MPLS-自己的經(jīng)驗(yàn)理解通俗易懂.ppt

1、MPLS及MPLS VPN基本概念,2012年3月,MPLS VPN的基本概念,目錄,MPLS的基本概念,1,3,MPLS 及MPLS VPN舉例,傳統(tǒng)IP路由網(wǎng)絡(luò)的缺陷,傳統(tǒng)的IP數(shù)據(jù)轉(zhuǎn)發(fā),使用路由協(xié)議傳送IP路由信息 基于IP包的目標(biāo)地址進(jìn)行數(shù)據(jù)轉(zhuǎn)發(fā) IP包每經(jīng)過一個(gè)路由器都需要進(jìn)行路由表的查詢,IP的逐跳轉(zhuǎn)發(fā)，在經(jīng)過的每一跳處，必須進(jìn)行路由表的最長匹配查找（可能多次），速度緩慢。,在傳統(tǒng)的IP轉(zhuǎn)發(fā)中的流量工程問題,Most traffic goes between large sites A and B and uses only the primary link. Destinatio

2、n-based routing does not provide any mechanism for load balancing across unequal paths. Policy-based routing can be used to forward packets based on other parameters, but this is not a scalable solution.,Primary OC192 link,Large Site A,Large Site B,Small Site C,BackupOC48 link,Review Questions,列出主要的

3、傳統(tǒng)IP路由缺點(diǎn). IP包的傳發(fā)是基于那一種信息? 為什么這種轉(zhuǎn)發(fā)機(jī)制不適用于大型網(wǎng)絡(luò)?,MPLS架構(gòu)及相關(guān)技術(shù),MPLS數(shù)據(jù)轉(zhuǎn)發(fā),MPLS的標(biāo)簽轉(zhuǎn)發(fā)，通過事先分配好的標(biāo)簽，為報(bào)文建立了一條標(biāo)簽轉(zhuǎn)發(fā)通道（LSP），在通道經(jīng)過的每一臺(tái)設(shè)備處，只需要進(jìn)行快速的標(biāo)簽交換即可（一次查找）。,MPLS:多協(xié)議標(biāo)簽交換,MPLS:Multi-Protocol Label Switching 在IP網(wǎng)絡(luò)實(shí)現(xiàn)2.5層數(shù)據(jù)交換,MPLS 的基本概念,基于標(biāo)簽進(jìn)行數(shù)據(jù)轉(zhuǎn)發(fā)的機(jī)制 標(biāo)簽對(duì)應(yīng)于IP目標(biāo)路由網(wǎng)絡(luò) 標(biāo)簽可對(duì)應(yīng)于其他相關(guān)參數(shù) Qos IP源地址 支持多種協(xié)議的轉(zhuǎn)發(fā),MPLS/IP網(wǎng)絡(luò),MPLS 架構(gòu),控制層

4、面（Control plane） 運(yùn)用路由協(xié)議進(jìn)行路由信息的交換 運(yùn)用標(biāo)簽分發(fā)協(xié)議進(jìn)行標(biāo)簽交換 數(shù)據(jù)層面（Data plane） 基于標(biāo)簽進(jìn)行數(shù)據(jù)轉(zhuǎn)發(fā),MPLS Architecture,Router functionality is divided into two major parts: control plane and data plane,Data Plane,Control Plane,OSPF: 10.0.0.0/8,LDP: 10.0.0.0/8 Label 17,OSPF,LDP,LFIB,LDP: 10.0.0.0/8 Label 4,OSPF: 10.0.0.0/8,L

5、abeled packet Label 4,Labeled packet Label 17,Label Format,MPLS uses a 32-bit label field that contains the following information: 20-bit label 3-bit experimental field 1-bit bottom-of-stack indicator 8-bit time-to-live (TTL) field,LABEL,EXP,S,TTL,0,19,22,23,31,20,24,Frame-Mode MPLS,Routing lookup a

6、nd label assignment,Label Switch Router,Label switch router (LSR) 轉(zhuǎn)發(fā)打了標(biāo)簽的IP包 Edge LSR 給IP包打標(biāo)簽并轉(zhuǎn)發(fā)到MPLS域 刪除標(biāo)簽并把IP包從MPLS域轉(zhuǎn)發(fā)出去,MPLS Domain,Edge LSR,LSR,10.1.1.1,L=3,L=5,L=43,L=31,20.1.1.1,10.1.1.1,20.1.1.1,LSR的功能架構(gòu),LSRs, regardless of the type, perform the following three functions: Exchange routing inf

