Вы находитесь на странице: 1из 14

ISIS

IS-IS Overview

• Intermediate System to Intermediate System

– “Router to Router” communication

Link-State IGP similar to OSPF

• Used in core of SP networks

Simple flat network design

Highly scalable

Supports both IPv4 and IPv6 routing

• Not an IP protocol - Part of the CLNS stack

Integrated IS-IS: IP extensions to IS-IS

Enabling IS-IS in IOS

• Enable the process globally –router isis [process-id]

• Process-id locally significant

• Define the NET address –net [nsap]

• Enable the interface process –ip router isis [process-id]

Enabling IS-IS in IOS XR

• Enable the process globally –router isis [process-id]

• Process-id locally significant

• Define the NET address –net [nsap]

• Enable interfaces under IS-IS process interface GigabitEthernet0/1/0/0 •address-family ipv4 unicast

IS-IS NET Addressing

• Network Entity Title

Essentially CLNS Router-ID

• Uses ISO NSAP Addressing Format

Maximum 20 bytes

Minimum 8 bytes •NET format

AA.AAAA.AAAA.AAAA.AAAA.AAAA.AAAA.SSSS.SSSS.SSSS.NN

Area not link-state area like OSPF

System-ID - Router-ID inside the area

N-Selector - always zero

IS-IS Adjacency Levels

• IS-IS uses two “levels” of adjacency

Level 2 (L2)

Level 1 (L1)

• Process & interfaces default to Level-1-2

Forms both L1 and L2

Separate LSP databases

• Double the overhead

IS-IS Level 2

• Inter or intra area adjacency

• Like area 0 in OSPF

• Must be contiguous

Cisco IOS does not support IS-IS virtual links

IS-IS Level 1

• Intra area adjacency only

• Like a not so totally stubby area in OSPF

Intra area routes

Default route out

Redistribution allowed

Level 1 / Level 2 Routing

• Level 1 / Level 2 (L1/L2) Router

Like ABR in OSPF

• Used as exit point from L1 to L2

Injects default route into level-1

• Sets the “attached” bit

Forming IS-IS Adjacency

• Ensure transport first

CLNS resolution on multipoint NBMA

• Level of adjacency must match

Area must match if L1 adjacency

• Network type

Broadcast

Point-to-Point

Level Manipulation

• Global under the process –is-type

Affects all interfaces

• Under the interface –isis circuit-type

Affects only that interface

IS-IS Network Type

• Only two network types

Broadcast

• Default on multipoint interfaces

• Uses DIS instead of DR / BDR

Point-to-point

• Default on point-to-point interfaces •debug isis adj-packet •isis network point-to-point

• Layer 2 design considerations

DIS Election

• Designated Intermediate System

• Like OSPF DR / BDR

No backup DIS

• Election is dynamic, preemption can occur

Separate election for L1 and L2

Occurs by

• Highest priority –isis priority

• Highest SNPA (MAC) address

IS-IS Path Selection

• All links default to cost of 10

Can be manually modified

Neighbors must agree on metric style

• Narrow

•Wide

Default

Needed for MPLS TE

Transition

• Level 1 paths preferred over Level 2 paths

Like OSPF Intra-Area over Inter-Area

IS-IS Route Leaking

• Level 2 domain knows all prefixes

• Level 1 domain only knows L1 prefixes

• Route leakingcan be used to selectively…

Pass L2 routes into L1

Deny L1 routes from passing into L2

• In IOS configured as… –redistribute isis level-2 into level-1 distribute-list [acl]

• In IOS XR configured as… –propagate level 2 into level 1 route-policy [policy]

Multi Topology IS-IS

• IS-IS supports routing for both IPv4 and IPv6

• IPv6 routing can be either…

Single topology

• Shares path calculation with IPv4

• Requires 1:1 correlation of IPv4 and IPv6 interfaces

Multi topology

• Independent path calculation from IPv4

• IPv4 & IPv6 configuration completely independent

MPLS

What is MPLS?

