MPLS-自己的经验理解通俗易懂.ppt

MPLS及MPLS VPN基本概念 2012年3月MPLS VPN的基本概念目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例传统传统IP路由网络的缺陷路由网络的缺陷传统的IP数据转发使用路由协议传送IP路由信息基于IP包的目标地址进行数据转发IP包每经过一个路由器都需要进行路由表的查询IP的逐跳转发，在经过的每一跳处，必须进行路由表的最长匹配查找（可能多次），速度缓慢。在传统的IP转发中的流量工程问题Most traffic goes between large sites A and B and uses only the primary link.Destinationbased routing does not provide any mechanism for load balancing across unequal paths.Policybased routing can be used to forward packets based on other parameters,but this is not a scalable solution.Primary OC192 linkLarge Site ALarge Site BSmall Site CBackupOC48 linkReview Questions列出主要的传统IP路由缺点.IP包的传发是基于那一种信息?为什么这种转发机制不适用于大型网络?MPLS架构及相关技术架构及相关技术MPLS数据转发MPLS的标签转发，通过事先分配好的标签，为报文建立了一条标签转发通道（LSP），在通道经过的每一台设备处，只需要进行快速的标签交换即可（一次查找）。MPLS:多协议标签交换MPLS:MultiProtocol Label Switching在IP网络实现2.5层数据交换MPLS 的基本概念基于标签进行数据转发的机制标签对应于IP目标路由网络标签可对应于其他相关参数QosIP源地址支持多种协议的转发MPLS/IP网络MPLS 架构控制层面（Control plane）运用路由协议进行路由信息的交换运用标签分发协议进行标签交换数据层面（Data plane）基于标签进行数据转发MPLS ArchitectureRouter functionality is divided into two major parts:control plane and data planeData PlaneControl PlaneOSPF:10.0.0.0/8LDP:10.0.0.0/8Label 17OSPFLDPLFIBLDP:10.0.0.0/8Label 4OSPF:10.0.0.0/8417Labeled packetLabel 4Labeled packetLabel 17Label FormatMPLS uses a 32bit label field that contains the following information:20bit label3bit experimental field1bit bottomofstack indicator8bit timetolive(TTL)fieldLABELEXPSTTL0192223312024FrameMode MPLSFrameHeaderIP HeaderPayloadLayer 2Layer 2Layer 3Layer 3FrameHeaderLabelIP HeaderPayloadLayer 2 Layer 2 Layer 3Routing lookup andlabel assignmentLabel Switch RouterLabel switch router(LSR)转发打了标签的IP包Edge LSR 给IP包打标签并转发到MPLS域删除标签并把IP包从MPLS域转发出去MPLS DomainEdge LSRLSR10.1.1.1L=3L=5L=43L=3120.1.1.110.1.1.120.1.1.1LSR的功能架构LSRs,regardless of the type,perform the following three functions:Exchange routing informationExchange labelsForward packets(LSRs and edge LSRs)The first two functions are part of the control plane.The last function is part of the data plane.Architecture of LSRsLSRs primarily forward labeled packets.LSRControl PlaneData PlaneRouting ProtocolLabel Distribution ProtocolLabel Forwarding TableIP Routing TableExchange ofrouting informationExchange oflabelsIncoming labeled packetsOutgoing labeled packetsArchitecture of Edge LSRsEdge LSRControl PlaneData PlaneRouting ProtocolLabel Distribution ProtocolLabel Forwarding TableIP Routing TableExchange ofrouting informationExchange oflabelsIncoming labeled packetsOutgoing labeled packetsIP Forwarding TableIncoming IP packetsOutgoing IP packetsMPLS 转发LSR功能:插入（Insert）标签交换（Swap）标签删除（Pop）标签MPLS 域MPLS