April 30, 2007

Multicast in MPLS/VPLS Networks

An MFA Forum Sponsored Tutorial

Marc Lasserre
MFA Forum Ambassador Principal Engineer Alcatel-Lucent
Slide 1 Copyright 2006 MFA Forum

Section 3 Multicast in VPLS Networks

Slide 2

Copyright 2006 MFA Forum

Agenda
Introduction to VPLS and H-VPLS Requirements and solution aspects around
Optimizing multicast transport efficiency Providing resilience against failures Delivering assured QoE

Deploying VPLS and P2MP MPLS Conclusions

Slide 3

Copyright 2006 MFA Forum

Introduction to VPLS

C1 Customer-1 VC LSP Tunnel LSP C1

C2

Transparent L2 VPN for Ethernet Tunnel LSPs are established between PEs Customers designated C1 and C2 are part of two independent Virtual Private LANs
Learns MAC addresses per pseudo-wire (VC LSP) Forwarding based on MAC addresses Replicates multicast & broadcast frames Floods unknown frames Split-horizon for loop prevention

C2

C1

Customer-1 & 2 VC LSPs C2 C1

Slide 4

Copyright 2006 MFA Forum

H-VPLS Architecture
PE2-rs CE-1 MTU-s B Layer 2 aggregation B CE-2 VC-1 MTU-s PE-rs B CE-3 = Single pt-to-pt Martini Tunnel LSP = Bridging Capable MTU (Multi Tenant Unit) = VPLS Capable PE = Virtual VPLS (Bridge) Instance
Slide 5 Copyright 2006 MFA Forum

B Tunnel LSP VC-1 PE1-rs B

PE3-rs

Reduces signaling and packet replication to allow large scale deployment of VPLS Uses PWs / LSPs between edge MTU and VPLS aware PE devices

VPLS and Metro Ethernet

The Metro Ethernet Network plays a pivotal role in next generation services
Converged traffic: all residential traffic, growing enterprise traffic Subscriber aware: interfacing with multiple access networks Service aware: interconnecting into multiple service back-ends

Ethernet is famous for flexible, cost-effective bandwidth but:

Not optimized for enabling reliable and efficient IP multicast (IPTV) Inherent gaps in security, OAM&P and QoS are a concern

VPLS leverages MPLS mechanisms to address these

Slide 6

Copyright 2006 MFA Forum

Requirements for Multicast in VPLS

draft-ietf-l2vpn-vpls-mcast-reqts-03.txt

By default, VPLS will replicate mcast traffic on ingress

Replication to a non-member site Duplicate replication on PWs sharing a path

Multicast VPLS needs to resolve both these issues

Trim multicast tree to only include group members
Only replicate to sites with mcast receivers

Keep core P- routers stateless Reduce wasted bandwidth

Efficient multicast in VPLS required for:

Triple-play services Enterprise applications

Slide 7

Copyright 2006 MFA Forum

VPLS Multicast Solution Aspects

Mcast Trees in Provider Core
draft-raggarwa-l2vpn-vpls-mcast

IGMP-Snooping
This tutorial shows how this applies for triple-play

draft-ietf-magma-snoop-12.txt

PIM-Snooping in VPLS
This tutorial shows how this applies for enterprise applications

draft-ietf-l2vpn-vpls-pim-snooping-00.txt

PE-to-PE Mcast State Distribution

draft-qiu-serbest-l2vpn-vpls-mcast-ldp-00.txt

Slide 8

Copyright 2006 MFA Forum

What is snooping?
Snooping switches utilize information in the upper protocol layers as a factor in determining processing at the lower layers An IGMP/PIM snooping switch inspects IGMP/PIM messages, and changes layer 2 forwarding behavior in the interests of:
Conserving bandwidth on those network links Avoid sending multiple copies to those nodes Avoid forwarding when no node has expressed an interest in receiving packets in that mcast group

Slide 9

Copyright 2006 MFA Forum

Multicast in VPLS for IPTV

When to use Multicast? When more than one person is requesting the SAME PROGRAM at the SAME TIME
Can be used for
Broadcast TV Near VoD (same program proposed at regular intervals)

Goal:
Reduce bandwidth usage by sharing a single copy of a flow as far as possible Take into account different physical topologies

Why use layer 2 aggregation?