• Multiprotocol Label Switching

• Open standard

– RFC 3031 “Multiprotocol Label Switching

Architecture”

Previously Cisco proprietary Tag Switching

• Multiprotocol

Can transport different payloads

Layer 2

• Ethernet •Frame Relay •ATM

• PPP

• HDLC

Layer 3

•IPv4

•IPv6

• Label Switching

Switches traffic between interfaces based on

locally significant label values

Similar to how a Frame Relay or ATM switch uses

input/output DLCIs and VPI/VCIs

• Transparent tunneling over SP network

BGP free core

• Saves routing table space on Provider routers

Offer L2/L3 VPN service to customers

• No need for overlay VPN model (…more later)

• Traffic engineering

Distribute load over underutilized links

Give bandwidth guarantees

Detect and repair failures quickly

MPLS Label Format

RFC 3032 – “MPLS Label Stack Encoding”

4 byte header used to “switch” packets

20 bit Label = Locally significant to router

3 bit EXP = Class of Service

S bit = Defines last label in the label stack

8 bit TTL = Time to Live

0

1 2 3

0

1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

+-+ Label | Label | Exp |S| TTL | Stack

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

+-+ Entry

How Labels Work

• MPLS Labels are bound to FECs

Forwarding Equivalency Class

IPv4 prefix for our purposes

• Router uses MPLS LFIB instead of CEF FIB

or IP routing table to switch traffic

• Switching logic

If traffic comes in if1 with label X send it out if2 with label Y

MPLS Device Roles

• MPLS network consists of three types of devices

Customer Edge (CE)

Provider Edge (PE)

Provider (P)

CE Devices

• Customer Edge (CE)

• Last hop device in customer’s network

– Connects to provider’s network

• Can be layer 2 only or layer 3 aware

• Typically not MPLS aware

PE Devices

• Provider Edge (PE)

Previously called Label Edge Routers (LER)

• Last hop device in provider’s network

Connects to CE and Provider core devices

• PE performs both IP routing & MPLS lookups

• For traffic from customer to core…

Receives unlabeled packets (like IPv4)

Adds one or more MPLS labels

Forwards labeled packet to core

• For traffic from core to customer…

Receives MPLS labeled packets

Removes one or more MPLS labels

Forwards packet to customer

P Devices

• Provider (P)

Previously called Label Switch Router (LSR)

• Core devices in provider’s network

Connects to PEs and/or other P routers

• Switches traffic based only on MPLS labels

P routers • Switches traffic based only on MPLS labels Label Push / Pop / Swap

Label Push / Pop / Swap

• PE & P routers perform three major operations

• Label push

Add a label to an incoming packet

AKA label imposition

• Label swap

Replace the label on an incoming packet

• Label pop

Remove the label from an outgoing packet

AKA label disposition

the label from an outgoing packet – AKA label disposition Penultimate Hop Popping (PHP) • In

Penultimate Hop Popping (PHP)

• In previous example PEs perform two lookups

Label lookup for customer

IPv4 lookup for customer

• Label lookup can be avoided by the next-to-last (penultimate) hop performing the pop operation

• Accomplished by PE advertising implicit-null label value

Accomplished by PE advertising implicit -null label value Label Distribution • Labels are advertised via a

Label Distribution

• Labels are advertised via a Label Distribution Protocol •LDP & TDP

Advertises labels for IGP learned routes

• MP-BGP

Advertises labels for BGP learned routes

– RFC 3107 “Carrying Label Information in BGP-4”

More in Inter-AS MPLS

• RSVP

Used with MPLS Traffic Engineering

Requires manually configured MPLS tunnels

TDP vs. LDP

• Tag Distribution Protocol (TDP)

– Originally used with Cisco’s Tag Switching

Uses UDP broadcast to port 711 to discover neighbors

Once discovered, TCP session is setup on port 711

• Label Distribution Protocol (LDP)

