MTU defines the maximum size in bytes that a single unit of data that can be sent over a given link
If a packet cannot be sent over a given link ie if the size of the packet is more then the MTU which is defined then the packet is fragmented and the fragmented packets are reassembled at the other end.
Physical MTU:- This defines how large packets can be sent over the physical wire.
Service MTU:- This defines the service payload capabilities of the service ie how big packets that can be sent over the service.
SDP path MTU:- How large packets that can be sent over the sdp path.
IP-MTU command is used to configure the mtu of the vprn interface facing the CE router.
SDP MTU= Network port MTU-4 (mpls label)-4 (VC label)-14 null encapsulation/18 dot1q encapsulation
9212-(4+4+14)=9190
Monday, November 29, 2010
Sunday, November 28, 2010
Route Target
To find out which VRF a partcular route will be associated with we need the assistance of Route Target.
In many cases the route distinguisher and route target may be of the same value but they should never be equated to be similar.
The import route target of the receiving PE should match the export route target of the originating PE.
There can be one route distinguisher per route but there can be multiple route targets per route.
In many cases the route distinguisher and route target may be of the same value but they should never be equated to be similar.
The import route target of the receiving PE should match the export route target of the originating PE.
There can be one route distinguisher per route but there can be multiple route targets per route.
L3 VPN addressing
In the case of L3 VPN a new structure of addressing is established, the customer routes are carried by the BGP, however if normal bgp was used then the customer CE routes will not be carried if overlapping address is used, as bgp will intall only one route for a particular destination ie the best route will be installed in the routing table however in L3 VPN the same PE might have two different VRF which might have the same destination prefix.
Hence a new address structure is used which is known as VPN-IPv4 address.
In this case to make the ipv4 address globally unique a 64 bit route distinguisher is added on the ipv4 address
Route Distinguisher+ip v4 address = vpn-ipv4 address
The purpose of the route distinguisher is to ensure that the ipv4 address is globally unique.
A route distinguisher consists of 64 bits an ipv4 address consists of 32 bits hence the full vpn-ipv4 address is 64+32=96 bits.
In the case of Type 0 the administrator subfield contains the AS number, this should ideally be a public AS number, use of private AS number is discouraged.
Assigned number is the number assigned by the service provider.
In the case of Type 1
The administrator subfield must contain an ip address use of public ip address is preferred, assigned number is again assigned by the service provider.
It makes ample sense to assign the same RD to same VRF in different sites.
VPN-ipv4 addresses are only visible on the control plane of the provider network.
By default BGP will not transmit vpn-ipv4 routes as it is only designed to transmit ipv4 routes.
Hence to transmit vpn-ipv4 routes multiprotocol extensions of bgp must be enabled this feature is know mp-bgp.
Full mesh or equivalent of mpbgp is required to achieve this purpose.
PE to PE route exchange:-
Hence a new address structure is used which is known as VPN-IPv4 address.
In this case to make the ipv4 address globally unique a 64 bit route distinguisher is added on the ipv4 address
Route Distinguisher+ip v4 address = vpn-ipv4 address
The purpose of the route distinguisher is to ensure that the ipv4 address is globally unique.
A route distinguisher consists of 64 bits an ipv4 address consists of 32 bits hence the full vpn-ipv4 address is 64+32=96 bits.
Assigned number is the number assigned by the service provider.
In the case of Type 1
The administrator subfield must contain an ip address use of public ip address is preferred, assigned number is again assigned by the service provider.
It makes ample sense to assign the same RD to same VRF in different sites.
VPN-ipv4 addresses are only visible on the control plane of the provider network.
By default BGP will not transmit vpn-ipv4 routes as it is only designed to transmit ipv4 routes.
Hence to transmit vpn-ipv4 routes multiprotocol extensions of bgp must be enabled this feature is know mp-bgp.
Full mesh or equivalent of mpbgp is required to achieve this purpose.
PE to PE route exchange:-
The vpn label ie the inner label is exchanged with the help of mp-bgp.
T-LDP is never used for label signalling in this case.
PE-CE routes that are supported
The PE-CE routes that are supported are
Static Routes
RIP
OSPF
BGP
Each PE will have provider core routes and the VRF routing table associated to each customer.
Static Routes
RIP
OSPF
BGP
Each PE will have provider core routes and the VRF routing table associated to each customer.
Friday, November 26, 2010
L3 VPN---Data plane functions
L3 VPN has two data plane functions:-
1>Customer packets received from the local CE (by the ingress PE to the provider network) will be forwarded across the
service provider’s network to the egress PE.
2> Customer packets received from the ingress PE (by the egress PE from the provider network) will be forwarded to the
local CE.
VPRN Functions--- Control Plane
VPRN functions can be split into two
1> Control Plane functions
2> Data Plane functions
Control Plane functions:-
Learning of Routes:- Routes are learned from the local PE, and populates the routes in the VRF of the customer, it also learns routes from the remote PE and populate the VRF based on the specific parameters associated with the routes.
Propogation of routes:-
Routes learned from the local CE are propogated to the remote PE across the provider core. Also the routes that are not learned locally from the local CE are propogated to the local CE in the same VPRN.
