Professional Documents
Culture Documents
T5-2 3 PDF
T5-2 3 PDF
OSS OSS
TDM FR, ATM
TDM
TDM
IP
OSS MPLS
OSS
FR, ATM OSS
FR, ATM
IP
OSS
Increasingly, service providers use MPLS as the Most of the world’s telecom service providers now
cornerstone for traffic routing capabilities for converged agree in principle that they must migrate to
frame, ATM, and packet based networks to improve QoS converged backbones, and that MPLS (Multiprotocol
visibility and assure service level guarantees. Label Switching) technology will enable this
• CIBC World Markets, June 2004: migration.
• Heavy Reading Sep. 2003:
The most significant trend was a wholesale shift to IP-
MPLS as the new foundation technology for carriers’ MPLS is gaining support from MSPP vendors as a
data networks. This transition appears irreversible and key mechanism for enabling packet services, QoS,
is gaining momentum surprisingly fast. and traffic engineering in the metro.
Programmable L3VPN
MSE Low End Edge
Interface L3VPN
Scale instrumentation Evolution from today
Managing CPE
ATM/FR
legacy feature
parity Provisioning
Performance Multicast VPN
OAM &
Connection Troubleshooting
Management Traffic
Traffic Eng Engineering
L2/L3 + Optical AToM
Interworking
MAC address
L2TPv3 L2 Switch Management
VLAN
Management Management
L2VPN Metro E
• Problem
PE requires multiple VRF tables for multiple VRFs to push spoke
traffic via hub
If the spokes are in the same VRF (no HDV), traffic will be switched
locally and will not go via the hub site
• Solution
HDVs allows all the spoke site routes in one VRF
• Benefit
Scalability for Remote Access to MPLS connections
Reduces memory requirements by using just two VRF tables
Simplifies provisioning, management, and troubleshooting by
reducing the number of Route Target and Route Distinguisher
configuration
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 10
Hub & Spoke Connectivity Without HDV
Requires Dedicated VRF Tables Per Spoke
Spoke
A Site PE
VPNport VPNport
PE MPLS
VPNport CORE CE ISP
B
HUB ISP
Site PE HUB
Spoke A
VRF
Spoke B
VRF
• Upstream VRF
Used to forward packets from Spokes to Hub
Contains a static default route
• Downstream VRF
Use to forward packets from Hub to Spoke
Contains a /32 route to a subscriber (installed from PPP)
1. PPP user initiates a session with PPP session using a name Subscriber-A@ISP-A.com and
password
2. LAC/PE-router sends username information to the WholesaleServiceProvider Radius Server
3. ISP-A (service name) is used to index into a profile that contains information on the IP
address of the Radius server of the ISP-A
4. Subscriber-A@ISP-A.com and password is then forwarded from the Wholesale Provider
Radius server (which acts as a "proxy-radius"), towards the ISP Radius server
5. ISP-A Radius server authenticates and assigns IP address
6. ISP-A Radius server sends "Access-Accept" to Wholesale Service Provider Radius Server
7. The wholesale Service Provider Radius server adds authorization information to the
Access-Accept, (based on the domain or servicename)and the VRF to be used by
Subscriber-A, and forwards it to PE-WholesaleProvider-LAC router
8. PE-WholesaleProvider-LAC router creates temporary Virtual-Access interface (with
associated /32 IP address) and places it into the appropriate VRF
• Concern
HDV populates a different VRF than the one used for “upstream”
forwarding
• Solution
Extend the RPF mechanism so the “downstream” VRF is checked
SPOKE 1
A vpn port
PE Home
Service Gateway
Loopback vpn port
SPOKE 2
MPLS
ISP
CORE PE CE
B HUB
PE
vpn port
Service
Loopback
SPOKE 1 Home
A vpn port vpn port Gateway
PE
Service PE CE ISP
Loopback
SPOKE 2
MPLS HUB
NAP
CORE Home
B PE
vpn port Gateway
Service
Loopback
vpn port PE CE
ISP
HUB
Home
vpnport Gateway
A SPOKE 1
vpnport PE CE ISP
PE MPLS HUB
B Service
Loopbacks vpnport CORE Home
Gateway
vpnport PE CE
ISP
HUB
Inter-Provider Connectivity
RR RR RR
RR
ASBR ASBR NY
SF POP
POP
WASH
POP
LA ASBR ASBR
POP
RR RR
RR RR
Service Provider Service Provider
A B
Inter-AS Connectivity
NY
POP
ASBR
LON
POP
WASH
POP
ASBR
Service Provider
A
AS# 124
Option
A
ASBR ASBR
Back-to-back VRFs
Option
AS# 123 B AS# 456
One logical
interface & VRF per
PE-ASBR VPN client
PE-ASBR
VPN-A VPN-B
VPN-B VPN-A
149.27.2.0/24 152.12.4.0/24
VPN-B VRF
Import routes with
PE-ASBR1 route-target PE-ASBR2
123:222
VPN-v4 VPN-v4
VPN-v4 update:
update:
VPN-v4 update:
update:
RD:123:27:152.12.4.0/24, BGP, RD:123:27:152.12.4.0/24,
RD:123:27:152.12.4.0/24,
RD:123:27:152.12.4.0/24, BGP, OSPF,
OSPF, RIPv2
RIPv2 NH=PE-ASBR-2
NH=PE-1
NH=PE-1 152.12.4.0/24 NH=PE-ASBR-2
152.12.4.0/24 RT=456:222,
RT=123:222,
RT=123:222, Label=(29)
Label=(29) NH=PE-ASBR1 RT=456:222, Label=(92)
Label=(92)
NH=PE-ASBR1
AS# 123 AS# 456
PE-1 PE-2 VPN-B VRF
Import routes with
Service Provider Service Provider route-target
CE-2 A B CE-3 456:222
152.12.4.0/24,
152.12.4.0/24,
NH=CE-2
NH=CE-2 152.12.4.0/24,
152.12.4.0/24,
NH=PE-2
NH=PE-2
VPN-B
VPN-B
152.12.4.0/24
PE-ASBR1 PE-ASBR2
External MP-BGP
for VPNv4
ASBR-1 ASBR-2
Label exchange
between Gateway
ASBR routers using
MP-eBGP
AS# 123 AS# 456
PE-1 PE-2
Service Provider Service Provider
CE-1 CE-2 A B CE-3 CE-4
VPN-A VPN-B
VPN-B VPN-A
149.27.2.0/24 152.12.4.0/24
VPN-v4
VPN-v4 update:
update:
RD:123:27:152.12.4.0/24,
RD:123:27:152.12.4.0/24,
ASBR-1 NH=ASBR-1
NH=ASBR-1 ASBR-2
RT=123:222,
RT=123:222, Label=(42)
Label=(42)
VPN-v4 VPN-v4
VPN-v4 update:
update:
VPN-v4 update:
update:
RD:123:27:152.12.4.0/24, RD:123:27:152.12.4.0/24
RD:123:27:152.12.4.0/24
RD:123:27:152.12.4.0/24,
NH=PE-1 ,, NH=ASBR-2
NH=ASBR-2
NH=PE-1
RT=123:222, RT=123:222,
RT=123:222, Label=(92)
Label=(92)
RT=123:222, Label=(29)
Label=(29)
AS# 123 AS# 456
PE-1 PE-2
Service Provider Service Provider
CE-2 A B CE-3
152.12.4.0/24,
152.12.4.0/24,
NH=CE-2
NH=CE-2 152.12.4.0/24,
152.12.4.0/24,
NH=PE-2
NH=PE-2
Green VPN
Green VPN
152.12.4.0/24
42 152.12.4.1
VPN-v4 Update:
RD:1:27:149.27.2.0/24, Edge Router1 Edge Router2
NH=PE-1
RT=1:231, Label=(28)
VPN-A VRF
AS #2 Import Routes with
PE-1 AS #1 Route-target 1:231
PE2
How to Distribute
BGP, OSPF, RIPv2 Routes between
149.27.2.0/24,NH=CE-1
SPs?
CE-1 CE2
VPN-A-1
VPN-A-2
149.27.2.0/24
PE-ASBR-1 PE-ASBR-2
MP-eBGP for VPNv4
Multihop MP-eBGP
between RRs
PE-1 AS #1 AS #2
PE-2
CE-1 CE-2
VPN-A-1 VPN-A-2
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Address Family Identifier (1) | SAFI (4) | Next-
Next-hop Lth |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ MP_REACH_NLRI Attribute
| Network Address of next-
next-hop (variable) | (Specified in RFC 2858)
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| # of SNPAs | Network Layer Reachability Info (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Length | MPLS Label |
Prefix plus MPLS label
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ (Specified in RFC 3107)
| | Prefix (variable) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
RR-1 RR-2
ASBR-1 ASBR-2
VPN-A VPN-B
VPN-B VPN-A
149.27.2.0/24 152.12.4.0/24
VPN-v4
VPN-v4 update:
update:
RD:123:27:152.12.4.0/24,
RD:123:27:152.12.4.0/24,
NH=PE-1
NH=PE-1
RT=123:222,
RT=123:222, Label=(29)
Label=(29)
RR-1 RR-2
ASBR-1 ASBR-2
VPN-v4
VPN-v4 update:
update:
VPN-v4
VPN-v4 update:
update: RD:123:27:152.12.4.0/24,
RD:123:27:152.12.4.0/24, RD:123:27:152.12.4.0/24,
RD:123:27:152.12.4.0/24, NH=PE-1
NH=PE-1
NH=PE-1
NH=PE-1 RT=123:222,
RT=123:222, Network=PE-1 RT=123:222, Label=(29)
Label=(29)
RT=123:222, Label=(29)
Label=(29) Network=PE-1
AS# 123 AS# 456
NH=ASBR-2
NH=ASBR-2
PE-1 Label=(68)
Label=(68) PE-2
Network=PE-1
Network=PE-1
Service Provider
NH=ASBR-1
NH=ASBR-1 Service Provider
Label=(47)
Label=(47)
CE-2 A B CE-3
152.12.4.0/24,
152.12.4.0/24,
NH=CE-2
NH=CE-2
Green VPN
Green VPN
152.12.4.0/24
47 29 152.12.4.1
LDP ASBR-2 Label
29 152.12.4.1 68
AS# 123 AS# 456 29
PE-1 PE-2 152.12.4.1
Service Provider Service Provider
CE-2 A B CE-3
152.12.4.1
152.12.4.1
Green VPN
Green VPN
152.12.4.0/24
AS10 AS20
Provider A Provider B
Provider A
AS2
AS1
AS3
AS4
We will refer to Inter-AS model when a provider (Provider A) has, divided its
network within multiple domain or ASes.
- In this model, degree of trust between people managing different ASes,
- In general QoS definition and implementation will be consistent across
ASes
PE-3
PE-1 pwvc 151
pwvc 111
AS 1
AS 2
Pwvc 112
pwvc 12 ASBR-2 pwvc 152
PE-2 ASBR-1
PE-4
attached-circuit 4
attached-circuit 6
Pseudo-wire stitching mechanism is the mechanism that permits a service provider to extend an
existing pseudo-wire with an other pseudo-wire. In an other words, to replace the attached circuit
by an other pseudowire from same type (atom pw with atom pw) or different type (atom pw with
l2tpv3 pw).
attached-circuit 1
PE-3
PE-1
AS 1 pwvc 111
AS 2
In this model we ruse existing RFC2457bis Multi-AS 10c or Multi-AS TE to build end-end tunnel
LSP and to build end-end pseudowire VC’s
Videoconferencing
Videoconferencing Hosted
Hosted Telephony
Telephony
Storage
Storage Hosting
Hosting
Business
Business Continuance
Continuance
Directory
Directory Services
Services
Web Unified
Unified Messaging
Messaging
Web Hosting
Hosting Mobile Access
Mobile Access
Secure
Secure E-Mail
E-Mail
Residential
Remote Ethernet-
Multitenant Unit (MTU) CPE Office 1 Connected
Basement Access
Branch
Device
SP Remote
100 Mbps Metro Ethernet Office 2
Ethernet
Network
Ethernet,
10 Mbps Ethernet-
SONET/SDH,
Ethernet Connected
RPR, Branch
Regional DWDM/CWDM,
Headquarters Remote
MPLS/IP Worker
Subscriber
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 58
VPLS Overview for Metro Ethernet
Metro A Metro C
u-PE
PE-AGG
Hub & 10/100/
10/100/ GE Ring Si
Spoke 1000 Mpbs
1000 Mpbs P P u-PE
n-PE n-PE
VPLS Network
C7600 C7600
Metro B 10/100/
P P
1000 Mpbs
DWDM/
10 0 M
SONET/SDH
10
n-PE
/1 pb
CDWM
00 s
C7600 Ring
/
u-PE
u-PE Metro D
PE PE
CE MPLS CE
Network
CE
192.168.11.2/24
192.168.11.12/24
H-VPLS
• H-VPLS
u-PE
u-PE PE-CLE
Two Tier Hierarchy PE-CLE n-PE n-PE MTU-s
MTU-s PE-POP PE-POP
MPLS or Ethernet Edge GE PE-rs PE-rs
PW
MPLS Core
n-PE n-PE
CE CE
PW
Tunnel LSP PW CE
CE
PW
CE CE
P
Tu
LS
nn
Red VSI
el
Red VSI
nn
el
L
Tu
SP
Blue VSI Directed LDP Blue VSI
DFW-PE
CE-SITE3
VPLS
LDP CE-1
FRoMPLS
CE CE
• Capacity planning
TE improves aggregate availability of the network
IP/MPLS
PE1
IP/MPLS
150
150
PE2
PE3
- MPLS TE Tunnels MAY be used to distribute aggregate load via Constraint Based
Routing
- avoid congestion
!PE2 traffic (80Mb/s) and PE1!
- in this example, routing PE1! !PE3 traffic (90Mb/s) on
separate path in the core avoids congestion
IP/MPLS
draft-zhang-mpls-interas-te-req-xx, draft-vasseur-inter-as-te-xx
draft-vasseur-mpls-loose-path-reopt-xx, draft-vasseur-mpls-nodeid-subobject-xx
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 73
Diff-Serv-aware Traffic Engineering (DS-TE)
in Core
IP/MPLS
- MPLS DS-TE Tunnels MAY be used to carry separately different classes of service
- canonical example is separate tunnels for Voice and for Data
-facilitates strict enforcement of different QoS objectives for differnet classes
WITHOUT over-engineering
- per class CAC (eg. route Voice tunnels taking into account the EF queue capacity –
and not just the link capacity)
- per class C-SPF (eg. Use a “hop/Bw based metric“ for data tunnels and a “delay-
based metric” for voice tunnels)
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 74
Diff-Serv-aware Traffic Engineering (DS-TE)
in Core
IP/MPLS
Service
Differentiation What should be deployed: ???
(increase revenue)
- Nothing
- MPLS TE
? - MPLS Diff-Serv
- MPLS TE + MPLS Diff-Serv
- Diff-Serv-aware TE
? ? ?
? Resource
Optimisation
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved.
(reduce spending) 77
Applicability of Core QoS mechanims
Service
Differentiation
• No need for differentiation in Core
(Best Effort in Core is good enough for all traffic)
• No need for optimisation
(sufficient resources on all links)
! Deploy NOTHING
Nothing
Nothing
Resource
Optimisation
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 78
Applicability of Core QoS mechanims
Service
Differentiation
• Need for differentiation in Core
(Best Effort in Core is not good enough for voice)
• No need for optimisation
(sufficient resources on all links)
Resource
Optimisation
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 79
Applicability of Core QoS mechanims
Service
Differentiation
• No Need for differentiation in Core
(Best Effort in Core is good enough for all traffic)
• Need for optimisation
(delay deployment of additional links)
! Deploy TE
TE
Resource
Optimisation
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 80
Applicability of Core QoS mechanims
TE
+ Diff-Serv
Resource
Optimisation
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 81
Applicability of Core QoS mechanims
Resource
Optimisation
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 82
Appicability of Core QoS mechanisms
Higher Quality Operational
Service for Complexity
end-user
Service
DS-TE
Differentiation
+ Diff-Serv
Diff-Serv TE
+ Diff-Serv
End-End OAM
Attachment VC Attachment VC
OAM’s MPLS OAM OAM’s
Pseudowire, Traffic
Engineering or
VPN Label
• MPLS OAM mechanisms applicable between Ingress and Egress Provider
Edges;
• Label Switched Path (LSP) created by Control protocols such as Label
Distribution Protocol and/or RSVP-TE
...
...
Fwd Fast Hello
RSVP Fwd
RSVP
Engine
Engine
LDP LDP
Supported FECs:
RSVP IPv4/IPv6 Session, LDP IPv4/IPv6 prefix
VPN IPv4/IPv6 prefix, Layer 2 VPN, Layer 2 Circuit ID
security
Implementation
Architecture /
Algorithm
Operation
Break one, and all security is gone!
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 92
What Kind of Threats?
Avoid Insider
Attacks
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 95
Best Practice Security Overview (1)
VPN
CE BGP peering with
PE MD5 authentic.
PE VPN VPN PE
ACL and
CE CE CE secure routing
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 98
Use IPsec if you need:
• Encryption of traffic
Maybe more
• Direct authentication of CEs important than
encryption?
• Integrity of traffic
• Replay detection
CE PE PE CE
P P
VPN VPN
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 100
Where to Apply IPSec
CE PE PE CE
IPSec CE-CE
Application:
VPN Security
IPSec PE-PE
Application:
Special Cases
(see later)
IPSec CE-PE
Application: Remote
Access into VPN
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 101
Where to do IPsec
1. CE to CE
SP not involved (unless manages CEs)
MPLS network only sees IPsec traffic
Very secure
2. PE to PE
Does not prevent sniffing access line
Not very secure for the customer
There are some specific applications for this (US ILECs)
Mixtures
Need to trust SP
Mostly for access into VPN
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 102
Applications of PE-PE IPSec
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 103
Non-Application: Customer Security
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 104
MPLS doesn’t provide:
• Protection against
mis-configurations in the core
• Protection against
attacks from within the core
• Confidentiality, authentication, integrity, anti-replay
• Use IPsec if required
• Customer network security
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 105
Agenda
• Dynamics and Background
• Layer 3 : Half-Duplex VRF
• Inter-Provider : Layer 3
• Inter-Provider: Layer 2
• A Word on VPLS
• A Word on Traffic Engineering
• Management Considerations and MPLS OAM
• Security Considerations
• What About G-MPLS?
• Summary
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 106
Legacy Data Reference Architecture Today
Separate Layers
CPE Aggregation Distribution Core
ATM/FR ATM/FR
PSTN
Mod / TA PSTN
PoP Services
SDH/SONET SDH/SONET
ATM ATM
Optical
HFC
channelised / LL IP/MPLS Internet
SDH
Fibre Plant
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. Optical 107
What is Happening in Core ?
IP
ATM/FR
PSTN
Mod / TA PSTN
PoP Services
802.11
dWDM dWDM Optical
HFC
IP/MPLS Internet
Ethernet / channelised / LL
GMPLS
• Simplest model
• Very high BW connections
•STM-16c – STM-256c, RPR, GE, 10GE
•WAN PHY & LAN PHY Long Distance
• Static - Does it matter ?
• No layer 1 recovery
•L3 or FRR
• Cheap and efficient solution
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 110
Core Infrastructures Option 2
Overlay without Signalling
Control plane
OXC OXC
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 111
Core Infrastructures Option 3
Overlay with UNI
Control plane
OXC OXC
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 112
Core Infrastructures Option 4
Peer Model – GMPLS / G.ASON / …
OXC OXC
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 113
…. when MPLS started …
• General-purpose tunneling mechanism • Separate Control Plane from Forwarding
carry IP and non-IP payloads
Plane
uses label switching to forward • Effort began 1996 ….. RFCs out 2001
packets/cells through the network
• RFC 3031 MPLS Architecture
can operate over any data-link layer
Control
Plane Label Distribution Protocols
IP Routing Protocols LDP, RSVP
MPLS Domain - OSPF, ISIS, iBGP
Outside RIP2, BGP4
Router
Router Packet LSP Packet LSR Packet LSR
ATM LSR
Router
Router
Router Packet LSR
Packet LSR ATM LSR
Router
TE LSP
ATM LSR Router
OXC
Router
TE λ LSP
OXC
OXC OXC
Router Router
λS Domain
MPλ
Forwarding Plane
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 116
.… finally Generalized MPLS - GMPLS …
• GMPLS control plane supports multiple
switching and forwarding planes
GMPLS = MPLS + MPλS + N
• where N is MPLS control of new switching planes
• Introduces new functions to accommodate
circuit-oriented optical network regimes • draft-ietf-ccamp-gmpls-architecture-07.txt
MPLS TE
GMPLS Control RSVP TE
Plane IP Routing Protocols Label Distribution Protocols
With Extensions CR LDP, RSVP TE
OSPF, ISIS
Forwarding Plane
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 117
O-UNI Multi-Service Network Applications
ATM LSR
IP Router
O-UNI O-UNI
OXC
Service Provider
O-UNI
Optical Network
SONET SONET
SDH NE OXC O-UNI SDH NE
OXC
O-UNI
OXC
O-UNI
IP Router
ATM LSR
Experimental environments
Web100 for network researchers
NLR Research
Advanced services
I2-Abilene, Advanced Education Networks for education
SurfNet 5
CALREN
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 120
MPLS: The Key Technology for the delivery
of L2 & L3 Services
ATM IP
Services Services
IP
IP+ATM: MPLS Brings IP and ATM Together
• eliminates IP “over” ATM overhead and complexity
PNNI MPLS • one network for Internet, Business IP VPNs, and transport
IP+ATM Switch
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 121
MPLS: The Key Technology for the delivery
of L2 & L3 Services
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 122
MPLS: The Key Technology for the delivery
of L3 Services
Optical IP
Services
Services
IP+Optical Integration
• eliminates IP “over” Optical Complexity
IP • Uses MPLS as a control Plane for setting up lightpaths
(wavelengths)
O-UNI MPLS
• one control plane for Internet, Business IP VPNs, and
IP+Optical Switch optical transport
Frame Frame
Relay Relay Any Transport over MPLS
• Transport ATM, FR, Ethernet, PPP over MPLS
• Provide Services to existing installed base
• Protect Investment in the installed gear
• Leverage capabilities of the packet core
ATM • Combine with other packet based services such as MPLS VPNs
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 123
Questions?
APRICOT 2005 © 2003 Cisco Systems, Inc. All rights reserved. 124