Standard per RFC 3036

Uses UDP multicast to 224.0.0.2 at port 646 to discover neighbors

Once discovered, TCP session is setup on port 646

Enabling TDP & LDP in IOS

• Enable CEF globally

• Choose TDP, LDP, or both

Default label protocol depends on IOS version

Can be changed with global & interface level mpls label protocolcommand

• Enable MPLS on the interface

mpls ip

Can also be enabled via IGP autoconfig

• Verify adjacency –show mpls ldp neighbor

Enabling LDP in IOS XR

• No support for TDP

• Enable LDP globally and specify interfaces –mpls ldp •interface GigabitEthernet0/1/0/0

• Also supports IGP autoconfig

• Verify adjacency –show mpls ldp neighbor

TDP & LDP Caveats

• Label protocol must match for adjacency

debug ip packet detail can be used to discover remote

label protocol

• Devices must have route to transport-address to establish TCP session

Transport address comes from LDP Router-ID

• Router-ID selection similar to OSPF/BGP/etc.

– Can be modified with interface level commands…

• IOS mpls ldp discovery transport-address

• IOS XR discovery transport-address

• Similar to BGP update-source

transport -address • Similar to BGP update -source MPLS Tunnels • One large advantage for SPs

MPLS Tunnels

• One large advantage for SPs is that MPLS can provide “BGP free” core

• P routers only need IGP information for

internal SP routes

• Routes outside the SP network can be label

switched based on the BGP next-hop

• Result is that traffic is “tunneled” over MPLS

• Result is that traffic is “tunneled” over MPLS Useful MPLS Commands •show mpls ldp interface

Useful MPLS Commands •show mpls ldp interface •show mpls ldp neighbor •show mpls forwarding-table •debug mpls packet

MPLS Tunnel Logic

• R02 learns 1.1.1.1/32 via EBGP from R01

• R02 advertises 1.1.1.1/32 via iBGP to XR1

• XR1 sees 1.1.1.1/32 via R02’s Loopback

• All P/PEs have an IGP route for R02

• All P/PEs run LDP

• Implies all P/PEs have a label for R02

• XR1 uses the label for R02 to get to 1.1.1.1/32

• P routers do not need the route for 1.1.1.1/32 since they have the label for R02

MPLS Tunnels and Loopbacks

• PE routers must peer BGP using a /32

Loopback address

• Peering to another interface can cause

problems in PHP

• Can also cause problems in OSPF vs. LDP

advertisements

MPLS L3VPNs

What is a VPN?

• Virtual Private Network

Network connection between devices that do not literally share a physical cable •Examples:

Layer 2 VPNs

• Ethernet VLANs

• Frame Relay & ATM PVCs

Layer 3 VPNs

• GRE Tunnel

• IPsec Tunnel

• MPLS VPN

VPN Models: Overlay vs. Peer-to-Peer

• Overlay VPNs

Service Provider does not participate in customer routing

• Must be provisioned prior to communication

Frame Relay & ATM PVCs

Leased lines

GRE Tunnels

• Overlay suffers from (n*(n-1))/2 scalability issues

• Allows customers to use flexible addressing scheme

• Peer-to-Peer VPNs

Service Provider doesparticipate in customer routing

• No static provisioning required

• Service Provider required to keep customer traffic separate through route filtering and access-lists

• Does not allow customers to use flexible addressing

• Problems with default routing

MPLS Layer 3 VPNs

• Best of both worlds from overlay and peer-to-peer VPNs

• No static provisioning required

– Adding new sites doesn’t necessarily require

reconfiguration of other sites

• Service provider keeps separate routing tables per customer

Allows flexibility in customer addressing

Manual route and ACL filtering not required in SP

Customers can use default routing as needed

How MPLS L3VPNs Work

• MPLS L3VPNs have two basic components…

Separation of customer routing information

• VRF – Virtual Routing and Forwarding Instance

• Different customers have different “virtual” routing tables

• IGP/BGP run inside the VRF between the customer and SP

– Exchange of customer’s routing information inside SP

• MP-BGP through the SP network

• Traffic is label switched towards BGP next-hops

Virtual Routing and Forwarding Instances

• VRFs create “virtual routers” inside IOS

• Creating a VRF

Specify locally significant VRF name •ip vrf [name]

