Designing and Implementing IP/MPLS-Based Ethernet Layer 2 VPN Services E-Book

Table of Contents

Dedication

About the Author

Credits

Acknowledgments

Foreword

Introduction

How This Book Is Organized

Conventions Used in This Book

Audience

Alcatel-Lucent Service Routing Certification Program

Feedback Is Welcome

Standard Icons

Part I: IP/MPLS VPN Service Network Overview

Chapter 1: Building Converged Service Networks with IP/MPLS VPN Technology

1.1 The Increasing Demands on Service Provider Networks

1.2 MPLS Overview

1.3 The MPLS Value Proposition

1.4 MPLS Enables Converged Multi-Service Networks

1.5 MPLS-Enabled Business VPN Services

Summary

Chapter 2: IP/MPLS VPN Multi-Service Network Overview

2.1 IP/MPLS Layer 2 VPN Requirements

2.2 IP/MPLS Layer 2 VPN Services

2.3 Meeting the Service Network Requirements Using IP/MPLS VPN Architecture

2.4 IP/MPLS VPN-Enabled Applications

Summary

Part II: IP/MPLS VPN Protocol Fundamentals

Chapter 3: Using MPLS Label Switched Paths as Service Transport Tunnels

3.1 Basic MPLS Concepts Review

3.2 Label Switch Path Types

3.3 LDP-LSP — LDP Label Distribution

3.4 RSVP-TE LSPs

3.5 Configuring RSVP-TE LSP

Summary

Chapter 4: Routing Protocol Traffic Engineering and CSPF

4.1 Introducing Traffic Engineering

4.2 Introducing OSPF-TE

4.3 Introducing IS-IS TE

4.4 The CSPF Algorithm

4.5 RSVP-TE LSP Policy Control: Administrative Groups and SRLG Groups

Summary

Chapter 5: RSVP-TE Protocol

5.1 RSVP and RSVP-TE

5.2 RSVP-TE Signaling Procedure

5.3 RSVP-TE Messages and Objects

5.4 Make-Before-Break (MBB)

5.5 The RSVP-TE Hello Protocol

5.6 Reducing RSVP Refresh Overhead

5.7 RSVP MD5 Authentication

Summary

Chapter 6: MPLS Resiliency — Secondary LSP

6.1 Ensuring Reliability with MPLS Resiliency

6.2 An Overview of Primary and Secondary LSPs

6.3 What Affects Convergence Performance?

6.4 Rules for Selecting Secondary LSPs

6.5 Case Study: Using Administrative Groups in Secondary LSPs

Summary

Chapter 7: MPLS Resiliency — RSVP-TE LSP Fast Reroute

7.1 RSVP-TE LSP Resiliency

7.2 Fast Reroute Overview

7.3 Fast Reroute Architecture

7.4 One-to-One Backup

7.5 Facility Backup

7.6 Manual Bypass Tunnel

Summary

Chapter 8: Label Distribution Protocol

8.1 LDP Overview

8.2 LDP Session Establishment and Management

8.3 Using T-LDP to Signal Pseudowires for Layer 2 VPN Services

8.4 LDP Messages and TLVs

8.5 LDP over RSVP-TE Tunneling

Summary

Part III: Ethernet VPN Services

Chapter 9: IP/MPLS VPN Service Routing Architecture

9.1 IP/MPLS VPN Service Network Infrastructure

9.2 Alcatel-Lucent Service Routing Architecture

9.3 Service Access Point and SAP Components

9.4 Service Distribution Paths and Transport Tunnels

9.5 Multiple Forwarding Paths in the Same SDP

9.6 Maximum Transmission Unit in a Service Network

9.7 IP/MPLS VPN Service Implementation Overview

Summary

Chapter 10: Virtual Leased Line Services

10.1 VLL Services Overview

10.2 VLL Services Architecture

10.3 Pseudowire Switching for VLL Services

10.4 VLL Example: Epipe — Ethernet P2P VPN

10.5 VLL Connection Admission Control

Summary

Chapter 11: Virtual Private LAN Service

11.1 VPLS Service Overview

11.2 VPLS Architecture

11.3 VPLS Mesh-Pseudowires

11.4 VPLS Service Access Points

11.5 VPLS Forwarding Database Management

Summary

Chapter 12: Hierarchical VPLS

12.1 Hierarchical-VPLS Overview

12.2 Spoke-Pseudowire Details

12.3 H-VPLS Topologies

12.4 H-VPLS Design Case Study — Where to Break the Mesh?

Summary

Chapter 13: High Availability in an IP/MPLS VPN Network

13.1 Building a Network with High Availability

13.2 Bidirectional Forwarding Detection

13.3 Link Aggregation Group Overview

13.4 Multi Chassis Link Aggregation Group

13.5 Traffic Load Balancing in Link Aggregation Groups

Summary

Chapter 14: VLL Service Resiliency

14.1 VLL Service Resiliency Overview

14.2 VLL Service Resiliency Using Pseudowire Redundancy

