VPN.

vprokopov@solidex.by
4 2009

1. VPN

2. Layer 3 VPN
3. Layer 2 VPN

4. QoS/H-QoS

VPN = Virtual Private Network

N=Network

V=Virtual

P=Private

3

VPN
...

 VPN

Virtual Private Networks

(Site-to-Site)
Operator Provisioned

Customer Provisioned

:
Layer 2
Layer 3 IPSec
1. ,
2.
MPLS VPN
Point-to-Point
Multipoint
3.

L2TPv3

VPWS
(EoMPLS)

802.1ad PB
802.1ah PBB
802.1Qay PBB-TE

GRE

VPLS
H-VPLS

 #1

PE
L3
E

PE

L3
E

Layer
VPN3 PSN
PE

L3

- ,

6

 1 #1
MPLS VPN

 VPN

Virtual Private Networks

(Site-to-Site)
Operator Provisioned

Layer 2 VPN

Point-to-Point
L2TPv3

VPWS
(EoMPLS)

Customer Provisioned

Layer 3 VPN

Multipoint

802.1ad PB
802.1ah PBB
802.1Qay PBB-TE

IPSec

GRE

MPLS VPN

VPLS
H-VPLS

 MPLS
IP
PE

PE

IGP

IP
1.
2.

MPLS VPN -

Ethernet

Ethernet
header

MPLS
Label

IP
header

Data

MPLS

Label

EXP S

TTL

MPLS
L2 L3
Label (20 ) - MPLS
EXP (3 ) - QoS
S (1 ) -
TTL (8 ) -
10

MPLS VPN - Control Plane

IGP
CE

LDP

LDP

VPN Red

PE

CE

LDP

LDP
LDP
P

VPN Red

VRF

IGP

IGP

IGP

LDP

VRF
VRF

CE

PE

VRF

VPN Green

IGP

CE

VPN Green
MP-BGP

1.
2.
3.
4.

IGP (OSPF, IS-IS)

LDP
IGP
MP-BGP PE

11

Multiprotocol-BGP
MP-BGP:
8

RD (Route Distinguisher)
1:1

IPv4
10.0.0.1

RT (Route Target)
2:2

Label
50

VPNv4

RD - IPv4
RT - VRF VPNv4
VPNv4 MPLS

12

MPLS VPN -

IP ?
Next-Hop = PE2
CE
L3

VPLS Red

L3

VPNv4 LSP
Label Label

PSN
LSP 2
LSP 3

VRF Red

S=1

S=0

LSP 4

PE1

PE2

L3
CE

VRF Green

VPLS Green

13

MPLS VPN
Control Plane
Interior Gateway Protocol (IGP)
Label Distribution Protocol (LDP)
LSP

Multiprotocol-BGP ( PE)
VPNv4-

Data Plane

(Tunnel label) -
PE (LSP)
(VPNv4 label) - MPLS
VPN
14

MPLS Traffic Engineering

MPLS-TE
RSVP-TE
MPLS-TE
PE
RSVP-TE

MPLS-TE
RSVP-TE
MPLS-TE
PSN

L3

P
MPLS-TE
RSVP-TE

TE tunnel 2

MPLS-TE
PE
RSVP-TE

L3

MPLS-TE
RSVP-TE

MPLS-TE :

(UCLB)
(RSVP-TE)
50 (FRR)
15

Fast Reroute - 50-

Local protection
Link protection

Node protection
50

PE

PE

50
PE

PE

Path protection

PE

> 50

PE

16

MPLS VPN -
:
1. 4- Control Plane

IGP
LDP
MP-BGP
RSVP-TE

2. MPLS MPLS-TE

3. IGP

17

 2 #1
IPsec VPN

18

 VPN
Virtual Private Networks
(Site-to-Site)

Operator Provisioned

Layer 2 VPN

Point-to-Point
L2TPv3

VPWS
(EoMPLS)

