). -

37:

VPN
Solutions Center

45

, VPN . , .
Cisco IOS,
.
(Scheduling).
,
, .
(Activation). Cisco IOS.
, .
- (Post-activation
testing). ,
. ,
,
(site-to-site ping test) VPN.

,
.
(Usage). Cisco NetFlow, VPN Solutions Center VPN
. NetFlow , IP- . ,
, .
SLA
. VPN Solutions Center
SLA, (round-trip time),
Cisco.
.

QoS. VPN Solutions Center QoS -

. VPN Solutions Center , SLA


(Response Time Reporter RTR),
Cisco IOSTM.

5.5.
VPN Solutions Center API
CSM. , API
, ,
(Belle Systems IMS), (Cisco
Info Center) (Concord eHealth). ,
Info Center , , . , VPN Solutions Center
API.

5.6.

46
5.6.1. (Fault Management)
VPN Solutions Center Cisco Info Center

38: VPN Solutions Center

(CIC). CIC VPN


VPN
VPN Solutions Center.
5.6.2.
VPN Solutions Center , ,
, ,
, ..
, VPN Solutions Center
VPN. ,
VPN Solutions
Center Concord eHealth.
5.6.3.
VPN Solutions Center
CORBA API
VPN Netflow. Portal and Belle System IMS VPN
Solutions Center ,
.

A. MPLS
Border Router
( )

. IBGP
PE PE EBGP
- .

CEF

Cisco Express Forwarding 3- .


MPLS-VPN CEF.

CE-

. .
(PE-) .

Customer Network (C-Network)

Customer Premise Equipment (CPE)

, .

Edge LSR

, .
LSR, , MPLS, Edge LSR.

Global Routing Table


( )

IP- Cisco IOS. show ip route.

Label ()

, LSR
. MPLS
.

Label Switching
( )

(labels tags).
MPLS (incoming label) (outgoing label).

LDP

(Label Distribution Protocol), draft-ietf-mpls-ldp-05.

Label switched path (LSP)


( )

, , . LSP
.

LSR: Label Switch Router


(
)

,
.

MPLS

Label Switching).

NLRI

(Network Layer
Reachability Information).
VPN-IPv4 . : <label, length, prefix> (,
, ).

P-

, ..
MPLS-VPN. P-
P-.
, P-
PE-. P-
LSR.

(Multi-Protocol

47

PE-

.
. CE- . PE- Ipv4
12- VPN-Ipv4. PE- Edge LSR.

Provider Network (P-Network)


( )

Route Distinguisher (RD)


( )

, VPN (64 ).
RD -
.

VPN (Vitural Private Network)

. .

(.. -),
.

VPN Aware Network

, MPLS-VPN.

VPN-IPV4

12- IP-. 8 (RD), 4 IP-.

VRF (VPN Routing & Forwarding)

, . VRF
IP-, , , , , , . () VRF.

VRF ForwardingTable
( VRF)

,
. CEF. VPN
CEF.

VRF Routing Table


( VRF)

, , . IP-. VRF Routing Table


show ip route vrf vrf_name.

48

-,

P-.

:
CCIE,
-


Cisco Systems
113054 ,

., 52
. 1, 4-
.: +7 (095) 961 14 10
: +7 (095) 961 14 69
World Wide Web: www.cisco.com
World Wide Web: www.cisco.ru

Cisco Systems has more than 200 offices in the following countries. Addresses, phone numbers, and fax numbers are listed on the
Cisco Connection Online Web site at http://www.cisco.com.
//www.cisco.ru.
Argentina Australia Austria Belgium Brazil Canada Chile China Colombia Costa Rica Croatia Czech Republic Denmark
Dubai, UAE Finland France Germany Greece Hong Kong Hungary India Indonesia Ireland Israel Italy Japan Korea Luxemburg
Malaysia Mexico The Netherlands New Zealand Norway Peru Philippines Poland Portugal Puerto Rico Romania Russia Saudi Arabia
Singapore Slovakia Slovenia South Africa Spain Sweden Switzerland Taiwan Thailand Turkey United Kingdom United States Venezuela
Copyright 2001 Cisco Systems Inc. All rights reserved. Printed in Russia. Cisco Systems logos are registered trademarks of Cisco Systems, Inc. in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any of its resellers.