IPv4 only

•vrf definition [name]

Supports both IPv4 and IPv6

– Specify “route distinguisher” •rd [ASN:nn | IP-address:nn]

• More on this in MP-BGP

Apply VRF to interface

•ip vrf forwarding [name] | vrf forwarding [name]

• Removes IP address from interface

• This minimum configuration is called “VRF Lite”

VRFs on IOS XR

• VRF defined globally

vrf [name]

• VRF applied at interface

interface GigabitEthernet0/1/0/0 •vrf [name]

• Route Distinguisher defined under BGP –router bgp [ASN] •vrf [name] –rd [value]

VRF Routing Tables

• Each VRF has its own routing table

IOS show ip route vrf [name | * ] IOS XR show route vrf [name | all] ipv4

• Addressing can overlap in different VRFs

• Interfaces not in a VRF are in the globaltable

Global table is your normal show ip route

– One VRF can’t talk to another VRF or global routes by default

• VRF aware commands

–ping vrf… –traceroute vrf… –telnet [host] /vrf… –Etc.

VRF Aware Routing

IOS VRF Aware OSPF

• Routing inside a VRF can be through…

ip vrf VRF1

VRF aware static routes

rd 1:1

VRF aware dynamic routing

• EIGRP

!

•RIP

ip vrf VRF2 rd 2:2

• OSPF

!

•IS-IS

router ospf 1 vrf VRF1

• MP-BGP

network 10.0.0.1 0.0.0.0 area 0

Policy Routing

!

VRF Aware Static Routes

router ospf 2 vrf VRF2 network 20.0.0.1 0.0.0.0 area 0

! IOS

ip route vrf A 10.0.0.0 255.255.255.0 1.2.3.4

! IOS XR

IOS XR VRF Aware OSPF

router static vrf A address-family ipv4 unicast 10.0.0.0/24 1.2.3.4

router ospf 1 vrf VRF1 address-family ipv4 unicast area 0 interface GigabitEthernet0/1/0/0

IOS VRF Aware RIP router rip

IOS VRF Aware IS-IS

!

interface FastEthernet1/0

address-family ipv4 vrf VRF1 network 10.0.0.0 no auto-summary

ip vrf forwarding VRF1 ip address 10.0.0.1 255.255.255.0 ip router isis 1

version 2

!

exit-address-family

router isis 1

IOS VRF Aware BGP

IOS XR VRF Aware RIP router rip vrf VRF1 interface GigabitEthernet0/1/0/0

vrf VRF1 net 49.0001.0000.0000.0001.00

router bgp 1

!

VRF Aware EIGRP router eigrp 65535

address-family ipv4 vrf VRF1 neighbor 10.0.0.2 remote-as 10

!

neighbor 10.0.0.2 activate

address-family ipv4 vrf VRF1 network 10.0.0.0

IOS XR VRF Aware EIGRP

network 10.0.0.0 mask 255.255.255.0 exit-address-family

no auto-summary

!

autonomous-system 1 exit-address-family

router eigrp 65535 vrf VRF1 address-family ipv4 autonomous-system 1

address-family ipv4 vrf VRF2 neighbor 20.0.0.2 remote-as 20 neighbor 20.0.0.2 activate network 20.0.0.0 mask 255.255.255.0 exit-address-family

!

interface GigabitEthernet0/1/0/0

IOS XR VRF Aware BGP router bgp 1 address-family ipv4 unicast

• R5 advertises label L3to R6 for R2’s Loopback

• R6 advertises labelL4to XR1 for R2’s Loopback

• Reverse advertisement occurs as well

– XR1’s Loopback to R6 > R5 > R4 > R3 > R2

!

address-family vpnv4

MPLS VPN PE-CE Routing Logic

unicast

• R2 learns X via R1 from IGP, BGP, or static

!