Transport tunnels needs to be established first between the PE's.
Maintaining Customer Security:- When a PE receives routes from a CE it must be populated to the correct VRF associated to the customer. Routes received from one customer should not be advertised to a vrf of another customer.
Overlapping customer prefixes:- Provider network must manage overlapping customer networks ie the same ip prefixes should remain unique across the provider network this is the resposibility of the SP.
1> Control Plane functions
2> Data Plane functions
Control Plane functions:-
Learning of Routes:- Routes are learned from the local PE, and populates the routes in the VRF of the customer, it also learns routes from the remote PE and populate the VRF based on the specific parameters associated with the routes.
Propogation of routes:-
Routes learned from the local CE are propogated to the remote PE across the provider core. Also the routes that are not learned locally from the local CE are propogated to the local CE in the same VPRN.
Transport tunnels needs to be established first between the PE's.
Maintaining Customer Security:- When a PE receives routes from a CE it must be populated to the correct VRF associated to the customer. Routes received from one customer should not be advertised to a vrf of another customer.
Overlapping customer prefixes:- Provider network must manage overlapping customer networks ie the same ip prefixes should remain unique across the provider network this is the resposibility of the SP.
VRF Table
VRF table is a logical forwarding table present in the PE router this table isolates routing information of different customers and also the provider core routing table.
The number of VRF present in a PE router depends on the number of customers connected to the PE router, the routes received from the local CE routers are stored in the local VRF based on the interface on which it has received.
The number of VRF present in a PE router depends on the number of customers connected to the PE router, the routes received from the local CE routers are stored in the local VRF based on the interface on which it has received.
Thursday, November 25, 2010
L3 VPN Labels
There are 2 labels used in L3 vpn the outer label which is used to distriguish the LSP this label is known as the transport label.
The inner label is used to distinguish the customer vprn and is known as the Vpn label.
Push,pop and swap are done on the first label ie the transport label.
The inner label is used to distinguish the customer vprn and is known as the Vpn label.
Push,pop and swap are done on the first label ie the transport label.
Basic Terminologies in VPRN
CE:- This is the customers interface to the service providers network. This is typically an L3 aware box.
The ce routers exchange routing information with other CE routers it also exchange routing info with the pe.
PE: This interface between the customer and the service provider.
Functions of PE:-
a.> Run a common routing protocol in the provider core between other routers and the PE.
b> Run a second routing protocol this is done to exchange the VPRN routes this is done between the PE.
c> Run a routing protocol between the PE and the CE.
These routers are aware of the MPLS running and the VPRN.
P routers:-
These are the provider core routers, they may have intercnnection with the PE routers or other P routers but they will never be connected with the CE routers.
In this case the MPLS functions are enabled but the boxes are not aware of the vprn services.
The ce routers exchange routing information with other CE routers it also exchange routing info with the pe.
PE: This interface between the customer and the service provider.
Functions of PE:-
a.> Run a common routing protocol in the provider core between other routers and the PE.
b> Run a second routing protocol this is done to exchange the VPRN routes this is done between the PE.
c> Run a routing protocol between the PE and the CE.
These routers are aware of the MPLS running and the VPRN.
P routers:-
These are the provider core routers, they may have intercnnection with the PE routers or other P routers but they will never be connected with the CE routers.
In this case the MPLS functions are enabled but the boxes are not aware of the vprn services.
L3 VPN basics
Why we need L3 VPN ?
Traditional L3 networs have some issues all customers must implement a separate ip address range which is not feasible solution, or use nat but natting also have some limitations and is not a scalable solution also some of the applications does not work with nat.
L3 VPN or vprn allows multiple customer sites to commumicate at the ip level over a provider managed mpls network.
The provider network remains a shared infrastructure offering services to multiple customers.and it also isolates the routing and packet forwarding of a particular customer.
Each provider router maintains separate forwarding table for each vprn sessions.
It appears to the customers that there routers are connected as L3 routers, the SP domain is transparent to the customers.
Simplifies the routing topology at customer sites:- The routing topology is simplified as the provider is managing the routed infrastructure, the customer might only have the static routes and reap the benefits.
Traditional L3 networs have some issues all customers must implement a separate ip address range which is not feasible solution, or use nat but natting also have some limitations and is not a scalable solution also some of the applications does not work with nat.
L3 VPN or vprn allows multiple customer sites to commumicate at the ip level over a provider managed mpls network.
The provider network remains a shared infrastructure offering services to multiple customers.and it also isolates the routing and packet forwarding of a particular customer.
Each provider router maintains separate forwarding table for each vprn sessions.
It appears to the customers that there routers are connected as L3 routers, the SP domain is transparent to the customers.
VPRN Benefits
customer routes
The service provider manages the core network and the
the provider core
Customers receive the redundancy benefits designed into
Frame Relay)
Security is similar to existing layer 2 technologies (ATM or
at customer sites
Layer 2 independent - allows different layer 2 connectivity
between different customersAllows the usage of overlapping private IP address space
Subscribe to:
Posts (Atom)