Customer Provisioned

Layer 3 VPN

Multipoint

802.1ad PB
802.1ah PBB
802.1Qay PBB-TE

IPSec

GRE

MPLS VPN

VPLS
H-VPLS

19

IPsec VPN
IP-

IPsec

IPsec VPN
2

IPsec VPN
1

PSN
IPsec VPN
3

20

IPsec
IPSec - IETF, :

RFC 2401: Security Architecture for the Internet Protocol

RFC 2402: IP Authentication Header (AH)
RFC 2406: IP Encapsulating Security Payload (ESP)
RFC 2409: The Internet Key Exchange (IKE)
RFC 2631: Diffie-Hellman Key Agreement Method
...

21

IPsec VPN
1. IPsec VPN -

2. IPsec VPN :


()

22

 Authentication Header
AH,
IP
header

L2 header

AH
header

TCP/UDP
header

Data

authenticated

AH,
L2 header

IPsec IP
header

AH
header

IP
header

TCP/UDP
header

Data

authenticated

AH :



23

 Encapsulating Security Payload

ESP,
L2 header

IP
header

ESP
header

TCP/UDP
header

IPsec IP
header

ESP
header

ESP
trailer

ESP
auth

ESP
trailer

ESP
auth

encrypted
authenticated

ESP,
L2 header

Data

IP
header

TCP/UDP
header

Data

encrypted
authenticated

ESP :


(DES, 3DES, AES)
24

IPsec VPN -

1.
2.
3.
4.
5.

NAT/PAT IPsec
multicast IPsec VPN
IPsec VPN
IPsec VPN

25

IPsec VPN -
1.

2. ( IKE)

IPsec VPN
IKEv1 (RFC 2408, 2408, 2409)
IKEv2 (RFC 4306) - IKEv1 + NAT traversal

26

IKE - Internet Key Exchange, 1

1, -
IPsec VPN 2

Internet

IPsec VPN
1

IPsec VPN
2
2

: ,

2

(DH),

2

27

 IPsec VPN
1. (Preshared keys)

n (n - 1) /2

2. (Digital certificates)
Public Key Infrastructure (PKI)
IPsec VPN
, ()

28

Internet Key Exchange, 2

2, - IPsec

Internet

IPsec VPN
Gateway 1

IPsec VPN
Gateway 2
3

: ,

29

 -
IPsec:
PKI
()
X.509
X.509
Certificate Revocation List (CRL)
Online Certificate Status Protocol (OCSP)
IPsec VPN

Simple Certificate Enrollment Protocol (SCEP)

30

IPsec VPN -

1.
2. NAT/PAT IPsec

3. multicast IPsec VPN

4. IPsec VPN
5. IPsec VPN

31

IPsec VPN -

L2

IP
10.0.0.1

L2

Internet

IPsec VPN
Gateway 1

IP
80.94.224.32

NAT/PAT

IPsec VPN
Gateway 2
IPsec

IPsec NAT/PAT
IP ( UDP/TCP)

32

 Authentication Header
AH,
IP
header

L2 header

AH
header

TCP/UDP
header

Data

authenticated

AH,
L2 header

IPsec IP
header

AH
header

IP
header

TCP/UDP
header

Data

authenticated

IP TCP/UDP :
, IPsec

NAT/PAT
33

 Encapsulating Security Payload

ESP,
L2 header

IP
header

ESP
header

IPsec IP
header

ESP
header

Data

ESP
trailer

ESP
auth

ESP
trailer

ESP
auth

encrypted
authenticated

ESP,
L2 header

TCP/UDP
header

IP
header

TCP/UDP
header

Data

encrypted
authenticated

TCP/UDP :
: Checksum
TCP/UDP,

: PAT
34

NAT traversal
ESP,
L2 header

IP
header

ESP
header

IP
header

Data

ESP
trailer

ESP
auth

ESP
trailer

ESP
auth

encrypted
authenticated

UDP
L2 header

TCP/UDP
header

UDP
header

ESP
header

TCP/UDP
header

Data

encrypted
authenticated

NAT traversal
NAT/PAT IPsec-
PAT UDP
UDP
35

NAT traversal (.)