• R2 advertises X to XR1 via MP-BGP with…

vrf A

Next-hop of R2’s Loopback0

rd 1:1

VPN label of V1

address-family ipv4

XR2 learns X via XR1 from IGP, BGP, or

unicast

static

network 10.0.0.0/24

Reverse advertisement occurs as well

!

neighbor 1.2.3.4

MPLS VPN Traffic Flow Logic

remote-as 2

XR2 sends IPv4 packet to XR1 destined for X

address-family ipv4

unicast

XR1 does routing lookup on X and sees R2’s Loopback as

BGP next-hop

route-policy PASS in

• Since XR1 has an LSP for R2, it…

route-policy PASS out

Imposes VPN label V1

!

Imposes transport label L4

route-policy PASS

Forwards packet to R6

pass

• R6 swaps L4

end-policy

with L3and forwards to R5

VRF Lite vs. MPLS VPNs

• In VRF lite all devices in transit path must carry all routes in all VRF tables

• In MPLS VPNs only PE routers need customer

routes

• Accomplished through…

VPNv4 BGP

• RD + Prefix makes VPN routes globally unique

MPLS VPN tag/label

• P routers only need to know how to reach BGP next-hop

• Uses “BGP free core” logic

to reach BGP next -hop • Uses “BGP free core” logic MPLS VPN Label Advertisement Logic

MPLS VPN Label Advertisement Logic

• R2 advertises implicit null to R3 for R2’s

Loopback

• R3 advertises label L1to R4 for R2’s Loopback

• R4 advertises label L2to R5 for R2’s Loopback

• R5 swaps L3withL2and forwards to R4

• R4 swaps L2

with L1and forwards to R3

• R3 pops L1and forwards to R2

• R2 pops V1and forwards IPv4 to R1

Multiprotocol BGP

• How do PE routers exchange VRF info?

– RFC 4364 “BGP/MPLS IP Virtual Private Networks (VPNs)”

• MP-BGP defines AFI 1 & SAFI 128 as VPN-IPv4 or

“VPNv4”

8 byte Route Distinguisher (RD)

• Unique per VPN or per VPN site

• ASN:nnor IP-address:nn

4 byte IPv4 address

• Unique per VPN

Implies globally unique routes

• VPNv4 includes MPLS VPN label

Transport Label vs. VPN Label

• L3VPN needs at least 2 labels to deliver traffic

Can be more with applications like MPLS TE, FRR, etc.

• Transport Label

Tells the SP core routers which PE traffic is destined to

Typically derived from LDP

• Sometimes called the IGP label

• VPN Label

Tells the PE router which CE traffic is destined to

Derived from VPNv4 advertisements of PEs

Configuring VPNv4 BGP

• Uses address-family like VRF aware BGP address-family vpnv4 unicast

• Neighbors must be defined under global BGP process then activated under VPNv4

• Attributes are applied under address-family

Next-hop processing

Send-community

• Extended communities are required

Route reflection

Route-map Etc.

Controlling VPNv4 Routes

• Route distinguisher used solely to make route unique

Allows for overlapping IPv4 addresses between customers

• New BGP extended community “route-target” used to

control what enters/exits VRF table

– “export” route-target

• What routes will be go from VRF into BGP

– “import” route-target

• What routes will go from BGP into VRF

• Allows granular control over what sites have what routes

– “import map” and “export map” allow control on a per prefix basis

Route Distinguisher vs. Route Target

• Route Distinguisher

Makes the route unique

• Route Target

– Controls the route’s VPN membership(s)

VPNv4 Route Targets

• 8 byte field per RFC 4360 “BGP Extended Communities Attribute“

• Format similar to route distinguisher

ASN:nnor IP-address:nn

• VPNv4 speakers only accept VPNv4 routes with

a route-target matching a local VRF

Route reflection exception

no bgp default route-target filter

• VPNv4 routes can have more than one route target

• Allows complex VPN topologies

Full mesh

• Import and export same everywhere

Hub and Spoke

• Spokes import only hub’s routes

Central services

• Multiple VPNs can import routes from a central site or from a central server

Management VPNs

• Management Loopback on CE routers can be exported into special management VPN

Inter-AS MPLS

Inter-AS MPLS Overview

• MPLS VPNs can span multiple providers

Geographically diverse sites

Redundancy requirements

• Inter-AS considerations

How much control does each SP want

• How do SPs want to exchange routing information?

• Label exchange required?

LDP/TDP typically not feasible

RSVP would require (n*(n-1)/2)

BGP offers alternative

Inter-AS MPLS Designs

• Option 1 / Option A

Back-to-Back VRF Exchange

• Option 2 / Option B

VPNv4 BGP Exchange

• Option 3 / Option C

Multihop VPNv4 BGP Exchange

Inter-AS MPLS Designs

• Back-to-Back VRF Exchange (Option 1)

SPs use one link per VRF needed

SP1 treats SP2 like another customer site

PE-CE routing (really PE-PE routing)

No label exchange, IPv4 packets only

• VPNv4 BGP Exchange (Option 2)

Connected SP PEs peer VPNv4 BGP

VPNv4 exchanges labels

LSP end-to-end

• Multihop VPNv4 BGP Exchange (Option 3)

Non-connected SP PEs peer VPNv4 BGP

IPv4 BGP exchanges labels at SP edge

Implies SPs must share internal routing information

Back-to-Back VRF Exchange •Pros

SPs do not need to exchange internal routing information

SPs control own VRF import & export policies

• Route distinguishers and route targets locally significant

Simple configuration

• Treated just like any other VPN site

• Cons

Requires PE-PE IGP protocol

PE to PE routers must have all VRFs configured locally

• Must maintain VPNv4 peerings with all internal PEs

• Must maintain VRF routing tables

VPNv4 BGP Exchange

• Considerations

Route-target filtering on edge by default

• no bgp default route-target filter

LSP is end to end

• QoS considerations

•Pros

SPs do not need to exchange IGP routes

• IPv4 BGP typically already running between border routers

• Cons

PE to PE routers must have all VPNv4 information

• Must maintain VPNv4 peerings with all internal PEs (or with internal VPNv4 route reflectors)