14.3 VLL Network Design Using MC-LAG with Pseudowire Redundancy

Summary

Chapter 15: VPLS Service Resiliency

15.1 Introduction to VPLS Service Resiliency

15.2 Access Resiliency

15.3 H-VPLS Backbone Resiliency

15.4 Using MAC-Flush to Avoid Blackholes

Summary

Part IV: Advanced Ethernet VPN Topics

Chapter 16: VPLS BGP Auto-Discovery

16.1 VPLS BGP-AD Overview

16.2 BGP Auto-Discovery for LDP-VPLS

16.3 SDPs, Transport Tunnels, and Pseudowires Created Using BGP-AD

16.4 Using Pre-Provisioned SDPs

16.5 Using BGP-AD Import and Export Policies to Control the Forwarding Topology of VPLS

Summary

Chapter 17: PBB-VPLS

17.1 Provider Backbone Bridge Overview

17.2 PBB-VPLS Architecture

17.3 PBB-VPLS Learning and Forwarding

17.4 Controlling Flooding in PBB-VPLS

17.5 FDB Management in I-VPLS and B-VPLS

17.6 OAM in a PBB-VPLS Network

17.7 Service Resiliency in PBB-VPLS Networks

17.8 MAC-Flush in PBB-VPLS

17.9 PBB Epipe

Summary

Chapter 18: OAM in a VPLS Service Network

18.1 OAM Functional Overview

18.2 Ethernet in the First Mile (EFM) OAM (802.3ah)

18.3 Ethernet Connectivity Fault Management

18.4 OAM in an IP/MPLS VPN Service Network

18.5 OAM in VPLS Services

Summary

Appendix A: Spanning Tree Protocol

A.1 Spanning Tree Protocol

A.2 Spanning Tree Protocol Variations

A.3 VPLS Service Loop Prevention with STP

A.4 Altered STP Behavior in the VPLS Core

A.5 Using VPLS STP to Eliminate Customer Forwarding Loops

A.6 Using VPLS STP to Block Redundant Spoke-Pseudowires in H-VPLS

A.7 LDP MAC-Flush in STP Convergence

A.8 Management VPLS

Appendix B

Glossary

Index

Praise

“This book will be of great benefit to the entire Exponential-e engineering team.”

—Chris Christou Engineering Manager Exponential-e

“An extremely valuable tool for anyone involved in the design, operation, and maintenance of MPLS-based networks. The reader will walk away with a clear and practical understanding of all aspects of the complexities associated with MPLS network operations. I highly recommend that this text be part of any MPLS network engineer’s library.”

—Gary HornDirector, Enterprise Architecture and Network Security Advocate Health Care

“A thorough and solid publication that reflects Alcatel-Lucent’s industry-leading and innovative approaches to Layer 2 Services. An invaluable asset for any network designer/architect.”

—Ray Miller, Jr. Senior Network Engineer Sting Communications

Designing and Implementing IP/MPLS-Based Ethernet Layer 2 VPN Services: An Advanced Guide for VPLS and VLL

Published byWiley Publishing, Inc.10475 Crosspoint BoulevardIndianapolis, IN 46256www.wiley.com

Copyright © 2010 Alcatel-Lucent

Published by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-0-470-73056-0

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic books.

Library of Congress Control Number: 2009937280

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Alcatel, Lucent, Alcatel-Lucent, and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective owners. Wiley Publishing, Inc. is not associated with any product or vendor mentioned in this book.

To my grandfather, GuangXiao Xu, and to my parents, Yin and WeiMin. You have given me so much love and set perfect examples for me to be passionate, disciplined, and dedicated to my career and my life.

— Zhuo (Frank) Xu

About the Author

Zhuo (Frank) Xu is a seasoned telecom professional with 16 years experience working for Alcatel-Lucent and other telecommunication service providers. He is a recognized MPLS/VPLS service routing expert. Zhuo holds several industry IP certifications, including the distinction of being the world’s first Alcatel-Lucent Service Routing Architect (SRA), and is accredited with a patent associated with the MPLS FRR protocol. Educated in Beijing at the Beijing Polytechnic University, P.R. China, Zhuo holds a Bachelor’s degree in Electronics Engineering.