IKE 1
NAT Support
Vendor ID

Vendor ID

NAT Existence
NAT-D

NAT-D

Internet

IPsec VPN
Gateway 1

NAT/PAT

IPsec VPN
Gateway 2

NAT Support: IPsec VPN

NAT/PAT
NAT Existence: IPsec VPN
IPsec

36

NAT traversal -

IPsec :

NAT/PAT- IPsec
ESP AH
ESP PAT
,
IPsec

37

IPsec VPN -

1.
2. NAT/PAT IPsec
3. multicast IPsec VPN
4. IPsec VPN
5. IPsec VPN

38

 multicast IPsec VPN

IP unicast
IP multicast
Non-IP traffic

Gateway 1

Internet

IPsec

Gateway 2

IPsec point-to-point
IPsec IP unicast-
IPsec
, IP
39

GRE over IPsec

IP unicast

IP multicast
Non-IP traffic

Internet

Gateway 1

GRE

Gateway 2

IPsec

GRE :
IP multicast- IPsec VPN
IPsec VPN
non-IP

40

IPsec VPN -

1.
2. NAT/PAT IPsec
3. multicast IPsec VPN
4. IPsec VPN
5. IPsec VPN

41

IPsec VPN -

Hub-and-Spoke
IPsec
IPsec VPN
HUB

IPsec VPN
Spoke 1

Internet

IPsec VPN
Spoke 2

:
VRRP
GRE

42

 IPsec - VRRP Stateless

IPsec

VRRP
Hub 1

VR

Internet

Spoke

Hub 2

IKE keepalive (10 sec)

IPsec-

IKE
43

 IPsec - VRRP Stateless

IPsec

VRRP
Hub 1

VR

Internet

10.0.0.1
.254

Hub 2

Spoke

10.0.0.2

IKE keepalive (10 sec)

1.
2.

IPsec- Spoke Hub 1 (active VRRP node)

Hub 1 Hub 2

3.

Hub 2 IPsec IKE, Spoke IPsec-

Spoke IPsec- Hub 2 (10.0.0.254)

4.

44

 IPsec - VRRP Stateful

IPsec

VRRP
Hub 1

VR

Internet

Spoke

Hub 2

SSO/SSP
IKE keepalive (10 sec)

IPsec-


Stateful Switchover (SSO) -
State Synchronization Protocol (SSP) - IPsec
45

 IPsec - VRRP Stateful

IPsec

VRRP
Hub 1
.

VR

Internet

Spoke

Hub 2
.

SSO/SSP
IKE keepalive (10 sec)

1.
2.

IPsec- Spoke Hub 1 (active VRRP node)

Hub 1 Hub 2

3.
4.

IPsec Hub 2
IPsec- , IPsec Spoke Hub 2
46

 IPsec -
IPsec

Hub 1
(Master)
Hub 2

Internet

Spoke
Hub 3

IPsec
Master IPsec
Master:

IPsec
Master

47

 IPsec - GRE
GRE/IPsec

Hub 1
Internet

Spoke

Hub 2
GRE/IPsec

GRE
GRE/IPsec- Active-Active



48

 IPsec - GRE
GRE/IPsec

Hub 1
Internet

Spoke

Hub 2
GRE/IPsec
GRE/IPsec

Hub 1
Internet

Spoke

Hub 2
GRE/IPsec

49

IPsec VPN -
ESP,
L2 header

IP
header

ESP
header

IPsec IP
header

ESP
header

Data

ESP
trailer

ESP
auth

ESP
trailer

ESP
auth

encrypted
authenticated

ESP,
L2 header

TCP/UDP
header

IP
header

TCP/UDP
header

Data

encrypted
authenticated

IP ( ToS/DS)

QoS IP
50

IPsec VPN - (.)

