MULTI - PROTOCOL LABEL SWITCHING (MPLS)

AIM

To equip participants with knowledge and skills related to the MPLS data

network technology so that they are able to maintain MPLS data network

elements and to create services.

OBJECTIVES

At the end of the course, participants should be able to:

1. Discuss the merits of the MPLS Wide Area Network

2. Relate the IP protocols and IP network to MPLS

3. Identify the key components of the TelOne MPLS network (SR,

ESS, SAR,ISAM, SAM)

4. Analyse the functions of the components in item 3 above

5. Explain what a Label Switched Path (LSP) is and how it is built in

the MPLS network

6. Discuss the purpose of the Service Distribution Protocol (SDP) and

Label Distribution Protocol

7. Analyse MPLS services: VPNs, VPLS, E-pipes, C-pipes,

8. Create MPLS services on the MPLS network.

TRADITIONAL DATA NETWORKS

A data network is a set of nodes connected by links. Nodes could be Routers,

Switches, Multiplexers connected by links from 64 kbps to 10 gigabit
Ethernet. A fundamental property of data networks is multiplexing.

Two main types of multiplexing are -

Time Division Multiplexing (TDM)
Statistical Multiplexing (StatMux). Others are FDM, WDM etc.

Time Division Multiplexing (TDM)

 is the practice of allocating a certain amount of time on a physical
circuit for a particular connection. This translates to bandwidth
allocation as the circuits are fixed rate. Examples for TDM are E1
(2Mbps circuit) and SDH.
 Bandwidth is permanently allocated for a connection whether the
connection is being used (carrying traffic) or not.
 No traffic congestion issues, bandwidth guaranteed
Statistical Multiplexing
 The practice of sharing available bandwidth between all users.
Examples: IP, Frame Relay, ATM, & now MPLS
 Works by way of dividing traffic (data) into discrete units which are
handled separately. IP units are Packets, ATM units are Cells,
Frame Relay units are Frames.
 Better utilisation of bandwidth, allows oversubscription
 Introduces resource contention therefore statmux technologies
have to deal with Buffering of data units, Queuing of data units,
Dropping of data units
 Running one statmux technology over other eg. IP over ATM .
Mechanisms available in one technology to deal with contention
does not translate properly into another.
 Requirement of translating Layer 3 contention controls
mechanisms to Layer 2.

DATA NETWORK CONCEPTS

VIRTUAL CONNECTIONS

WHY MPLS?

To bring advantages of connection oriented protocols to packet

switched networks.
Faster switching - Replace IP header with short and fixed-length
labels as forwarding basis.
To substitute ATM & Frame Relay & provide Integrated services
with QoS without the overhead of call segmentation
MPLS SERVICES

Ethernet Virtual Leased Lines (Ethernet VLL, PW or MEF E-line)

Virtual Private LAN Services (Ethernet VPLS based on RFC4761,
MEF ELAN)
IP VPNs (RFC4364 or former RFC2574)
High-speed Internet

MPLS VENDORS

o Alcatel
o Huawei
o Cisco
o Juniper
o 3-com ……
 MPLS CONCEPT

MPLS OVERVIEW
MPLS KEY CHARACTERISTICS
Multi-Protocol
Support multiple Layer-3 protocols, such as IP, IPv6, IPX, SNA
Label Switching
Label packets, and replace IP forwarding with label switch

o MPLS is the binding of the control plane at the bottom of the

network layer with the data forwarding plane at the top of data link
layer.
o MPLS is a hybrid of a traditional network layer-3 routing protocols
and layer-2 switching technologies
o MPLS is not a new network layer protocol because it does not
have its own routing capabilities and addressing schemes
o MPLS is designed to work over many of the data layer
technologies that provides requisite layer-2 addressing and
functionality
o MPLS is a “Layer 2.5 Technology”

MPLS KEY POINTS

MPLS LABEL POSITION IN RELATION TO PACKET AND FRAME

MPLS LABEL

Label: 20-bit field that carries the actual value of the label.

Exp: This 3-bit field is reserved for experimental use. It is currently used
for Class of Service(CoS).

S: This bit is set to 1 for the last entry (bottom) in the label stack, and 0
for all other label stack entries.

TTL: This 8-bit field is used to encode a TTL value.

In MPLS, packets can carry not just one label, but a set of labels in a
stack. An LSR can swap the label at the top of the stack, pop the stack,
or swap the label and push one or more labels into the stack. The
processing is always based on the top label, without regard for the
possibility that some number of other labels may have been above it in
the past, or that some number of other labels may be below it at present.
LABEL STACKING

Label stack enables nesting to provide extended service support. This is

one of the biggest benefits of MPLS technology.
• Inner Label and Outer Label generally used in VPN Services
MPLS PRINCIPLE OF OPERATION

MPLS uses Label Switched Path (LSP) for layer-2 forwarding. The path
is setup using signalling protocols like Label Distribution Protocol (LDP)
and routing protocols.