Credits

Executive Editor

Carol Long

Project Editor

Sara Shlaer

Technical Reviewers

Mustapha Aissaoui

Florin Balus

Footer (Richard) Foote

Prashanth Ishwar

Sivaramakrishna Kuditipudi

Anthony Peres

Jorge Rabadan

Ray Qiu

Production Editor

Kathleen Wisor

Copy Editor

Cate Caffrey

Editorial Director

Robyn B. Siesky

Editorial Manager

Mary Beth Wakefield

Marketing Manager

David Mayhew

Production Manager

Tim Tate

Vice President and Executive Group Publisher

Richard Swadley

Vice President and Executive Publisher

Barry Pruett

Associate Publisher

Jim Minatel

Project Coordinator, Cover

Lynsey Stanford

Compositor

Jeff Lytle, Happenstance Type-O-Rama

Proofreader

Nancy Carrasco

Indexer

Robert Swanson

Acknowledgments

First, I thank members of the Alcatel-Lucent senior management team — Basil Alwan, Ravi Parmasad, James Watts, and Barry Denroche — for helping to make this book happen. Your constant support made this book possible. It is an honor for me to work with such an excellent product and with such an outstanding team. Ravi: Special thanks for your encouragement and help as a leader and a friend.

Thanks to Mac Virdy, Jim Tam, and George Carroll for providing the resources that helped me deliver the content of this book. Your strong support and encouragement made the job of writing this book much easier. Mac: You and the network design engineering team provided a friendly and helpful environment that helped to make this book’s development much easier. George: Thanks for your consistent attention and help since day one, when I started working on this book.

This publication is the result of the efforts of many individuals who all contributed in different capacities to bringing this book to market.

I express my gratitude to Karyn Lennon for all of her efforts in securing the team who contributed to this book and in managing the many diverse activities needed to publish the book. Without your enthusiasm, passion, and hard work, there was no way I could have finished this book. You did an amazing job organizing the project and coordinating all the parties (editors, artists, technical reviewers, illustrators, publishing authorities, marketing departments, and our customers) who contributed to this book. Your efficiency and patience made it possible for me to keep focused on content delivery. Karyn, it would have been impossible for me to stay focused on completing the content of the book without you taking care of everything else.

This book has benefited enormously from the technical reviewer team of Mustapha Aissaoui, Florin Balus, Footer (Richard) Foote, Prashanth Ishwar, Sivaramakrishna Kuditipudi, Anthony Peres, Jorge Rabadan, and Ray Qiu. Thank you all for the detailed input and technical discussions, and for spending significant amounts of time contributing to the book. I appreciate all of your insight, the thoroughness of your input, and for juggling this activity with everything else that you needed to do. Special thanks to Mustapha for the tens of hours of technical discussion sessions we had on the topics covered by the book. Thanks to Vach Kompella; it’s my pleasure to have you write the forward for this book. Also, I thank James Zhang and Chris Fang from the IPD support team for helping me with the research of many technical questions.

To the editorial team — Mary Buchanan and Karen Sayer — thank you for helping to ensure that the accurate message and wording came through.

To the illustration team of Blair Buchanan, Alex Cedzynski, and Peter Wayne, thank you for transforming my images into sleek illustrations that will truly contribute to the educational value of this publication. Peter: Thank you for your creativity in setting the illustration style and leading this team to complete all of these illustrations in a short period of time.

I also thank the many Alcatel-Lucent customers that I have worked with over the years. It has always been my pleasure to work with you — you have all helped me understand how the technology is used in the industry. Our discussions and experiences led to the case studies and real-life network deployment scenarios of this publication. Special thanks to Gary Horn, Ray Miller, and Chris Christou — as industry experts and our customers, your input to this book was invaluable.

And to the Wiley team, led by Sara Shlaer, thanks for your guidance and patience with me during my first publishing endeavor.

Foreword

If we have learned one thing from the plethora of wireline connectivity technologies, it is that they change constantly. Over the years, while Ethernet was taking over enterprise networks, Frame-Relay, ATM, and SONET/SDH ruled the service provider domain. Attempts were made to unify these technologies, but in the end, the result was independently operated networks, with some interoperability at the edges.

Consequently, the infrastructure of the service providers was expensive and lacked consistency, and a massive transformation was long overdue. IP/MPLS, the emerging technology of the 1990s, provided an abstraction that enabled service providers to interconnect their disparate networks, while endowing that same network with a uniform set of characteristics that was independent of the underlying carrier technology: QoS awareness, traffic-engineering, and fast recovery times in the face of outages. However, MPLS wasn’t multi-protocol enough, and needed a killer app to make it universally applicable.

Enter pseudowire technology: Virtual Leased Lines (VLL) and Virtual Private LAN Service (VPLS). Based on the MPLS architecture, pseudowires allowed a service provider to abstract out the idiosyncrasies of wired technologies. This allowed them to continue to support various connectivity technologies at the edge of their networks to customers while migrating to a modern architecture in the core. Customers with both IP and non-IP traffic could now be connected across a multi-service, multi-protocol network.