IPsec
Access
Router

IPsec
Gateway

WAN
Router

QoS

IPsec

Internet

Shaping
Policing
Queuing

QoS IPsec
51

IPsec VPN -

1.
2.
3.
4.

NAT/PAT IPsec
multicast IPsec VPN
IPsec VPN

5. IPsec VPN

52

IPsec VPN -

IPsec
VPN n (n-1) / 2
53

Group Encrypted Transport (GET) VPN

GET VPN

Tunnel-less IPsec VPN

GET VPN

54

GET VPN -
ESP,
L2 header

GET VPN
L2 header

NEW IP
header

ESP
header

IP
header

TCP/UDP
header

Data

ESP
trailer

ESP
auth

TCP/UDP
header

Data

ESP
trailer

ESP
auth

IP
header

ESP
header

IP
header

IP
p2p
Native Routing Overlay Routing
- multicast-
55

GET VPN -
Control
Plane

KS

KS = Key Server
GM = Group Member
GM

GM

GET VPN

Data Plane

Data Plane

GM
Data Plane

GM
Data Plane
56

GET VPN -
Key Server (Control Plane)
:


ACL


GM
Group Member (Data Plane)
KS
GET VPN

57

GET VPN -
Control
Plane

KS

KEK = Key Encryption Key

TEK = Transport Encryption Key
GM

GM
Data Plane
Data Plane

GM
Data Plane

GM
Data Plane

KS KEK TEK

58

GET VPN -
GET VPN IPsec VPN:
tunnel-less

multicast-

59

VPN.
2

vprokopov@solidex.by
4 2009

61

 #2

2
L2

IP MPLS

L2

192.168.0.x /24

192.168.0.x /24

L2-

L2-
- (point-to-point)
62

 VPN

Layer 2 VPN

Point-to-Point
L2TPv3

VPWS
(EoMPLS)

Multipoint

802.1ad PB
802.1ah PBB
802.1Qay PBB-TE

VPLS
H-VPLS

63

Point-to-Point L2 VPN

L2TPv3

VPWS

IP
Ethernet AC
Frame Relay AC
ATM AC
PPP AC

MPLS
Ethernet (EoMPLS)
Frame Relay AC
ATM AC
PPP AC

L2TP = Layer 2 Tunneling Protocol

VPWS = Virtual Private Wire Services
AC = Attachment Circuit
64

 1 #1
L2TPv3

65

L2TPv3

1
LAC

IP

2
LAC

L2TP Control Channel

L2

L2

L2TP Data Channel

192.168.0.x /24

192.168.0.x /24
AC

VC

VC

AC

L2TPv3

LAC = L2TP Access Concentrator

VC = Virtual Circuit
AC = Attachment Circuit
66

L2TPv3
Control Plane
L2TP Control Channel ()
L2TPv3

Data Plane
2
IP Header (PID = 115)
Data Channel Header
Session ID VC
Cookie ()
67

L2TPv3 - Data Plane

L2 Frame

L2 Frame

Data Channel
Hdr

IP Hdr
PID=115

L2 Frame

Session ID (VC)
Cookie

2
LAC
L2

LAC
L2TP Control Channel

L2

L2TP Data Channel

192.168.0.x /24

192.168.0.x /24

68

 L2TPv3
1.
2.
3.

4.

5. ,

69

L2TPv3 -

LAC
L2

LAC
L2

IP
PSN

192.168.0.x /24

192.168.0.x /24

AC

VC

IPsec

VC

AC

L2TPv3

L2TP over IPsec L2 VPN-

IPsec LAC,
70

L2TPv3 -
OSPF
IS-IS

OSPF
IS-IS
PSN
LAC

LAC

L2

L2

OSPF
IS-IS

OSPF
IS-IS
OSPF
IS-IS

OSPF
IS-IS

,

QoS


71

L2TPv3 -
1. QoS:

L2 Frame
IP Hdr (ToS = 160)

IP Hdr
L2TPv3
L2 Frame
(ToS = 160) Hdr
IP Hdr (ToS =160)

