[123doc.vn] - Trien Khai Mpls VPN Tren He Thong Router Cua Cisco

n tt nghip Mc lc

MC LC

MC LC..................................................................................................................... i

DANH MC HNH V............................................................................................... ii

DANH MC BNG BIU......................................................................................... iv

THUT NG VIT TT...........................................................................................v

LI NI U..........................................................................................................viii

CHNG I..................................................................................................................1

CNG NGH MPLS-VPN........................................................................................1

1.1 Gii thiu chung v VPN..................................................................................1

1.1.1 Khi nim VPN................................................................................................1

1.1.2 Chc nng v u im ca VPN......................................................................2

1.1.2.1 Chc nng .....................................................................................................2

1.1.2.2 u im ........................................................................................................3

1.1.3 Phn loi VPN..................................................................................................4

1.1.3.1 Mng VPN truy nhp t xa ..........................................................................5

1.1.3.2 Mng VPN cc b ........................................................................................7

1.1.3.3 Mng VPN m rng .....................................................................................8

1.1.3.4 Ti sao s dng cng ngh MPLS- VPN?....................................................9

1.2 Gii thiu chung v MPLS.............................................................................11

1.2.1 M hnh nh tuyn lp mng .......................................................................12

1.2.2 Cng ngh ATM v m hnh hng kt ni .................................................12

1.3 Cc thnh phn v hot ng ca MPLS......................................................14

1.3.1 Nhn ...............................................................................................................14

1.3.2 Mt phng d liu v iu khin IP...............................................................16

1.3.3 Mt phng iu khin v mt phng d liu MPLS......................................17

1.4 Cng ngh MPLS-VPN...................................................................................20

1.4.1 Cc thnh phn trong mng MPLS-VPN......................................................21

1.4.2 M hnh nh tuyn MPLS-VPN...................................................................22

1.4.3 Bng nh tuyn v chuyn tip o................................................................23

Nguyn Th Ti- D04VT1 i

n tt nghip Mc lc

1.5 Kt lun chng .............................................................................................23

CHNG II...............................................................................................................25

GII PHP TRIN KHAI MPLS-VPN.................................................................25

2.1 So snh MPLS-VPN v cc k thut VPN truyn thng .............................25

2.2 Bo mt trong mng MPLS-VPN .................................................................29

2.3 Cht lng dch v trong mng MPLS-VPN................................................31

2.4 Kh nng m rng v cc m hnh MPLS- VPN nng cao..........................36

2.4.1 M hnh MPLS-VPN Inter-AS ....................................................................37

2.4.1.1 Kt ni gia cc nh cung cp vi nhau.....................................................38

2.4.1.2 Kt ni gia cc AS vi nhau s dng BGP..............................................41

2.4.2 M hnh Carrier h tr Carrier - CSC............................................................41

2.5 Cc gii php trin khai MPLS-VPN............................................................44

2.5.1 Kt ni Internet v MPLS-VPN chia s.........................................................44

2.5.2 Kt ni Internet v MPLS-VPN chia s mt phn........................................45

2.5.3 Kt ni Internet v MPLS-VPN tch bit hon ton.....................................46

2.6 Kt lun chng .............................................................................................47

CHNG III.............................................................................................................50

TRIN KHAI MPLS-VPN TRN H THNG ROUTER CA CISCO.............50

3.1 Cc bc thc hin cu hnh MPLS- VPN....................................................50

3.2 Bi ton t ra v cch gii quyt .................................................................52

3.3 Trin khai MPLS-VPN trn h thng router ca Cisco...............................54

3.3.1 Trin khai MPLS-VPN trn h thng router ca Cisco trong m hnh MPLS-VPN Inter AS...........................................................................................................56

.....................................................................................................................................56

3.3.2 Trin khai MPLS-VPN trn h thng router ca Cisco trong m hnh MPLS-VPN CSC.................................................................................................................61

Trong thc t, c rt nhiu nh cung cp dch v ln cung cp back bone ca mnh cho cc nh cung cp dch v nh trin khai dch v ca mnh trn . M hnh CsC l m hnh MPLS VPN phn tng, cho php mt khch hng c th trin khai cng ngh MPLS VPN trn nn mng MPLS VPN ca mt nh cung cp dch v khc.........................................................................................................61

Nguyn Th Ti- D04VT1 ii

n tt nghip Mc lc

3.4 Kt lun chng .............................................................................................67

KT LUN.................................................................................................................67

Hin nay Vit Nam cc nh cung cp Internet ln nh VDC, Viettel, FPT, ... ang y nhanh xy dng h thng mng trc MPLS cung cp dch v MPLS-VPN ti khch hng. Hu ht cc cng ty, t chc mi thit lp ng truyn u hng n s dng MPLS-VPN thay v cc ng truyn khc. Nh vy c th thy xu hng kt ni mng trong nhng nm ti ch yu s l MPLS-VPN. ....67

Tuy nhin cn rt nhiu vn k thut phi quan tm va phn tch khi xy dng cu hnh bo m hot ng ca mng. Mt trong nhng vn quan trng cn quan tm l cn xc nh nguyn tc t chc ca nhng nt LSR trong mng, cn phn nh r rng giao din v chc nng ca tng thnh phn thit b trong mng li, mng bin cc vn v k thut lu lng (MPLS-TE), cc vn v cht lng dch v (MPLS-QoS). c bit l trin khai thc t vic lin kt mng MPLS-VPN gia cc nh cung cp dch v. y l cc vn cn pht trin v hng nghin cu tip theo ca n...............................................67

TI LIU THAM KHO.......................................................................................68

PH LC...................................................................................................................69

Ph lc A. Cu hnh cc router trong m hnh MPLS-VPN Inter AS...................69

Nguyn Th Ti- D04VT1 iii

n tt nghipDanh mc hnh v

DANH MC HNH V

Hnh 1.1 M hnh VPN................................................................................................1

Hnh 1.2 M hnh mng VPN truy nhp t xa........................................................6

Hnh 1.3 M hnh mng VPN cc b........................................................................7

Hnh 1.4 M hnh mng VPN m rng......................................................................8

Hnh 1.5 M hnh cung cp dch v VPN trn nn MPLS......................................10

Hnh 1.6 nh dng nhn.........................................................................................15

Hnh 1.7 Mt phng iu khin v mt phng d liu IP.......................................16

Hnh 1.8 Mt phng iu khin v d liu MPLS..................................................18

Hnh 1.9 Cc thnh phn trong mng MPLS-VPN................................................21

Hnh 1.10 Chc nng router PE..............................................................................23

Hnh 2.1 Kt ni trong mng VPN truyn thng.....................................................25

Hnh 2.2 M hinh ng QoS trong MPLS-VPN........................................................33

Hnh 2.3 M hinh voi QoS trong MPLS-VPN..........................................................34

Hnh 2.4 M hnh kt ni back-to-back VRF...........................................................39

Hnh 2.5 Phn phi route gia hai ASBR s dng giao thc external MP-BGP. .39

Hnh 2.7 Qu trnh truyn route trong gii php BGP Confederation..................41

Hnh 2.8 Kt ni MPLS-VPN chia s........................................................................45

Hnh 2.9 Kt ni Internet v MPLS-VPN chia s mt phn...................................46

Hnh 2.10 Kt ni Internet v MPLS-VPN tch bit hon ton.............................47

Hnh 3.1 Cc bc cu hnh MPLS- VPN................................................................50

Hnh 3.2 Cu hnh chuyn tip MPLS......................................................................50

Hnh 3.3 Cu hnh giao thc nh tuyn BGP trn cc router PE.........................51

Hnh 3.4 nh ngha VPN VRF v cc thuc tnh ca n.......................................51

Hnh 3.5 To MPLS-VPN t CE1 n CE2.............................................................52

Hnh 3.6 Qu trnh nh tuyn v gn nhn............................................................53

Hnh 3.7 Qu trnh chuyn tip v t nhn ...........................................................54

Hnh 3.7 M hnh MPLS- VPN Inter AS.................................................................56

Nguyn Th Ti- D04VT1 ii

n tt nghipDanh mc hnh v

Hnh 3.8 Giao din GNS3 vi m hnh MPLS-VPN Inter AS................................58

Hnh 3.9 M hnh MPLS-VPN CSC.........................................................................61

Hnh 3.10 Giao din GNS3 vi m hnh MPLS-VPN CSC.....................................63

Nguyn Th Ti- D04VT1 iii

n tt nghipDanh mc bng biu

DANH MC BNG BIU

Bng 2.1. So snh IP Sec-VPN v MPLS-VPN........................................................28

Nguyn Th Ti- D04VT1 iv

n tt nghipThut ng vit tt

THUT NG VIT TT

Thut ng Ting Anh Ting Vit

AAS Autonomous System H t tr

ASBR Autonomous System Boundary Router B nh tuyn bin trong h t tr

ATM Asynchronous Transfer ModeCh truyn dn khng ng b

B

BGP Border Gateway ProtocolGiao thc cng ng bin

C

CAC Connection Admission Controliu khin chp nhn kt ni

CoS Class of Service Lp dch v

CPE Customer Premise EquipmentThit b khch hng u tin

CPU Central Processing Unit Khi x l trung tm

DDDoS Distributed Denial Of Service Tn cng t chi dch v

DES Data Encryption StandardTiu chun m ha d liu

DiffServ Differentiated ServiceCc dch v c phn bit

DLCI Data Link Connection IdentiferNhn dng kt ni lin kt d liu

DSL Digital Subscriber Line ng dy thu bao s

E

Nguyn Th Ti- D04VT1 v


EGP External Gateway Protocol Giao thc cng ngoi

F

FEC Fowarding Equivalent ClassLp chuyn tip tng ng

FR Frame Relay Chuyn tip khung

GGRE Generic Routing Encapsulation Gi nh tuyn chung

I

ICMP Internet Control Message ProtocolGiao thc bn tin iu khin Internet

IETF Internet Engineering Task ForceNhm tc v k thut Internet

IGP Interior Gateway Protocol Giao thc cng trong

IntServ Integrated ServiceCc dch v c tch hp

IP Internet Protocol Giao thc Internet

IPSec IP securityGiao thc bo mt giao thc Internet

IPX Internetwork Packet Exchange Tng i gi lin mng

ISDN Intergrated Services Digital Network Mng s dch v tch hp

IS-ISIntermediate System to Intermedia System

H thng trung gian n h thng trung gian

ISP Internet Service Provider Nh cung cp dch v

L

L2TP Layer 2 Tunneling ProtocolGiao thc ng hm lp 2

LAN Local Area Network Mng cc b

LDP Label Distribution Protocol Giao thc phn b nhn

Nguyn Th Ti- D04VT1 vi


LFIB Label Forwarding Information BaseC s thng tin chuyn tip nhn

LSP Label Switched Pathng dn chuyn mch nhn

LSR Label Switch Router B nh tuyn chuyn mch nhn

MMP-iBGP Multi-protocol- iBGP a giao thc iBGP

MPLS Multiprotocol Label SwitchingChuyn mch nhn a giao thc

MTU Maximum Transmission Unit n v truyn dn ti a

O

OSPF Open Shortest Path FirstGiao thc ng i ngn nht u tin

PPBX Private Branch Exchange Tng i nhnh ring

POP Present of Point im hin din

PPTP Point-to-Point Tunneling ProtocolGiao thc ng hm im ti im

QQoS Quality of Service Cht lng dch v

RRD Route Distinguisher Tham s phn bit tuyn

RFC Request For Comment Yu cu kin

RSVP Resource Resevation ProtocolGiao thc dnh trc ti nguyn

T

TCP Transission Control Protocol Giao thc iu khin truyn dn

Nguyn Th Ti- D04VT1 vii


TDP Tag Distribution Protocol Giao thc phn phi th

TE Traffic Engineering K thut lu lng

TTL Time To Live Thi gian sng

VVCI Virtual Circuit Identifier Nhn dng knh o

VNPT Vietnam Post & TelecommunicationsTng cng ty BCVT Vit Nam

VPI Virtual Path Identifier Nhn dng ng o

VPN Virtual Private Network Mng ring o

VRF Virtual Routing Forwardingnh tuyn chuyn tip o

WWAN Wide Area Network Mng din rng

Nguyn Th Ti- D04VT1 viii

n tt nghipLi ni u

LI NI U

S pht trin nhanh chng cc dch v IP v s bng n ca Internet hin nay

dn n mt lot s thay i trong nhn thc cng nh kinh doanh ca cc nh khai

thc. Giao thc IP thng tr ton b cc giao thc lp 3. H qu l tt c cc xu hng

pht trin u hng vo IP, lu lng ln nht hin nay trn mng trc hu ht u l

lu lng IP, dn n cc cng ngh lp di u c xu hng h tr cc dch v IP.

Nhu cu th trng cp bch cho mng tc cao v bo mt l c s cho mt lot cc

cng ngh, trong c MPLS-VPN.

