Upload
truongnguyet
View
215
Download
2
Embed Size (px)
Citation preview
MPLS VPN
7 ISP MPLS VPN ISP ISP VPN Policy Server Policy Manager Policy Manager Policy Server ISP MPLS VPN
VPN
VPN
4.1 MPLS VPN
4.1.1 MPLS VPN
ISP Autonomous System(AS) BGP (Split Horizon) BGP BGP AS BGP (Full-Mesh) AS BGP BGP BGP TCP session (Full-Mesh)BGP TCP session number n(n-1)/2 n BGP BGP TCP session BGP
BGP (Route Reflector,RR) 4-1 AS
50
BGP (Route Reflector,RR) BGP BGP BGP TCP session BGP RR() BGP RR RR BGP BGP BGP
AS BGP AS RR RR RRASRR BGP TCP session
core
ASBR3
ASBR4
RR1 RR2
ISP_C
ISP_B
ASBR2
ASBR1
ISP_A Internet
core
corecore
ASBR
ASBR
ISP_D
ISP_E
ASBR
ASBREBGP
EBGPEBGP
EBGP
iBGP
4-1ISP BGP
MPLS VPN RR MPLS VPN ( PE Router BGP TCP session 2.2.2 2-17) PE Router VPN 4-2 VPN RR PE Router RR BGP TCP session VPN RR VPN RR PE Router RR VPN Server PE Router VPN Client Client PE Router Server RR Update
51
VPN_A
VPN_A
VPN_B
10.3.0.0
11.1.0.0
11.5.0.0
P P
PP
PE 4
PE 3 CE
CE
CE
RR1 RR2
VPN_A
VPN_B
VPN_B
10.1.0.0
10.2.0.0
11.6.0.0
CE
PE1
PE2CE
CE
VPN_A
11.2.0.0CE
MPLS Network
MP-BGP
4-2MPLS VPN
4.1.2 MPLS VPN
ISP
delay time voice delay sensitve traffic ISP MPLS ISP Pop MP-BGP ISP ISP peering transit
ISP MPLS trunk 4-3ISP ASBR(Autonomus System Border Router) MP-BGP ISP end-to-end Qos ISP PE-to-PE ISP
52
ISP ISP ISP
ISP ISP
PP
PP
PECE
RR
ASBR
ASBR
P P
PPPE
RR
MP-BGP
MPLS NetworkAS 20000
MPLS NetworkAS 10000
ISP B
ISP A
LAN
A
LAN
ACE
4-3MPLS VPN
4.2 MPLS VPN
MPLS VPN
Policy-based framework MPLS VPN(Configuration Management)(Fault Management) (Performance Management)(Policy) Policy-based (Rules) 4-4
DMTF IETF Policy-based Network ( 2.5.2)
53
Network Manager Policy Manager Secure Socket Layer(SSL)
ISPPolicy ManagerPolicy RepositoryCGI LDAP PM PDP CGI PDP MPLS PM for TEVPN PM for VPN
PDP PEP Secure Shell (SSH)ACL(Acess Control List)SSH
PDP PEP Common Open Policy Service (COPS) ISP telnet script CLI
MPLS VPN8ISPISPVPNQos(ISPIPLCISP)
agent
VPN
54
P P
PP
PE CE
PE
CE
VPN_B10.3.0.0
VPN_B10.2.0.0
MPLS Core
Policy Repository
Policy Client (PEP)
PDPPolicy Server
Policy protocol(CLI,SNMP)
CGI
CGICGI
Network Manager
SSL
PDPPolicy Server
PDPPolicy Server
Inter-AS VPN BackupVPNQosPolicy Manager
4-4MPLS VPN
4.3 MPLS VPN
4.3.1 MPLS VPN
VRF
PE Router VRF VPN VPN Routing Table VPN Routing Table PE Router Grobal IP Routing Table [] F8208102 VRF
RD
RD 64bits IPv4 (global unique) 96bits VPNv4 VPN IP VRF RD VPN ISP MPLS () ISP BGP AS no. 4782:8208102
55
RT
Route Targets BGP communities Extended communities VPN RT RT VLAN VPN ISP MPLS RD 2 bits
Full Mesh RT
General site 4782:820810200
Hub & Spoke RT
Hub site 4782:820810201(01~09 )
Spoke site 4782:820810210 (10~29 )
Internet RT 4782:890810230 (30~49 )
Extranet RT 4782:890810250 (50~69 )
Voice RT 4782:890810270 (70~79 )
4.3.2 MPLS VPN