Forwarding(FrameMode)On ingress a label is assigned and imposed by the IP routing process.LSRs in the core swap labels based on the contents of the label forwarding table.On egress the label is removed and a routing lookup is used to forward the packet.10.1.1.1路由表10.0.0.0/8 label 3标签转发表LFIBlabel 8 label 3路由表10.0.0.0/8 label 5标签转发表LFIBlabel 3 label 5路由表10.0.0.0/8 next hop标签转发表LFIBlabel 5 pop10.1.1.1310.1.1.1510.1.1.1MPLS 网络IP路由示例LSRControl PlaneData PlaneOSPF:RT:LIB:FIB:LFIB:OSPF:10.0.0.0/810.0.0.0/8 1.2.3.410.0.0.0/8 1.2.3.410.0.0.0/8 1.2.3.4L=5 10.1.1.110.1.1.110.1.1.1LSRControl PlaneData PlaneOSPF:RT:LIB:FIB:LFIB:OSPF:10.0.0.0/810.0.0.0/8 1.2.3.410.0.0.0/8 1.2.3.410.0.0.0/8 1.2.3.410.1.1.1LDP:10.0.0.0/8,L=3L=5 10.1.1.110.0.0.0/8 Nexthop L=3,Local L=5LDP:10.0.0.0/8,L=5L=3 10.1.1.1L=3 10.1.1.1L=5 L=3,L=3MPLS 网络IP路由示例标签的分配和分发过程IP路由协议构造IP路由表LSR对路由表中每一目标网段独立地分配标签LSR把所分配的标签公告给其他LSR根据所受到的标签，LSR构建LIB，LFIB和FIB路由表的构建IP routing protocols are used to build IP routing tables on all LSRs.FIBs are built based on IP routing tables with no labeling information.ABCDENetwork X分配标签Every LSR allocates a label for every destination in the IP routing table.Labels have local significance.Label allocations are asynchronous.ABCDENetwork XRouter B assigns label 25 to destination X.ABCDENetwork XRouter B assigns label 25 to destination X.LIB 和 LFIB 的建立LIB and LFIB structures have to be initialized on the LSR allocating the label.Local label is stored in LIB.Outgoing action is pop,as B has received no label for X from C.ABCDENetwork X标签分发 Label DistributionThe allocated label is advertised to all neighbor LSRs,regardless of whether the neighbors are upstream or downstream LSRs for the destination.X=25X=25X=25标签通告的接收（Receiving Label Receiving Label AdvertisementAdvertisement）Every LSR stores the received label in its LIB.Edge LSRs that receive the label from their nexthop also store the label information in the FIB.X=25X=25ABCDEX=25Network X过渡期的数据传送（Interim Packet Interim Packet PropagationPropagation）Forwarded IP packets are labeled only on the path segments where the labels have already been assigned.IP:XLab:25IP:X查询FIB，给IP包打标签.查询LFIB，删除标签ABCE进一步的标签分配（Further Label Further Label AllocationAllocation）Every LSR will eventually assign a label for every destination.ABCDENetwork XRouter C assigns label 47 to destination X.X=47X=47标签通告的接收（Receiving Label Receiving Label AdvertisementAdvertisement）Every LSR stores received information in its LIB.LSRs that receive their label from their nexthop LSR will also populate the IP forwarding table(FIB).ABCDENetwork XX=47X=47增加LFIB条目（Populating LFIB）Router B has already