L2TPv3

pseudowire-class l2tpv3.pw
ip tos reflect
LAC

2. L2TPv3 :

IP Hdr
L2TPv3
(ToS = 160) Hdr

L2 Frame

LAC

L2 Frame

L2TPv3

pseudowire-class l2tpv3.pw
ip tos value 160

72

L2TPv3 - (.)
3. L2TPv3 :

L2 Frame
IP Hdr (Src: 10.3.0.5)

IP Hdr
L2TPv3
L2 Frame
(DSCP = 46) Hdr IP Hdr (Src: 10.3.0.5)

L2TPv3

LAC
access-list 1 permit 10.3.0.0 0.0.0.255
class-map l2tpv3.net
match access-group 1
policy-map l2tpv3.pol
class l2tpv3.net
set ip dscp tunnel 46
interface FastEthernet0/0
service-policy input l2tpv3.pol
73

L2TPv3 -
L2TPv3

LAC

LAC
L2 AC

IGP

L2 AC

PSN

L2 AC

2
LAC

1
2

74

L2TPv3 - LAC
L2TPv3


L2TPv3

LAC

IGP

LAC
L2 AC

L2 AC

L2 AC
LAC

LAC
LAC
2 LAC
75

 2 #1
VPWS (EoMPLS)

76

Ethernet over MPLS

IP/MPLS
L2 PE
L2

L2 PE
Targeted LDP

L2

MPLS

192.168.0.x /24

192.168.0.x /24
MPLS Pseudowire
EoMPLS-
PE = Provider Edge

EoMPLS L2TPv3 , L2 VPN

MPLS
77

EoMPLS
Control Plane
Targeted LDP
VPN PE-
Data Plane
2
(Tunnel Label)
PE- (LSP)
(VPN Label)
MPLS PW
78

EoMPLS
L2

L2

VPN
Label

VPN
Label

Tunnel
Label B
L2

Tunnel
Label A

VPN
Label

L2

L2

L2 PE

MPLS

L2PE

AC

AC

LDP

LDP
Targeted LDP
79

EoMPLS -

L2 PE

L2 PE

EoMPLS

L2

L2
EoMPLS

L2

L2 PE

PE-
1:1 1:N
Active-Standby
80

EoMPLS - :

L2 PE

DSLAM

L2 PE

EoMPLS

BNG
1
2

EoMPLS

L2 PE
PPPoE

1. BNG
PPPoE; BNG
2. PE
3. EoMPLS ,

81

EoMPLS - :
L2 PE

BNG

DSLAM

L2 PE

EoMPLS

1
2

EoMPLS

L2 PE

:
-
- L2 PE BNG
82

MPLS Traffic Engineering

MPLS-TE
RSVP-TE
MPLS-TE
PE
RSVP-TE

MPLS-TE
RSVP-TE
MPLS-TE
PSN

L2

P
MPLS-TE
RSVP-TE

TE tunnel 2

MPLS-TE
PE
RSVP-TE

L2

MPLS-TE
RSVP-TE

MPLS-TE :
(UCLB)

50 (FRR)
(RSVP-TE)
83


L2TPv3
MPLS IP
LAC
UCLB
QoS
EoMPLS
MPLS IP
L2 PE
UCLB (MPLS-TE)
QoS ( RSVP-TE)
84

EoMPLS

?
50 ?
QoS?
?

L2TPv3

85

 #3

86

 #3

PE

.
VPN

PE

.
VPN

PE

-
-

87

 #3

PE

.
VPN

FHRP

.
VPN

Multipoint
L2 VPN

PE

PE

FHRP - VPN
Multipoint L2 VPN FHRP

88

Multipoint L2 VPN

VPLS
MPLS
Ethernet AC
BGP/LDP
Hierarchical VPLS

Metro Ethernet
Ethernet
802.1ad, PB
802.1ah, PBB
802.1Qay, PBB-TE

89

 1 #3
Virtual Private LAN Services (VPLS)

90

VPLS

1
PE

PE
AC

VPLS

PSN

2
PE

VPLS Ethernet- IP/MPLS

91

VPLS - Control Plane

PE

CE

IP/MPLS
LDP

LDP

VPLS Red

LDP

VFI
VFI

CE

VFI

IGP
LDP

LDP
LDP
P

VPLS Green

PE

VPLS Red

VFI

P
Full-mesh
Targeted LDP

1.
2.
3.