MPLS absorbed the best of the Layer 2 capabilities of the network infrastructure, but the story didn’t stop there. While VLL addressed the problems of a transition to a modern networking architecture, VPLS typified the best of the connectivity models. Ethernet, as a Layer 2 technology, was just another technology like Frame-Relay or ATM. Ethernet, as a network model, delivered the ease-of-use that has made it the choice for enterprises.

VPLS is not simply an Ethernet emulation — it is a connectivity model that abstracts a LAN. It can be used as a VPN service, connecting multiple customer sites together, providing them the ease-of-use and consistent feel of a single Ethernet network. But it can just as well be used as an infrastructure technology, providing the service provider with a highly reliable LAN service spanning a larger geographic area than has been covered by customary Ethernet networks.

I hope that as you read this book, you will appreciate the opportunities IP/MPLS VPNs present to address the connectivity and architectural requirements of customers.

Vach KompellaDirector, MPLS DevelopmentAlcatel-Lucent

Introduction

Internet Protocol/Multi Protocol Label Switching (IP/MPLS) Virtual Private Network (VPN) technology has been widely adopted by service providers for use in their backbone networks. It has significant advantages compared to legacy ATM, Frame-Relay, Ethernet, or IP networks. With IP/MPLS VPN technology, service providers can now build service-oriented networks with multiple services in a single converged network with high availability, reliability, and performance.

The IP/MPLS VPN network uses an evolutionary service-oriented network architecture, which brings the concepts of service entity and service router into the network. The service-oriented network de-couples the roles of Provider Edge (PE) routers and Provider (P) backbone routers. Service instances are created at the edge of the network in the customer-facing PE routers, and MPLS pseudowires are used to connect multiple service instances residing on different PE routers belonging to the same service. P routers connect to PE routers in the network to carry traffic across the backbone network, providing high bandwidth throughput, traffic engineering capability, and fast convergence.

One of the biggest challenges for service providers who migrate from legacy networks to modern IP/MPLS VPN networks is to acquire the knowledge of IP/MPLS VPN, especially for the newly developed pseudowire-based Layer 2 VPN (L2VPN) technologies such as Virtual Private Wire Service (VPWS) and Virtual Private LAN Service (VPLS). In modern IP/MPLS VPN service routing networks, both the network architecture and the protocols underneath are changed significantly:

The ease of deployment and the high bandwidth throughput of modern Ethernet technology make it more attractive for both service providers and customers as a Layer 2 transport technology. Ethernet VPN has also become more popular as it enables service providers to offload the IP routing peering responsibilities to their customers, and focuses instead on optimal traffic forwarding. Customers would like to have total control of IP routing without being obligated to follow the providers’ routing policies. Virtual Private LAN Service (VPLS) is capable of connecting multiple geographically separated customer sites with a Virtual Bridge. The customer sites connected by the VPLS service appear to be in the signal LAN segment, with spanning tree interoperability. In the backbone network, VPLS service instances are connected by MPLS pseudowire through MPLS or IP transport tunnels.

With all these innovations in the service providers’ networks, networking professionals need to update their knowledge of IP/MPLS VPN and obtain an in-depth understanding of the service routing architecture. This book is written to provide readers with a thorough understanding of the new IP/MPLS Layer 2 VPN technology.

How This Book Is Organized

Many readers may have some experience with the newly evolved IP/MPLS VPN technologies. They may have some experience with legacy IP routing and/or Ethernet bridging networks and may find that some of the terminologies sound familiar: IGP, BGP, spanning tree, LSP, RSVP, and so on. However, they may find that these terminologies have different meanings and the protocols’ behaviors are altered in IP/MPLS VPN networks. Furthermore, there are many new concepts such as SAP, SDP, pseudowire, LSP, detour LSP, and more.

This book is organized in a hierarchical manner in four parts to help readers obtain a solid understanding of a service routing network.

Some material is presented in the format of Notes, Warnings, or other sidebars. Notes are used to clarify the critical concepts and some commonly misunderstood technical terms, or as quick reference reminders while designing the service routing network. Warnings are notices regarding potential service-impacting configurations and operations.

Many acronyms are used throughout the book. Each acronym is fully spelled out when it’s mentioned for the first time in each chapter, followed by its abbreviation. The Glossary at the end of the book presents the full list of acronyms with brief explanations.