7、ormation Exchange labels Forward packets (LSRs and edge LSRs) The first two functions are part of the control plane. The last function is part of the data plane.,Architecture of LSRs,LSRs primarily forward labeled packets.,LSR,Control Plane,Data Plane,Routing Protocol,Label Distribution Protocol,Lab

8、el Forwarding Table,IP Routing Table,Exchange of routing information,Exchange of labels,Incoming labeled packets,Outgoing labeled packets,Architecture of Edge LSRs,Edge LSR,Control Plane,Data Plane,Routing Protocol,Label Distribution Protocol,Label Forwarding Table,IP Routing Table,Exchange of routi

9、ng information,Exchange of labels,Incoming labeled packets,Outgoing labeled packets,IP Forwarding Table,Incoming IP packets,Outgoing IP packets,MPLS 轉(zhuǎn)發(fā),LSR功能: 插入（Insert）標(biāo)簽 交換（Swap）標(biāo)簽 刪除（Pop）標(biāo)簽,MPLS 域,MPLS Forwarding (Frame-Mode),On ingress a label is assigned and imposed by the IP routing process. L

10、SRs in the core swap labels based on the contents of the label forwarding table. On egress the label is removed and a routing lookup is used to forward the packet.,10.1.1.1,MPLS 網(wǎng)絡(luò)IP路由示例,LSR,Control Plane,Data Plane,OSPF:,RT:,LIB:,FIB:,LFIB:,OSPF: 10.0.0.0/8,10.0.0.0/8 1.2.3.4,10.0.0.0/8 1.2.3.4,LSR

11、,Control Plane,Data Plane,OSPF:,RT:,LIB:,FIB:,LFIB:,OSPF: 10.0.0.0/8,10.0.0.0/8 1.2.3.4,10.0.0.0/8 1.2.3.4,LDP: 10.0.0.0/8, L=3,10.0.0.0/8 Next-hop L=3, Local L=5,LDP: 10.0.0.0/8, L=5,MPLS 網(wǎng)絡(luò)IP路由示例,標(biāo)簽的分配和分發(fā)過程,IP路由協(xié)議構(gòu)造IP路由表 LSR對(duì)路由表中每一目標(biāo)網(wǎng)段獨(dú)立地分配標(biāo)簽 LSR把所分配的標(biāo)簽公告給其他LSR 根據(jù)所受到的標(biāo)簽，LSR構(gòu)建LIB，LFIB和FIB,路由表的構(gòu)建,IP

12、 routing protocols are used to build IP routing tables on all LSRs. FIBs are built based on IP routing tables with no labeling information.,A,B,C,D,E,Network X,分配標(biāo)簽,Every LSR allocates a label for every destination in the IP routing table. Labels have local significance. Label allocations are asynch

13、ronous.,A,B,C,D,E,Network X,LIB 和 LFIB 的建立,LIB and LFIB structures have to be initialized on the LSR allocating the label.,A,B,C,D,E,Network X,標(biāo)簽分發(fā) Label Distribution,The allocated label is advertised to all neighbor LSRs, regardless of whether the neighbors are upstream or downstream LSRs for the d

14、estination.,標(biāo)簽通告的接收（Receiving Label Advertisement）,Every LSR stores the received label in its LIB. Edge LSRs that receive the label from their next-hop also store the label information in the FIB.,X = 25,X = 25,A,B,C,D,E,X = 25,Network X,過渡期的數(shù)據(jù)傳送（Interim Packet Propagation）,Forwarded IP packets are

15、labeled only on the path segments where the labels have already been assigned.,IP: X,Lab: 25,IP: X,A,B,C,E,進(jìn)一步的標(biāo)簽分配（Further Label Allocation）,Every LSR will eventually assign a label for every destination.,A,B,C,D,E,Network X,標(biāo)簽通告的接收（Receiving Label Advertisement）,Every LSR stores received informati

16、on in its LIB. LSRs that receive their label from their next-hop LSR will also populate the IP forwarding table (FIB).,A,B,C,D,E,Network X,增加LFIB條目（Populating LFIB）,Router B has already assigned a label to X and created an entry in the LFIB. The outgoing label is inserted in the LFIB after the label

17、 is received from the next-hop LSR.,Label,Action,Next hop,25,47,C,LFIB on B,A,B,C,D,E,Network X,數(shù)據(jù)包通過MPLS網(wǎng)絡(luò)的過程,IP: X,IP: X,A,B,C,E,Lab: 25,Lab: 47,MPLS網(wǎng)絡(luò)LSP的建立,MPLS網(wǎng)絡(luò)的優(yōu)化,MPLS Domain,Double lookup is not an optimal way of forwarding labeled packets. A label can be removed one hop earlier.,10.0.0.0/8