assigned a label to X and created an entry in the LFIB.The outgoing label is inserted in the LFIB after the label is received from the nexthop LSR.LabelAction Next hop2547CLFIB on BABCDEX=47X=47Network X数据包通过MPLS网络的过程IP:XIP:XIngress LSREgress LSRABCELab:25Lab:47查看FIB，给包加标签查询LFIB，删除标签查询 LFIB,执行标签交换MPLS网络LSP的建立MPLS网络的优化MPLS DomainDouble lookup is not an optimal way of forwarding labeled packets.A label can be removed one hop earlier.10.0.0.0/8L=1910.0.0.0/8L=1810.0.0.0/8L=17LFIB18 19FIB10/8 NH,19LFIB17 18FIB10/8 NH,18LFIB35 17FIB10/8 NH,17LFIB19 untaggedFIB10/8 NH10.1.1.11710.1.1.11810.1.1.11910.1.1.1Double lookup is needed:1.LFIB:remove the label.2.FIB:forward the IP packet based on IP nexthop address.10.0.0.0/8倒数第二跳弹出（Penultimate Hop Penultimate Hop PoppingPopping）MPLS DomainA label is removed on the router before the last hop within an MPLS domain.10.0.0.0/8L=pop10.0.0.0/8L=1810.0.0.0/8L=1710.1.1.11710.1.1.11810.1.1.110.1.1.110.0.0.0/8Pop or implicit null label is advertised.One single lookup.小结MPLS VPN的基本概念目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例什么是VPN?Customer SiteLarge Customer SiteVPN术语（VPN Terminology）用户网络(Cnetwork):the part of the network still under customer control运营商网络(Pnetwork):the service provider infrastructure used to provide VPN services用户站点:a contiguous part of the customer network(can encompass many physical locations)VPN业务网络视图VPN的分类类型Overlay VPN（一层VPN）运营商提供物理层的连接用户负责数据链路层和ip层用户自行管理路由ISDNE1,T1,DS0SDH,SONETPPPHDLCIPOverlay VPN（二层VPN）运营商提供数据链路层的连接用户负责ip层用户自行管理路由X.25Frame RelayATMIPOverlay VPN（IP隧道）用户负责ip层用户自行管理路由Generic Route Encapsulation(GRE)IP Security(IPSec)IPIPService Provider NetworkPeertoPeer VPN ConceptCustomer SiteRouter ACustomer SiteRouter BCustomer SiteRouter CCustomer SiteRouter DPERouterPE RouterPE RouterPE RouterRouting information is exchanged between CE and PE routers.PE routers exchange customer routes through the core network.Finally,the customer routes propagated through the PE network are sent to other CE routers.共享PE的方式专用PE的方式MPLS VPN路由型路由型MPLS VPN的架构的架构客户边界路由器运营商边界路由器运营商路由器VPN路由及转发表（VRF）PE的路由表地址复用路由区分器（Route Distinguisher）RD：64比特地址用于区分PE中每个用户的路由VPNv4地址=RD+IPv4地址VPNv4地址通过BGP在PE之间进行交换多协议BGP（MPBGP）路由区分器的运用使用路由区分器路由标记（Route Targets）多个用户站点分属于不同的VPN，需要使用RT标记各自的VPN路由附加在VPNv4路由中传送以标记不同的VPNRT加入到BGP的扩展属性中进行传送RT的灵活应用可支持不同的VPN拓扑RT的工作原理Export RT：路由发送标记，定义VPN组Import RT：路由接收标记，识别VPN组在发生端的PE，IPv4转换成VPNv4路由时加入Export RT在接收端的PE，根据Import RT进行检查收到的路由的RT与Import RT匹配，接收路由RT的灵活应用1RT的灵活应用2RT的灵活应用3路由型路由型MPLS VPN的路由模型的路由模型MPLS VPN路由CE运行路由协议PE运行路由协议与CE交换路由信息PE运行MPLS传送VPN路由P运行MPLSCEPEPE路由器的路由PMPLS VPN端到端的路由信息流1MPLS VPN端到端的路由信息流2MPLS VPN端到端的路由信息流3路由型路由型MPLS VPN的数据转发的数据转发传送原始IP数据包传送打了标签的IP包给IP包打两次标签VPN标签由Ingress PE路由器标记并发布MPLS L2VPNMPLS L2VPNMPLS L2VPN 提供基于 MPLS网络的二层 VPN服务，使运营商可以在统一的 MPLS 网络上提供基于不同数据链路层的二层 VPN。