LER -Label Edge Router

o Examines inbound IP packets and assigns them to an FEC
o Generates MPLS header and assigns initial label
o Ingress & Egress

LSR - Label Switch Router

o Forwards MPLS packets using Label swapping
o Table lookup in Label Information Base (LIB)

LSP - Label Switched Path

o Path through MPLS network setup by signalling protocol (LDP)
o LSP’s are unidirectional, roughly equivalent to VC
o LSP setup is based on FEC criteria,
o LSP may be different from IGP path
Forwarding Equivalence Class (FEC)
o FEC is a stream of IP packets that are forwarded over the same
path, treated in the same manner and mapped to the same label.
(Same QoS; Same Next Hop; Same Path)
o LDP ( Label Distribution Protocol) associates a set of destinations
with each LSP
o Packets could be assigned to a LSP based on
 Combination of destination address and application
type
 Combination of destination address and source
address

LABEL PROCESSING

Push
o Adds a new label to the top of the packet
o The TTL, stack and CoS fields are derived from the IP packet
header
o Can be performed on an existing MPLS packet-
o Label Stacking

Pop
o Remove the label
o TTL is copied from the label to the IP header
o IP packet is forwarded as a native IP packet

Swap
o Replace the label at the top of the label stack with a new label
o The TTL, stack and CoS fields are copied from the previous label

Multiple Push
o Adding multiple labels (up to 3)

Swap and Push

o Replace the existing top of the label stack with a new label
followed by pushing another new label on top
o Used when a LDP signalled LSP transits an RSVP-TS signalled
core
LABEL DISTRIBUTION

o MPLS architecture does not mandate a single method of signalling

for label distribution. Various schemes for label exchange is as
follows
o LDP- maps unicast destinations into labels, mostly used.
o RSVP ( Resource reservation Protocol ) ,CR-LDP ( Constrained
based Label Distribution Protocol ) - used for traffic engineering
and resource reservation
o Protocol-independent multicast (PIM)-used for multicast states
label mapping
o Border Gateway Protocol -external labels (VPN)

MPLS PROTOCOLS

LABEL DISTRIBUTION PROTOCOL (LDP)

LDP is an MPLS control and signalling protocol

Main functions:
o Release Label-FEC mapping
o Creates and maintains label switching path

LDP serves to distribute and maintain label mapping messages between

peers in the form of message.
LDP uses TCP / UDP for service .
LDP MESSAGE TYPES

o Discovery message: Used to discover LDP adjacencies in the

 network
o Session message: Used to set up, maintain and terminate a
session between LDP peers
o Distribution message: Used to create, change and delete label
mappings related to FEC
o Notification message: Used to provide recommendation or error
notification information
LDP MESSAGE SWITCHING

LDP MESSAGE FLOW

LDP MESSAGES

o Hello
o LDP Session initialization messages
o Keep-alive messages
o Label Request Message
o Label Mapping Message
o Label Abort Request Message
o Label Withdraw Message
o Label Release Message
o Error Notification
o Advisory Notification
LDP MESSAGE EXCHANGE

 LDP message exchanges are accomplished by sending LDP

protocol data units (PDUs) over LDP sessions established over
TCP connection.
 Each LDP PDU can carry one or more messages
 Messages in an LDP PDU need not be related to one another
LDP PDU HEADER FORMAT

LDP HEADER

Version (2 bytes)

Length (2 bytes)
o Total PDU length in octets
o Exclusive of the version and length fields
o Negotiated during session initialization
o Maximum allowable length is 4096 Bytes

LDP Identifier (6 bytes)

Uniquely identifies the label space of the sending LSR
 Router ID (4 bytes) Identifies the LSR and must be a
globally unique value. Router ID is the IP address of this LSR
 Label Space ID (2 bytes) Identifies the label space within
the LSR
LDP MESSAGE FORMAT

U bit (Unknown message bit)

o Upon receipt of an unknown message, if U=0, a notification must
be returned to the message originator. If U=1, the unknown
message is silently ignored and the rest of message is processed

Message Type (15 bits)

o Identifies the type of message

Message Length (2bytes)

o Length in octets of the Message ID, Mandatory Parameters &
Optional Parameters

Message ID (4 bytes)
o Notification messages, if to be sent, in response to this message
carry this value back in the Status TLV

Mandatory Parameters - Variable

Optional Parameters - Variable

Type-Length-Value Encoding

LDP messages carry information, encoded in Type-Length-Value (TLV)

format.
U bit (Unknown TLV bit)
Upon receipt of an unknown TLV, if U=0, a notification must be returned
to the message originator and ENTIRE message must be ignored. If
U=1, the unknown TLV is silently ignored and the rest of message is
processed

F bit (Forward Unknown TLV bit)

Applies only when U=1, if F=0, the unknown TLV is NOT forwarded with
the containing message. If F=1, the unknown TLV is forwarded with the
containing message

Type
Identifies the various message types

Length
Length in octets of ONLY the value field

Value - Variable
String of octets that encodes the information
TLVs can be nested i.e. Value field itself may contain further TLV
encodings.

LDP OPERATION

LDP Discovery
Session Establishment
Label Distribution
Error Notification
LDP DISCOVERY

LDP discovery is a mechanism that enables an LSR to discover LDP

peers

Basic discovery:
To discover LSR neighbours that are directly connected at the link level.
LSR periodically sends LDP link hellos out the interface as UDP packets
using group multicast address.

Extended discovery
To discover LSRs that are not directly connected at the link level
LSR periodically sends LDP targeted hellos as UDP packets to a
specific address.

ISSUES CONCERNING LABEL DISTRIBUTION

Label allocation mode

o DoD : downstream-on-demand
 A request to bind labels to a specific LSP tunnel is initiated
by an ingress node through the RSVP Path message
 Labels are requested downstream and distributed
(propagated) upstream by means of the RSVP message
  PATH message sent towards tunnel destination
 Receiver sends RESV message back towards sender
 eLER sends label binding info in RESV message
 Path Refresh and RESV Refresh messages are sent
periodically
o DU: downstream unsolicited
 LSRs can also distribute label bindings to LSRs that have not
explicitly requested them. This is called Downstream
Unsolicited (DUS).
 Label mappings are provided to all peers for which the local
LSR might be a nexthop for a given FEC, even when not
explicitly requested.
 This technique allows the routing topology to provide some
level of redundancy should there be any network issues.
Should the router providing the active route fail or the route
via that router become unavailable, once the IGP converged
 to a new active route (from another router), the label for the
FEC received from that peer will be immediately used.

Label control mode

o Ordered
 An LSR only propagates a label for a FEC once it has a label
mapping from the FEC next-hop.
 LSP setup is initiated at one LSR and propagates from the
eLER toward the iLER. A feature of Ordered Control mode is
that an LSP is not completely set up until the associated
control setup messages have propagated from end to end.
As a consequence, data is not sent on the LSP until it is
known to be loop free, therefore label bindings are not
distributed in response to a label request until a label binding
has been received from the next hop for the destination.
 o Independent
 Label bindings are distributed immediately in response to a
label request even if a label binding has not yet been
received from the next hop for the destination.
Label hold mode
o Liberal retention mode:
 upon receiving a label, if there is no route destined for the
corresponding FEC, hold the label for later use.
 All label mappings received from all peer LSRs are saved.
This approach consumes more memory on the LSR, but has
the benefit of faster convergence. If the used label is lost, a
label for the same FEC may have been previously received
from another peer and is already present on the router,
without the need for signaling.

o Conservative mode:
  Upon receiving a label, if there is no route destined for
corresponding FEC, discard the label.
 Advertised label mappings are retained only if they will be
used to forward packets; for example if the label came from a
valid next hop. Label bindings received from non-next hops
for each FEC are discarded.

QoS IN MPLS

ToS ( Type of Service ) Byte in IP Header has 3 bits for IP

Precedence which can be used to mark a particular Class
of Service
 TELONE IP/MPLS ARCHITECTURE

IP/CORE and DSL Network

ZIMBABWE: TELONE

All rights reserved. Passing on and copying of this document, use and communication of its content is not
permitted without written authorisation.
The IP/MPLS architecture for TELONE allows delivering Ethernet
access over a range of access technology options, allowing TELONE to
address different type of customers ranging from SOHO, SME to large
Enterprises to deliver Point-to-point and Multipoint Carrier Ethernet or
Layer 3 Business VPN services over a converged IP/MPLS architecture.
The Business VPN services can be delivered simultaneously or
individually over the access links as Point-to-point or Multipoint Carrier
Ethernet VPNs and IP VPNs, supporting both Layer 3 IP-VPNs and
Layer 2 Carrier Ethernet VPNs allowing TELONE to offer a choice of
services to enterprises and differentiate their service offering from a
commoditized, low margin bandwidth only service.
 TELONE MPLS ARCHITECTURAL ELEMENTS

CORE ROUTER (Alcatel-Lucent 7750 SR-7)

The Alcatel-Lucent 7750 SR is a fully redundant platform with no single

point of failure, and implements a real-time, modular operating system
that has been proven and production-hardened in more than 200 large-
scale deployments worldwide. The 7750 SR-7 chassis has a total of
seven (7) front access slots. Two (2) card slots are dedicated for Switch
Fabric/Control Processor Modules (SF/CPM).
The Switch Fabric/Control Processing Module: SF/CPM
Runs routing, switching and OAM protocols
Contains three compact flash slots for:
System and boot up images
Configuration files
Logging and accounting files
2 load sharing, redundant SF/CPMs, located in slots A and B
Full redundancy