Conventions Used in This Book

Alcatel-Lucent provides a modular approach for configuring the individual entities of Alcatel-Lucent Service Router Portfolio (ALSRP) nodes. ALSRP nodes can be provisioned and managed either directly using the command-line interface (CLI) of individual nodes or through a service-aware network management system (Alcatel-Lucent 5620 SAM). Alcatel-Lucent 5620 Service Awareness Manager (SAM) provides different types of interfaces, including a graphical user interface (GUI), for provisioning the nodes of a network. In this book, only the command-line configuration option for configuration and managing ALSRP nodes is presented.

CLI commands are entered at the command-line prompt. Entering a command makes navigation possible from one command context (or level) to another. When you initially enter a CLI session, you are in the root context. At the root context, the prompt indicates the active central processor module slot and the name of the node. Navigate to another level by entering the name of successively lower contexts. As you change through the levels, the prompt also changes to indicate the context you are in. Figure 1 shows an example CLI navigation and prompt change according to the context.

The root prompt shown in Figure 1 indicates that the active CPM slot of the node is A and the name of the node is configured as PE-1. Upon entering the command show, the prompt changes to indicate the show context. As you can see in this paragraph, when CLI codes are used inline along with the main text, they are indicated by the use of monofont text.

To get contextual help at a given prompt, simply enter a question mark (?). In a given CLI context, you can enter commands at that context level by simply entering the text. It is also possible to enter a command in a lower context as long as the command is formatted in the proper command and parameter syntax. Figures 2 and 3 show the two methods to navigate to the show service context.

Figure 4 shows the command options for the oam vccv-ping command. This code is presented here to explain the syntax of CLI command options. The purpose of the command in Figure 4 is explained in Chapter 18.

In the command syntax, square brackets indicate optional parameters of a command; angle brackets indicate that a substitution is required for the placeholder; and a pipe (|) indicates an either/or relationship between the parameters on either side of the pipe. To shorten some of the code presentation, later in the book, part of some listings’ outputs is stripped and replaced with ellipses (…) to indicate the stripping.

For further information regarding the use of the command-line interface, refer to the System Basics Guide, which is part of the ALSRP product manuals. This book is one of the series of technical books to be published related to Alcatel-Lucent service routers. This book provides reference to the Alcatel-Lucent manuals that come with the Alcatel-Lucent 7750 Service Router, the Alcatel-Lucent 7450 Ethernet Service Switch, or the Alcatel-Lucent 7710 Service Router platforms. If you are an Alcatel-Lucent customer and you don’t have access to the Alcatel-Lucent’s Service product manuals, contact your Alcatel-Lucent account manager. If you are not a customer of Alcatel-Lucent, visit the “Contact Us” area at www.alcatel-lucent.com.

A standard set of icons is used in the diagrams throughout this book. A representation of these icons and their meanings is listed under the section “Standard Icons” at the end of the Introduction.

Audience

The target audience of this book includes network design, maintenance, or support professionals working for telecommunication service providers or equipment vendors who want to acquire expert-level, in-depth knowledge on the latest IP/MPLS VPN technology. It is highly recommended that readers have a solid understanding of legacy IP and Ethernet switched networks and related protocols; some hands-on networking experience is also recommended.

Alcatel-Lucent Service Routing Certification Program

For those who feel they need more IP Service Routing training and hands-on experience, I encourage you to review the offerings from the Alcatel-Lucent Service Routing Certification Program. Visit www.alcatel-lucent.com/src for a complete overview of the four certifications in this industry-leading program.

Feedback Is Welcome

It would be my pleasure to hear back from you. Please forward your comments and suggestions for improvements to the following email address:

[email protected]

With that, I welcome you to explore the exciting world of IP/MPLS VPN service routing networks.

— Zhuo (Frank) Xu

Standard Icons

Part I

IP/MPLS VPN Service Network Overview

Telecommunication operators must constantly evolve their networks to meet the needs of their customers. Building a converged, high performance, highly available, and highly flexible network to provide multiple services in a cost efficient way is the goal for today’s providers. The new generation of IP/MPLS VPN service-oriented networks has become the operators’ best choice to reach this goal.

Chapter 1: Building Converged Service Networks with IP/MPLS VPN Technology

Chapter 2: IP/MPLS VPN Multi-Service Network Overview

Chapter 1

Building Converged Service Networks with IP/MPLS VPN Technology

Multi Protocol Label Switching (MPLS) and Virtual Private Network (VPN) technologies provide features that help service providers meet the evolving needs of their customers. These technologies are essential for building the converged service networks required in today’s market.

Chapter Objectives

This chapter briefly reviews traditional networks with legacy technologies and their limitations, and shows how the innovations of MPLS and VPN technologies overcome these limitations. It also presents the benefits of using an IP/MPLS VPN service architecture.