18、L=19,10.0.0.0/8 L=18,10.0.0.0/8 L=17,Double lookup is needed: 1.LFIB: remove the label. 2.FIB: forward the IP packet based on IP next-hop address.,10.0.0.0/8,倒數(shù)第二跳彈出（Penultimate Hop Popping）,MPLS Domain,A label is removed on the router before the last hop within an MPLS domain.,10.0.0.0/8 L=pop,10.0

19、.0.0/8 L=18,10.0.0.0/8 L=17,10.0.0.0/8,Pop or implicit null label is advertised.,小結(jié),MPLS VPN的基本概念,目錄,MPLS的基本概念,1,3,MPLS 及MPLS VPN舉例,什么是VPN?,Customer Site,Large Customer Site,VPN術(shù)語（VPN Terminology）,用戶網(wǎng)絡(luò)(C-network): the part of the network still under customer control,運(yùn)營商網(wǎng)絡(luò)(P-network): the service pro

20、vider infrastructure used to provide VPN services,用戶站點(diǎn): a contiguous part of the customer network (can encompass many physical locations),VPN業(yè)務(wù)網(wǎng)絡(luò)視圖,VPN的分類類型,Overlay VPN（一層VPN）,運(yùn)營商提供物理層的連接 用戶負(fù)責(zé)數(shù)據(jù)鏈路層和ip層 用戶自行管理路由,ISDN,E1, T1, DS0,SDH, SONET,PPP,HDLC,IP,Overlay VPN（二層VPN）,運(yùn)營商提供數(shù)據(jù)鏈路層的連接 用戶負(fù)責(zé)ip層 用戶自行管理路由

21、,X.25,Frame Relay,ATM,IP,Overlay VPN（IP隧道）,用戶負(fù)責(zé)ip層 用戶自行管理路由,Generic Route Encapsulation (GRE),IP Security (IPSec),IP,IP,Service Provider Network,Peer-to-Peer VPN Concept,Customer Site,Router A,Customer Site,Router B,Customer Site,Router C,Customer Site,Router D,PE,Router,PE Router,PE Router,PE Route

22、r,Routing information is exchanged between CE and PE routers.,PE routers exchange customer routes through the core network.,Finally, the customer routes propagated through the PE network are sent to other CE routers.,共享PE的方式,專用PE的方式,MPLS VPN,路由型MPLS VPN的架構(gòu),客戶邊界路由器,運(yùn)營商邊界路由器,運(yùn)營商路由器,VPN路由及轉(zhuǎn)發(fā)表（VRF）,PE的路

23、由表,地址復(fù)用,路由區(qū)分器（Route Distinguisher）,RD：64比特地址 用于區(qū)分PE中每個(gè)用戶的路由 VPNv4地址=RD+IPv4地址 VPNv4地址通過BGP在PE之間進(jìn)行交換 多協(xié)議BGP（MP-BGP）,路由區(qū)分器的運(yùn)用,使用路由區(qū)分器,路由標(biāo)記（Route Targets）,多個(gè)用戶站點(diǎn)分屬于不同的VPN，需要使用RT標(biāo)記各自的VPN路由 附加在VPNv4路由中傳送以標(biāo)記不同的VPN RT加入到BGP的擴(kuò)展屬性中進(jìn)行傳送 RT的靈活應(yīng)用可支持不同的VPN拓?fù)?RT的工作原理,Export RT：路由發(fā)送標(biāo)記，定義VPN組 Import RT：路由接收標(biāo)記，識(shí)別VPN

24、組 在發(fā)生端的PE，IPv4轉(zhuǎn)換成VPNv4路由時(shí)加入Export RT 在接收端的PE，根據(jù)Import RT進(jìn)行檢查 收到的路由的RT與Import RT匹配，接收路由,RT的靈活應(yīng)用1,RT的靈活應(yīng)用2,RT的靈活應(yīng)用3,路由型MPLS VPN的路由模型,MPLS VPN路由,CE運(yùn)行路由協(xié)議 PE運(yùn)行路由協(xié)議與CE交換路由信息 PE運(yùn)行MPLS傳送VPN路由 P運(yùn)行MPLS,CE,PE,PE路由器的路由,P,MPLS VPN端到端的路由信息流1,MPLS VPN端到端的路由信息流2,MPLS VPN端到端的路由信息流3,路由型MPLS VPN的數(shù)據(jù)轉(zhuǎn)發(fā),傳送原始IP數(shù)據(jù)包,傳送打了標(biāo)簽