SF/CPM Front Panel

1. BITS port: a RJ-45 connector, used for a network clock source.

2. DTE/DCE selector for the console port: This allows the use of either
straight- through or cross-over cable connections to the console port.
3. Serial console port: a DB-9 serial port used to connect a terminal or
PC. Used for initial system start-up as well as system configuration
and monitoring. The default port configuration is 115200, 8, N, 1.
4. Auxiliary port: a DB-9 serial port, used to connect a modem (currently
not supported in software. The 7750 SR OS software does not
provide a means of configuring the device).
5. Alarm port: a DB-9 serial port, used to connect to external alarm
devices that report conditions that trigger critical or major alarms.
6. Audible Alarm Cutoff/Lamp Test (AAC/LT) button: pressing the button
verifies the operability of LED’s. The Audible Alarm Cutoff is used to
 silence external alarms until the next alarm condition occurs.
7. Management Ethernet port connector and LEDs:
Link LED: Amber indicates 10 M/bps
Amber (blinking) indicates half-duplex mode
Green indicates 100 M/bps
Unlit indicates operationally down
Data LED: Green (blinking) indicates RX/TX activity
Amber (blinking) indicates an error condition
8. Compact flash (CF) cards, cf1 ,cf2, and cf3:
• cf1 and cf2 are used for logging, configuration, image file
backups
• cf3 stores the Boot Loader File and the Boot Options File

7750 SR IOMs, MDAs and SPFs

The Input/Output Module: IOM.

The SR7 and SR12 support four IOM types which result in four chassis
modes:
 Mode a – The default mode corresponding to the 20 Gbps
IOM with 2MB Pchip memory, called “iom-20g”
  Mode b – The mode corresponding to the 20Gbps IOM with
4MB of PChip memory, called “iom-20gb”
 Mode c – The mode corresponding to the upgraded IOM
featuring a faster CPU and additional RAM, called “iom2-
20g”
 Mode d – The mode corresponding to the upgraded IOM
featuring a faster CPU and additional RAM, called “iom3-xp”

The Media Dependent Adaptor: MDA.

There are many types of MDAs, a few examples are: 60-port 10/100
Base TX Ethernet MDA, 20-port 100BaseFX MDA, 5/10-port Gigabit
Ethernet MDA, 1-port 10GigEthernet MDA, 4-port OC-3c/STM-1/OC-
12c/STM-4 ATM MDA, 1-port OC-192c/STM-64 SONET/SDH MDA, and
many more. The wide variety of MDAs assures the flexibility to the user
to build the network according to the needs.

The Small Form-factor Pluggable transceiver: SFP.

The SFPs are small optical modules available in a variety of formats and
allow the hot-swappable replacement of a single module instead of an
entire board.

Input/Output Modules (IOM3-XP)

Fully-distributed forwarding & packet processing

o Up to 50 Gbps wire-rate forwarding
 Traffic forwarding engine is based on massive array of network processors
 L2/L3 encapsulation
 IPv4/IPv6//MPLS/MAC forwarding lookup
o Distributed control plane CPU for local processing of critical control plane
functions
o Fully hot-swappable
o Sophisticated traffic management with each queue assignable to:
 A subscriber
  An application for queuing, policing and shaping
 A service for billing counters
Media Dependent Adapters

o Common, flexible set of media interfaces

o Mix-and-match interface types, speed and reach for optimal slot
utilization
o Leading interface density3
o SONET/SDH and Ethernet MDA connectivity
o Soft-selectable 10 Gig LAN/WAN

Integrated Media Module (IMM)

Leverages full 50 Gb/s (full duplex) slot capacity in 7750 SR

 Integrates IOM & MDA onto single interface module
 Full-slot, hot swappable I/O modules with fixed GE or 10 GE
ports
Integrated Service Adapters

o Enable high-performance application-specific processing

 IPSec, Application Assurance, Video Services
o Traffic requiring additional high-touch processing is diverted to ISA
card with no performance impact on other applications
o Reduces the need for external platforms to support these services

SR SYSTEM COMPONENT SUMMARY

ETHERNET SERVICE SWITCH (Alcatel-Lucent 7750 ESS)

Carrier-class reliability combined with high density in a small

footprint
System capacities scalable from 20Gbps to 500 Gbps Full-Duplex
Modular design – removable IOM, SF/CPM, and MDAs
 Common operating system

7450ESS-6v overview

The 7450 ESS-6 chassis is a fully redundant system and has a total of
six front access slots. Two (2) card slots are dedicated for Switch
Fabric/Control Processor Modules (SF/CPM). Only one SF/CPM is
required for full, non-blocking operation at 80Gbps full duplex. A second
SF/CPM provides complete redundancy of the fabric and the control
processors, and enables hot-redundancy of the control and data plane
management (NSR/NSS). When two SF/CPMs are installed, the traffic is
load shared across the switch fabrics. The remaining four (4) slots are
used for Input / Output Module (IOM) base boards. Each IOM can host
up to two MDAs from any type.

The 7450 ESS was designed to deliver services in a carrier

environment. Its service-oriented architecture and built-in OAM features
enable the 7450 ESS to deliver efficient and profitable SLA-based
services, such as:
 Ethernet Virtual Leased Line (VLL) for delivery of Layer 2
point-to-point business VPN services
 Virtual Private LAN Service (VPLS) for delivery of Layer 2
point-to-multipoint business VPN services
 Service-aware Ethernet aggregation for high-speed Internet
access and triple-play applications (voice, video, and high-
speed Internet access)

SF/CPM Card Slot

The Switch Fabric (SF) and Control Processing Module (CPM) contains
the switch fabric and the control processor complex. The switch fabric
consists of multiple switching elements that are responsible for sending
cells received on one port out another. The processor complex is
responsible for the overall control of the system.

The Front Panel of the SF/CPM Card contains

1. BITs port
2. DTE/DCE selector for the console port
3. Serial console port
4. Serial auxiliary port (currently not supported)
5. Alarm port
6. Alarm cut-off/lamp test button
7. Ethernet management port
8. Compact flash card slots

1. BITs port: a RJ-45 connector, used for a network clock source.

2. DTE/DCE selector for the console port: This allows the use of either
straight-through or cross-over cable connections to the console port.
3. Serial console port: a DB-9 serial port used to connect a terminal or
PC. Used for initial system start-up as well as system configuration
and monitoring. The default port configuration is 115200, 8, N, 1.
4. Auxiliary port: a DB-9 serial port, used to connect a modem (currently
not supported in software. The 7450 ESS OS software does not
provide a means of configuring the device).
5. Alarm port: a DB-9 serial port, used to connect to external alarm
devices that report conditions that trigger critical or major alarms.
6. Audible Alarm Cut-off/Lamp Test (AAC/LT) button: pressing the button
verifies the operability of LEDs. The Audible Alarm Cutoff is used to
silence external alarms until the next alarm condition occurs.
7. Management Ethernet port connector and LEDs:
Link LED: Amber indicates 10 M/bps
Amber (blinking) indicates half-duplex mode
Green indicates 100 M/bps
Unlit indicates operationally down
Data LED: Green (blinking) indicates RX/TX activity
Amber (blinking) indicates an error condition

8. Compact flash (CF) cards, cf1 ,cf2, and cf3:

 cf1 and cf2 are used for logging, configuration, image file
backups
 cf3 stores the Boot Loader File and the Boot Options File

7450 ESS IOMs, MDAs and SFPs

IOM Card Slot
I/O modules (IOM) are responsible for connecting media dependent
adaptors (MDA), which provide physical interface termination, into the
system. The IOM processes received frames from an interface to
accomplish all switching decisions. It implements per service QoS
functions, access control lists (ACLs) and accounting, formats frames
into cells to be switched through the core fabric, and sends cells to the
fabric. Frames to be sent out interfaces are first received from the fabric
as cells, re-assembled into frames and processed to accomplish egress
specific encapsulation as well as per service egress QoS, filtering and
accounting functions.

A CPU section manages the forwarding hardware in each Flexible

FastPath complex and participates in the distributed control plane used
in the system.

The Input/Output Module: IOM

The ESS-7 and ESS-12 support three IOM types which result in two
chassis modes:
 Mode a – The default mode corresponding to the 20 Gbps
IOM with 2MB Pchip memory, called “iom-20g” and with
10 Gbps, called the “iom-10g”.
 Mode b – The mode corresponding to the 20Gbps IOM with
4MB of PChip memory, called “iom- 20g-b”.
The Media Dependent Adaptor: MDA.
There are many types of MDAs, a few examples are: 60-port 10/100
Base TX Ethernet MDA, 20-port 100BaseFX MDA, 5/10-port Gigabit
Ethernet MDA, 1-port 10GigEthernet MDA, 4-port OC-3c/STM-
1/OC-12c/STM-4 ATM MDA, 1-port OC-192c/STM-64 SONET/SDH
MDA, and many more. The wide variety of MDAs assures the flexibility
to the user to build the network according to the needs.

The Small Form-factor Pluggable transceiver: SFP.

The SFPs are small optical modules available in a variety of formats and
allow the hot-swappable replacement of a single module instead of an
entire board.

SERVICE AGGREGATION ROUTER (7705 SAR 8)

The Alcatel-Lucent 7705 SAR product family delivers industry-leading

IP/MPLS and pseudowire capabilities in aggregation platforms for the
transport needs of the evolving mobile RAN and business services. The
7705 SAR’s access density and performance, particularly in T1/E1 fan-
in, represent a generational leap over existing aggregation switches. The
platform is built on the solid and hugely successful Service Router-OS
base for an extensive, hardened feature set at the platform, network and
service level. The 7705 SAR has a future-proof architecture that will
enable to address evolving aggregation requirements, and it is
architected to provide superior service delivery through effective
provisioning, traffic management, troubleshooting and billing features.

The 7705 SAR-8 has eight slots:

o Two are allocated for control modules
o Six are available for user traffic interface modules.
 16 ports E1 (ATM, CES, ML-PPP)
 8 ports Ethernet (6x10/100TX + 2x10/100/1000)
 4 ports clear channel STM1 (ATM/POS)
Network uplink side, media connectivity options are: Ethernet, Fast
Ethernet (FE), Gigabit Ethernet (GE),
STM-1 or n xT1/E1 multi-link point-to-point protocol (MLPPP).

Control and Switching Module (CSM)

The CSM has three main functions: it provides the management and
console interfaces to the 7705 SAR-8, it provides system
synchronization interfaces for external synchronization input and output
signals, and it controls the routing and switching functions for the entire
system. Each CSM is shipped with one compact flash memory device
that stores system boot images, software images, and configuration files
and logs. The compact flash device cannot be accessed or removed by
an operator or installer.

There must be at least one CSM installed in the 7705 SAR-8. Install two
CSMs for system redundancy. The redundant CSM operates in standby
mode and takes over system operation if the active (primary) CSM fails.
CSMs are field-replaceable. Refer to 7705 SAR OS Basic System
Configuration Guide for information on CSM redundancy. The CSM
connects directly to the backplane and carries traffic between adapter
cards. The backplane provides high-speed access to the CSM and
adapter cards. The switch fabric portion of the CSM receives and directs
traffic to the appropriate destinations according to the routing
information.
The CSM also provides 1.0/2.3 coaxial connectors for an external
synchronization input and output. For redundant CSM configurations, a
Y-cable can be used to connect both Sync In connectors to the same
external synchronization source.

Control and Switching Module (CSM) LEDs

*
SERVICE AWARE MANAGER (SAM 5620)
The 5620 SAM creates a service aware management system that
provides tightly-integrated, comprehensive Fault, Configuration,
Accounting, Performance, and Security (FCAPS) functionality for
networks. Service aware management maintains a direct relationship
between individual managed network resources and the services and
subscribers using those resources. This provides operators, the insight
and tools, to rapidly determine the impact of network issues on managed
services including:
 intelligent alarm management and correlation using per-
alarm configuration actions and colour-coded active alarms
to eliminate duplicate reporting and alarm logs to analyze
trends
 reduced provisioning times using point-and-click GUI
configuration templates and forms for network IP/MPLS,
profiles, and services’ configuration
 comprehensive set of statistics counters on a per-service or
per-port basis to enable operators to accurately measure
usage and bill customers for service based on any
combination of flat-rate, destination-based, or usage-based
models
 real-time retrieval of current or historical performance
statistics or service statistics
 simple configuration of services and policies to create
differentiated SLA’s
 pinpoint security controls for operator access privileges
based on individual or group account settings, and controlled
access to the router
 MPLS SERVICES

1. VIRTUAL LEASED LINES (Point to Point L2 VPNs

Also called Virtual Private Wire Service - VPWS)

TRADITIONAL REMOTE ACCESS

A NEW SOLUTION: VPN

VPN allows businesses and users to securely access remote LAN

resources without the added cost of dedicated leased lines.
Increased productivity
Flexible working hours
Scalable infrastructure
Centralization of shared data
Savings on long distance phone charges
Network security policy enforcement
Less maintenance of remote access equipment
Support burden is on service providers
Flexibility of growth
VLL Network Principle

WHY MPLS VPN?

 MPLS OR INTERNET

VPN ILLUSTRATION

VPN REQUIREMENTS

• Opaque Transport of data - even non IP protocols

• Security of data - avoid modification, spoofing,snooping
• QoS guarantee for bandwidth and latency
VPN CLASSIFICATION

VPN can be classified on the basis of

The Business problem a VPN is trying to solve (Intranet / Extranet
/ Remote)
The Layer at which the service provider exchanges the topology
information with the customer (Layer 2 / Layer 3)
The topology of the network (Full Mesh / Partial Mesh)

IPsec VIRTUAL PRIVATE NETWORKS

IPsec (Internet Protocol Security) is a framework for a set of protocols for

security at the network or packet processing layer of network
communication. It is useful for implementing virtual private networks and
for remote user access through dial-up connection to private networks.
Its main advantage is that security arrangements can be handled without
requiring changes to individual user computer. IPSec is implemented by
many vendors.
THE FOUR CRITICAL FUNCTIONS OF VPNs

 Authentication – validates that the data was sent from the sender
 Access control – limiting unauthorized users from accessing the
network
 Confidentiality – preventing the data to be read or copied as the
data is being transported
 Data Integrity – ensuring that the data has not been altered

VPN IMPLEMENTATIONS

 Remote Access VPN’s: for telecommuters and mobile users

 Site to Site VPN’s: for business intranets, extranets

REMOTE ACCESS VPN

SITE-TO-SITE VPN

TUNNELLING
VPN BASIC ARCHITECTURE

MPLS
IINTERI
NTERNE
T

VPN ENCAPSULATION OF PACKETS

MPLS VPN ADVANTAGES

VPN Services Provider Benefits

– Granular, flexible tariffs
– Lower provisioning cost
– Faster provisioning
– Rapid response

VPN Enterprise Customer Benefits

– Short lead time to respond to needs
– Pay only for bandwidth that is needed
– Potential for self-provisioning

LAYER 2 VPN ENCAPSULATION

The following Layer 2 frames could be transmitted

Frame Relay
ATM Cell
Ethernet VLAN
Ethernet
HDLC
PPP
MPLS VPN ARCHITECTURE

MPLS VPN TERMINOLOGY

Provider edge (PE) routers

o PE routers connect CE devices & support VPN and label
functionality

Provider (P) routers

o Core of the provider's network & support MPLS
o Not connected to any customer site

Customer edge (CE) devices

o CE devices are typically IP routers connected to PE routers
o The CE routers have no special configuration requirements for
VPNs
 2. VIRTUAL PRIVATE LAN SERVICE (VPLS)

o Layer 2 Service
o Virtual Private LAN Services (VPLS): point-to-multipoint VPN’s
o VPLS is a class of VPN that allows the connection of multiple sites
in a single bridge domain over a provider-managed IP/MPLS
network. All customer sites in a VPLS instance appear to be on the
same LAN, regardless of their location.
o VPLS uses an Ethernet interface on the customer-facing (access)
side which simplifies the LAN/WAN boundary and allows for rapid
and flexible service provisioning. VPLS offers a balance between
point-to-point
o Service (like Frame Relay) and outsourced routed services
(VPRN). VPLS enables each customer to maintain control of their
own routing strategies.

VIRTUAL PRIVATE LAN SERVICES (VPLS) CONCEPT

All customer routers in the VPLS service are part of the same subnet
(LAN) which simplifies the IP addressing plan, especially when
compared to a mesh constructed from many separate point-to-point
connections.
 Delivers Ethernet-based multipoint L2 VPN service
 Enhances L2 VPN scalability (geographic sites & no. of customers)
 Leverages existing SP MPLS Core
 Supports operational speeds of GB to 10 GB
VPLS REQUIREMENTS

 A Virtual Switch MUST operate like a conventional L2 switch.

 Flooding / Forwarding:
 MAC table instances per customer and per customer VLAN (L2-
VRF idea) for each PE
 VSI will participate in learning, forwarding process
 Address Learning / Aging:
 Self Learn Source MAC to port associations
 Loop prevention
 “Split Horizon” concept to prevent loops

VPLS ADVANTAGES

o Favourable for small customer implementations

o Simple provisioning
o Full mesh of directed LDP sessions required between participating
PEs
o VLAN support

VPLS DRAWBACKS
o No hierarchical scalability
o Scaling issues
 3. LAYER 3 VIRTUAL PRIVATE NETWORKS

(Also known as the Virtual Private Routed Network – VPRN)

o Layer 3 VPNs are based on RFC 2547bis

o A Layer 3 VPN is a set of sites spread across the public
infrastructure and share common routing information
o Their connectivity is controlled by a collection of policies
o Commonly BGP is used to distribute VPN routing information
(VPN Labels) across the provider's backbone and
o MPLS is used to forward VPN traffic across the backbone to
remote VPN sites

IP-VPNs, also known as Virtual Private Routed Network (VPRN), IP VPN

services offer high margin potential for carriers because these services
shift a substantial portion of the management and routing intelligence
from the customer network to the service provider. It is not surprising
that the RFC 4364 (Former RFC-2547bis) service architecture imposes
some unique requirements on the routers used to deliver it — particularly
in the area of routing scalability. 7750/7710SR Service Routers deliver
this scalability.

MPLS LAYER 3 VPN OPERATIONAL MODEL

L3 VPN ADDRESSING EXAMPLE

TYPICAL DATA FLOW IN L3 VPN

L3 VPN SECURITY

o There is a private routing table for each VPN that contains routes
which can only be reached from this VPN’s sites
o VPN membership Identity is associated with each PVC
o Each VRF is separate from each other as well as from the global
routing table
o Automated VPN configuration via IBGP route target exchange
enabled fast and reliable VPN service activation
o Traffic is separated by the VPN-specific MPLS labels attached to
packets

L2 VERSUS L3 VPNs
The Choice of L2VPN over L3 VPN will depend upon how much control
the enterprise wants to retain .

QUALITY OF SERVICE (QoS) IN MPLS

PROBLEMS WITH PACKET NETWORKS

APPLICATIONS REQUIRING QoS

QoS ARCHITECTURE MODELS

Best Effort Service

o all packets treated equally
o unpredictable bandwidth
 o unpredictable delay and jitter

Integrated Service (1997)

o specifies the elements to guarantee QoS on networks
o fine-grained QoS system
o flow-based mechanism
o end-to-end QoS mechanism (hard QoS)

Differentiated Service (1999)

o use of TOS byte in IP header as DSCP
o differential levels of service given to different aggregate flows at
the entry points of the network
o different application flows assigned to different aggregate flows
called Behavior Aggregates (BA)

IP HEADER AND QoS

Differentiated Service

o All processing takes place before the flow enters the network
o Flows aggregated to prevent individual flow analysis at every
nodes
o Routers decide how to handle each aggregated flow using Per
Hop Behavior (PHB)
o Filters packet in a traffic stream into distinct classes (groups)
based on the packet header contents.
 IP packets matched against selectors of each filter to
determine if the packet belongs in that filter class
 Separates and steer traffic classes to traffic
conditioners for further processing

Per Hop Behaviour

Assured Forwarding (AF): defines four traffic classes, each of

which can have three drop-precedence classes (RFC 2597)

Expedited Forwarding (EF): provides low latency, low jitter, low

loss and assured bandwidth (RFC 3246)

Best-effort Forwarding (BF): default PHB

TRAFFIC CONDITIONING
Metering:
Part of flow control strategy
Flow control measures traffic flow for a class and releases the
packet at a specified rate
Tracks the transmission rate of traffic flows on a per-class basis
Compares the actual flow rate to configured flow rates and passes
state information to other conditioners to trigger a specific action
for each packet

Marking
Marks packets with values that translate to forwarding behaviours
Marking is the basis of potential differentiated treatment for a
packet at
a node
Forwarding behaviour determines the priority and drop precedence
of traffic

Policing
Dropping of packets to bring a traffic stream into compliance with a
traffic profile specified via policies
Triggered by metering results

Shaping
Enables delay of some or all packets in a traffic stream to bring a
traffic stream into compliance with a traffic profile
Finite buffer used to hold the packets
Packets dropped if more than the buffer size

DIFFERENTIATED PACKET PROCESSING

Congestion Management

Controls congestion at a node by

- Creation of queues
- Assignment of packets to the queues based on packet
classification
- Scheduling packets for transmission

Queuing tools
- First in first out (FIFO) Queuing
- Priority Queuing (PQ)
- Custom Queuing (CQ)
- Flow based Weighted Fair Queuing (WFQ)
- Class based Weighted Fair Queuing

Congestion Avoidance

Form of queue management

Monitors network traffic load and avoids potential bottlenecks
Achieved by dropping packets
Congestion avoidance behaviors:
 - Tail drop
- RED
- WRED

MPLS QoS
 TRAFFIC ENGINEERING IN MPLS
Minimise network congestion and improve network performance
Modifies routing patterns to provide efficient mapping of traffic
streams to network resources
Reduce congestion occurrences and improves service qualities
viz. jitter, latency & packet loss
IETF RFC 2702
MPLS extends existing IP protocols
Makes use of MPLS forwarding capabilities
Brings explicit routing capabilities to MPLS networks
Uses RSVP-TE extensions
Extends MPLS routing capabilities with support for Constraint
based routing
Takes into account more detailed information about network
constraints and policy resources
Constraint based routing & explicit routing allow an originating LSR
to compute a path to terminating LSR and then set up a TE LSP
through that path

MPLS TRAFFIC ENGINEERING OPERATION

Four steps
Link information distribution
Path computation
TE-LSP signaling
Traffic selection

Link information distribution & Path computation (optional for LSR –

Constraint based routing)

APPROACHES TO TRAFFIC ENGINEERING

Strategic TE
- Proactive approach: configured in anticipation of traffic changes
- Medium/Long term process

Tactical TE
- Reactive approach: configured in response to traffic changes
- Short term process
TRAFFIC SELECTION

o Traffic flow through the LSP after LSR implements a traffic

selection mechanism
o Traffic entry through head end only
o Selection criteria can be static/dynamic
o Multiple traffic selection mechanisms possible for different services

TRAFFIC RE-ROUTE

o IETF RFC 4090

o Local repair of TE-LSPs
o Traffic protection for real time traffic with strict packet loss
requirements during network failure
o Pre-signalled backup TE-LSP to reroute traffic
o Node immediately next to failure responsible for rerouting of traffic
(head end of backup LSP)
o No delay in propagation of failure, path computation and signaling
a new TE-LSP

FAST REROUTE (FRR)

LINK PROTECTION

LINK PROTECTION
LINK PROTECTION

o Backup TE-LSP destined to PLR next hop (NHOP)

o TE-LSP for link protection signalled by head end
o Nodes along the path attempt to associate the TE-LSP to the
NHOP downstream
o Any node finding a backup TE-LSP becomes a potential PLR
o PLR signals protection availability back to the protected TE head
end
o PLR reroutes all the identified TE-LSPs using backup LSP

NODE PROTECTION
NODE PROTECTION

o Backup TE-LSP destined to the PLR next hop (NNHOP)

o TE-LSP for link protection signalled by head end
o Nodes along the path attempt to associate the TE-LSP to the
NNHOP downstream
o PLR reroutes all identified TE-LSPs on NHOP failure
o Pushes TE-LSP label expected by NNHOP, stacks TE backup
LSP label on top

RELATIONSHIP BETWEEN MPLS TE & QoS

MPLS TE designed to improve backbone efficiency independently of

QoS:
 Computes routes for aggregates across all PHBs
 Performs admission control using 'Global' bandwidth pool
 Unaware of bandwidth allocated to each queue

MPLS TE & MPLS Differentiated services:

 Can run simultaneously and independently
 TE distributes aggregate load
 Differentiated services provides Qos implementation
 Are unaware of each other (i.e. no per class admission
control in TE)