1.1 The Increasing Demands on Service Provider Networks

Service provider networks must evolve to keep pace with the changing times. Service providers are often classified by how much of the regional access infrastructure they own, versus how much they must contract from other providers:

Service providers may also be classified according to the types of services they offer to their end-customers:

An operator may offer some or all of these services to their end-customers.

Both residential (consumer) and enterprise (business) customers of service providers constantly demand new services and innovations from their service providers. Traditional Leased Line, Frame-Relay (FR), and Asynchronous Transfer Mode (ATM) based services are characteristic of organizations that manage their own enterprise networks (with their own IT teams), but those enterprises must purchase the connectivity infrastructure (typically point-to-point leased lines or FR/ATM Permanent Virtual Connections) from a service provider. Driven by enterprise business goals and geared toward focusing on core competencies and cost reduction, enterprises have begun looking to service providers for managed connectivity solutions.

Enterprises have also been demanding more in terms of bandwidth speeds for connectivity. The old “80/20 rule” (80% of the traffic stays within the local site, and 20% of the traffic is between remote sites) is no longer valid. Because many enterprises have consolidated their data centers to a few sites, the need for higher-speed remote connectivity has become extremely important to enterprise IT managers. In addition, enterprises are now in the process of implementing bandwidth-intensive applications like video conferencing, web conferencing, and electronic image sharing across a wide area, thus prompting a need for additional bandwidth in their Wide Area Networks (WANs).

Residential services are also evolving from dial-up Internet connectivity to broadband connectivity. Services for residential customers are evolving to include triple- or quad-play services that include voice, Video on Demand (VoD), broadcast television, and Internet access.

Traditionally a service provider has separate networks for offering voice and data services. Within a data network, a traditional service provider would typically have separate networks for offering Leased Line-, FR-, and ATM-based services for business customers and a separate network offering Internet-based services (Internet access and Internet-based secure connectivity) for residential and business customers. In residential areas, TV content for consumers is most often delivered by MSOs, who have their own dedicated infrastructure (mostly cable plants). Enterprises usually use Ethernet switches and IP routers to build their LANs and purchase Leased Line services from operators to connect their remote locations.

Given the ever-changing landscape of customer demands, service provider networks must keep pace by staying competitive while increasing profitability. It is evident that the approach of building separate networks is not cost-effective when a service provider must offer multiple services. The ideal way to approach network design is a solution wherein multiple services can be converged on a single network infrastructure. This is why MPLS as a technology for service provider networks has gained rapid momentum in the marketplace.

The most obvious trend is the fast growth of IP and Ethernet traffic in the network. Because of the boom of the Internet, and the invention of Gigabit Ethernet, IP/Ethernet traffic is now dominant in telecommunication networks. Residential customers require faster Internet access services and better IP service quality to support Voice over IP (VoIP). Enterprise customers are conducting more and more of their business electronically across geographically separated locations. Many bandwidth-intensive and time-sensitive IP-based applications are widely used for business-critical missions. IP data is growing in strategic importance in wireless networks. Mobile users are keen for rich IP-based multimedia services. Service providers also want to deliver television content over IPTV applications, which require a network throughput with very high bandwidth and low latency. It’s clear that building a network optimal for IP/Ethernet traffic delivery is crucial to service providers.

Because enterprises are now starting to use more and more IP/Ethernet-based applications, they require their IT infrastructures to have high throughput, and to be reliable, secure, and cost-efficient. This generates a great demand for the service providers to provide VPN. VPN allows the service provider to deliver services to different customers using the same service delivery backbone network, while isolating each customer using virtual service instances to ensure privacy and security. During the past two decades, there were already many enterprises using the routed RFC2547bis VPN to achieve intranet connectivity. Now, with the fast growth of Ethernet technology, more and more business customers require bridged Layer 2 Ethernet VPN service. Layer 2 VPN gives the customers full control of their routing domains and fewer peering complications with service providers.

Service providers also look for network solutions that consolidate voice, data, and video services into one network infrastructure and allow them to serve residential and business customers from the same network. The network must be cost-efficient and robust. The network must also be capable of providing different Quality of Service (QoS) on the service provided to conform to different Service Level Agreements (SLAs).

With these new trends and demands, service providers intend to transition their networks to IP/MPLS core networks, providing various VPN services to their customers.

1.2 MPLS Overview

Multi Protocol Label Switching is a label-switching mechanism used by MPLS-capable routers or switches to exchange traffic. In the control plane, the MPLS-capable devices assign labels to be used for certain types of traffic and distribute labels through certain label distribution protocols. Each device distributes locally assigned labels to other MPLS devices and receives label distribution information from other devices. Each device builds a Label Information Base (LIB) that stores the label information. In the data plane, each device performs MPLS encapsulation on data traffic before sending it to other MPLS devices. When an MPLS device receives MPLS-encapsulated traffic, the device makes forwarding decisions based on the MPLS label value in the MPLS encapsulation header. In MPLS data encapsulation, the MPLS header (32 bits long, containing a 20-bit numerical value used as the label value) is inserted between the Layer 2 header and the Layer 3 header of the data to be encapsulated. Therefore, MPLS is sometimes referred as a Layer 2.5protocol, and the MPLS header is sometimes referred to as the shim header.

Before MPLS devices can forward MPLS-encapsulated traffic to each other, MPLS label distribution in the control plane must be completed. When exchanging label information, each MPLS device stores the label, as well as the label mapping information for the type of traffic that uses each label. All traffic that uses the same label is referred to as a Forwarding Equivalent Class (FEC). The label distribution process distributes the FEC–Label mapping information among MPLS devices. Therefore, MPLS devices form a Label Switched Path (LSP) for each FEC. The LSP is an end-to-end connection for traffic belonging to the same FEC to be forwarded. MPLS builds a connection-oriented path in a connectionless network.

MPLS was first introduced to improve Layer 3 routing performance of regular IP routers. For an MPLS-capable router or Layer 3 switch, MPLS label swapping is less expensive than routing IP packets. In a routed IP network, the IP packets are routed from their source to their destination hop-by-hop. When each router routes an IP packet, the router removes the Layer 2 header (usually an Ethernet header), then checks the IP header for the destination IP address. The router then must perform a lookup in its routing table to find the IP address of the next-hop interface and the egress interface’s Layer 2 encapsulation information. After the next-hop lookup is completed, the router rewrites the packet by adding the new Layer 2 encapsulation header to the packet and then forwards the packet to the next-hop interface. This procedure is performed for every IP packet at every hop. With the introduction of MPLS, the routers can build MPLS LSPs for each FEC. All traffic belonging to the same FEC is MPLS-label–switched to its destination rather than routed. When a Label Switched Router (LSR) performs MPLS switching on an MPLS-encapsulated packet, the MPLS label-swapping operation is much simpler. Therefore, the IP destination lookup process is replaced by the relatively cheaper label-swapping process. Using MPLS switching to replace IP routing is sometime referred to as a routing shortcut.

Furthermore, Border Gateway Protocol (BGP) can be removed from the core of the network because the LSR routers in the core of the network do not have to route these packets. As long as the MPLS label distribution process builds the LSP for each router in the core to reach all edge routers that have BGP peerings with routers outside the Autonomous System (AS), traffic across the core network can be MPLS-switched rather than IP-routed. The core router uses the MPLS label to switch the traffic to the correct edge router. BGP full mesh within the AS can be removed. Only the edge routers need to have BGP peering among each other. Using MPLS switching to remove BGP full mesh from the core network to route Internet traffic is sometimes referred to as a BGP shortcut. The label distribution process used by traditional MPLS-capable devices is in most cases the Label Distribution Protocol (LDP).

1.3 The MPLS Value Proposition

MPLS has evolved substantially since its early days of deployment. The reasons for using MPLS in a network have also changed. MPLS is no longer used to provide an IP routing shortcut. The two biggest changes in the MPLS technology are:

With these evolutions in MPLS technology, MPLS is now widely deployed in the backbone networks of service providers to provide VPN services to their customers.

The introduction of RSVP-TE into MPLS label distribution gives MPLS outstanding flexibility and reliability that the traditional routed or switched network cannot have:

Resiliency features such as pseudowire switching and pseudowire redundancy ensure end-to-end service delivery with the desired quality.

With the MPLS enhancement and the new pseudowire-based VPN service, the service provider can now deploy different types of services for many customers in a single converged backbone network using IP/MPLS technology. The IP/MPLS VPN network has the following advantages:

LDP is one of the protocols MPLS uses to signal LSP. With LDP, the MPLS router distributes labels and establishes LSPs automatically. LDP distributes labels mapped with IP prefixes; therefore, its convergence performance is dependent on the underlying routing protocol. The introduction of RSVP-TE into MPLS LSP signaling brings significant improvement to the flexibility, reliability, and performance of the IP/MPLS network’s service transport mechanism. With an RSVP-TE–signaled LSP transport tunnel, an IP network can now provide carrier-level convergence performance by using resiliency features such as FRR and Secondary LSP.

The newly enhanced MPLS technology allows the operator to deliver traffic flows for many customers using many different types of services in a single converged network. It is now the new WAN backbone technology.

