Download pdf - 第四章MPLS VPN 系統規劃與功能設計

MPLS VPN

7 ISP MPLS VPN ISP ISP VPN Policy Server Policy Manager Policy Manager Policy Server ISP MPLS VPN

VPN

VPN

4.1 MPLS VPN

4.1.1 MPLS VPN

ISP Autonomous System(AS) BGP (Split Horizon) BGP BGP AS BGP (Full-Mesh) AS BGP BGP BGP TCP session (Full-Mesh)BGP TCP session number n(n-1)/2 n BGP BGP TCP session BGP

BGP (Route Reflector,RR) 4-1 AS

50

BGP (Route Reflector,RR) BGP BGP BGP TCP session BGP RR() BGP RR RR BGP BGP BGP

AS BGP AS RR RR RRASRR BGP TCP session

core

ASBR3

ASBR4

RR1 RR2

ISP_C

ISP_B

ASBR2

ASBR1

ISP_A Internet

core

corecore

ASBR

ASBR

ISP_D

ISP_E

ASBR

ASBREBGP

EBGPEBGP

EBGP

iBGP

4-1ISP BGP

MPLS VPN RR MPLS VPN ( PE Router BGP TCP session 2.2.2 2-17) PE Router VPN 4-2 VPN RR PE Router RR BGP TCP session VPN RR VPN RR PE Router RR VPN Server PE Router VPN Client Client PE Router Server RR Update

51

VPN_A

VPN_A

VPN_B

10.3.0.0

11.1.0.0

11.5.0.0

P P

PP

PE 4

PE 3 CE

CE

CE

RR1 RR2

VPN_A

VPN_B

VPN_B

10.1.0.0

10.2.0.0

11.6.0.0

CE

PE1

PE2CE

CE

VPN_A

11.2.0.0CE

MPLS Network

MP-BGP

4-2MPLS VPN

4.1.2 MPLS VPN

ISP

delay time voice delay sensitve traffic ISP MPLS ISP Pop MP-BGP ISP ISP peering transit

ISP MPLS trunk 4-3ISP ASBR(Autonomus System Border Router) MP-BGP ISP end-to-end Qos ISP PE-to-PE ISP

52

ISP ISP ISP

ISP ISP

PP

PP

PECE

RR

ASBR

ASBR

P P

PPPE

RR

MP-BGP

MPLS NetworkAS 20000

MPLS NetworkAS 10000

ISP B

ISP A

LAN

A

LAN

ACE

4-3MPLS VPN

4.2 MPLS VPN

MPLS VPN

Policy-based framework MPLS VPN(Configuration Management)(Fault Management) (Performance Management)(Policy) Policy-based (Rules) 4-4

DMTF IETF Policy-based Network ( 2.5.2)

53

Network Manager Policy Manager Secure Socket Layer(SSL)

ISPPolicy ManagerPolicy RepositoryCGI LDAP PM PDP CGI PDP MPLS PM for TEVPN PM for VPN

PDP PEP Secure Shell (SSH)ACL(Acess Control List)SSH

PDP PEP Common Open Policy Service (COPS) ISP telnet script CLI

MPLS VPN8ISPISPVPNQos(ISPIPLCISP)

agent

VPN

54

P P

PP

PE CE

PE

CE

VPN_B10.3.0.0

VPN_B10.2.0.0

MPLS Core

Policy Repository

Policy Client (PEP)

PDPPolicy Server

Policy protocol(CLI,SNMP)

CGI

CGICGI

Network Manager

SSL

PDPPolicy Server

PDPPolicy Server

Inter-AS VPN BackupVPNQosPolicy Manager

4-4MPLS VPN

4.3 MPLS VPN

4.3.1 MPLS VPN

VRF

PE Router VRF VPN VPN Routing Table VPN Routing Table PE Router Grobal IP Routing Table [] F8208102 VRF

RD

RD 64bits IPv4 (global unique) 96bits VPNv4 VPN IP VRF RD VPN ISP MPLS () ISP BGP AS no. 4782:8208102

55

RT

Route Targets BGP communities Extended communities VPN RT RT VLAN VPN ISP MPLS RD 2 bits