CE

IGP (OSPF, IS-IS)

LDP
PW
Targeted-LDP L2 VPN!

CE

VPLS Green

92

VPLS - ?
PE
PE

CE

PE

MPLS PW
L2 VPN

PE

CE

Split-Horizon
PE

PE

Ethernet STP
VPLS , :
MPLS PW
, Targeted-LDP
Split-Horizon

93

Hierarchical VPLS

PSN
CPE

MTU-s

PE-rs

PE-rs

Split-Horizon

PW

PE-rs

PE-rs
MTU-s

PE-rs - Provider Edge, L2/L3

MTU-s -MTU-s
Multi-tenant unit, L2

CPE

Full-mesh PW,
Split-Horizon

-
Split-Horizon
94

Hierarchical VPLS (.)

PSN
CPE

MTU-s

AC

PE-rs

PE-rs
PW

PE-rs

PE-rs
AC

MTU-s

CPE

Split-Horizon
PE-rs
MTU-rs

PE-rs MTU-s Attachment Circuit,

Split-Horizon
95

Hierarchical VPLS -

PSN

AC

CPE

MTU-s

PE-rs

PE-rs
PW

PE-rs

PE-rs

AC

MTU-s

802.1q / EoMPLS

VPLS

CPE

802.1q / EoMPLS

L2 VPN
L2-
96

: H-VPLS 802.1q .

VPLS
Red

802.1q
VLAN 10

CPE
MTU-s

VPLS
Green

VLAN 20

PE-rs Full-mesh
PW

CPE
VLAN 30

VPLS
Blue

VLAN per
VPLS

CPE
MTU-s

VPLS
Blue

Eth. Frame

VPN Tunnel
Label Label

CPE

Eth. Frame

802.1q
VLAN 30

Eth. Frame
97

 H-VPLS

VPLS
Red

CPE
MTU-s

VPLS
Green

VPLS
Blue

MAC- PE-rs

CPE

CPE

PE-rs Full-mesh
PW

CPE

MTU-s
VPLS
Blue

MAC- VPLS Red

MAC- VPLS Green
MAC- VPLS Blue

Control Plane
Data Plane
98

 2 #3
802.1ad PB 802.1ah PBB

99

 Metro Ethernet
1. L3 L2
MPLS -

2. Ethernet
Ethernet?

100

Payload

Payload

Ethertype

TAG

C-TAG

SA

Ethertype

Ethertype

0x8100

0x8100

DA

SA

S-TAG

Ethernet
Frame

DA

Ethertype

802.1q

SA

0x0800, IPv4

0x88a8

VMAN

Payload

VLAN

Ethernet

DA

TAG - VLAN
S-TAG = Service Tag
C-TAG = Customer Tag

802.1ad
Provider Bridges

101

802.1ad -
1
PE

PE

PSN
MultiVLAN VC

C-Tag = 25
C-Tag = 30
C-Tag = 35

2
PE

S-TAG (VPN) = 125

C-Tag = 25
C-Tag = 30
C-Tag = 35

S-TAG L2 VPN
-TAG VLAN
102

802.1ad
Control Plane
Spanning-tree protocol (STP)
Ethernet
Flooding
Learning

Data Plane

Service-Tag (S-Tag)
Customer-Tag (C-Tag)

103

802.1ad - Data Plane

L2

VLAN ID
2

L2

C-Tag
2

S-Tag
125

L2

PE
MultiVLAN AC

VLAN ID
2

PE
PSN

2
PE

S-Tag, L2 VPN = 4094
104

802.1ad -

STP-,

802.1ad

MAC-
STP-
( RSTP)