1.4 MPLS Enables Converged Multi-Service Networks

For decades, computer networks have been generally categorized as LAN, MAN, and WAN. Each type of network has its own architecture and traffic delivery mechanism. Their speeds, costs, and reliability differ too. Different types of service providers use different types of networks to provide the services for these networks. With the technology innovation and the growth of the customer demands, the requirements for networking are also changing constantly:

Therefore, a converged multi-service network is desired by service providers to meet the new requirements. Figure 1.1 illustrates such a converged network with multiple services.

In Figure 1.1, the service delivery network provides multiple services in a single backbone network that contains service routers. The service delivery network provides various services to many enterprises and residential customers. Such a network is based on the new evolved IP/MPLS VPN service technology.

1.5 MPLS-Enabled Business VPN Services

Nowadays, more new applications running in residential and enterprise networks generate new demands for the telecommunications backbone networks:

All the above changes and new demands challenge service providers to build a high-throughput, highly reliable, and cost-efficient converged backbone network to meet the requirements of different customers. Also, service providers are looking for more revenue-generating services to sell to the customers rather than selling the big fat pipe. The boundary between carriers and content providers has become ambiguous. Cable TV providers are now providing Internet access and VoIP telephony services. ISPs are now providing TV content to their customers through IPTV and are using DSL and PON technology to provide Internet and voice services. Cellular providers are also providing mobile data services and delivering TV content to cellular phones thorough 2G or 3G technologies along with the mobile voice services.

The evolution of IP/MPLS VPN technology provides a solution for all of these types of service providers. With IP/MPLS VPN technology, all types of services can be provided in a single converged MPLS service backbone network, as follows:

Figure 1.2 illustrates an IP/MPLS VPN service network.

The invention and implementation of the pseudowire-based IP/MPLS VPN solution gives service providers a scalable and secure approach to providing services to multiple customers using the same backbone network while efficiently isolating customer traffic.

Summary

Traditional telecommunications service providers build different network infrastructures to provide different types of services to different customers. These separate network infrastructures create high operational expenses and capital expenses. Different types of networks are incompatible with each other, and the resources cannot be shared.

New applications such as IPTV and the fast growth of Internet applications such as voice, video, and gaming demand more bandwidth and service quality from the service provider. Service providers want to provide multiple services to maximize their revenue. Converged networks with multi-service capability, high performance, high availability and cost efficiency are required to achieve these goals.

The innovation of pseudowire-based IP/MPLS VPN technology provides a solution to the service providers. By implementing an IP/MPLS VPN service routing backbone network, service providers can deploy different types of services (e.g., L2VPN, L3VPN, Internet Routing, Triple Play, and VoIP) over a converged IP/MPLS backbone network.

These innovations allow service providers to meet the evolving needs of their customers by providing multiple services using a single converged network.

Chapter 2

IP/MPLS VPN Multi-Service Network Overview

An IP/MPLS VPN multi-service network provides the capability of building a converged reliable network supporting many different types of services to many different customers. The network uses MPLS pseudowires to connect Virtual Private Network (VPN) member routers in the core network.

Chapter Objectives

This chapter provides an overview of the building blocks that enable the convergence of multiple services into an IP/MPLS multi-service network. Multi Protocol Label Switching (MPLS) pseudowire-based VPN technology is a key building block for enabling MPLS-based services. Along with the advanced per-service Quality of Service (QoS) deployment, service providers can deliver scaled services to large numbers of customers while meeting various requirements.

Service providers can now deploy IP/MPLS VPN-based service solutions to provide different types of services to different customers using a single converged IP/MPLS network. The Triple Play and Mobile Backhauling solutions are also discussed in brief at the end of the chapter.

2.1 IP/MPLS Layer 2 VPN Requirements

As discussed in Chapter 1, new demands from customers and the upsurge of new bandwidth-intensive IP-based services and applications require that service providers take a different networking approach to be successful in today’s market. MPLS-based VPNs offer a solution to meet service provider goals. This chapter introduces the IP/MPLS VPN technology building blocks that enable the solution for service providers.

To meet the requirements of service providers, the new-generation multi-service network must have the following characteristics:

The IP/MPLS VPN-based multi-service network fulfills all the requirements above, and therefore many service providers and enterprises worldwide select it as the networking technology of choice.

2.2 IP/MPLS Layer 2 VPN Services

The previous chapter introduced the challenge for service providers to provide multiple types of services to customers with a converged high-performance and cost-efficient network. IP/MPLS pseudowire-based VPN provides a solution for these service providers.

A service provider can offer two choices for VPN services: the Layer 2 approach or the Layer 3 approach. This section explains the Layer 2 approach and provides two examples of Layer 2 VPN.

The Layer 2 approach is commonly referred to as Layer 2 VPN (L2VPN). The Layer 2 VPN service may be either: