N E T W O R K C O N V E R G E N C E N E T W O R K C O N V E R G E N C E Ethernet Applications and Next Generation Packet Transport Architectures VINOD JOSEPH and SRINIVAS MULUGU AMSTERDAM (cid:129) BOSTON (cid:129) HEIDELBERG (cid:129) LONDON NEW YORK (cid:129) OXFORD (cid:129) PARIS (cid:129) SAN DIEGO SAN FRANCISCO (cid:129) SINGAPORE (cid:129) SYDNEY (cid:129) TOKYO Morgan Kaufmann is an imprint of Elsevier Publisher:SteveElliot EditorialProjectManager:KaitlinHerbert ProjectManager:MalathiSamayan Designer:MarkRogers MorganKaufmannisanimprintofElsevier 225WymanStreet,Waltham,MA02451,USA Copyright#2014ElsevierInc.Allrightsreserved. Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans, electronicormechanical,includingphotocopying,recording,oranyinformationstorageand retrievalsystem,withoutpermissioninwritingfromthepublisher.Detailsonhowtoseek permission,furtherinformationaboutthePublisher’spermissionspoliciesandourarrangements withorganizationssuchastheCopyrightClearanceCenterandtheCopyrightLicensingAgency,can befoundatourwebsite:www.elsevier.com/permissions. Thisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythe Publisher(otherthanasmaybenotedherein). Notices Knowledgeandbestpracticeinthisfieldareconstantlychanging.Asnewresearchandexperience broadenourunderstanding,changesinresearchmethodsorprofessionalpractices,maybecome necessary.Practitionersandresearchersmustalwaysrelyontheirownexperienceandknowledgein evaluatingandusinganyinformationormethodsdescribedherein.Inusingsuchinformationor methodstheyshouldbemindfuloftheirownsafetyandthesafetyofothers,includingpartiesfor whomtheyhaveaprofessionalresponsibility. Tothefullestextentofthelaw,neitherthePublishernortheauthors,contributors,oreditors,assume anyliabilityforanyinjuryand/ordamagetopersonsorpropertyasamatterofproductsliability, negligenceorotherwise,orfromanyuseoroperationofanymethods,products,instructions,or ideascontainedinthematerialherein. LibraryofCongressCataloging-in-PublicationData Joseph,Vinod. Networkconvergence:Ethernetapplicationsandnextgenerationpackettransportarchitectures/ VinodJoseph,SrinivasMulugu. pagescm Includesbibliographicalreferencesandindex. ISBN978-0-12-397877-6(pbk.) 1. Ethernet(Localareanetworksystem)2. Packettransportnetworks.3. Computernetwork architectures.4. Convergence(Telecommunication)5. Internetworking(Telecommunication) I. Mulugu,Srinivas.II.Title. TK5105.383.J682013 004.6–dc23 2013025197 BritishLibraryCataloguing-in-PublicationData AcataloguerecordforthisbookisavailablefromtheBritishLibrary ISBN:978-0-12-397877-6 ForinformationonallMKpublicationsvisitourwebsiteat http://store.elsevier.com PrintedandboundinUSA 14 15 16 13 12 11 10 9 8 7 6 5 4 3 2 1 INTRODUCTION Overtheyears,Ethernethasbecomethedefactovehiclefordeploy- ingInternetcommunicationtransportinfrastructuresattheaccess, aggregation, andeventhe core aspects. Becauseofthe simplicity, capacity for scalability, availability, and levels of integration that Ethernet offers across the various networking layers, it has been adopted widely across the industry. The objective of the book is to highlight the convergence of new developments, applications, andservicesthatareemerginginEthernettransport. Thebookdiscussesvariousapplicationsandservicesthatcan bedeployedusingEthernetasaconvergedinfrastructurelinking multiplecarrierand/orenterpriseinfrastructures.Inthebookwe examine several services, such as MPLS Layer 3 VPNs, Point-to- Point and Multi-Point Ethernet over MPLS PWs, and provider backbone bridging, which is an option available for scaling Ethernetlayer2services.Wethen moveontolookathowMPLS canbeusedinallEthernetaccess,aggregation,andcoreaspects toofferservicessuchasmobilityandstillretainoperationalscale andcontrol.WealsoexamineMPLS-TP,atrendthatisapplicable in certain Ethernet access environments, before moving on to discusshowpacketand optical layers can be integrated. Pleasenotethatamongallthegraphicsandfiguresappearing inthisbook,allsymbolsofroutersandswitchesarepurelygeneric to illustrate a device or concept. None of them represents any actual vendor. Some of the configuration templates provided are from actual vendors, such as Juniper, Cisco, and Alcatel- Lucent.Thisistoprovidediversityandalsohelpthereaderrelate to specific topics. It is by no means an endorsement of any ven- dorsor their respective technologies. Finally, this book is written by the two authors in their own capacities. It has no affiliation to any organizations they are directly orindirectlyinvolvedwith. ix 1 DEPLOYING ETHERNET MULTI-POINT SERVICES USING VPLS Introduction In this chapter we take a look at virtual private LAN services (VPLS) and the various building blocks of deploying multipoint Ethernet servicesusing VPLS. Virtual Private LAN Service (VPLS) AlthoughourtopicisVPLS,letusbeginbytakingaquicklook atMPLSLayer2VPNs,alsoreferredtoaspoint-to-pointservices. Apoint-to-pointL2VPNcircuit,asdefinedbythepseudowire encapsulationedgetoedgeworkinggroup(PWE3)oftheInternet Engineering Task Force (IETF), is a provider service that offers a point-to-point service infrastructure over an IP/MPLS packet switched network. The PWE3 working group describes mecha- nismsfordeliveringL2VPNservicesacrossthiskindofnetwork. The basic referencemodel is shown inFigure1.1. Apseudowire(PW)isaconnectionbetweentwoprovideredge (PE) devices, which connects two attachment circuits (ACs). An ACcanbeaFrameRelayDLCI,anATMVPI/VCI,anEthernetport, aVLAN,aHDLC,aPPPconnectiononaphysicalinterface,aPPP sessionfromanL2TPtunnel,anMPLSLSP,etc.Duringthesetup of a PW, the two PE routers are configured or automatically exchange information about the service to be emulated so that later they know how to process packets coming from the other end.ThePEroutersuseTargetedLDP(T-LDP)sessionsforsetting the PW. After a PW is set up between two PE routers, frames received by one PE from an AC are encapsulated and sent over thePWtotheremotePE,wherenativeframesarere-constructed and forwardedto the other CE. 1 2 Chapter1 DEPLOYINGETHERNETMULTI-POINTSERVICESUSINGVPLS Figure1.1 From a data-plane perspective, different PWs in the same packet-switchednetwork(PSN)tunnelareidentifiedusingamul- tiplexing field. This multiplexing field is an MPLS label, and the encapsulationofthecustomerframesoverthese(MPLS)connec- tionsorPWsisdefinedbythePWE3workinggroup.PSNtunnels are implemented in the provider’s network as MPLS LSPs (RSVP, LDP),orusingIP-in-IP(GRE).Figure1.2showstheprotocolstack inthe coreof theprovider’s network for Ethernetframes. Ethernetisparticularlyappealingtoenterprisenetworkers:Itis mature,reliable, cheap, scalable,andwellunderstood. Common networking practice is to connect local sites (subnets, floors, or buildingsof a campus) with an Ethernet backbone switch, man- aging and scoping the network with layer 2 VLANs. So it comes asno surprise thatsuchnetworkoperatorswouldlike tobe able toconnectsitesacrossawiderareausingthesameEthernetback- bones.Noristhisinterestnew;asmuchas15yearsagomanylocal providerswereofferingmetropolitan-areaEthernetservicessuch asTransparentLANService(TLS),basedonproprietarytechnol- ogies,andLANEmulation(LANE),basedonATMbackbones.But suchserviceofferingswerenotidealfortheproviderduetofactors suchasdependencyonasinglevendor,foraproprietaryTLSsolu- tion,andprohibitivecomplexity,foraLANEsolution.AsEthernet technology itself advanced, permitting greater speeds at greater transmissiondistances,morerecentmetropolitanEthernetoffer- ingshavebeenbuiltaroundEthernetswitches.Buttheseswitch- basedinfrastructureshavetheirownlimitations,primarilylackof scalability due to the numericlimitations on VLAN IDs. Inrecentyears,VPLShasarisenasapractical,economical,and scalablealternativeforcreatingmetroEthernetservices.VPLS,in Chapter1 DEPLOYINGETHERNETMULTI-POINTSERVICESUSINGVPLS 3 Figure1.2 turn, has been made possible by the advent of MPLS, which has seenaccelerating deployment incarrierand serviceprovider net- worksbeginninginthelate1990s.MPLSprovidesameansofcre- atingvirtualcircuits,similartoFrameRelayDLCIsandATMVCI/ VPIs,over IPnetworks. Its appeal is itsability to eliminate Frame RelayandATMinfrastructureswhilemovingtheservicesprovided by those infrastructures to an IP network, thereby reducing the overall capital and operational costs of the network. These MPLS virtualcircuits—calledlabel-switchedpaths(LSPs)—haveformany yearsbeenusedtoprovideLayer3IPv4VPNsandLayer2point-to- point VPNs. More recently, the technology has been extended to supportLayer3IPv6VPNs,Layer3MulticastVPNs,andVPLS. TheadvantageofVPLSfortheserviceproviderisinbuildingon thecapitalandoperationalcostsavingsofanMPLSVPNnetwork:a 4 Chapter1 