Policy Manager (policy rule)Policy server policy rule Policy rule rule Condition Action Condition Action ISP ISP 3-1(A1B1C1G2) VPN type1 Condition Condition VPN type1 profile 4-5 Policy server
56
Policy
Rule VPN Service
Rule Qos Service
Rule TE service
Condition
VPN type1
Action
Auto-configuration VPN type1 Profile
4-5Policy Rule
VPN type1 Profile 4-6(1) VRF RDRT (2) WAN IP address VRF (3)VPN
PE
Global command (vrf name , RD , RT )
ip vrf F8908102 ##rd 4780:8908102 # AS :#route-target export 4780:890810200 #+00 ,00full mesh #route-target import 4780:890810200
Interface command
interface Serial3/0description ***connect to 223D89119 *****ip vrf forwarding F8908102ip address 172.31.1.1 255.255.255.252encapsulation ppp
routing command
ip route vrf F8908102 192.168.1.0 255.255.255.0 Serial3/0 172.31.1.2
4-6VPN type1 Profile
57
4.3.3 MPLS VPN
Telnet script MPLS VPN Policy Administration User Interface SSL
VPN Policy ManagerCommand Dispacher Policy Server Command Daemon PDP Rule Locator profile telnet script profile 4-7
telnet script
(1)
Policy-based Network PDP PEP Common Open Policy Service (COPS) ISP telnet script CLI
(2)
Command Line Interface (CLI) telnet telnet script plug-in
CLI telnet script
58
CommandDispatcher
DatabaseAccess
Report ModuleMonitor Module
Policy AdminstrationUser Interface
VPN Policy Manager
PEP (agent)
CLI telnet script
DatabaseAccess
CommandDaemon
PDP Rule LocatorCollector Daemon
Report Daemon
Policy Server (PDP)
4-7
4.4
Polocy servercollector daemonPEPSNMP traptraptrapcollector daemonSNMP getSNMP trapSNMP get4-8
MRTG SNMP
----Email(SMS)
/ -
59
///
CommandDispatcher
DatabaseAccess
Report ModuleMonitor Module
Policy AdminstrationUser Interface
Policy Manager
PEP (agent)
CLI telnet scriptSNMP get / trap
DatabaseAccess
CommandDaemon
PDP Rule LocatorCollector Daemon
Report Daemon
Policy Server
4-8
4.4.1
(1)
(a)CPU Loading
(b)Memory Utilization
(c)Uplink Port Status
(d)Reachability
(e) Packet Drop
(f) Packets/sec
60
(2)
(a)Line Down( Trap) trap
(b)Line Error (reliability) reliability
(c)Delay time/Packet Loss ping
(d)Traffic Load
(3)
(a)Web display status
(b)SMS / Email Mobile user
4.4.2
(PE2CE)
( Trap) E-mail E-mail Hub
Error (reliability) Reliability < 250 E-mail Hub
Reachable Ping ( Extranet Ping) E-mail E-mail Hub
Delay time/Packet Loss( to CE)Delay time >180ms E-mail Packet Loss >20% E-mail Traffic()>80% E-mail
61
VPN(CE2CE)
Routing PrefixHub SitesSpoke SitesGeneral SitesExtranet Sites E-mail Hub
QoS PE2PE Delay Time/packet loss( Core )Traffic Pattern Lease-line Sites CE Traffic Pattern(By Netflow) Topology
MPLS VPN(PE2PE)
PE CPU Loading > 50% E-mail
PE Memory < Free 5Mbytes E-mail
PE Uplink Port : Packet loss > 10%Traffic > 80%Reliability < 252Unreachable (SMS)
PE2PE ( PE): Packet loss > 10% Delay Time > 40msUnreachable (SMS)
Inter-AS/ ASBR RR ASBR VPNv4
Route Reflector RR (Reachable) RR2PE IBGP Session RR VPN VPNv4 Routing
62