Thng thng, mi cng ngh u c u im v nhc im ring. V th,

vic kt hp cc cng ngh tp hp cc u im ca cc cng ngh ny cng nh

khc phc cc nhc im ca tng cng ngh l hng nghin cu pht trin ca cc

nh cung cp dch v, vic kt hp ny nhm a ra mt cng ngh tng i hon

thin cung cp ti khch hng. iu ny ph hp vi xu hng tch hp cng ngh

trong thi i ngy nay.

Vic kt hp gia MPLS v VPN cng nm trong xu th ny. Vic kt hp ny

cho php tn dng cc u im v chuyn mch tin tin ca MPLS vi vic to ra cc

mng ring bo mt di dng cc ng hm ca VPN. ng thi khc phc c

cc nhc im ca MPLS v VPN.

n t vn nghin cu gii php kt hp MPLS v VPN, trn c s

xut gii php trin khai dich vu mang ring ao trn nn cng ngh chuyn mach nhan

a giao thc p dng cho thc t.

n chia lam 3 chng c tm tt nh sau:

Chng I: Cng ngh MPLS- VPN: Gii thiu v cng ngh VPN, MPLS. Cc

thnh phn v hot ng ca MPLS-VPN.

Chng II: So snh MPLS-VPN vi cc k thut VPN truyn thng. Cc vn

v bo mt v cht lng dch v trong mng MPLS- VPN. a ra kh nng m

rng v cc m hnh MPLS-VPN nng cao. Gii php trin khai MPLS-VPN.

Chng III: Trin khai MPLS-VPN trn h thng router ca Cisco.

Nguyn Th Ti- D04VT1 viii

n tt nghipLi ni u

Do nhiu mt cn hn ch nn ni dung ca ti khng trnh khi nhng sai

st. V trong qu trnh tm hiu cng mang nhiu tnh ch quan trong nhn nhn nn

khng trnh khi nhng hn ch. Em rt mong nhn c kin ng gp ca cc

thy c v bn c.

Em xin chn thnh cm n cc thy c gio to iu kin tt trong qu trnh

em thc hin n. c bit, em xin cm n s quan tm ca thc s Nguyn nh

Long tn tnh hng dn v gip em em c th hon thnh n ny.

Em xin chn thnh cm n!

Sinh vin thc hin

Nguyn Th Ti

Nguyn Th Ti- D04VT1 ix

n tt nghipLi ni u

CHNG I

CNG NGH MPLS-VPN

1.1 Gii thiu chung v VPN

1.1.1 Khi nim VPN

Mng ring o VPN c nh ngha l mt kt ni mng trin khai trn c s

h tng mng cng cng (nh mng Internet) vi cc chnh sch qun l v bo mt

ging nh mng cc b.

Hnh 1.1 M hnh VPN

Cc thut ng dng trong VPN nh sau:

Virtual- ngha l kt ni l ng, khng c gn cng v tn ti nh mt kt

ni khi lu lng mng chuyn qua. Kt ni ny c th thay i v thch ng vi

nhiu mi trng khc nhau v c kh nng chu ng nhng khuyt im ca

mng Internet. Khi c yu cu kt ni th n c thit lp v duy tr bt chp c

s h tng mng gia nhng im u cui.

Private- ngha l d liu truyn lun lun c gi b mt v ch c th b truy

cp bi nhng ngui s dng c trao quyn. iu ny rt quan trng bi v giao

Nguyn Th Ti- D04VT1 1

n tt nghipLi ni u

thc Internet ban u TCP/IP- khng c thit k cung cp cc mc bo

mt. Do , bo mt s c cung cp bng cch thm phn mm hay phn cng

VPN.

Network- l thc th h tng mng gia nhng ngi s dng u cui, nhng

trm hay nhng node mang d liu. S dng tnh ring t, cng cng, dy dn,

v tuyn, Internet hay bt k ti nguyn mng dnh ring khc sn c to nn

mng.

Khi nim mng ring o VPN khng phi l khi nim mi, chng tng

c s dng trong cc mng in thoi trc y nhng do mt s hn ch m cng

ngh VPN cha c c sc mnh v kh nng cnh tranh ln. Trong thi gian gn

y, do s pht trin ca mng thng minh, c s h tng mng IP lm cho VPN

thc s c tnh mi m. VPN cho php thit lp cc kt ni ring vi nhng ngi

dng xa, cc vn phng chi nhnh ca cng ty v i tc ca cng ty ang s dng

chung mt mng cng cng.

1.1.2 Chc nng v u im ca VPN

1.1.2.1 Chc nng

VPN cung cp ba chc nng chnh l: tnh xc thc (Authentication), tnh

ton vn (Integrity) v tnh bo mt (Confidentiality).

Tnh xc thc : thit lp mt kt ni VPN th trc ht c hai pha phi xc

thc ln nhau khng nh rng mnh ang trao i thng tin vi ngi mnh

mong mun ch khng phi l mt ngi khc.

Tnh ton vn : m bo d liu khng b thay i hay m bo khng c bt

k s xo trn no trong qu trnh truyn dn.

Tnh bo mt : Ngi gi c th m ho cc gi d liu trc khi truyn qua

mng cng cng v d liu s c gii m pha thu. Bng cch lm nh vy,

khng mt ai c th truy nhp thng tin m khng c php. Thm ch nu c

ly c th cng khng c c.


n tt nghipLi ni u

1.1.2.2 u im

VPN mang li li ch thc s v tc thi cho cc cng ty. C th dng VPN

khng ch n gin ho vic thng tin gia cc nhn vin lm vic xa, ngi dng

lu ng, m rng Intranet n tng vn phng, chi nhnh, thm ch trin khai

Extranet n tn khch hng v cc i tc ch cht m cn lm gim chi ph cho

cng vic trn thp hn nhiu so vi vic mua thit b v ng dy cho mng WAN

ring. Nhng li ch ny d trc tip hay gin tip u bao gm: Tit kim chi ph

(cost saving), tnh mm do (flexibility), kh nng m rng (scalability) v mt s u

im khc.

Tit kim chi ph

Vic s dng mt VPN s gip cc cng ty gim c chi ph u t v chi ph

thng xuyn. Tng gi thnh ca vic s hu mt mng VPN s c thu nh, do ch

phi tr t hn cho vic thu bng thng ng truyn, cc thit b mng ng trc v

duy tr hot ng ca h thng. Gi thnh cho vic kt ni LAN-to-LAN gim t 20%

ti 30% so vi vic s dng ng thu ring truyn thng. Cn i vi vic truy cp

t xa gim t 60% ti 80%.

Tnh linh hot

Tnh linh hot y khng ch l linh hot trong qu trnh vn hnh v khai

thc m n cn thc s mm do i vi yu cu s dng. Khch hng c th s dng

kt ni T1, T3 gia cc vn phng v nhiu kiu kt ni khc cng c th c s

dng kt ni cc vn phng nh, cc i tng di ng. Nh cung cp dch v VPN

c th cung cp nhiu la chn cho khch hng, c th l kt ni modem 56 kbit/s,

ISDN 128 kbit/s, xDSL, T1, T3

Kh nng m rng

Do VPN c xy dng da trn c s h tng mng cng cng (Internet), bt

c ni no c mng cng cng l u c th trin khai VPN. M mng cng cng c

mt khp mi ni nn kh nng m rng ca VPN l rt linh ng. Mt c quan xa

c th kt ni mt cch d dng n mng ca cng ty bng cch s dng ng dy

in thoi hay DSLV mng VPN d dng g b khi c nhu cu.


n tt nghipLi ni u

Kh nng m rng bng thng l khi mt vn phng, chi nhnh yu cu bng

thng ln hn th n c th c nng cp d dng.

Gim thiu cc h tr k thut

Vic chun ho trn mt kiu kt ni t i tng di ng n mt POP ca

ISP v vic chun ho cc yu cu v bo mt lm gim thiu nhu cu v ngun h

tr k thut cho mng VPN. V ngy nay, khi m cc nh cung cp dch v m

nhim cc nhim v h tr mng nhiu hn th nhng yu cu h tr k thut i vi

ngi s dng ngy cng gim.

Gim thiu cc yu cu v thit b

Bng vic cung cp mt gii php n cho cc x nghip truy cp bng quay s

truy cp Internet, VPN yu cu v thit b t hn, n gin hn nhiu so vi vic bo

tr cc modem ring bit, cc card tng thch (adapter) cho cc thit b u cui v

cc my ch truy cp t xa. Mt doanh nghip c th thit lp cc thit b khch hng

cho mt mi trng n, nh mi trng T1, vi phn cn li ca kt ni c thc

hin bi ISP. B phn T1 c th lm vic thit lp kt ni WAN v duy tr bng cch

thay i di modem v cc mch nhn ca Frame Relay bng mt kt ni din rng

n c th p ng nhu cu lu lng ca cc ngi dng t xa, kt ni LAN-LAN v

lu lng Internet cng mt lc.

p ng cc nhu cu thng mi

Cc sn phm dch v VPN tun theo chun chung hin nay, mt phn m

bo kh nng lm vic ca sn phm nhng c l quan trng hn l sn phm ca

nhiu nh cung cp khc nhau c th lm vic vi nhau.

i vi cc thit b v Cng ngh Vin thng mi th vn cn quan tm l

chun ho, kh nng qun tr, kh nng m rng, kh nng tch hp mng, tnh k

tha, tin cy v hiu sut hot ng, c bit l kh nng thng mi ca sn phm.

1.1.3 Phn loi VPN

Mc tiu t ra i vi cng ngh mng VPN l tho mn ba yu cu c bn

sau:


n tt nghipLi ni u

Ti mi thi im, cc nhn vin ca cng ty c th truy nhp t xa hoc di

ng vo mng ni b ca cng ty.

Ni lin cc chi nhnh, vn phng di ng.

Kh nng iu khin c quyn truy nhp ca khch hng, cc nh cung cp

dch v hoc cc i tng bn ngoi khc.

Da vo nhng yu cu c bn trn, mng ring o VPN c phn lm ba

loi:

Mng VPN truy nhp t xa (Remote Access VPN)

Mng VPN cc b (Intranet VPN)

Mng VPN m rng (Extranet VPN)

1.1.3.1 Mng VPN truy nhp t xa

Cc VPN truy nhp t xa cung cp kh nng truy nhp t xa. Ti mi thi

im, cc nhn vin, chi nhnh vn phng di ng c kh nng trao i, truy nhp vo

mng ca cng ty. Kiu VPN truy nhp t xa l kiu VPN in hnh nht. Bi v,

nhng VPN ny c th thit lp bt k thi im no, t bt c ni no c mng

Internet.

VPN truy nhp t xa m rng mng cng ty ti nhng ngi s dng thng qua

c s h tng chia s chung, trong khi nhng chnh sch mng cng ty vn duy tr.

Chng c th dng cung cp truy nhp an ton t nhng thit b di ng, nhng

ngi s dng di ng, nhng chi nhnh v nhng bn hng ca cng ty. Nhng kiu

VPN ny c thc hin thng qua c s h tng cng cng bng cch s dng cng

ngh ISDN, quay s, IP di ng, DSL v cng ngh cp, v thng yu cu mt vi

kiu phn mm client chy trn my tnh ca ngi s dng.


n tt nghipLi ni u

Hnh 1.2 M hnh mng VPN truy nhp t xa

Cc u im ca mng VPN truy nhp t xa so vi cc phng php truy nhp

t xa truyn thng nh:

Mng VPN truy nhp t xa khng cn s h tr ca nhn vin mng bi

v qu trnh kt ni t xa c cc ISP thc hin.

Gim c cc chi ph cho kt ni t khong cch xa bi v cc kt ni

khong cch xa c thay th bi cc kt ni cc b thng qua mng Internet.

Cung cp dch v kt ni gi r cho nhng ngi s dng xa.

Bi v cc kt ni truy nhp l ni b nn cc Modem kt ni hot ng

tc cao hn so vi cc truy nhp khong cch xa.

VPN cung cp kh nng truy nhp tt hn n cc site ca cng ty bi v

chng h tr mc thp nht ca dch v kt ni.

Mc d c nhiu u im nhng mng VPN truy nhp t xa vn cn nhng

nhc im c hu i cng nh:

Mng VPN truy nhp t xa khng h tr cc dch v m bo QoS.

Nguy c b mt d liu cao. Hn na, nguy c cc gi c th b phn

pht khng n ni hoc mt gi.

Bi v thut ton m ho phc tp, nn tiu giao thc tng mt cch

ng k.


n tt nghipLi ni u

1.1.3.2 Mng VPN cc b

Cc VPN cc b c s dng bo mt cc kt ni gia cc a im khc

nhau ca mt cng ty. Mng VPN lin kt tr s chnh, cc vn phng, chi nhnh trn

mt c s h tng chung s dng cc kt ni lun c m ho bo mt. iu ny cho

php tt c cc a im c th truy nhp an ton cc ngun d liu c php trong

ton b mng ca cng ty.

Nhng VPN ny vn cung cp nhng c tnh ca mng WAN nh kh nng

m rng, tnh tin cy v h tr cho nhiu kiu giao thc khc nhau vi chi ph thp

nhng vn m bo tnh mm do. Kiu VPN ny thng c cu hnh nh l mt

VPN Site- to- Site.