Multihop VPNv4 BGP Exchange

• Considerations

– PE routers must have IGP route for remote PE routers to…

• Allow transport for VPNv4 session

• Allow building of IGP transport label

LSP is end to end

• PE to PE routers exchange labels via IPv4 BGP

Route reflection and next-hop processing •Pros

VPNv4 information only exchanged between devices with that VRF

VPN PE routers need not run BGP with anyone else

• Cons

SPs must exchange internal routing info

• Internal addressing may not be routable

• Possibly exposes core routers to Internet

MPLS Layer 2 VPNs

Layer 3 VPN Problems

• Layer 3 MPLS VPNs require PE participating in CE

routing

• CE devices may not be IP aware

Layer 2 Ethernet switches

• CE may not support PE routing protocols offerings

– SPs typically don’t run every possible PE-CE protocol

• Customer may not want to reconfigure to migrate to

MPLS

Frame Relay PVCs

ATM PVCs

Layer 2 VPN Solutions

• Layer 2 protocols can be tunneled over IP/MPLS network

• CE1 looks directly connected to CE2

• No CE-PE routing

• Broadcast domain is end-to-end

L2TPv3

• L2TPv3 - Layer 2 Tunneling Protocol

• Tunnels over IP network

Ethernet

Frame Relay ATM

HDLC

PPP

• Does not require MPLS core

AToM

• AToM – Any Transport over MPLS

• Tunnels over MPLS network

Ethernet

Frame Relay ATM

HDLC

PPP

• Requires MPLS core

Transport label follows normal LDP / MPLS TE/ BGP+ Label path

– VPN label is “Pseudowire” label

• Allocated through targeted LDP session between PEs

L2VPN Interworking

• AToM “interworking” allows any to any layer 2 tunneling

Ethernet to ATM

Ethernet to Frame Relay

Ethernet to PPP

ATM to Frame Relay

ATM to PPP

PPP to Frame Relay

VPLS

• VPLS – Virtual Private LAN Service

• Allows multipoint Ethernet network tunneled over MPLS

AToM is point-to-point only

PE route traffic based on Ethernet MAC Addresses

MPLS Traffic Engineering (TE)

Why Traffic Engineering?

• Requirements for Traffic Engineering Over MPLS - RFC 2702

A major goal of Internet Traffic Engineering is to facilitate efficient and reliable network operations while simultaneously optimizing network resource utilization and traffic performance. Traffic Engineering has become an indispensable function in many large Autonomous Systems because of the high cost of network assets and the commercial and competitive nature of the Internet. These factors emphasize the need for maximal operational efficiency.

• What problem does TE solve?

• Efficient use of all available bandwidth

• Help ensure the desired path through the network

• Eliminate or postpone the need for adding additional physical links

• Quickly converge around network failures

IGP Issues (OSPF and ISIS)

• IGPs use the least cost path which may not be

the only path available

• Manipulating the IGP metrics will only move the

problem to other links

• Manipulating the IGP metrics doesn’t scale

• IGP metrics lack the granularity needed to truly

make use of all available bandwidth

• IGPs use destination based routing to determine the path through the network

Resource Reservation Protocol (RSVP)

• RSVP was originally designed as a means for a host to

determine if there is enough bandwidth available for a particular traffic flow

• RSVP never took off due to the fact it was a host-to-host protocol

• Used for establishing LSPs in MPLS networks

• RSVP-TE provides support for

Explicit path configuration

Path numbering

Route Recording

RSVP-TE Signaling

– Path numbering – Route Recording RSVP-TE Signaling Traffic Engineering Path Calculation • Constrained -Based

Traffic Engineering Path Calculation

• Constrained-Based Shortest Path First

(CSPF)

Bandwidth

Affinity

Administrative weight

Explicitly defined path

• Path calculation can also be done offline

Traffic Engineering and IGP

• TE uses existing link-state routing protocols, OSPF and ISIS, to disseminate the topology information

OSPF uses Type 10 (area-local) Opaque LSAs

ISIS uses new TLVs

• Normally IGP carries the information about itself, neighbors, and cost to the neighbors

• TE adds information regarding available bandwidth to the neighbors show mpls traffic-eng topology

Enabling Basic IGP Support for TE

• Support for TE needs to be enabled under the routing process for OSPF and IS-IS

• OSPF

mpls traffic-eng area<area-id>

mpls traffic-eng router-id <router-id>

•IS-IS

metric-style wide

mpls traffic-eng {level-1 | level-2}

mpls traffic-eng router-id <router-id>

CSPF Path Options

• Dynamic

The router will calculate the best path for the tunnel

Uses the configured constraints such and bandwidth and

other attributes

• Explicit

User defined path for the tunnel

Uses the configured constraints such and bandwidth and other

attributes

• More than one path option can be configured for a

tunnel

• Dynamic and Explicit can be used for the same tunnel

• TE Tunnels are unidirectional

CSPF Path Options (cont) tunnel mpls traffic-eng bandwidth bandwidth tunnel mpls traffic-eng prioritysetup-priority hold-priority tunnel mpls traffic-eng path-optionnumber{dynamic| explicit{namepath-name| idpath-number}} [lockdown] ip explicit-path{nameword | identifier number} [{enable | disable}] append-after Append additional entry after specified index exclude-address Exclude an address from subsequent partial path segments index Specify the next entry index to add, edit (or delete) list Re-list all or part of the explicit path entries next-address Specify the next (adjacent) address in the path

Routing Across the TE Tunnel

• Static routing

• Policy based routing

• Dynamic routing protocol

tunnel mpls traffic-eng autoroute announce

Configuration Steps for All Routers

• Ensure CEF is enabled

• Enable TE support for the IGP protocol being used

• Enable MPLS TE Tunnels on each router globally –mpls traffic-eng tunnels

• Enable MPLS TE Tunnels on each interface in path –mpls traffic-eng tunnels

• Enable RSVP on each interface in the path

ip rsvp bandwidth <total kbps> <per-flow kbps>

Service Provider QoS

Quality of Service Overview

• Different service levels for different “classes” (types) of traffic

• SP QoS Goals

Traffic admission control from CE

• Enforce a traffic rate per SLA

• Honor / override CE’s classification scheme

DSCP / IP Precedence to MPLS EXP mappings

Transit control

• Guarantee bandwidth between sites

• Prioritize important traffic flows

• Sell different transit SLAs

QoS Models

• IntServ QoS model

Integrated Services

Network devices request specific service for particular flow

• DiffServ QoS model

Differentiated Services

Flows get specific service based on traffic

classification done by the network Copyright © www.INE.com Integrated Services QoS

• RSVP – Resource Reservation Protocol

• Original goal was for hosts to request service of the

network

Assumes transit networks will enforce admission control

and honor reservations

– Doesn’t scale; transit network would need to maintain state for every single flow

• Abandoned with few exceptions

MPLS TE for our purposes

• RSVP only makes reservation in “control plane”, not “data plane”

DiffServ must enforce reservations

Differentiated Services QoS

• Packet markings or attributes used to “differentiate” traffic classes

• IPv4 DiffServ

DSCP 6 bits = 64 classes

IP Precedence 3 bits = 8 classes

• MPLS DiffServ

MPLS EXP bits 3 bits = 8 classes

• Advanced DiffServ ACLs

NBAR

• Locally Significant DiffServ

QoS Group

Copyright © www.INE.com Differentiated Services QoS

• Once classified, traffic can be…

Guaranteed bandwidth

Prioritized

Scheduled

•WFQ

•WRR

•WRED

Limited

• CAR / Policing

• Shaping

Traffic Classification Methods

• DiffServ classification through

MQC Match / Set

• IP Precedence / DSCP / NBAR / ACLs / MPLS EXP / QoS Group

Legacy CAR

Policy Routing

Copyright © www.INE.com MPLS VPN QoS Classification

• Marking can occur at many places

Am I dealing with IP packet, VPN label, TE label, or

transport label?

• IP to MPLS

VPN label imposed on IP packet at PE-CE ingress

• MPLS to MPLS –Push

• Transport label imposed on VPN label

• MPLS TE label imposed on transport / VPN label

Swap

• Transport label disposed, new transport label imposed

Pop

• Transport label disposed to reveal VPN

• MPLS TE label disposed to reveal transport / VPN label

• MPLS to IP

VPN label disposed to reveal IP packet

Ultimate Hop Popping

• Last hop in MPLS network advertises implicit null label by default

– Causes “penultimate” hop to pop label

• Popping label destroys MPLS EXP policy

• Ultimate hop popping forces penultimate hop to

send a blank label (explicit null) to the ultimate

hop router(config)# mpls ldp explicit-null

• Allows end-to-end propagation of MPLS EXP

MPLS VPN QoS Models

• Uniform Mode

CE IPv4 marking is mapped to MPLS EXP at SP ingress

SP MPLS EXP may be remarked in transit

IPv4 egress marking on PE-CE link based on remarked MPLS EXP

Customer marking is dependent on SP marking

• Pipe Mode

CE IPv4 marking may be mapped to MPLS EXP at SP ingress

SP MPLS EXP may be remarked in transit

IPv4 not remarked at PE-CE egress

Customer marking is independent of SP marking