简单来说，MPLS L2VPN 就是在 MPLS 网络上透明传输用户二层数据。从用户的角度来看，MPLS网络是一个二层交换网络，可以在不同节点间建立二层连接。相对于 MPLS L3VPN，MPLS L2VPN 具有以下优点：可扩展性强：MPLS L2VPN 只建立二层连接关系，不引入和管理用户的路由信息。可靠性和私网路由的安全性得到保证支持多种网络层协议：包括 IP、IPX等MPLS L2VPN的基本概念在 MPLS L2VPN 中，CE、PE、P 的概念与 MPLS L3VPN 一样，原理也相似。MPLS L2VPN 通过标签栈实现用户报文在 MPLS 网络中的透明传送：外层标签（称为 Tunnel 标签）用于将报文从一个 PE 传递到另一个 PE；内层标签（称为 VC 标签）用于区分不同 VPN 中的不同连接；接收方 PE 根据 VC 标签决定将报文转发给哪个 CE。MPLS L2VPN 标签栈处理MPLS L2VPN 的实现方式还没有形成正式的标准。IETF 的 PPVPN工作组制订了多个框架草案，其中最主要的两种称为 Martini 草案和 Kompella 草案：draftmartinil2circuittransmpls draftkompellappvpnl2vpn Martini 草案定义了通过建立点到点的链路来实现 MPLS L2VPN 的方法。它以 LDP为信令协议来传递双方的 VC 标签，称为 Martini 方式 MPLS L2VPN。Kompella 草案则定义了在 MPLS 网络上以端到端（CE 到 CE）的方式建立 MPLS L2VPN。目前它采用扩展了的 BGP为信令协议来发布二层可达信息和 VC 标签，称为 Kompella 方式 MPLS L2VPN。MPLS VPN的基本概念目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例衢州电信城域网MPLS 域衢州电信城域网核心网MPLS 域LSREdge LSRs衢州电信城域网MPLS VPN环境MPLS 环境PPE城域网三层MPLS VPN实例（环保监控）江山SR1：description CTVPN45002-HuangBaoJianKong vrf-import vprn200017_import route-distinguisher 4809:45002 auto-bind ldp vrf-target target:4809:4500200 interface ge-lag-2.3899 create description HBJK_HuangBaoJu address 42.10.254.25/30 local-proxy-arp sap lag-2:3899.*create ingress qos 105 exit egress qos 400 exit exit exit interface ge-lag-2.3910 create description HBJK_HengChangShiYe address 42.10.41.161/28 local-proxy-arp sap lag-2:3910.*create ingress qos 105 exit egress qos 400 exit exit exit 龙游SR1:description CTVPN45002-HuangBaoJianKong vrf-import vprn200017_import route-distinguisher 4809:45002 auto-bind ldp vrf-target target:4809:4500200 interface ge-5/1/2.3901 create description HBJK_TianTingYaLun address 42.10.33.17/28 sap 5/1/2:1592.3901 create ingress qos 105 multipoint-shared exit egress qos 400 exit exit exit interface ge-5/1/2.3907 create description HBJK_JuHuaKuangYe address 42.10.33.113/28 sap lag-2:3907.*create ingress qos 105 exit egress qos 400 exit exit exit城域网二层MPLS VPN实例（邮政）南区SR1：description VPLS_Youzheng stp shutdown exit sap 5/1/1:3800.*create ingress qos 111 exit egress qos 210 exit exit sap 5/1/8:1304.3800 create description HeHuaSanLu ingress qos 111 exit egress qos 210 exit exit mesh-sdp 128:303800 create exit mesh-sdp 131:303800 create exit 江山SR1:split-horizon-group 303800 create exit stp shutdown exit sap lag-1:1452.1357 split-horizon-group 303800 create exit sap lag-1:1443.3800 split-horizon-group 303800 create exit sap lag-1:3800.*create exit mesh-sdp 130:303800 create exit网络操作维护中心2012年3月