Hnh 1.3 M hnh mng VPN cc b

Nhng u im chnh ca mng cc b da trn gii php VPN bao gm:

Cc mng li cc b hay ton b c th c thit lp (vi iu kin mng

thng qua mt hay nhiu nh cung cp dch v).

Gim c s nhn vin k thut h tr trn mng i vi nhng ni xa.

Bi v nhng kt ni trung gian c thc hin thng qua mng Internet, nn

n c th d dng thit lp thm mt lin kt ngang cp mi.

Tit kim chi ph thu c t nhng li ch t c bng cch s dng

ng ngm VPN thng qua Internet kt hp vi cng ngh chuyn mch tc

cao. V d nh cng ngh Frame Relay, ATM.


n tt nghipLi ni u

Tuy nhin mng cc b da trn gii php VPN cng c nhng nhc im i

cng nh:

Bi v d liu c truyn ngm qua mng cng cng mng Internet

cho nn vn cn nhng mi e da v mc bo mt d liu v mc cht

lng dch v (QoS).

Kh nng cc gi d liu b mt trong khi truyn dn vn cn kh cao.

Trng hp truyn dn khi lng ln d liu, nh l a phng tin, vi yu

cu truyn dn tc cao v m bo thi gian thc l thch thc ln trong mi

trng Internet.

1.1.3.3 Mng VPN m rng

Khng ging nh mng VPN cc b v mng VPN truy nhp t xa, mng VPN

m rng khng b c lp vi th gii bn ngoi. Thc t mng VPN m rng cung

cp kh nng iu khin truy nhp ti nhng ngun ti nguyn mng cn thit m

rng nhng i tng kinh doanh nh l cc i tc, khch hng, v cc nh cung

cp

Hnh 1.4 M hnh mng VPN m rng

Cc VPN m rng cung cp mt ng hm bo mt gia cc khch hng, cc

nh cung cp v cc i tc qua mt c s h tng cng cng. Kiu VPN ny s dng

cc kt ni lun lun c bo mt v c cu hnh nh mt VPN SitetoSite. S


n tt nghipLi ni u

khc nhau gia mt VPN cc b v mt VPN m rng l s truy cp mng c

cng nhn mt trong hai u cui ca VPN.

Nhng u im chnh ca mng VPN m rng:

Chi ph cho mng VPN m rng thp hn rt nhiu so vi mng truyn thng.

D dng thit lp, bo tr v d dng thay i i vi mng ang hot ng.

V mng VPN m rng c xy dng da trn mng Internet nn c nhiu

c hi trong vic cung cp dch v v chn la gii php ph hp vi cc nhu cu

ca mi cng ty hn.

Bi v cc kt ni Internet c nh cung cp dch v Internet bo tr, nn

gim c s lng nhn vin k thut h tr mng, do vy gim c chi ph

vn hnh ca ton mng.

Bn cnh nhng u im trn gii php mng VPN m rng cng cn nhng

nhc im i cng nh:

Kh nng bo mt thng tin, mt d liu trong khi truyn qua mng cng

cng vn tn ti.

Truyn dn khi lng ln d liu, nh l a phng tin, vi yu cu truyn

dn tc cao v m bo thi gian thc, l thch thc ln trong mi trng

Internet.

Lm tng kh nng ri ro i vi cc mng cc b ca cng ty.

1.1.3.4 Ti sao s dng cng ngh MPLS- VPN?

Xu hng ton cu ha buc cc doanh nghip, cc t chc ngy cng phi

hiu qu ha h thng thng tin ca chnh mnh. Cc Cng ty ln, cc tp on xuyn

quc gia hin nay thng c h thng tr s, chi nhnh ri rng trn khp th gii.

Mt s ngnh c th nh vin thng, ngn hng, ti chnhnhu cu kt ni, giao

dch thng tin gia cc chi nhnh, gia Cng ty v cc i tc l rt ln. Do vic

phi s dng mt mng kt ni - trao i thng tin ring (WAN) trong ni b Cng ty

c nhiu chi nhnh l v cng quan trng. Vic kt ni cc Cng ty, t chc vi nhau


n tt nghipLi ni u

bng phng thc bo mt, tin cy cng c ngha quan trng v cc thng tin trao i

c nhiu thng tin nhy cm nh chin lc kinh doanh, k hoch ti chnh,

m bo cc thng tin truyn i gia cc khu vc a l khc nhau c bo

mt, iu kin tin quyt cn phi c mng ng trc p ng c cc yu cu v

bo mt, v d liu khi c lu chuyn trn mng din rng d b l nht. Do vic

xy dng mng ng trc c n nh v an ton cao lun l yu t quan trng vi

cc nh cung cp dch v Internet.

Vi cc cng ngh mng trc y nh Leased Line hoc Frame Relay hoc

VPN, kt ni gia cc chi nhnh vi Vn phng, doanh nghip s phi u t chi

ph rt ln v c thit b mng cng nh chi ph s dng. Tuy nhin, do hn ch v

cng ngh, cng ngh mng truyn thng ny rt phc tp, kh qun tr, v kh nng

m rng mng kh khn.

Gii php MPLS-VPN c ng dng trin khai vi mc tiu to ra mt gii

php mng an ton bo mt ti u, tr thp, v tch hp vi mi ng dng d liu

nh Data, Voice, Video

Hnh 1.5 M hnh cung cp dch v VPN trn nn MPLS

Khc vi cc cng ngh VPN trn Internet (PPTP, L2TP, VPN IPsec), c ch

ng hm c thit lp hon ton trong MPLS core ca nh cung cp dch v.


n tt nghipLi ni u

Mi kt ni VPN s thit lp mt ng hm ring bit bng c ch gn nhn v

chuyn tip gi IP. Mi kt ni VPN ch nhn mt gi tr nhn duy nht do thit b

nh tuyn MPLS trong mng cung cp, do vy, mi ng hm trong MPLS core

l ring bit hon ton. Vi kh nng che giu a ch mng li (MPLS core), mi

tn cng mng (Hacker) nh DDoS, IP snoofing, Label snoofing... s c gim

thiu ti a.

Cc u im ni bt ca cng ngh MPLS-VPN trong mng ng trc:

p ng m hnh im a im: Cho php kt ni mng ring vi

ch 1 ng knh vt l duy nht.

Bo mt an ton: Bo mt tuyt i trn mng MPLS core.

Kh nng m rng n gin: Mi cu hnh kt ni u thc hin ti

mng MPLS core, thnh vin mng khng cn bt k mt cu hnh no.

Tc cao, a ng dng v cam kt QoS: MPLS-VPN cho php

chuyn ti d liu ln ti tc Gbps qua h thng truyn dn cp quang. Khng ch

l Data, MPLS-VPN c th trin khai y cc ng dng v thi gian thc nh

VoIP, Video Conferencing vi tr thp nht. Cung cp cc kh nng cam kt tc

v bng thng ti thiu ( QoS).

Cng ngh MPLS c th s dng kt hp vi nhiu cng ngh khc nh IP,

ATM, tuy nhin ng dng ng ch nht hin nay l s dng MPLS trong mng IP

xy dng mng ring o phc v cho nhu cu kt ni ca cc t chc v doanh

nghip. Vi kh nng qun l v m rng d dng v da trn c s hng tng Internet

hin c, ng dng ny ang c pht trin rt mnh m ti nhiu khi ngnh: cc

doanh nghip, cc t chc ti chnh, ngn hngc bit l cc t chc yu cu tin

cy v bo mt d liu mc cao.

y chnh l cc c s thc t n chn nghin cu gii php trin khai

MPLS-VPN.

1.2 Gii thiu chung v MPLS

Chuyn tip gi IP truyn thng phn tch a ch IP ch cha trong tiu ca

lp mng mi gi. Mi b nh tuyn phn tch a ch ch c lp mi chng


n tt nghipLi ni u

trong mng. Giao thc nh tuyn ng hay tnh khi xy dng c s d liu cn phi

phn tch a ch IP ch to ra bng nh tuyn. Qu trnh ny gi l nh tuyn

unicast tng chng da trn ch n ca cc gi tin. Vic nh tuyn bng cc giao

thc phi kt ni p ng c nhu cu n gin ca khch hng. Khi mng Internet

pht trin v m rng, lu lng Internet trn mng bng n, phng thc chuyn tip

gi hin ti t ra khng hiu qu, mt tnh linh hot. Do cn mt k thut mi

gn a ch v m rng cc chc nng ca cu trc mng da trn IP.

MPLS l kt qu ca qu trnh pht trin nhiu gii php chuyn mch IP vi

nhng c gng kt hp cc u im ca c hai cng ngh IP v ATM.

1.2.1 M hnh nh tuyn lp mng

Trong mi trng phi kt ni truyn thng khng phi s dng cc bn tin bo

hiu thit lp kt ni, phng thc chuyn tin l chuyn tng chng mt. Tt c cc

gi tin c chuyn i da trn cc giao thc nh tuyn lp mng (nh giao thc tm

ng ngn nht [OSPF] hay giao thc cng bin [BGP]), hay nh tuyn tnh. Cc

router x l tt c cc gi tin nh nhau v c quyn hu b cc gi tin m khng cn

bt k thng bo no cho c bn gi v bn nhn. Chnh v vy, IP ch cung cp cc

dch v c bit vi n lc ti a ch khng thch hp cho cc dch v c yu cu

nghim ngt v QoS. C ch phi kt ni gy kh khn trong vic iu khin lung v

phn b lu lng mng lm tc nghn ti cc nt mng. Cc nh cung cp dch v

Internet (ISP) x l bng cch tng dung lng cc kt ni v nng cp router nhng

hin tng nghn mch vn xy ra. L do l cc giao thc nh tuyn Internet thng

hng lu lng vo cng mt s cc kt ni nht nh dn ti cc kt ni ny b qu

ti trong khi mt s khu vc khc ti nguyn khng c s dng. y l tnh trng

phn b ti khng ng u v s dng lng ph ti nguyn mng. Tuy nhin, bn cnh

hn ch nh vy, m hnh phi kt ni cng c nhng u im, l: kh nng nh

tuyn gi tin mt cch c lp v c cu nh tuyn, chuyn tin n gin, hiu qu,

nn m hnh phi kt ni rt ph hp vi cc lung c thi gian kt ni chm.

1.2.2 Cng ngh ATM v m hnh hng kt ni

ATM l cng ngh chuyn mch hng kt ni, tc l kt ni t im u n

im cui phi c thit lp trc khi thng tin c gi i. Vic to kt ni mch o


n tt nghipLi ni u

c th t hiu qu trong mng nh, nhng i vi mng ln th nhng vn c th

xy ra: Mi khi mt router mi a vo mng li WAN th mch o phi c thit

lp gia router ny vi cc router cn li m bo vic nh tuyn ti u. iu ny

lm lu lng nh tuyn trong mng tng. Thng thng vic thit lp kt ni ny

c thc hin bi giao thc bo hiu. Giao thc ny cung cp cc thng tin trng thi

lin quan n kt ni cho cc chuyn mch nm trn ng nh tuyn. Chc nng

iu khin chp nhn kt ni CAC m bo rng cc ti nguyn lin quan n kt ni

hin ti s khng c a vo s dng cho cc kt ni mi. iu ny buc mng

phi duy tr trng thi ca tng kt ni (bao gm thng tin v s tn ti ca kt ni v

ti nguyn m kt ni s dng) ti cc node c d liu i qua. Vic la chn tuyn

c thc hin da trn cc yu cu v QoS i vi kt ni v da trn kh nng ca

thut ton nh tuyn trong vic tnh ton cc tuyn c kh nng p ng cc yu cu

QoS . Do kh nng nhn dng mng, kh nng c lp tng kt ni vi cc ti

nguyn lin quan n kt ni trong sut thi gian tn ti ca kt ni m mi trng

hng kt ni c th m bo cht lng cho tng lung thng tin. Mng s gim st

tng kt ni, thc hin nh tuyn li trong trng hp c s c v vic thc hin nh

tuyn li ny cng phi thng qua bo hiu.

T c ch truyn tin ta thy mng hng kt ni thch hp vi cc ng dng

yu cu phi m bo QoS mt cch nghim ngt v cc ng dng c thi gian kt ni

ln. i vi cc ng dng c thi gian kt ni ngn th mi trng hng kt ni

dng nh khng thch hp do thi gian thit lp kt ni cng nh t l phn thng

tin header ln. Vi cc loi lu lng nh vy th mi trng phi kt ni vi phng

thc nh tuyn n gin, trnh phi s dng cc giao thc bo hiu phc tp s ph

hp hn.