25、的IP包,給IP包打兩次標(biāo)簽,VPN標(biāo)簽由Ingress PE路由器標(biāo)記并發(fā)布,MPLS L2VPN,MPLS L2VPN,MPLS L2VPN 提供基于 MPLS網(wǎng)絡(luò)的二層 VPN服務(wù)， 使運(yùn)營商可以在統(tǒng)一的 MPLS 網(wǎng)絡(luò)上提供基于不同數(shù)據(jù)鏈路層的二層 VPN。 簡單來說，MPLS L2VPN 就是在 MPLS 網(wǎng)絡(luò)上透明傳輸用戶二層數(shù)據(jù)。從用戶的角度來看，MPLS網(wǎng)絡(luò)是一個(gè)二層交換網(wǎng)絡(luò)，可以在不同節(jié)點(diǎn)間建立二層連接。 相對(duì)于 MPLS L3VPN，MPLS L2VPN 具有以下優(yōu)點(diǎn)： 可擴(kuò)展性強(qiáng)：MPLS L2VPN 只建立二層連接關(guān)系，不引入和管理用戶的路由信息。 可靠性和私網(wǎng)路由的安

26、全性得到保證 支持多種網(wǎng)絡(luò)層協(xié)議：包括 IP、IPX等,MPLS L2VPN的基本概念,在 MPLS L2VPN 中，CE、PE、P 的概念與 MPLS L3VPN 一樣，原理也相似。 MPLS L2VPN 通過標(biāo)簽棧實(shí)現(xiàn)用戶報(bào)文在 MPLS 網(wǎng)絡(luò)中的透明傳送： 外層標(biāo)簽（稱為 Tunnel 標(biāo)簽）用于將報(bào)文從一個(gè) PE 傳遞到另一個(gè) PE； 內(nèi)層標(biāo)簽（稱為 VC 標(biāo)簽）用于區(qū)分不同 VPN 中的不同連接； 接收方 PE 根據(jù) VC 標(biāo)簽決定將報(bào)文轉(zhuǎn)發(fā)給哪個(gè) CE。,MPLS L2VPN 標(biāo)簽棧處理,MPLS L2VPN 的實(shí)現(xiàn)方式,還沒有形成正式的標(biāo)準(zhǔn)。IETF 的 PPVPN工作組制訂了多

27、個(gè)框架草案，其中最主要的兩種稱為 Martini 草案和 Kompella 草案： draft-martini-l2circuit-trans-mpls draft-kompella-ppvpn-l2vpn Martini 草案定義了通過建立點(diǎn)到點(diǎn)的鏈路來實(shí)現(xiàn) MPLS L2VPN 的方法。它以 LDP為信令協(xié)議來傳遞雙方的 VC 標(biāo)簽，稱為 Martini 方式 MPLS L2VPN。 Kompella 草案則定義了在 MPLS 網(wǎng)絡(luò)上以端到端（CE 到 CE）的方式建立 MPLS L2VPN。目前它采用擴(kuò)展了的 BGP為信令協(xié)議來發(fā)布二層可達(dá)信息和 VC 標(biāo)簽，稱為 Kompella 方式

28、 MPLS L2VPN。,MPLS VPN的基本概念,目錄,MPLS的基本概念,1,3,MPLS 及MPLS VPN舉例,衢州電信城域網(wǎng),MPLS 域,衢州電信城域網(wǎng)核心網(wǎng),MPLS 域,LSR,Edge LSRs,衢州電信城域網(wǎng)MPLS VPN環(huán)境,MPLS 環(huán)境,P,PE,城域網(wǎng)三層MPLS VPN實(shí)例（環(huán)保監(jiān)控）,江山SR1： description CTVPN45002-HuangBaoJianKong vrf-import vprn200017_import route-distinguisher 4809:45002 auto-bind ldp vrf-target target:

29、4809:4500200 interface ge-lag-2.3899 create description HBJK_HuangBaoJu address 42.10.254.25/30 local-proxy-arp sap lag-2:3899.* create ingress qos 105 exit egress qos 400 exit exit exit interface ge-lag-2.3910 create description HBJK_HengChangShiYe address 42.10.41.161/28 local-proxy-arp sap lag-2:3910.* create ingress qos 105 exit egress qos 400 exit exit exit,龍游SR1: description CTVPN45002-HuangBaoJianKong vrf-import vprn200017_imp