Full Mesh RT

General site 4782:820810200

Hub & Spoke RT

Hub site 4782:820810201(01~09 )

Spoke site 4782:820810210 (10~29 )

Internet RT 4782:890810230 (30~49 )

Extranet RT 4782:890810250 (50~69 )

Voice RT 4782:890810270 (70~79 )

4.3.2 MPLS VPN

Policy Manager (policy rule)Policy server policy rule Policy rule rule Condition Action Condition Action ISP ISP 3-1(A1B1C1G2) VPN type1 Condition Condition VPN type1 profile 4-5 Policy server

56

Policy

Rule VPN Service

Rule Qos Service

Rule TE service

Condition

VPN type1

Action

Auto-configuration VPN type1 Profile

4-5Policy Rule

VPN type1 Profile 4-6(1) VRF RDRT (2) WAN IP address VRF (3)VPN

PE

Global command (vrf name , RD , RT )

ip vrf F8908102 ##rd 4780:8908102 # AS :#route-target export 4780:890810200 #+00 ,00full mesh #route-target import 4780:890810200

Interface command

interface Serial3/0description ***connect to 223D89119 *****ip vrf forwarding F8908102ip address 172.31.1.1 255.255.255.252encapsulation ppp

routing command

ip route vrf F8908102 192.168.1.0 255.255.255.0 Serial3/0 172.31.1.2

4-6VPN type1 Profile

57

4.3.3 MPLS VPN

Telnet script MPLS VPN Policy Administration User Interface SSL

VPN Policy ManagerCommand Dispacher Policy Server Command Daemon PDP Rule Locator profile telnet script profile 4-7

telnet script

(1)

Policy-based Network PDP PEP Common Open Policy Service (COPS) ISP telnet script CLI

(2)

Command Line Interface (CLI) telnet telnet script plug-in

CLI telnet script

58

CommandDispatcher

DatabaseAccess

Report ModuleMonitor Module

Policy AdminstrationUser Interface

VPN Policy Manager

PEP (agent)

CLI telnet script

DatabaseAccess

CommandDaemon

PDP Rule LocatorCollector Daemon

Report Daemon

Policy Server (PDP)

4-7

4.4

Polocy servercollector daemonPEPSNMP traptraptrapcollector daemonSNMP getSNMP trapSNMP get4-8

MRTG SNMP

----Email(SMS)

/ -

59

///

CommandDispatcher

DatabaseAccess

Report ModuleMonitor Module

Policy AdminstrationUser Interface

Policy Manager

PEP (agent)

CLI telnet scriptSNMP get / trap

DatabaseAccess

CommandDaemon

PDP Rule LocatorCollector Daemon

Report Daemon

Policy Server

4-8

4.4.1

(1)

(a)CPU Loading

(b)Memory Utilization

(c)Uplink Port Status

(d)Reachability

(e) Packet Drop

(f) Packets/sec

60

(2)

(a)Line Down( Trap) trap

(b)Line Error (reliability) reliability

(c)Delay time/Packet Loss ping

(d)Traffic Load

(3)

(a)Web display status

(b)SMS / Email Mobile user

4.4.2

(PE2CE)

( Trap) E-mail E-mail Hub

Error (reliability) Reliability < 250 E-mail Hub

Reachable Ping ( Extranet Ping) E-mail E-mail Hub

Delay time/Packet Loss( to CE)Delay time >180ms E-mail Packet Loss >20% E-mail Traffic()>80% E-mail

61

VPN(CE2CE)

Routing PrefixHub SitesSpoke SitesGeneral SitesExtranet Sites E-mail Hub

QoS PE2PE Delay Time/packet loss( Core )Traffic Pattern Lease-line Sites CE Traffic Pattern(By Netflow) Topology

MPLS VPN(PE2PE)

PE CPU Loading > 50% E-mail

PE Memory < Free 5Mbytes E-mail

PE Uplink Port : Packet loss > 10%Traffic > 80%Reliability < 252Unreachable (SMS)

PE2PE ( PE): Packet loss > 10% Delay Time > 40msUnreachable (SMS)

Inter-AS/ ASBR RR ASBR VPNv4

Route Reflector RR (Reachable) RR2PE IBGP Session RR VPN VPNv4 Routing

62