Nh vy cn c mt phng thc chuyn mch c th phi hp u im ca IP

(nh c cu nh tuyn) v ca ATM (nh phng thc chuyn mch). thc s ph

hp vi mng a dch v th c hai cng ngh ATM v IP u phi c nhng thay i,

c th l a thm kh nng phi kt ni vo cng ngh ATM, v kh nng hng kt

ni vo cng ngh IP.


n tt nghipLi ni u

1.3 Cc thnh phn v hot ng ca MPLS

Phng php chuyn mch nhn gip cc b nh tuyn ra quyt nh theo ni

dung nhn tt hn vic nh tuyn phc tp theo a ch IP ch. MPLS l mt cng

ngh kt hp c im tt nht gia nh tuyn lp ba v chuyn mch lp hai cho

php chuyn ti gi tin rt nhanh trong mng li (core) v nh tuyn tt mng bin

(edge) bng cch da vo nhn. MPLS l mt phng php ci tin vic chuyn tip

gi tin trn mng bng cc nhn c gn vi mi gi IP, t bo ATM, hoc frame lp

hai. MPLS cho php cc ISP cung cp nhiu dch v khc nhau m khng cn phi b

i nn tng c s h tng sn c. Cu trc MPLS c tnh mm do trong s phi hp

vi cc cng ngh hin ang s dng. MPLS h tr mi giao thc lp 2 v trin khai

hiu qu cc dch v IP trn mt mng chuyn mch IP. MPLS h tr vic to ra cc

tuyn khc nhau gia ngun v ch trn mt ng trc Internet, bng vic tch hp

MPLS vo kin trc mng. Cc ISP c th gim chi ph v tng li nhun, cung cp

nhiu dch v khc nhau v t c hiu qu cnh tranh cao. c im ca mng s

dng cng ngh MPLS l:

MPLS ch nm trn cc b nh tuyn.

Khng c thnh phn giao thc pha khch hng.

MPLS l mt giao thc c lp c th hot ng cng vi cc giao thc khc

IP, IPX, ATM, Frame Relay

MPLS lm n gin ha qu trnh nh tuyn v lm tng tnh linh ng ca

tng trung gian.

im khc bit quan trng gia MPLS v k thut WAN truyn thng l cch

gn nhn v kh nng gn mt chng nhn (stack of label) vo gi tin. Khi nim

chng nhn m ra nhng ng dng mi, nh qun l lu lng, mng ring o.

1.3.1 Nhn

Nhn l mt thc th c di ngn v khng c cu trc bn trong. Nhn

khng trc tip m ho thng tin ca mo u lp mng nh a ch lp mng. Nhn

c gn vo mt gi tin c th s i din cho FEC (Forwarding Equivalence Class-

lp chuyn tip tng ng) m gi tin c n nh.


n tt nghipLi ni u

Dng ca nhn ph thuc vo phng thc truyn gi tin ca lp 2. V d cc

t bo ATM s dng gi tr VPI/VCI nh nhn, Frame Relay s dng DLCI lm nhn.

i vi cc phng tin gc khng c cu trc nhn, mt trng m c chm

thm vo s dng lm nhn. Khun dng trng m 4 byte c cu trc nh sau:

Hnh 1.6 nh dng nhn

ngha ca cc trng nh sau:

Label: c di 20 bit, cha gi tr nhn MPLS.

EXP: c di 3 bit, biu th nhm dch v, tc ng n thut ton xp

hng i v loi b vi gi tin.

S : c di 1 bit. MPLS cung cp kh nng s dng ngn xp nhn, c

ngha l nhiu nhn c gn vo mt gi tin. Khi mt nhn cha bit S c gi

tr 1 th n l nhn cui cng, nm y ca ngn xp nhn (tnh theo chiu t

mo u lp 2 n mo u lp 3). Thao tc nh tuyn c thc hin da trn

thng tin ca nhn nm trn nh ngn xp.

TTL: c di 8 bit, c chc nng ging trng TTL trong mo u gi IP,

n quyt nh s nt trn mng m gi tin c th i qua trc khi b loi b

nhm trnh s quay vng ca gi tin trn mng. i vi cc khung PPP hay

Ethernet gi tr nhn dng giao thc c chn thm vo u mo khung tng

ng thng bo khung l MPLS unicast hay multicast.

Nhn c gn thm vo gi tin IP khi gi i vo mng MPLS. Nhn c tch

ra khi gi ra khi mng MPLS. Nhn c chn vo gia tip u lp ba v tip u

lp 2. S dng nhn trong qu trnh gi gi sau khi thit lp ng i. MPLS tp

trung vo qu trnh hon i nhn. Mt trong nhng th mnh ca MPLS l t nh

ngha chng nhn.


n tt nghipLi ni u

Chuyn tip gi tin trong MPLS hon ton tng phn vi mi trng mng v

hng ngy nay, ni m cc gi tin c phn tch theo tng chng (hop-by-hop), tip

u lp 3 c kim tra, v mt quyt nh chuyn tip c lp c to ra da trn

thng tin c trch ra t gii thut nh tuyn lp mng.

1.3.2 Mt phng d liu v iu khin IP

Trong mi trng mng IP, mt phng iu khin l tp hp phn mm v hoc

phn cng trong cc b nh tuyn, v thng c dng iu khin cc hot ng

ca mng nh nh tuyn, khi phc khi c li... Cng vic ca mt phng iu khin

l cung cp cc dch v cho mt phng d liu. y l mt phng chu trch nhim

truyn d liu qua b nh tuyn.

Hnh 1.7 Mt phng iu khin v mt phng d liu IP

Trn cc giao thc Internet, cc mt phng iu khin chnh l cc giao thc

nh tuyn (OSPF, IS-IS, BGP,...) cho php IP (trong mt phng d liu) c th c

chuyn tip ng. Cc bn tin iu khin c thay i gia cc router thc hin

mt lot cc cng vic khc nhau, bao gm:

Trao i cc bn tin gia cc nt thit lp mt s nht tr v cc tham

s nh tuyn (bao gm c s ng v bo mt).

Trao i cc bn tin mt cch tun hon bit chc l nt lng ging

ang hot ng hay khng.


n tt nghipLi ni u

Trao i cc bn tin qung b a ch v nh tuyn xy dng cc

bng nh tuyn s dng cho mc ch chuyn tip IP.

Trong hnh 1.7 mi tn ch t mt phng iu khin n bng nh tuyn c

ngha rng con ng nh tuyn c tm ra bi cc giao thc nh tuyn c lu

tr trong bng nh tuyn. Mi tn hai chiu gia bng nh tuyn v mt phng d

liu c ngha IP qun l bng nh tuyn thc hin hot ng chuyn tip ca n.

1.3.3 Mt phng iu khin v mt phng d liu MPLS

Cu trc c chia ra thnh hai thnh phn ring bit: thnh phn chuyn tip -

forwarding (hay cn gi l mt phng d liu - data plane), v thnh phn iu khin -

control (hay cn gi l mt phng iu khin - control plane). Thnh phn chuyn tip

s dng c s d liu chuyn tip nhn (c duy tr bi mt switch nhn) thc

hin chuyn tip cc gi d liu da vo vic gn nhn cc gi tin. Thnh phn iu

khin chu trch nhim v vic to v duy tr thng tin chuyn tip nhn gia mt

nhm cc switch nhn lin kt vi nhau.


n tt nghipLi ni u

Hnh 1.8 Mt phng iu khin v d liu MPLS

Hnh 1.8 biu din cu trc v chc nng c bn ca mt node MPLS thc hin

nh tuyn IP.

Mt phng iu khin: ti y cc giao thc nh tuyn lp 3 thit lp

cc ng i c s dng cho vic chuyn tip gi tin. Mt phng iu khin p

ng cho vic to ra v duy tr thng tin chuyn tip nhn gia cc router chy MPLS

(cn gi l binding ).

Mt phng d liu: s dng c s d liu chuyn tip nhn c duy tr

bi cc router chy MPLS thc hin vic chuyn tip cc gi tin da trn thng tin

nhn.

Mi MPLS node chy mt hoc nhiu giao thc nh tuyn IP (hoc c th s

dng nh tuyn tnh) trao i thng tin nh tuyn vi MPLS node khc trong

mng. Trong MPLS, bng nh tuyn IP c s dng quyt nh vic trao i

nhn, ti cc node MPLS cn k trao i nhn vi nhau theo tng subnet ring bit

c trong bng nh tuyn. Vic trao i nhn ny c thc hin bng hai giao thc l

TDP v LDP. TDP l sn phm ca Cisco, LDP l phin bn ca TDP nhng do IETF

to nn. Tin trnh iu khin nh tuyn IP MPLS s dng vic trao i nhn vi cc

node MPLS xy dng thnh bng chuyn tip nhn, bng ny l c s d liu ca

mt phng d liu c s dng chuyn tip cc gi tin c gn nhn qua mng

MPLS.

Nh vy cng vic chnh ca mt phng iu khin l qung b nhn, a ch v

gn chng li vi nhau -c ngha l kt mt nhn n mt a ch. B nh tuyn

chuyn mch nhn (LSR) l mt router c cu hnh h tr MPLS. LSR s dng

thng tin trong bng chuyn tip nhn c bn (LFIB) x l mt gi MPLS n, nh

xc nh nt k tip m s nhn gi ny. LFIB i vi MPLS nh mt bng nh tuyn

i vi IP. Nhiu giao thc c th hot ng trn mt phng iu khin ca MPLS,

RSVP c m rng cho php s dng giao thc ny qung b, phn phi, v

kt nhn cho a ch IP. S m rng giao thc ny gi l RSVP-TE. Mt giao thc c

tn l giao thc phn phi nhn (LDP) l mt tu chn khc cho vic thc thi trn mt

phng MPLS. Chng ta c th m rng cc giao thc khc nh OSPF v BGP, chng


n tt nghipLi ni u

cng hot ng trn mt phng iu khin l cc giao thc OSPF-E, BGP-E. Cc

bn tin iu khin c trao i gia cc LSR thc hin mt lot cc hot ng,

bao gm:

Trao i cc bn tin gia cc nt thit lp mi quan h (bao gm c bo

mt). Sau khi hot ng ny hon thnh, nt c gi l cc LSR ngang cp

(LSR peer).

Trao i cc bn tin mt cch tun hon (gi l bt tay) chc chn nt

lng ging c hot ng hay khng.

Trao i cc bn tin v nhn v a ch kt a ch vi nhn v xy dng

bng chuyn tip (LFIB), m c s dng bi mt phng d liu MPLS

chuyn tip cc lung lu lng.

Sau khi cc nt MPLS trao i cc nhn v a ch IP cho nhau, chng s kt

cc nhn v a ch vi nhau. Sau , mt phng d liu ca MPLS s chuyn tt c d

liu nhn c bng vic xem xt nhn c gn trong tiu ca gi. a ch IP

khng c xem xt cho n khi gi i ra khi mng, nhn sau b loi b, v a

ch IP li c s dng li trong mt phng d liu IP ti cc nt khng c ci t

hot ng MPLS n ngi dng cui cng.

Mi nt MPLS phi chy mt hay nhiu giao thc nh tuyn IP (hoc da vo

nh tuyn tnh) trao i thng tin nh tuyn IP vi cc node MPLS khc trong

mng. Trong trng hp ny, mi nt MPLS l mt router IP trn mt phng iu

khin.

Trong mt nt MPLS, bng nh tuyn IP c s dng xc nh nhn bt

buc trao i, ni m nt MPLS gn k trao i nhn cho tng subnet nm trong bng

nh tuyn IP. Nhn bt buc trao i cho vic nh tuyn IP da trn ch n xc

nh c thc hin s dng giao thc c quyn ca Cisco phn phi nhn (Tag

Distribution Protocol - TDP) hoc chun IETF l giao thc phn phi nhn (Label

Distribution Protocol - LDP).

Qu trnh iu khin nh tuyn IP MPLS s dng cc nhn trao i vi cc

node gn k xy dng bng chuyn tip nhn (Label Forwarding Table - LFT), l


n tt nghipLi ni u

c s d liu mt phng chuyn tip c s dng chuyn tip cc gi tin c gn

nhn thng qua mng MPLS.

1.4 Cng ngh MPLS-VPN

C hai m hnh VPN chnh l:

VPN xp chng (overlay)

VPN ngang hng (peer-to-peer).

M hnh VPN overlay, c s dng ph bin nht trong mng ca nh cung

cp dch v, thit k v cung cp cc knh o phc v cho bt k lung lu lng no

thng qua mng xng sng. Trong trng hp ca mt mng IP, iu ny c ngha l

nu cng ngh c s l kt ni v hng (connectionless), n cng gn nh yu cu

mt dch v kt ni c hng (connection-oriented). Nhn t pha nh cung cp dch

v, tnh linh hot ca m hnh VPN overlay s b gim i ng k khi phi qun l v

cung cp mt s lng ln cc knh/ng hm gia cc thit b ca khch hng.

Nhn t pha khch hng, vic thit k giao thc cng vo pha trong (Interior

Gateway Protocol) l phc tp v cng rt kh qun l.

M hnh VPN peer-to-peer thiu s c lp gia cc khch hng v s cn thit

v khng gian a ch IP lin kt gia cc thit b ca h.

Vi vic a ra giao thc chuyn mch nhn a giao thc MPLS, c s kt hp

ca chuyn mch lp 2 vi nh tuyn v chuyn mch lp 3, n to ra kh nng xy

dng mt k thut kt hp nhng u im ca VPN overlay (nh l tnh bo mt v s

bit lp gia cc khch hng) v nhng u im nh tuyn n gin khi thc hin m

hnh VPN peer-to-peer em n. K thut mi c gi l MPLS-VPN, lm cho vic

nh tuyn ca khch hng n gin hn v kh nng cung cp ca nh cung cp dch

v cng n gin hn. MPLS cng b sung mt s nhng u im mi ca mt kt

ni gn nh c hng vo mu nh tuyn IP, thng qua vic thit lp cc ng

chuyn mch nhn (LSP-Label Switched Path).

Cu trc MPLS-VPN cung cp kh nng to ra mt mng ring thng qua mt

c s h tng chung. Tuy nhin cc phng php c dng cung cp dch v li

khc nhau.


n tt nghipLi ni u

1.4.1 Cc thnh phn trong mng MPLS-VPN

V c bn cu trc t chc ca mt mng d liu ng dng cng ngh chuyn

mch nhn IP/MPLS c m t nh trong hnh 1.9.

MPLS Domain

CE router PE router CE routerPE router

E-LSR LSR LSR

P router 1 P router 2

C Network(Customer Control) P Network (Provider control)

C Network(Customer Control)

LDP

Hnh 1.9 Cc thnh phn trong mng MPLS-VPN

C nhiu thnh phn c nh ngha trong cu trc MPLS-VPN. Cc thnh

phn ny thc hin nhng chc nng khc nhau nhng kt hp vi nhau cu thnh

mng MPLS-VPN, bao gm:

Provider network (P-network): Mng nh cung cp, mng li MPLS/IP c

qun tr bi nh cung cp dch v.

Provider router (P-router): L router chy trong mng li ca nh cung cp,

cung cp vic vn chuyn dc mng backbone v khng mang cc route ca

khch hng.


n tt nghipLi ni u

Provider edge router (PE-router): Router bin ca mng backbone, n cung

cp phn phi cc route ca khch hng v thc hin p ng cc dch v cho

khch hng t pha nh cung cp.

Autonomous system boundary router (ASBR-router) : Router bin trong mt

AS no , n thc hin vai tr kt ni vi mt AS khc. AS ny c th c cng

hoc khc nh iu hnh.

Customer network (C-network): y l phn c khch hng iu khin.

Customer edge router (CE-router): Router khch hng ng vai tr nh l

gateway gia mng C v mng P. Router CE c qun tr bi khch hng hoc

c th c nh cung cp dch v qun l. Cc phn lin tc ca mng C c

gi l site v c ni vi mng P thng qua router CE.

1.4.2 M hnh nh tuyn MPLS-VPN

MPLS-VPN ging nh m hnh mng ngang cp vi router dnh ring. T mt

router CE, ch cp nht IPv4, d liu c chuyn tip n router PE. CE khng cn

bt k mt cu hnh ring bit no cho php n tham gia vo min MPLS-VPN. Yu

cu duy nht trn CE l mt giao thc nh tuyn (hay tuyn tnh(static)/tuyn ngm

nh (default)) cho php n trao i thng tin nh tuyn IPv4 vi cc router PE.

Trong m hnh MPLS-VPN, router PE thc hin rt nhiu chc nng. Trc tin n

phi phn tch lu lng khch hng nu c nhiu hn mt khch hng kt ni ti n.


n tt nghipLi ni u

Hnh 1.10 Chc nng router PEMi khch hng c gn vi mt bng nh tuyn c lp. nh tuyn qua

backbone thc hin bng mt tin trnh nh tuyn trong bng nh tuyn ton cc.

Router P cung cp chuyn mch nhn gia cc router bin ca nh cung cp v khng

bit n cc tuyn VPN. Cc router CE trong mng khch hng khng nhn bit c

cc router P v do cu trc mng ni b ca mng nha cung cp trong sut i vi

khch hng.

1.4.3 Bng nh tuyn v chuyn tip o

Mi VPN c kt hp vi mt bng nh tuyn - chuyn tip o (VRF- Virtual

Routing and Forwarding tables) ring bit. VRF cung cp cc thng tin v mi quan

h trong VPN ca mt site khch hng khi c ni vi PE router. Bng VRF bao

gm thng tin bng nh tuyn IP (IP routing table), bng CEF (Cisco Express

Forwarding), cc giao din ca forwarding table; cc quy tc, cc tham s ca giao

thc nh tuyn... Mi site ch c th kt hp vi mt v ch mt VRF. Cc VRF ca

site khch hng mang ton b thng tin v cc tuyn c sn t site ti VPN m n l

thnh vin.

i vi mi VRF, thng tin s dng chuyn tip cc gi tin c lu trong

cc IP routing table v CEF table. Cc bng ny c duy tr ring r cho tng VRF

nn n ngn chn c hin tng thng tin b chuyn tip ra ngoi mng VPN cng

nh ngn chn cc gi tin bn ngoi mng VPN chuyn tip vo cc router bn trong

mng VPN.

VRF cha mt bng nh tuyn IP tng ng vi bng nh tuyn IP ton cc,

mt bng CEF, lit k cc giao tip tham gia vo VRF, v mt tp hp cc nguyn tc

xc nh giao thc nh tuyn trao i vi cc router CE. VRF cn cha cc nh danh

VPN (VPN identifier) nh thng tin thnh vin VPN.

1.5 Kt lun chng

Trong nhng nm gn y, cng ngh MPLS- VPN ginh c rt nhiu s

quan tm ca cc nh khai thc cng ngh mng nhm hng ti mt mng tc cao

v bo mt. Thng thng, mi cng ngh u c nhng u nhc im ring. Cng


n tt nghipLi ni u

ngh MPLS- VPN ra i l s kt hp cc c im ca VPN v MPLS. VPN c

nh ngha nh l mng kt ni cc site khch hng m bo an ninh trn c s h

tng mng chung cng vi cc chnh sch iu khin truy nhp v bo mt nh mt

mng ring. Tuy c xy dng trn c s h tng sn c ca mng cng cng nhng

VPN li c c cc tnh cht ca mt mng cc b nh khi s dng cc ng thu

ring. N cho php ni lin cc chi nhnh ca mt cng ty cng nh l vi cc i tc,

cung cp kh nng iu khin quyn truy nhp ca khch hng, cc nh cung cp dch

v hoc cc i tng bn ngoi khc. Do vy, kh nng ng dng ca VPN l rt ln.

MPLS- chuyn mch nhn a giao thc nh tn gi ca n ni ln y

c im ca cng ngh ny. Cm t chuyn mch nhn ngha l vic hon i nhn

c s dng nh mt k thut chuyn tip nm lp di, cn cm t a giao

thc ngha l n c th h tr nhiu loi giao thc lp mng khc nhau ch khng ch

ring IP. ng thi, cc nh cung cp mng cng c th cu hnh chy MPLS trn

nhiu cng ngh lp 2 khc nhau nh PPP, Ethernet, Frame Relay, hay ATM,

Trong chng ny nu ln cc u im ca cng ngh MPLS- VPN v l

l do v sao nn la chn s dng MPLS- VPN. Bn cnh , gii thiu chung v VPN

v MPLS, cc thnh phn v hot ng ca MPLS; cc thnh phn v m hnh nh

tuyn trong mng MPLS- VPN, bng nh tuyn v chuyn tip o. l nhng c

im c bn lm nn tng a ra cc gii php trin khai MPLS- VPN chng

sau.


n tt nghip Chng II: Gii php trin khai MPLS-VPN

CHNG II

GII PHP TRIN KHAI MPLS-VPN

2.1 So snh MPLS-VPN v cc k thut VPN truyn thng

Cc mng VPN truyn thng s dng cc chc nng bo mt nh: to ng

hm (Tunneling), m ho d liu (Encryption), chng thc (Authentication) vi mc

ch t c kh nng bo mt khi truyn d liu gia hai u cui. C rt nhiu cc

giao thc khc nhau c s dng cho cc mng VPN ny nh: GRE, PPTP, L2TP, v

IPSec. Chng u da trn hot ng to ng truyn ring v s dng cc thut ton

m ha d liu. Xt mt v d Site A ni vi site B thng qua mng Internet cng cng

s dng giao thc IPSec vi m ha 3DES.

Hnh 2.1 Kt ni trong mng VPN truyn thng

Hn ch u tin v cng l d nhn thy nht IPSec l lm gim hiu

nng ca mng. Khi xt ng i ca mt gi tin c gi t my tnh A trong mng

A n my tnh B trong mng B. Gi tin t my tnh A s c gi n CPE-A. CPE-

A s kim tra gi tin xem liu n c cn thit phi chuyn n CPE-B hay khng.

Trong mt mi trng mng khng c VPN th gi tin s c truyn ngay n CPE-

B. Tuy nhin, vi giao thc IPSec, CPE-A phi thc hin mt s thao tc trc khi gi


gi tin i. u tin, gi tin c m ha, sau ng gi vo cc gi IP, hot ng

ny tiu tn thi gian v gy tr cho gi tin. Tip theo gi tin s c a vo trong

mng ca nh cung cp dch v. Lc ny, nu gi tin mi c to thnh c kch

thc ln hn kch thc ti a cho php truyn (MTU-Maximum Transmission Unit)

trn bt c mt lin kt no gia CPE-A v CPE-B th gi tin s cn phi c phn

mnh thnh hai hay nhiu gi tin nh hn. iu ny ch xy ra trong trng hp bit

DF (Don't Fragment) khng c thit lp, cn trong trng hp bit DF c thit lp

th gi tin s b mt v mt bn tin ICMP (Internet Control Message Protocol) s c

gi li pha pht. Khi gi tin n c CPE-B, n s c m gi v gii m, hai hot

ng ny tip tc lm tr gi tin trong mng. Cui cng, CPE-B s chuyn tip gi tin

n my tnh B.

Thi gian tr trong mng s ph thuc vo phc tp v tc x l ca cc

CPE. Cc thit b CPE cht lng thp thng phi thc hin hu ht cc chc nng

IPSec bng phn mm khin tr trong mng ln. Cc thit b CPE vi kh nng thc

hin cc chc nng IPSec bng phn cng c th tng tc x l gi tin ln rt nhiu

nhng chi ph cho cc thit b ny l rt t. iu ny dn n chi ph trin khai mt

mng IPSec VPN l rt tn km.

T v d trn, ta d dng nhn thy cc mng IPSec VPN l mng lp trn ca

mng IP v s trao i thng tin trong mng c thc hin bng cch thit lp cc

ng hm gia cc site. iu ny s to nn nhng cu hnh mng khng ti u.

r hn v vn ny, ta s xt hai cu hnh mng, cu hnh hnh sao v cu hnh mng

li.

Cu hnh mng hnh sao bao gm mt site trung tm (hub) c ni vi rt cc

site xa (spoke) khc. Trong cu hnh ny, CPE ca site trung tm thng l mt thit

b rt t tin v ph thuc vo s lng spoke cn kt ni n. V mi mt spoke ny

s thit lp mt ng hm IPSec n site trung tm. Cu hnh mng ny khng ph

hp cho truyn thng gia cc site nhnh (spoke) vi nhau v gi tin t spoke ny n

spoke kia phi i qua site trung tm v ti site trung tm ny s lp li cc tc v nh

ng m gi tin, xc nh ng chuyn tip, m ha v gii m i vi mi gi tin i

qua n. C ngha l mi gi tin s phi i qua hai ng hm IPSec dn n tr x l


cho mi gi tin s tng gp i so vi trng hp hai spoke c th trao i thng tin

trc tip vi nhau.

Gii php duy nht khc phc hin tng trn l thit lp mt mng mt

li. Tuy nhin, cu hnh ny c rt nhiu hn ch, v im hn ch ln nht l kh

nng m rng mng. S lng cc tunnel cn thit h tr mt mng mt li IPSec

v phng din hnh hc s tng cng vi s lng site.

Mt im chng ta cn phi cn nhc khi trin khai cc mng VPN l cc

thit b CPE. Mi nh cung cp cn phi chc chn rng tt c cc CPE s hot ng

tng thch vi nhau. Gii php n gin v v hiu qu nht l s dng cng mt loi

CPE trong mi vng, tuy nhin, iu ny khng phi bao gi cng thc hin c do

nhiu yu t khc nhau. Tuy ngy nay s tng thch khng phi l mt vn ln

nhng n vn cn phi c quan tm khi hoch nh mt gii php mng IPSec VPN.

Mi mt CPE phi ng vai tr nh l mt router v c kh nng h tr

tunneling. Nhng CPE vi chc nng b sung ny i c gi thnh rt cao nn cch

duy nht trin khai IPSec trong mt mch cu l ti cc phn mm IPSec client vo

tt c cc PC pha sau cu. Gii php ny i hi s h tr khch hng cao dn n

nhng kh khn trong qun l mng.

Khai thc v bo dng cng l mt vn na ca cc mng IPSec VPN v

mi mt ng hm IPSec u phi c thit lp bng tay. Cu hnh cho mt ng

hm IPSec n l khng phi l vn th nhng thi gian thit lp v duy tr mt

mng VPN vi nhiu site s tng ln ng k khi kch thc mng c m rng. c

bit l vi mng VPN c cu hnh full mesh th cc nh cung cp dch v s gp

nhiu kh khn trong h tr v x l s c k thut.

Vn bo mt cng cn c quan tm trong cc mng VPN. Mi CPE c th

truy nhp vo mng Internet cng cng nhng tin tc vn cn c bo mt trong qu

trnh truyn gia cc site. V vy, mi thit b CPE phi c bin php bo mt nht

nh (nh Firewall). V s qun l cc firewall ny s tr nn rt kh khn nht l khi

kch thc ca mng rt ln. Vi mt mng VPN khong 100 nt mng, s cn 100

firewall v mi khi cn mt s thay i nh trong chnh sch (policy) ca firewall,


chng ta phi tip cn c 100 firewall ny trong mng. R rng y l mt im hn

ch ln ca cc mng IPSec VPN v kha cnh bo mt.

Di y, ta c bng so snh IP Sec-VPN v MPLS-VPN :

Bng 2.1. So snh IP Sec-VPN v MPLS-VPN

c im MPLS-VPN IP Sec-VPN

Cu hnh im ti im, Hub-and-Spoke,

cu hnh y .

im ti im, Hub-and-Spoke, cu

hnh y .

Bo mt/

Xc thc

phin

Thit lp cc thnh vin VPN

trong qu trnh cung cp dch

v, nh ngha truy nhp ti

nhm dch v trong khi cu

hnh, t chi cc truy nhp

khng hp php.

Xc thc qua chng thc s hoc

kha xc nh trc.

Loi b gi khng ph hp vi

chnh sch bo mt.

Tnh ring

t

Tch lu lng thnh nhng

lung ring bit.

S dng m ha v k thut ng

hm thch hp ti lp a ch mng.

QoS v

SLA

Cho php lp cc SLA vi

nhiu mc, c cc k thut m

bo QoS v k thut lu lng.

Khng ch ra cc QoS v SLA trc

tip.

Kh nng

m rng

C kh nng m rng cao v

khng yu cu cu hnh y

hoc ngang hng.

Chp nhn cc m rng theo kiu

Hub-and-Spoke. Kh nng m rng

ko theo hng lot cc thch thc v

k hoch, phn phi cc kha, qun

l kha v cu hnh cc thit b

ngang hng.

H tr

im

im

C. C.

H tr

truy nhp

C nu c kt ni vi IP Sec. C.


t xa

Cung cp

dch v

Cn mt ln cung cp cc thit

b khch hng v thit b lin

mng nh cung cp.

Gim cc chi ph iu hnh mng

qua phng php cung cp tp

trung.

Trin khai

dch v

Yu cu cc phn t mng

MPLS m dch v ti cc thit

b li v bin ca mng nh

cung cp.

C th trin khai trn bt k h tng

mng IP c sn.

Phn mm

Client

VPN

Khng yu cu, ngi s dng

khng cn phn mm tng tc

vi mng.

Cn phi c khi to cc phn

mm chc nng.

2.2 Bo mt trong mng MPLS-VPN

Khng ging nh cc mng VPN truyn thng, cc mng MPLS-VPN khng

s dng hot ng ng gi v m ha gi tin t c mc bo mt cao.

MPLS-VPN s dng bng chuyn tip v cc nhn tags to nn tnh bo mt cho

mng VPN. Kin trc mng loi ny s dng cc tuyn mng xc nh phn phi

cc dch v VPN, v cc c ch x l thng minh ca MPLS-VPN lc ny nm hon

ton trong phn li ca mng. Trong lnh vc bo mt, mc tiu ca m hnh mng

MPLS-VPN lp 3 l t c s bo mt c th so snh vi s bo mt trong m hnh

mng overlay VPN nh ATM hay Frame Relay mang li.

Bo mt cho VPN phi m bo c s cch ly v thng tin nh tuyn, v

khng gian a ch ca mi VPN. Ngha l vic cp a ch ca mi VPN l hon ton

c lp nhau. Thng tin nh tuyn t VPN ny khng c chy vo VPN khc v

ngc li. Th hai bo mt phi m bo c cu trc mng li hon ton trong sut

vi khch hng s dng dch v. Th ba, bo mt phi m bo c vic trnh lm

gi nhn nh vic lm gi a ch IP v chng cc cuc tn cng t chi dch v cng

nh tn cng truy cp dch v (instrusion).

m bo c iu ny, mng MPLS-VPN s dng c ch sau:


Trong mng MPLS-VPN cho php s dng cng khng gian gia cc VPN

nhng vn to c tnh duy nht l nh vo gi tr 64 bit Route Distinguisher.

Do , khch hng s dng dch v MPLS-VPN khng cn phi thay i a

ch hin ti ca mnh.

Mi router PE duy tr mt bng VRF ring cho mi VPN, v VRF ny ch

ph bin cc route thuc v VPN . Do m bo c s cch ly thng tin

nh tuyn gia cc VPN vi nhau.

MPLS l k thut chuyn mch nhn, v th s chuyn gi d liu i trong

mng khng da vo a ch IP trn mo u gi tin. Hn na, tt c cc LSP

u kt thc ti cc router bin PE ch khng phi kt thc ti cc router P

trong mng. Do mng li bn trong hon ton trong sut i vi khch

hng.

Trong mng MPLS-VPN, kh c th tn cng trc tip vo VPN. Ch c th

tn cng vo mng li MPLS, ri t tn cng vo VPN. Mng li c th tn

cng theo hai cch:

Bng cch tn cng trc tip vo router PE.

Bng cch tn cng vo cc c ch bo hiu MPLS.

tn cng vo mng, trc ht cn phi bit a ch IP. Nhng mng li

MPLS hon ton trong sut so vi bn ngoi, do k tn cng khng bit a ch IP

ca bt k router no trong mng li. H c th on a ch v gi gi tin n nhng

a ch ny. Tuy nhin, trong mng MPLS, mi gi tin i vo u c xem nh thuc

v khng gian a ch no ca khch hng. Do , kh c th tm c cc router

bn trong, k c trong trng hp khi on c a ch. C th vic trao i thng tin

nh tuyn gia router PE v CE s l im yu trong mng MPLS-VPN nhng trn

router PE c th dng ACL, cc phng php xc thc ca giao thc nh tuyn dng

trn kt ni s m bo c vn bo mt.

Vic lm gi nhn cng kh c th xy ra ti v router PE ch chp nhn nhng

gi tin t router CE gi n l gi tin khng c nhn, nu gi tin l c nhn th nhn

l do PE kim sot v qun l.


Vn bo mt trong cc mng MPLS-VPN c m bo v mt VPN khp

kn bn thn n t c s an ton thng tin do khng c kt ni vi mng

Internet ccng cng. Nu c nhu cu truy nhp Internet, mt tuyn s c thit lp

cung cp kh nng truy nhp. Lc ny, mt firewall s c s dng trn tuyn ny

m bo mt kt ni bo mt cho ton b mng VPN. C ch hot ng ny d dng

hn nhiu cho hot ng qun l mng v ch cn duy tr cc chnh sch bo mt cho

mt firewall duy nht m vn m bo an ton cho ton b VPN.

T nhng vn nu trn, ta thy vic bo mt trong mng MPLS-VPN hon

ton c th so snh ngang bng vi vic bo mt trong mng ATM hay Frame Relay.

2.3 Cht lng dch v trong mng MPLS-VPN

QoS l mt khi nim dng cp n tt c cc kha cnh lin quan n

hiu qu hot ng ca mng. QoS bao gm hai thnh phn chnh:

Tm ng qua mng nhm cung cp cho dch v c yu cu.

Duy tr hiu lc hot ng ca dch v.

Hai m hnh cung cp cht lng dch v c s dng ph bin ngy nay l:

M hnh dch v tch hp IntServ (Intergrated Services).

M hnh dch v phn bit DiffServ (Differentiated Services).

C nhiu nguyn nhn gii thch ti sao m hnh IntServ khng c s dng

theo kp mc pht trin ca Internet. Thay vo , IntServ ch c s dng ph

bin trong cc m hnh mng vi quy m nh v trung bnh. Trong khi , DiffServ li

l m hnh cung cp cht lng dch v c kh nng m rng. C ch hot ng ca

m hnh ny bao gm qu trnh phn loi lu lng v ti thnh phn bin mng, qu

trnh xp hng ti mi nt mng v x l hu gi trong li mng. Trong , phn ln

cc qun l x l c thc hin ti thnh phn bin mng m khng cn phi lu gi

trng thi ca cc lung lu lng trong li mng.

Khi cung cp dch v MPLS-VPN cho khch hng, yu cu t ra l kh nng

cung cp cht lng dch v p ng c mt s lng ln cc khch hng VPN vi

nhng yu cu a dng ca h. V d, mt nh cung cp dch v c th cung cp nhiu

lp cht lng dch v cho mt VPN v nhng ng dng khc nhau trong VPN s


thuc v nhng phn lp dch v khc nhau. Vi cch thc ny, dch v mail s thuc

v mt lp dch v CoS (Class of Service) no trong khi nhng ng dng thi gian

thc c th thuc v mt lp dch v khc. Hn na lp dch v CoS ca mt ng

dng thuc v mt VPN no c th khc vi lp dch v ca cng ng dng

nhng li thuc v VPN khc. C ngha l mi VPN c lp trong vic n nh lp

dch v. V tu mng, tu nh cung cp dch v m ta li xt cht lng dch v cho

tng VPN khc nhau.

Hai m hinh c s dung m ta QoS trong MPLS-VPN la :

M hinh ng

M hnh vi

Trong m hinh ng mt nha cung cp dich vu VPN cung cp cho mt khach

hang VPN mt QoS c inh am bao cho d liu i t mt b inh tuyn CE cua

khach hang ti cac b inh tuyn CE khac. V mt y nghia nao o thi ta co th hinh

dung m hinh nay nh mt ng ng ma no kt ni hai b inh tuyn vi nhau, va

lu lng gia hai b inh tuyn trong ng ng nay co nhng gia tri QoS xac inh.

Vi du v mt loai QoS co th c cung cp trong m hinh ng la gia tri bng thng

nho nht gia hai vung.

Ta co th cai tin m hinh ng bng vic tao mt tp con cua tt ca cac lu

lng t mt CE ti cac CE khac co th s dung ng ng. Quyt inh cui cung ln

lu lng nao co th s dung ng ng mang y nghia cuc b i vi b inh tuyn

PE tai u ng.

Chu y la m hinh ng kha ging vi m hinh QoS ma cac khac hang VPN co

c hin nay vi cac giai phap da trn FrameRelay hoc ATM. S khac nhau cn

ban la vi ATM hay FrameRelay la kt ni theo hai hng trong khi trong m hinh

ng cung cp kt ni theo mt hng. Trn thc t ng ng la n hng khng i

xng tng ng vi kiu lu lng, do o tng lu lng t mt vung ti vung khac

co th khac vi tng lu lng theo hng ngc lai.

Xem xet vi du biu din trn hinh 2.2, y nha cung cp dich vu cung cp cho

VPN A mt ng ng am bao bng thng 7Mb/s cho lu lng t vung 3 n vung

1 va mt ng ng khac am bao bng thng 10Mb/s cho lu lng t vung 3


nvung 2. Cung nh vy, co th co hn mt ng kt thuc tai vung cho trc.

Hnh 2.2 M hinh ng QoS trong MPLS-VPN

Mt u im cua m hinh ng la no ging vi mt hinh QoS ang c cac

khach hang VPN s dung vi FrameRelay hay ATM. Do o, no co th la d hiu i

vi cac khach hang. Tuy nhin, m hinh ng cung co mt vai nhc im. Th nht,

no oi hoi mt khach hang VPN phai bit toan b ma trn lu lng cua no. Tc la,

cho tt ca cac vung, khach hang phai bit tng lu lng i t mt vung n cac vung

khac. Thng thi thng tin nay khng co sn, thm chi la nu co thi cung bi li thi.

Trong m hinh voi, nha cung cp dich vu VPN cung cp cho khach hang mt

am bao chc chn cho lu lng ma b inh tuyn CE cua khach hang gi i va nhn

v t cac b inh tuyn CE khac trong cung mt VPN. Trong trng hp khac khach

hang phai chi inh bng cach nao lu lng nay c phn phi trong cac b inh


tuyn CE. Kt qua la ngc vi m hinh ng, m hinh voi khng oi hoi khach hang

bit ma trn lu lng ma iu nay la ganh nng vi cac khach hang mun s dung

dich vu VPN.

Hnh 2.3 M hinh voi QoS trong MPLS-VPN

M hinh voi s dung hai tham s, tc cam kt li vao ICR va tc cam kt

li ra ECR. ICR la tng lu lng ma mt CE co th gi ti cac CE khac trong khi

ECR la tng lu lng ma mt CE co th nhn t cac CE khac. Noi cach khac, ICR

ai din cho tng lu lng t mt CE cu th, trong khi ECR ai din cho tng lu

lng ti mt CE cu th. Chu y la vi mt CE cho trc, khng oi hoi ICR cn bng

vi ECR.

minh hoa m hinh voi, xem xet vi du biu din trn hinh 2.3, y nha

cung cp dich vu cung cp cho VPN B mt am bao chc chn vi bng thng 15Mb/s

cho lu lng t vung 2 ti cac vung khac (ICR=15Mbps) ma khng chu y n liu

lu lng nay i ti vung 1 hay vung 3 hay c phn phi gia vung 1 va vung 3.

Cung nh vy nha cung cp dich vu cung cp cho VPN B mt am bao chc chn vi

bng thng 7Mbps cho lu lng t vung 3 gi ti cac vung khac trong cung VPN

(ICR=7Mbps), khng chu y n liu lu lng ti vung 1 hay vung 2 hay c phn

phi trong vung 1 va 2. Tng t nh vy nha cung cp dich vu cung cp cho VPN B


s am bao vi bng thng 15Mbps cho lu lng gi ti vung 2 (ECR=15Mpbs) ma

khng chu y ti liu lu lng xut phat t vung 1 hay vung 3 hay c phn phi

gia vung 1 va vung 3.

M hinh voi h tr nhiu CoS vi cac dich vu khac nhau t mt trong s cac

c tinh cht lng lin quan. Vi du, mt dich vu co th co kha nng mt mat goi tin it

hn dich vu khac. Vi cac dich vu oi hoi phai co s am bao ln (nh am bao v

bng thng), thi m hinh ng phu hp hn.

M hinh ng va voi khng phai la cac m hinh i ngc nhau. Nghia la, nha

cung cp dich vu co th cung cp cho khach hang VPN mt kt hp gia cac m hinh

ng va voi, va co th giup cho khach hang quyt inh loai dich vu nao cn mua va loai

lu lng nao nn co gi tri CoS nao.

h tr m hinh ng chung ta s dung cac LSP bng thng bao am. Nhng

LSP nay bt u va kt thuc tai cac b inh tuyn PE va c s dung cung cp

bng thng am bao cho tt ca cac ng t mt PE n cac PE khac. Tc la vi mt cp

b inh tuyn PE, y co th co nhiu b inh tuyn CE gn lin vi cp b inh

tuyn PE nay ma chung a co cac ng ng gia chung va hn la s dung mt LSP

bng thng am bao cho mi ng nh vy, chung ta s dung mt LSP cho tt ca.

Vi du trong hnh 2.2 co th co mt ng cho VPN A t CEA3 ti CEA1 va mt ng

khac cho VPN B t CEB3 ti CE2B1. h tr hai ng nay, chung ta thit lp mt LSP

t PE3 ti PE1 va d tr trong LSP bng thng co ln bng tng bng thng cua hai

ng. Khi PE3 nhn goi tin t CEA3 va goi tin co ich la mt host vung 1 cua VPN A,

PE3 quyt inh di s iu khin cua cu hinh cuc b cua no xem liu goi tin nhn

CoS nao. Nu nh vy, sau o PE3 gi chuyn tip goi tin doc theo LSP t PE3 ti PE1.

S dung mt LSP bng thng c inh tai nhiu ng gia mt cp b inh

tuyn PE cai thin tinh m rng cua giai phap do s LSP ma nha cung cp dich vu phai

thit lp va duy tri phu thuc vao s cp b inh tuyn PE cua nha cung cp dich vu

hn la phu thuc vao s ng ng cua cac khac hang VPN ma nha cung cp co th

co.

h tr CoS trong m hinh voi, nha cung cp dich vu s dung cac dich vu

khac nhau vi MPLS. Nha cung cp dich vu cung ap dung ky thut lu lng cai


thin kha nng s dung mang trong khi at c nhng muc tiu v cht lng mong

mun.

Cac thu tuc b inh tuyn PE li vao quyt inh loai lu lng nao nhn c

CoS nao ri vao m hinh voi hay ng la hoan toan mang tinh cuc b i vi b inh

tuyn PE o. Nhng thu tuc nay co th xem xet cac yu t nh giao din li vao, ia

chi IP ngun, ich, quyn u tin IP, s cng TCP, hoc s kt hp cua nhng yu t

trn. iu nay mang lai cho nha cung cp dich vu s mm deo vi khia canh iu

khin xem loai lu lng nao nhn CoS nao.

Mc du cac khach hang ky kt hp ng vi nha cung cp dich vu cho s lu

lng cu th trong CoS cu th, khach hang co th gi lu lng vt qua lng o.

quyt inh liu lu lng co nm trong hp ng ky kt, nha cung cp dich vu s

dung cac chinh sach tai b inh tuyn PE li vao. Vi lu lng vt khoi giao c,

nha cung cp co hai kha nng la chon: hoc la loai bo lu lng nay ngay lp tc tai

b inh tuyn li vao hoc gi lu lng i nhng anh du no khac vi cac lu lng

nm trong hp ng. Vi s la chon th hai, giam phn phi khng ung thu tuc,

ca lu lng nm trong hoc vt khoi hp ng u c gi theo cung mt LSP.

Lu lng vt hp ng se c anh du khac va cach anh du nay anh hng n

kha nng loai bo trong trng hp co tc nghen.

2.4 Kh nng m rng v cc m hnh MPLS- VPN nng cao

Trong phn ny s phn tch kh nng m rng ca m hnh MPLS- VPN khi

so snh vi m hnh VPN truyn thng v kh nng cung cp dch v.

cung cp dch v mng ring o da trn khi kin trc MPLS, MPLS phi

p ng c yu cu cung cp dch v cho khch hng nhiu ni khc nhau. N

phi c kh nng truyn thng tin nh tuyn t khch hng ny dc mng backbone

qung b cho site khch hng khc cng thuc v cng mt VPN. t c iu

ny th phin MP-iBGP phi c thit lp gia cc router PE. R rng y l m hnh

full-mesh gia cc phin MP-iBGP. Trong VPN chng ln cng tng t nh vy.

Nhng m hnh full-mesh hon ton khng c kh nng m rng v s lng phin

MP-iBGP l rt ln, v cng tng ln khi s lng khch hng VPN tng ln. V khi

c mt router mi c thm vo mng backbone ca nh cung cp th lng ging


BGP mi ny phi thm vo cu hnh BGP li trn tt c cc router chy BGP tn

ti trc duy tr m hnh full-mesh. i vi mng c n router th kt ni trong

mng l n(n-1)/2 kt ni. S lng phin BGP ph thuc vo nhiu nhn t, m nhn

t chnh l b nh trong router v tc ca CPU. M hnh full-mesh c th vn c

trin khai (thm ch l rt thch hp) trong nhng mng c kch thc kh nh v b

nh v CPU ca router c th p ng c s lng phin MP-iBGP. Nhng khi

quan tm n vn m rng mng th ta khng nn s dng m hnh full-mesh.

Trong MPLS-VPN s dng cc k thut c sn trong BGP-4 trin khai m

hnh mng ring o m bo c kh nng m rng l s dng route reflector v

confederation. Nh vo hai kh nng trn m nh cung cp c th trin khai nhiu m

hnh MPLS-VPN phc tp.

M hnh mng MPLS-VPN thng thng ch dnh cho cc site VPN khch

hng kt ni n cng mt nh cung cp dch v dc kt ni gia PE v CE, vic trao

i thng tin nh tuyn dc nhng lin kt ny khng cn c s tham gia ca MPLS,

cng nh khng c s trao i trc tip no gia cc site khch hng. Trong trng

hp ny, router PE duy tr ton b qu trnh iu khin gia cc site vi nhau thng

qua s cch ly gia cc VPN. Cc m hnh MPLS-VPN cho php trao i thng tin

nhn v cc gi tin c gn nhn n t cc thit b nm ngoi s iu khin ca nh

cung cp dch v bao gm:

MPLS-VPN Inter-AS

Carriers Carrier

2.4.1 M hnh MPLS-VPN Inter-AS

H thng t tr (AS) l mt mng hoc mt nhm nhiu mng chia s cng mt

chnh sch (v d nh cng mt giao thc nh tuyn) v hot ng trong mt min

nht nh (domain). AS c iu khin bi nh qun tr h thng (hay mt nhm

qun tr chung).

u im ca MPLS-VPN inter-AS:

Cho php mt VPN i qua nhiu mng backbone ca nhiu nh cung cp

dch v.


Mi nh cung cp dch v, qun tr mi AS khc nhau, c th p ng dch

v MPLS-VPN cho cng mt khch hng u cui. Mt VPN c th bt u

mt site khch hng v di duyn qua nhiu mng backbone ca nh cung cp

dch v khc nhau trc khi n site khc ca cng khch hng . c im

ny cho php nhiu AS thnh lp mt mng lin tc gia cc site khch hng

vi ca mt nh cung cp.

Cho php mt VPN tn ti trong nhiu vng khc nhau.

Mt nh cung cp dch v c th to ra VPN trong nhiu vng a l khc

nhau. V vic c tt c lu lng VPN chy qua mt im (gia cc vng) cho

php iu khin tc lu lng mng tt hn gia cc vng .

M hnh inter-AS c chia ra thnh 2 kt ni nh sau:

Kt ni gia cc nh cung cp vi nhau (inter-provider connectivity).

Kt ni gia cc AS vi nhau (BGP confederation).

2.4.1.1 Kt ni gia cc nh cung cp vi nhau

y l m hnh bao gm nhiu hn hai AS kt ni vi nhau bng cc router

bin. Cc AS trao i route s dng EBGP. Khng c IGP hoc thng tin nh tuyn

no c trao i gia cc AS ny.


Hnh 2.4 M hnh kt ni back-to-back VRF

Trong gii php ny, mi AS c cch ly vi AS khc, cung cp iu khin tt

hn qua vic trao i thng tin nh tuyn v bo mt gia hai mng. Tuy nhin,

nhc im ca n l khng c kh nng m rng v ASBR cn duy tr mt VRF trn

mt VPN, v VRF phi duy tr tt c cc route cho VPN . Nu mt VRF c qu

nhiu route th s nh hng n b nh. Do gii php ny nn trin khai khi m

nh cung cp dch v m bo c ASBR s p ng c yu cu m rng mng.

Phn phi route dc link gia hai ASBR s dng external MP-BGP. Gii php

ny cho php cc router ASBR s dng external MP-BGP (phin MP-BGP c thc

hin gia hai router khng thuc v cng mt AS, n ging nh EBGP) qung b

route VPNv4 gia cc AS, sau router ASBR nhn s phn phi route VPNv4 vo

AS ca mnh. Nh hnh v 2.5:

Hnh 2.5 Phn phi route gia hai ASBR s dng giao thc external MP-BGP

Gii php ny cho php ASBR s dng external MP-BGP qung b route

VPNv4 gia hai AS. Gi router ASBR gi qung b l router S, router ASBR nhn

qung b l router R. Router R sau s phn phi route VPNv4 vo local AS ca n.

External MP-BGP cung cp chc nng qung b thng tin prefix/nhn VPNv4 dc

bin mng nh cung cp. Router S s thay th chng nhn (chng nhn ny n s dng


tm router PE khi to route v a ch VPN ch trong AS ca n) bng nhn

c ch nh trc khi qung b route VPNv4. ASBR s dng a ch IPv4 ca n

lm BGP next-hop (v qung b route gia hai AS khc nhau theo tnh cht ca thuc

tnh next-hop). Do router ASBR tr thnh im kt cui ca LSP cho cc route

c qung b. bo v ng chuyn mch nhn gia ingress v egress router PE,

router ASBR phi to ra mt nhn mang tnh cc b, gi nhn ny l L. Nhn L c

s dng nhn din chng nhn ca route trong mng VPN. Thng qua phin

external MP-BGP gia hai router ASBR, router S to ra nhn L v truyn i trong cp

nht n cho router R. Sau , router R s dng nhn L ny nh l nhn VPN trong

chng nhn m cc gi tin phi mang trong mng ca router R. Khi router R gi

ngc li route cho router S, router s nhn vo nhn L nhn bit route VPN.

M hnh ny p ng c yu cu v kh nng m rng, nhng li c hn ch

v mt bo mt v cht lng dch v.

Trong mi mng backbone ca nh cung cp dch v, mi router PE c phin

lm vic MP-BGP vi route- reflector ni b. Router PE trao i tt c cc route VPN

ca n vi route- reflector. Trao i route VPNv4 gia cc route- reflector. a ch

next-hop ca router PE cho route VPNv4 c trao i gia cc router ASBR.

Hnh 2.6 Trao i route gia hai AS s dng route reflector


2.4.1.2 Kt ni gia cc AS vi nhau s dng BGP

MPLS-VPN c th chia mt AS ra thnh nhiu AS nh hn. Mng bn ngoi

nhn vo Confederation nh l mt AS duy nht. Cc router ngang cp trong cc AS

lin lc vi nhau thng qua phin EBGP. Tuy nhin, chng li trao i thng tin nh

tuyn nh l IBGP ngang cp.

Trong hnh 2.7, AS 100 chia thnh hai AS con l AS65002 v AS 65001. Trong

mng ConfedCom, router PE1 nhn cp nht cho route 195.12.2.0/24 t VPN CusNet

ca khch hng. Cp nht ny c a vo bn VRF CusNet v c qung b bng

cch s dng MP-iBGP n router ASBR1 vi a ch next-hop l 194.17.1.2/32 v

nhn VRF l 11. Route ny sau li c qung b dc bin gia cc AS con n

router ASBR2, vi next-hop v nhn khng thay i. Router ASBR2 ny li qung b

route n router PE2, router PE2 thm route vo bng VRF ca n.

Hnh 2.7 Qu trnh truyn route trong gii php BGP Confederation

2.4.2 M hnh Carrier h tr Carrier - CSC

T nhng u im ca cng ngh MPLS-VPN cng vi s pht trin v m

rng mng ra nhiu vng a l khc nhau, nhiu doanh nghip ln, doanh nghip

trung bnh, nhiu nh cung cp dch v MPLS-VPN nh hn, v nhiu nh cung cp


dch v Internet (ISP) nhn thy rng khi kt ni vo mng backbone MPLS-VPN

h c th trnh c vic phi xy dng c s h tng lp 2 cho mng ca mnh. Thay

vo s dng mng backbone ca nh cung cp MPLS-VPN kt ni cc site li

vi nhau. Ngoi vn gim thiu c chi ph th mi site c th kt ni n ton b

cc site ngang cp vi n, tc l full-mesh. Do s cung cp c nh tuyn ti u

nht. iu ny c ngha l cho php tt c cc khch hng nh vy truy cp vo

mng MPLS-VPN backbone th mng backbone phi c kh nng mang mt s lng

cc k ln thng tin nh tuyn cho mi c nhn khch hng. V d nh ISP, nh cung

cp dch v Internet, hu nh cn phi trao i mt phn, nu khng ni l ton b,

bng nh tuyn Internet gia cc site ca h khch hng ca h c th truy cp

c Internet.

Vic truy cp n nhng khch hng ny gy ra vn kh khn khi m rng,

v mi router PE phi duy tr tt c thng tin nh tuyn local trong mt VRF. Thng

tin nh tuyn ny sau c phn phi n tt c cc router PE c lin quan, lc

router CE hon ton c th t c thng tin nh tuyn thch hp. gii quyt vn

m rng trong trng hp trn (tc l vn nh tuyn khi nh cung cp dch v

ny li l khch hng ca nh cung cp dch v khc) mt gii php mi c m rng

ra t MPLS-VPN chun, gi l Carrier h tr Carrier (Carrier supporting Carrier, vit

tt l Carriers Carrier- CSC).

Carriers Carrier l thut ng c s dng m t mt tnh hung khi mt

nh cung cp dch v cho php nh cung cp dch v khc s dng mt phn trong

mng backbone ca h. Nh cung cp dch v cung cp mt phn trong mng

backbone cho nh cung cp dch v khc c gi l Carrier backbone. Nh cung cp

dch v m s dng mt phn trong mng backbone c gi l Customer Carrier

(Carrier khch hng).

Cc loi route Carrier's Carrier

hiu c gii php Carrier's Carrier c th thc hin kh nng m rng

cng nh s cch ly mng Carrier backbone nh th no, ta cn phi bit c cc loi

route no s c s dng dnh cho kt ni bn trong (internal) ca mt VPN no ,

v loi route no thuc v khch hng bn ngoi (external) ca VPN .

Gi s ISP l khch hng VPN ca mng backbone MPLS-VPN, tt c cc lin


kt bn trong ISP, cc dch v bn trong cung cp n cho khch hng ca h nh

web, DHCP, cc interface loopback (interface loopback c dng qun l

mng, BGP peering) c xp vo loi internal route. Cn tt c cc route t internet

v t khch hng bn ngoi ca ISP c gi l external route (cc route bn ngoi).

u im ca vic trin khai MPLS- VPN CSC

Mng MPLS-VPN CSC cung cp nhiu u im cho nh cung cp dch v, k

c Carrier backbone v Carrier khch hng.

u im i vi Carrier backbone:

Carrier backbone c th cung cp cho nhiu Carrier khch hng v cho php h

truy cp vo mng backbone. Carrier backbone khng cn phi to v duy tr mi

backbone ring cho mi Carrier khch hng. S dng mt mng backbone h tr

nhiu Carrier khch hng ch n gin thng qua hot ng VPN ca Carrier

backbone. Carrier backbone ch cn s dng mt phng php c nh qun l v

duy tr mng backbone. iu ny c ngha l tit kim c chi ph v hiu qu hn so

vi vic phi duy tr ring tng backbone.

c im MPLS-VPN CSC c kh nng m rng, n c th thay i VPN

p ng nhu cu bng thng v kt ni. N c th h tr n mi ngn VPN qua

cng mt mng, v cho php nh cung cp dch v c th va p ng dch v VPN

va p ng c dch v Internet.

MPLS- VPN CSC l mt gii php linh ng. Carrier backbone c th h tr

nhiu loi Carrier khch hng. Carrier backbone c th chp nhn cc Carrier khch

hng l ISP hoc l nh cung cp dch v VPN, hoc c hai. N c th h tr Carrier

khch hng yu cu bo mt v nhiu loi bng thng.

u im ca Carrier khch hng:

MPLS- VPN CSC gip cho Carrier khch hng loi b vic phi cu hnh, hot

ng v duy tr mng backbone ca ring h. Carrier khch hng s dng mng

backbone ca Carrier backbone.

Carrier khch hng s dng dch v VPN ca Carrier backbone nhn cng mc

bo mt nh cc VPN lp 2 nh Frame Relay, ATM. Carrier khch hng cng c


th s dng IPsec trong VPN ca h bo mt mc cao hn, vic ny hon ton

trong sut i vi Carrier backbone.

Carrier khch hng c th s dng bt k m hnh a ch no v vn c h

tr bi Carrier backbone. Khng gian a ch khch hng v thng tin nh tuyn ca

mt Carrier khch hng c lp vi Carrier khch hng khc, v c lp vi Carrier

backbone.

2.5 Cc gii php trin khai MPLS-VPN

C rt nhiu cch kt hp c th trong vic s dng cu trc h tng mng d

liu Internet ng dng cng ngh MPLS cung cp cc dch v MPLS-VPN, ty

thuc vo vic lm th no nh cung cp dch v c th kt hp gia cc lu lng

MPLS-VPN v lu lng Internet. Cc m hnh cu trc h tng nh vy gm c:

Kt ni Internet v MPLS-VPN chia s (Shared MPLS-VPN v Internet

Connectivity);

Kt ni Internet v MPLS-VPN chia s mt phn (Partially Shared);

Kt ni Internet v MPLS-VPN tch bit hon ton (Full Separation).

Khch hng ca nh cung cp dch v c th lun chn hoc a dch v hoc l

khch hng dnh ring, bt k cu trc h tng mng nh cung cp dch v thc hin.

Ngoi ra, cu trc hnh hub/spoke hoc fully-meshed ti cc mng ca khch hng

cng c th c thc hin trn bt k cu trc no trn.

2.5.1 Kt ni Internet v MPLS-VPN chia s

Trong m hnh kt ni th hin trn hnh 2.8, c router P v PE h tr lu lng

Internet v VPN. Mt router PE c th kt ni c Internet v c khch hng VPN.

Router PE c th c hoc khng c bng nh tuyn Internet y . PE v Internet

GW trong cng vng IBGP.

u im ca m hnh kt ni ny:

Mt mng trc;

Mt router bin cho kt ni khch hng;

Qun l d hn;


C th cung cp cc dch v tp trung.

Nhc im ca m hnh ny nm kha cnh an ninh v nng lc hot ng

ca router do PE phi thc hin c kt ni Internet v khch hng VPN.

Hnh 2.8 Kt ni MPLS-VPN chia s

2.5.2 Kt ni Internet v MPLS-VPN chia s mt phn

Hnh 2.9 m t cu trc kt ni Internet v MPLS-VPN chia s mt phn, trong

router P c chia s, s dng cc router PE khc nhau cho lu lng Internet v

VPN. Hai giao din s phi c trn thit b router ca khch hng kt ni n hai

PE khc nhau.


Hnh 2.9 Kt ni Internet v MPLS-VPN chia s mt phn

2.5.3 Kt ni Internet v MPLS-VPN tch bit hon ton

u im ca m hnh kt ni Internet v MPLS-VPN tch bit hon ton l

tch bit vt l gia Intranet/Extranet v Internet; phn tch gia IGP v EGP.

Nhc im ca m hnh ny l cn phi c hai mng ring. Do vy y khng

phi l gii php kinh t.


Hnh 2.10 Kt ni Internet v MPLS-VPN tch bit hon ton.

2.6 Kt lun chng

Trong nhng nm gn y, cng ngh chuyn mch nhn a giao thc MPLS

c rt nhiu quc gia la chn xy dng v pht trin h thng mng vin

thng ca mnh. Mt trong nhng ng dng in hnh ca MPLS l dch v mng

ring o MPLS VPN. Dch v ny gp phn rt ln vo s pht trin nhanh chng

ca MPLS v m ra nhiu kh nng ng dng mi.

Trong chng ny so snh MPLS- VPN vi k thut VPN truyn thng,

cp n vn bo mt v QoS trong MPLS- VPN. Cui chng c a ra cc m

hnh MPLS- VPN nng cao v gii php trin khai MPLS- VPN.

C th ni, vic trin khai cng ngh VPN trn nn MPLS ha hn nhiu thun

li mi v chc chn s l gii php l tng cho mng ring o trong tng lai.

n tt nghip Chng III:Trin khai MPLS-VPN trn h thng Router

CHNG III

TRIN KHAI MPLS-VPN TRN H THNG ROUTER

CA CISCO

3.1 Cc bc thc hin cu hnh MPLS- VPN

Hnh 3.1 Cc bc cu hnh MPLS- VPN

Hnh 3.2 Cu hnh chuyn tip MPLS


Hnh 3.3 Cu hnh giao thc nh tuyn BGP trn cc router PE

Hnh 3.4 nh ngha VPN VRF v cc thuc tnh ca n


3.2 Bi ton t ra v cch gii quyt

V d trn hnh 3.5 din t cch to MPLS- VPN t CE1 n CE2:

Hnh 3.5 To MPLS-VPN t CE1 n CE2

Bc1: MPLS chy trn li. Mi router PE qung co a ch loopback ca

n: PE1 qung co 1.1.1.1/32 v PE2 qung co 2.2.2.2/32. TDP hay LDP dng

phn phi thng tin gn nhn gia cc router chy MPLS. Trn mi router PE, LFIB

cha mt nhn gn vi a ch loopback 33bit ca router PE khc. Khi PE1 chuyn

tip gi t 2.2.2.2 trn PE2, n s gn thm nhn {20} cho gi v khi PE2 chuyn tip

mt gi t 1.1.1.1, n s t nhn {10} cho gi.

Bc 2: nh tuyn v chuyn tip VPN c to trn PE1 v PE2, gi l

VPNA.

Bc 3: PE1 dng giao tip S0/0 trong VPN ny v PE2 dng giao tip

S0/1.

Bc 4: OSPF chy gia cc PE1v CE1; PE2 v CE2.

Bc 5: Khi PE1 nhn tuyn ng ti mng 10.1.1.0 t CE1, router t n

trong bng nh tuyn ca VPNA. Lc ny, n gn nhn {5} cho tin t. Khi PE2 nhn

tuyn ng ti mng 10.1.2.0 t CE2, n t vo bng nh tuyn ca VPNA. Lc

ny nhn {6} c gn cho tin t (xem hnh 3.6).


Hnh 3.6 Qu trnh nh tuyn v gn nhn

Bc 6: PE1 sau gi cp nht MP-iBGP a giao thc ti PE2 qung co

mng 10.1.1.0. Cp nht cng cha nhn {5} m PE1 gn cho tin t 10.1.1.0, v PE2

gn thm vo bt k gi no ti mng 10.1.1.0 trc khi n chuyn tip gi. Khi PE1

qung co tuyn, n t a ch BGP chng k l 1.1.1.1/32, l a ch loopback ca

n.

Bc 7: PE2 sau gi cp nht iBGP a giao thc cho PE1 qung co

mng 10.1.2.0. Cp nht cng cha nhn {6}, m PE2 gn cho tin t 10.1.2.0 v PE1

phi gn thm vo cc gi ti mng 10.1.2.0 trc khi chuyn tip n. Khi PE2 qung

co tuyn ng, n t a ch BGP chng k l 2.2.2.2/32 l a ch loopback ca n.

Bc 8: PE1 a tin t 10.1.2.0 vo bng nh tuyn ca VPNA v PE2

a tin t 10.1.1.0 vo bng nh tuyn ca VPNA.

Bc 9: Lc ny, nu xem bng nh tuyn ca VPNA trn r

Documents

[123doc.vn] - Trien Khai Mpls VPN Tren He Thong Router Cua Cisco