Channels will be directly made available at layer 2 level (IGMP snooping) No need to signal join and leave up to the source Share resources to handle multicast Decrease zapping time

Slide 10

Copyright 2006 MFA Forum

Optimizing VPLS for IPTV/Video Key Requirements

Service-aware aggregation node
Subscriber Policy Enforcement

Service-aware IP edge
Broadcast TV and Centralized VOD

Internet MPLS/VPLS
VoD Server VoD Server

IP VoIP

Access Nodes

NGN

Traffic engineering, QoS, security, carrier OAM

VPLS: combines strengths of Ethernet and MPLS Service separation: unicast/mcast VPLS instances QoS: per-subscriber and per-service flow control Security: residential split horizon, anti-spoofing,

Assuring the user experience

IGMP performance, HQoS, ICC* Service admission control QoE and performance monitoring End-to-end management

Multicast optimization and flexibility

VPLS multicast registration (IGMP proxy/snooping) H-VPLS: optimize rings and/or mesh topologies Distributed multicast and content insertion

High-availability, non stop services

Rapid restoration (MPLS FRR) Source redundancy (PIM-BFD) Reliable nodes (NSR, ISSU)*
* ICC: Instant Channel Change NSR: Non-stop Routing ISSU: In service software upgrade Copyright 2006 MFA Forum

Slide 11

Scaling Multicast in VPLS

(IGMP Snooping)

Video Hub Office

CH 1 CH 2

CH N

. . .
1 copy of each channel multicast

IGMP querier

MPLS/VPLS
multicast

Requested channels are distributed to downstream nodes. (1 copy per node)

IGMP Proxy snooping

Access Nodes multicast

Requested channels distributed to each home

Slide 12

Copyright 2006 MFA Forum

Multicast VPLS Registration (IGMP Snooping)

Service-aware aggregation node Service-aware IP edge IPTV channels sent based on IGMP Requests received All BTV channels BTV and Centralized VOD Internet MPLS/VPLS IP Video Server Voice Multimedia

IGMP join 253.a.b.c

IGMP Proxy

IGMP Proxy Snooping

BTV

IGMP PIM

QoS: EXP to 802.1p

Video QoS: MPLS EXP Server

NGN

BTV: End-to-end multicast support in VPLS adapts traffic replication and dynamically optimizes multicast mechanisms for actual viewing patterns
Slide 13 Copyright 2006 MFA Forum

Multicast using H-VPLS rings

H-VPLS ring

PIM

IP

IP
PIM

Dual source redundancy through sources or PIM

VPLS

VPLS

MPLS
VPLS VPLS

Efficient distributed replication in VPLS aggregation nodes MPLS tunnels provide fast convergence and high availability

Slide 14

Copyright 2006 MFA Forum

Comparing VPLS-based Multicast in Ring Topologies

By default, VPLS builds a full mesh of connections Multiple copies of the multicast flows will be sent on the initial segments of the ring path In H-VPLS only a single copy will travel the ring IGMP snooping will be used to replicate joined streams to the drop sites
GE AN GE BSR

VPLS
IP

IGMP

VLAN Video

H-VPLS

IGMP

IP Network

GE IGMP AN GE

IGMP proxy/snooping function

H-VPLS spokes VLAN between Access Node and BSA dedicated to broadcast TV

Slide 15

Copyright 2006 MFA Forum

Restoration from Link or Node Failures

PIM IGMP Querier

IP

PIM IGMP Querier

PIM

IP

PIM

IGMP Querier

Fast-reroute restoration

H-VPLS ring provides redundancy In case of inter-aggregation node

link failure, recovery via MPLS FRR
Slide 16

In case of aggregation node failure,

MPLS FRR recovery is available If ring is broken then both multicast routers become active
Copyright 2006 MFA Forum

Multicast Service Availability Protocol Resilience/Recovery

IGMP stateful failover Non-stop PIM Mcast routing PIM-BFD Anycast RP
BTV and Centralized VOD Internet MPLS/VPLS IP Video Server Voice Multimedia

IGMP Proxy
BTV

IGMP Proxy Snooping

IGMP PIM

NGN

Enabling uninterrupted viewing:

IGMP stateful switchover: preserves BTV channel forwarding state if a CPM fails Non-stop multicast routing: preserves PIM routing tables if a CPM fails PIM-BFD: enables fast detection of upstream PIM router failure Anycast RP (RFC 3446): fast convergence when a PIM/MSDP rendezvous Point
(RP) router fails by allowing receivers and sources to Rendezvous at the closest RP
Slide 17 Copyright 2006 MFA Forum

