MPLS over IP-Tunnels Mark Townsley Distinguished Engineer 21 February 2005 1 MPLS over IP – The Basic Idea MPLS Tunnel Label Exp S TTL MPLS VPN Label Exp S TTL MPLS Payload (L3VPN, PWE3, etc) (cid:1) MPLS Tunnel Label transports MPLS-labeled VPN packets between PEs. It is swapped along the LSP from one PE to another. (cid:1) MPLS VPN Label remains the same between PEs. It is exchanged via targeted LDP, MP-BGP, etc. and refers to a VRF, VPLS VSI, or PWE3 VC. VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 222 MPLS over IP – The Basic Idea IP Tunnel MPLS Tunnel Label Exp S TTL MPLS VPN Label Exp S TTL MPLS Payload (L3VPN, PWE3, etc) (cid:1) MPLS Tunnel Label transports MPLS-labeled VPN packets between PEs. It is swapped along the LSP from one PE to another. (cid:1) MPLS VPN Label remains the same between PEs. It is exchanged via targeted LDP, MP-BGP, etc. and refers to a VRF, VPLS VSI, or PWE3 VC. VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 333 MPLS over IP – The Basic Idea IP Tunnel MPLS Tunnel Label Exp S TTL MPLS VPN Label Exp S TTL MPLS Payload (L3VPN, PWE3, etc) (cid:1) MPLS Tunnel Label is replaced with an IP Tunnel, which performs the same function of getting the MPLS VPN label and payload between PEs (cid:1) Unfortunately, we have a few IP tunnels to choose from – each with different pros and cons VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 444 A Long Evolution Leading to Many Optoins… (cid:1) Unfortunately, there are a lot of choices to wade through when it comes to MPLS over IP • MPLS directly over IP • MPLS over “Full” GRE/IP • MPLS over “Simple” GRE/IP • MPLS over L2TPv3 w/BGP Tunnel SAFI • Each of the above with IPsec • Point-2-Point vs. Point-2-Multipoint… (cid:1) This presentation will walk through the evolution of each of these methods of carrying MPLS over IP, leading us to where we are today VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 555 MPLS over IP Tunneling Technologies MPLS over IP Version IHL TOS Total length Identification Flags Fragment offset TTL Protocol 0x137 Header checksum Source IP address (Ingress PE) Destination IP address (Egress PE) MPLS VPN Label Exp S TTL Customer Payload… (cid:1) Defined in draft-ietf-mpls-over-ip-or-gre-08.txt (cid:1) Smallest and simplest of MPLS over IP encapsulations (just +16 bytes) (cid:1) Not widely supported today VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 666 Tunneling Technologies MPLS over “Full” GRE Header Version IHL TOS Total length Identification Flags Fragment offset TTL Protocol 0x47 Header checksum Source IP address (Local address on PE router) Destination IP address (Local address on PE router) (cid:19) (cid:14) (cid:18) (cid:17) (cid:13) (cid:14)(cid:7) (cid:15) (cid:16) (cid:8) (cid:9) (cid:10)(cid:11) (cid:12) (cid:13) (cid:6) (cid:7) (cid:8) (cid:1)(cid:2)(cid:3)(cid:3)(cid:4)(cid:5) Checksum (Opt) Offset (Opt) Key (Opt) Sequence Number (Opt) MPLS VPN Label Exp S TTL Customer Payload… (cid:1) Defined in draft-ietf-mpls-over-ip-or-gre-08.txt (cid:1) Also not widely supported today VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 777 Tunneling Technologies MPLS over “Simplified” GRE Header Version IHL TOS Total length Identification Flags Fragment offset TTL Protocol 0x47 Header checksum Source IP address (Local address on PE router) Destination IP address (Local address on PE router) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1) (cid:1)(cid:2)(cid:3)(cid:3)(cid:4)(cid:5) MPLS VPN Label Exp S TTL Customer Payload… (cid:1) Most widely supported, particularly for manually configured, point to point tunnels (cid:1) Larger encapsulation than MPLS over IP, but with no tangible advantage as the GRE Header is simply reduced to a constant set of bits in each packet VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 888 Manually Configured Overlay (GRE) PE CE PE IP/MPLS Network Manually Configured Tunnel P CE CE IP Network PE P PE IP/MPLS Network (cid:1) Manual Point-to-Point GRE Tunnel (cid:1) Connects disparate MPLS networks. (cid:1) Separate MPLS networks act as one, so all services enabled by MPLS are available across both clouds (cid:1) This was, and still sometimes is, a good thing… But… VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 999 Manually Configured Overlay (GRE) PE CE PE IP/MPLS Network Label Switched Paths P CE CE IP Network PE P PE IP/MPLS Network (cid:1) Number of LSPs are multiplied, setup between all nodes on BOTH networks (cid:1) IP-only PE Nodes Still Isolated (cid:1) Traffic may not traverse optimal path between PEs VPN Services over IP Tunnels ©Copyright Cisco Systems 2005 111000
Description: