Internet Arch& Protocols
Internet Arch& Protocols CS 7260
Popular in Course
Popular in ComputerScienence
This 0 page Class Notes was uploaded by Alayna Veum on Monday November 2, 2015. The Class Notes belongs to CS 7260 at Georgia Institute of Technology - Main Campus taught by Staff in Fall. Since its upload, it has received 7 views. For similar materials see /class/234100/cs-7260-georgia-institute-of-technology-main-campus in ComputerScienence at Georgia Institute of Technology - Main Campus.
Reviews for Internet Arch& Protocols
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/02/15
Routing Services MPLS VPNs Nick Feamster CS 7260 February 15 2006 Administrivia Problem Set 2 is out due 224 4 problems 1 Data streaming 2 scriptroute 1 Netflow Try to test out the scriptroute installation early in case there are problems Fewer shorter problems but more scriptingcoding Scriptroute scripts are in Rubycome to office hours if you need help with the language Last problem is not that hard Most could probably be done with grepawk as a last resort MPLS Overview Main idea Virtual circuit Packets forwarded based only on circuit identifier Router can forward traffic to the same destination on different interfacespaths Circuit Abstraction Label Swapping I54 Labelswitched paths LSPs Paths are named by the label at the paths entry point At each hop label determines Outgoing interface New label to attach Label distribution protocol responsible for disseminating signalling information Layer 3 Virtual Private Networks Private communications over a public network A set of sites that are allowed to communicate with each other Defined by a set of administrative policies determine both connectivity and 008 among sites established by VPN customers One way to implement BGPMPLS VPN mechanisms RFC 2547 Building Private Networks Separate physical network Good security properties Expensive Secure VPNs Encryption of entire network stack between endpoints Layer 2 Tunneling Protocol L2TP PPP over IPquot Privacy and No encryption interconnectivity not con dentiality Layer 3 VPNS integrity etc Layer 2 vs Layer 3 VPNs Layer 2 VPNs can carry traffic for many different protocols whereas Layer 3 is IP only More complicated to provision a Layer 2 VPN Layer 3 VPNs potentially more flexibility fewer configuration headaches VPN AlSite 2 Layer 3 BGPIMPLS VPNs VPN Site 1 CEBZ VPN BISite 2 BGP to exchange routes MPLS to forward traf c CE 3 103 6 10111 VPN AlSite 3 VPN AlSite 1 04 16 VPN BISite 3 Isolation Multiple logical networks over a single shared physical infrastructure Tunneling Keeping routes out of the core HighLevel Overview of Operation IP packets arrive at PE Destination IP address is looked up in forwarding table Datagram sent to customer s network using tunneling ie an MPLS labelswitched path BGPIMPLS VPN key components Forwarding in the core MPLS Distributing routes between PEs BGP Isolation Keeping different VPNs from routing traffic over one another Constrained distribution of routing information Multiple virtual forwarding tables Unique addresses VPNIP4 Address extension 10 Layer 3 VPNs Vanilla Layer 3 VPNs All customer routes in the core E LDP LDP 1 1 P 7 quotp quotMPLs CORE 11 Problems Introduced by Layer 3 VPNs Overlapping address space in forwarding table Solution Virtual routing and forwarding table VRF Overlapping address space in BGP routes Solution Route distinguisher 8 byte VPNspecific identifier prepended to each IP address Typically one route distinguisher per VPN New VPNIP address family Routes carried with multiprotocol BGP Filtering routes from routes not at that site Route target basically a special BGP community value 12 Virtual Routing and Forwarding Separate tables per customer at each router Customer 1 39 10010124 7 1001024 39 D Green Customer 2 1001 024 Customer 2 1001024 RD Blue 13 Routing Constraining Distribution Performed by Service Provider using route filtering based on BGP Extended Community attribute BGP Community is attached by ingress PE route filtering based on BGP Community is performed by egress PE Static route RIP etc RD1001024 Route target Green Nexthop A o1024 14 BGPIMPLS VPN Routing in Cisco IOS ip vrf CustomerA rd 100110 routetarget import 100 1 OOO ip vrf CustomerB rd 100120 routetarget export 1002000 routetarget import 1002000 15 Forwarding PE and P routers have BGP nexthop reachability through the backbone IGP Labels are distributed through LDP hopbyhop corresponding to BGP NextHops TwoLabel Stack is used for packet forwarding Top label indicates NextHop interior label Second level label indicates outgoing interface or VRF exterior label Corresponds to LSP of Corresponds to BGP nexthop PE VRFinterface at exit Layer 2 Label Label lp Datagram Header 1 2 16 Forwarding in BGPIMPLS VPNs Step 1 Packet arrives at incoming interface Site VRF determines BGP nexthop and Label 2 Lage39 IP Datagram Step 2 BGP nexthop lookup add corresponding LSP also at site VRF Label 1 IP Datagram Label 2 17 Scalability Problems Lots of customers leads to explosion of routing tables How to ensure that no single router needs to carry state for all customers 18 Other Uses for MPLSITunneling Reducing state in network core Internal routers no longer need paths for every des na on Traffic engineering Can shift traffic based on virtual circuits notjust destination prefixes 19