DEPLOYINGETHERNETMULTI-POINTSERVICESUSINGVPLS common IP/MPLS infrastructure with no Ethernet switches required to support the VPLS, and a common set of standards- based protocols to support all services, simplifying the manage- mentofthenetwork.Supplyingthedesiredservicetothecustomer isasimplematterofinstallingandconfiguringthecorrectinterface. While the advantages of VPLS described here benefit the ser- vice provider, from the customer’s perspective there is nothing to differentiate VPLS from any other metro Ethernet solution, beyondpossiblyhavingsomeoftheprovider’scostsavingspassed alongasalessexpensiveservice.However,serviceproviderswho addaninter-providerelementtotheirVPLSoffering,candifferen- tiate themselves from competitors by providing their customers with an expanded “servicefootprint.” Figure1.3showsthe VPLSreference model. In Figure 1.3 an IP/MPLS backbone network (the packet- switchednetwork,PSN)operatedbyaserviceprovideroffersaVPLS service to two VPN customers: an Orange customer and a Red Figure1.3 Chapter1 DEPLOYINGETHERNETMULTI-POINTSERVICESUSINGVPLS 5 customer.Eachcustomerhasprivatesitesthatitwantstointercon- nectattheEthernetlayer.CustomersitesareconnectedtotheSP’s backboneviaattachmentcircuits(AC)betweencustomeredge(CE) devicesandprovideredge(PE)devices.Assuch,aVPNcanberepre- sentedbyacollectionofCEdevices.Inthisillustration,theOrange L2VPN N consists of<CE11, CE12, CE21, CE31, CE41>while the RedL2VPNMconsistsof<CE22,CE31,CE32,CE42,CE43>. AswithallPE-basedVPNs,withVPLS,theCEdevicesareunaf- fected by the service: a VPLS CE can be a standard router, or an Ethernet bridge or host. It is the PE device that implements VPLS-specific functions. Indeed, the PE device needs to imple- ment a separate virtual forwarding instance (VFI)–also known as virtual switched instance (VSI), the equivalent of VRF tables for MPLS Layer 3 VPNs)–for every VPLS it is attached to. This VFI has physical direct interfaces to attached CE devices that belong to the VPLS, and virtual interfaces or pseudowires that are point-to-point connections to remote VFIs belonging to the sameVPLSandlocatedinotherPEdevices.ThesePWsarecarried from one PE to another PE via PSN tunnels. From a data-plane perspective,differentPWs inthe same PSN tunnel areidentified using a multiplexing field. This multiplexing field is an MPLS label. The encapsulation of the customer Ethernet frames over theseMPLSconnectionsorPWsisdefinedbythePWE3working group.PSNtunnelsareimplementedintheprovider’snetworkas MPLSLSPs(RSVP,LDP)orusingIP-in-IP(GRE).Figure1.4shows the protocol stackinthe coreof theprovider’s network. A Draft-Rosen MVPN represents itself as an emulated LAN. EachMVPNhasalogicalPIMinterfaceandwillformanadjacency to every other PIM interface across PE routers within the same MVPN. This is illustrated inFigure1.__. Note that with VPLS, a full mesh of PSN tunnels between the network’sPEdevicesisassumed,andforeveryVPLSinstancethere is a full mesh of pseudowires between the VFIs belonging to that VPLS.TheIETFLayer2VPNworkinggrouphasproducedtwosep- arate VPLS standards,0 documented in RFC 4761 and RFC 4762 (seeKompellaandRekhter,Jan.2007,andLasserreandKompella, Jan.2007).ThesetwoRFCsdefinealmostidenticalapproacheswith respecttotheVPLSdataplane,buttheyspecifysignificantlydiffer- entapproachestoimplementingtheVPLScontrolplanes. VPLS Control Plane TheVPLScontrolplanehastwoprimaryfunctions:autodiscov- eryandsignaling.DiscoveryreferstotheprocessoffindingallPE routersthatparticipateinagivenVPLSinstance.APEroutercanbe 6 Chapter1 DEPLOYINGETHERNETMULTI-POINTSERVICESUSINGVPLS Figure1.4 configuredwiththeidentitiesofalltheotherPEroutersinagiven VPLSinstance,orthePEroutercanuseaprotocoltodiscoverthe other PE routers. The latter method is called autodiscovery. After discoveryoccurs,eachpairofPEroutersinaVPLSnetworkmust be able to establish pseudowires to each other, and in the event of membership change, the PE router must be able to tear down the established pseudowires. This process is known as signaling. Signaling is also used to transmit certain characteristics of the pseudowirethataPEroutersetsupforagivenVPLS. BGP-VPLS Control Plane TheBGP-VPLScontrolplane,asdefinedbyRFC4761,issimilar tothatforLayer2andLayer3(seeKompella,Jan.2006,andRosen and Rekhter, Feb. 2006). It defines a means for a PE router to