Node/Link Redundancy
Benefits:

NEW

Provide resilience against complete node or link failure Automatic failover with preservation of subscriber and service state (non-stop services) MC-LAG
Primary LAG

MC-LAG
Active

LAG VRRP
Primary

RG

Active Standby MCS

VPLS

Standby

BSAN

Standby Active

Pseudowire VPLS SAP: NULL, Dot1q, Q-in-Q MC-SAP: NULL, Dot1q, Q-in-Q

802.3ah LACP

Backup

BSA

802.3ah BSA IGP: IS-IS MPLS: RSVP-TE (FRR)

Backup

802.3ah LACP

BSR

MC-LAG: Multi-chassis Link Aggregation Group

Copyright 2006 MFA Forum

Slide 18

Delivering Quality of Service for mcast: Hierarchical QoS

Per-subscriber rate-limited HSI Per-subscriber QoS policy ctrl Per-service priority/delay/loss
VoIP Video HSI Broadband Services Aggregator

Per-service priority/delay/loss Content differentiation in HSI

VoIP VLAN Video VLAN Gold Bronze
ON-NET

VoIP Video HSI+ BE FTTx Access Node

VLAN PER SUB

IP Services Edge

GE

HSI VLAN

10 GE

IP

Per-subscriber queuing and PIR/CIR policing/shaping for HSI. HSI service classified on Source lP range Per-service prioritization for VoIP and video. VoIP prioritized over video. Destination IP and/or DSCP classification 802.1p marking for prioritization in the access and home

VoIP and video is queued and prioritized as per VLAN QoS policy HSI content differentiation based on DSCP. Each queue may have individual CIR/PIR and shaping Optional overall subscriber rate limiting on VLAN (H-QoS)

Preferred content marked (DSCP) at trusted ingress points of IP network For HSI content differentiation there is queuing for Gold, Silver, Bronze based on DSCP classification Optional overall subscriber rate limiting on VLAN

Slide 19

Copyright 2006 MFA Forum

Bandwidth Management / Admission Control - Potential resource bottlenecks

~300 subs
Serving CO 1st mile 2nd mile

~10K subs
Metro Office 3rd mile

~100K subs
Video Hub Server links

BTV/VOD Servers
HSI CIR<>PIR SD/HD per TV VOIP per line

HSI* IPTV Min. rate (CIR)

VOD BTV

SAC*
VOD BTV

Aggregate CIR bandwidth of subscribed services shall not exceed access capacity

Concurrent video bandwidth in use shall not exceed 2nd or 3rd mile bandwidth capacity budget

Server link capacity must match server streaming capacity

* HSI: High Speed Internet SAC: Session Admission Control

Slide 20 Copyright 2006 MFA Forum

Multicast Admission Control

HSI CIR<>PIR SD/HD per TV VoIP per line

HSI IPTV Min. rate (CIR)

VoD BTV

2nd mile VoD Video SAC

BTV

3rd mile Video SAC

IGMP Proxy

IGMP snooping with BTV CAC

IGMP snooping with BTV CAC

STB Stream Token Admission Control

RG

BTV servers

End-user

BSAN

BSA

BSR

IPTV middleware

threshold

Popularity

BTV Channel Admission Ctrl

Triggered by STB, IGMP join High scalability, low latency On-path CAC enforcement Prioritize mandatory/popular channels and bundles

Multicast Grp 224.1.1.1 224.1.1.2 224.1.1.3 224.1.1.4

Slide 21

Channel b/w 2.5 Mbps 2.0 Mbps 2.5 Mbps 2.5 Mbps

Channel type Mandatory Mandatory Optional Optional

Bundle 1 1 1 1

0% 100% Blocking probability

Copyright 2006 MFA Forum

Network Security Aspects

In addition to Content DRM
DHCP Option 82 adds subscriber-specific data
TV On

Residential Split Horizon Groups prevents user to user communication via VPLS
DHCP Snooping

Subscriber/CPE authentication

AAA Policy Server

DHCP Snooping DHCP-DISCOVER from STB

DHCP Snooping

DHCP Relay BTV

DHCP Relay

n Million Viewers

DHCP Response

DHCP+Options Or RADIUS Access Node BSA DHCP Response DHCP Response BSR

Intelligent Bridging prevents user to user communication

Auto-filter Proxy ARP enables controlled customer to customer interaction (e.g., for Internet only) Periodic subscriber host connectivity verification Rate-limit

Automatic anti-spoofing security filters to prevent service theft and DoS attacks Block user-to-user bridging Block ARP broadcasts & ICMP redirects User initiated broadcasts

Antispoofing DHCP-configured ARP table

Slide 22

Copyright 2006 MFA Forum

Multicast Issues for Enterprise VPNs

IGMP snooping can optimize multicast distribution over a Layer 2 aggregation network between an IGMP host and a PIM-capable multicast PE router PIM snooping applies when using VPLS as a transparent VPN service to interconnect PIM-capable enterprise CE-router peers Issue: If the CE router at site A wants to multicast IP packets to sites C1 and C2, sites B and D will receive this traffic also, even if there are no IP hosts interested in receiving it This results in wasted bandwidth in: PIM
Core LSPs between sites A-B and A-D Access LSPs between sites B and D
Core LSP Access LSP

PE B

PE A VPLS/HVPLS

PE C

PIM
C1

PIM A

Network

PIM PIM
D Slide 23 Copyright 2006 MFA Forum PE D C2

PIM Snooping in VPLS

PIM snooping addresses this issue
PIM snooping is defined for PIM-SM/SSM and bidirectional PIM (BIDIR-PIM) See draft-ietf-l2vpn-vpls-pim-snooping

VPLS PE snoops the PIM message exchange between routers

PIM join/prunes flooded in VPLS Builds multicast states

PIM routers periodically exchange hello messages to discover neighbors & maintain session state After neighbor discovery, PIM routers can signal their intention to join/ prune specific multicast groups
Downstream routers send an explicit join/prune message to the upstream routers
B B

Forwards IP multicast traffic accordingly to avoid unnecessary flooding

B B

CE 4

PIM snooping At VPLS PE

B B

CE 1

IP / MPLS Network
B B

CE 3
-

PIM CE router

LSP Full -

CE 2
Slide 24 Copyright 2006 MFA Forum

Mcast trees in the provider core

PIM PIM

*SHO1 LER2

MPLS Backbone
LER4

PIM PIM

LER1 VHOs LER3

SHO2

*VHOs

IPTV multicast backbone:

SHO VHO transport Static multicast topology 100s of MPEG2/4 channels

Two options:
PIM multicast routed backbone P2MP MPLS (PIM-less IP core)
SHO: Super Hub Office VHO: Video Hub Office
Slide 25 Copyright 2006 MFA Forum

1+1 protection for all streams QoS and traffic engineering

How mcast trees and VPLS mcast work together

P2MP MPLS backbone:
Static L2/L3 mcast topology No PIM-routing in core Sub 50 msec recovery
P2MP LSP Tree H-VPLS spoke SHO* PIM PIM

IP Edge (VHO locations)

National channels from SHO Local/regional ch. insertion PIM routing at edge
IGMP Querier PIM VHO PIM

IP/MPLS Core

Mcast distribution network:

Static L2, semi-static L3 mcast topology (channel requests) H-VPLS ring w/IGMP proxy Sub-50 msec recovery time Mcast replication efficiency
IGMP

IGMP

H-VPLS ring with IGMP proxy/snooping

IGMP IGMP

SHO* is typically redundant

Slide 26 Copyright 2006 MFA Forum

Conclusions
VPLS combines the strengths of MPLS and Ethernet for multicast services Need to create and maintain a bandwidth efficient topology
Flexible to support new modes of operations Scalable and adaptable to handle evolving traffic patterns

Quality of Experience must be high, measurable and controlled

QoS, security and accounting must be adopted to the reality of triple play services protect premium content and services Underpinned by non-stop service delivery and operation capabilities

As topology and services become more advanced, centralized control and administration tools must simplify operation
OAM tools are critical to troubleshoot advanced services Service-aware OAM tools help to quickly resolve issues
Slide 27 Copyright 2006 MFA Forum

Further Reading
Requirements for Multicast Support in VPLS
draft-ietf-l2vpn-vpls-mcast-reqts-03.txt

IGMP-Snooping
RFC 4541

PIM-Snooping in VPLS
draft-ietf-l2vpn-vpls-pim-snooping-00.txt

PE-to-PE Mcast State Distribution

draft-qiu-serbest-l2vpn-vpls-mcast-ldp-00.txt

Mcast Trees in Provider Core

draft-raggarwa-l2vpn-vpls-mcast

Slide 28

Copyright 2006 MFA Forum