STP
105


MAC-in-MAC

I-SID = Service Instance VLAN ID

B-VID = Backbone VLAN ID

Payload

Payload

C-TAG

C-TAG

S-TAG

S-TAG

SA

SA

DA

DA

802.1ad
Provider Bridges

24-bit I-SID
B-VID

B-DA = Backbone DA

B-SA

B-SA = Backbone SA

B-DA

.
Ethernet

- 802.1ah

802.1ah
Provider Backbone Bridges

24- I-SID 16 . L2 VPN

B-VID Backbone (TE)

106

 802.1ah

MAC-
MAC-

UNI

802.1ah

UNI

UNI

: MAC-
; MAC- PE ;
: STP-;
107


, 802.1ah
STP (flooding learning)
Control Plane, connectionless Ethernet

connection-oriented ,
:

Traffic Engineering
IP , MPLS

Ethernet ...

108

802.1Qay PBB-TE

109

 Ethernet
Control Plane



MAN

Flooding -

Learning - MAC-
MAC-
STP -
loop-free

Data Plane
MAC + VLAN ID
VLAN ID loop-free
MAC

loop-free , VLAN ID

110

802.1Qay -

STP
VLAN ID + MAC

DA =
2222.2222.2222

Frame

VLAN 48

VLAN 50

4

MAC-

PE

111

802.1Qay (PBB TE)

Learning
Flooding
STP

Management Plane

MAC + VLAN ( )

Payload
C-TAG
S-TAG
SA
DA
I-SID

B-VID -

B-VID

B-DA - MAC-

B-DA

B-SA

802.1ah PBB
112

802.1Qay - Management Plane

Management Plane

DA: PE2
VLAN 45
PE1

PBB-TE
PSN
P

L2

PE2
L2

Protection path

DA: PE2
VLAN 55

113

802.1Qay (PBB TE)

Control Plane
Network Management System (NMS)
Data Plane ( 802.1ah)
Ethernet-

I-SID - L2 VPN
B-VID -

114

802.1Qay -

connection-oriented 802.1Qay
Metro Ethernet

QoS
(802.1ag)

115

Metro Eth. vs VPLS -

Metro Ethernet
Native Ethernet
PE-
(PBB-TE)
QoS (PBB-TE)
VPLS
Ethernet (L2 over L3 over L2)
MPLS
(MPLS-TE)
QoS ( RSVP-TE)
Control Plane
116

QoS / Hierarchical QoS

117

 QoS
First-in-first-out (FIFO)
PE 2

CE 1

CE 2

PE 1

CE 3
PE 3

Best-Effort

118

 QoS
1. Packet Classification
2. Congestion Avoidance
QoS
3. Congestion Management
4. Traffic Policing / Shaping
PE 2

CE 1

CE 2

PE 1
IP/MPLS

CE 3
PE 3

119

 QoS
2

PE 1

PE 2

VPN Red

1
VPN Red

2
VPN Red

VPN Green

1
VPN Green

2
VPN Green

3
VPN Green

QoS
,
QoS VPN ( )
120

Hierarchical QoS
Session
Scheduler

VC
Scheduler

VC Group
Scheduler

VP
Scheduler

Physical port
Scheduler

Virtual Port 1
Service 1
Service 2
Service 3

IP
Ethernet

Classifier

Virtual Port 2

Service 1
Service 2

Service 3
S = Scheduler

DSL Forum TR-059 H-QoS

H-QoS 5

121

H-QoS VPLS
3 H-QoS
CE

5 H-QoS
PE

PE

PE

L2 VPN Red

VPLS Red

VPLS Red

L2 VPN Green

VPLS Green

VFI Green

VPLS Green

VPLS Green
122

H-QoS CE

VPN
8 8

VPN

123

H-QoS PE

VPN
8 8

VPN
VPN

VPLS L2 VPN

VPN

VPN
MPLS LSP

124

125