Professional Documents
Culture Documents
L2VPN
L2VPN
Agenda
! Introduction
" Traditional
non-address information
17/01/01
Co-Authors
! Service
" Javier
Providers
! Vendors
" Manoj
Achirica " Ronald Bonica " Chris Liljenstolpe " Eduard Metz
Leelanivas " Chandramouli Sargor " Vijay Srinivasan " Quaizar Vohra
17/01/01
17/01/01
! Provisioning
complex for provider ! Topology dictated by cost rather than traffic patterns ! Multiple networks adds to providers administrative burden
17/01/01
! MPLS
" Isolation
! Auto-provisioning
VPN ! Single network architecture for both Internet traffic and VPN traffic
17/01/01
CE A
CE C
PE 1
PE 2
PE 3 PE 4
CE G
17/01/01
CE D CE F CE E
Juniper Networks, Inc. Copyright 2000 7
Privacy Security
! Encryption
17/01/01
Layer 3 VPNs
! SP
" Out-sourced
MPLS VPNs
Carrier of Carriers, inter-SP VPNs
" QoS/CoS,
! Virtual
17/01/01
MPLS LSPs
signaling " LDP LSPs " RSVP-TE LSPs " LDP over RSVP tunneling
! Fully-meshed
! Used
for all services IP, L2 VPNs, L3 VPNs, differentiated services ! Provisioned independent of Layer 2 VPNs!
17/01/01
10
Provisioning a VPN
! Key:
signaling
" Auto-discovery
of members, auto-assignment of inter-member circuits " Flexible VPN topology " Signaling using LDP or BGP
! O(N) ! O(1)
" Could
" Overprovision
17/01/01
11
of DLCIs, one for each other site, some spare (over-provisioning) ! DLCIs independently numbered at each site ! LMI, inverse ARP and/or routing protocols for auto-discovery and learning addresses ! No changes as VPN membership changes (until over-provisioning runs out)
17/01/01
12
VPN Transport
CE B
Router
CE A
CE C
PE 1
PE 2
PE 3 PE 4
CE G
17/01/01
CE D CE F CE E
Juniper Networks, Inc. Copyright 2000 13
VPN Transport
CE list: - E - C DLCI list: 65, 77, 88, 94 CE list: G DLCI list: 53, 66 CE A dlci 53 PE 1 L1/L2 Label L2 to CE G Label L1 to PE 2 Label L1 To PE 4 CE B dlci 94 77 L1/L2 Label L2 to CE C
Label L1 to PE 3
L1/L2 to PE4/CE E
17/01/01
14
Virtual Network
CE B DLCI 94 DLCI 77 DLCI 111 CE C
DLCI 89
DLCI 63 CE E
17/01/01
DLCI 101
15
Signaling
! Compact
representation of mapping of layer 2 address to inner label ! Signaling through either BGP or LDP ! Arbitrary topologies possible; common ones such as full mesh and hub-and-spoke easy to configure
17/01/01
16
17/01/01
17
the SP network acts as a big Frame Relay switch for this VPN
17/01/01
18
Non-address Information
! What
" Use
experimental bits to carry this info " Cant squeeze 4 bits into 3, so use twice the number of labels if needed
! Not
" For
this, use MPLS with Diff-Serv " Different DLCIs mapped to different PE-to-PE LSPs (L-LSPs) or different EXP bits (E-LSPs) " DE/not DE mapped to different EXP bits
17/01/01
19
Summary
! MPLS-based
" Familiar
! Benefits
" Single
2 dependent
Juniper Networks, Inc. Copyright 2000 20
Future Work
! MPLS
" CE
as layer 2 to CE
needs to be MPLS-aware
! Secure
MPLS ! VLANs as layer 2 to CE ! Carrier of carriers model, inter-SP VPNs ! CoS support
17/01/01
21
Thank you!
http://www.juniper.net