MPLS自己的经验理解通俗易懂.pptx

《MPLS自己的经验理解通俗易懂.pptx》由会员分享，可在线阅读，更多相关《MPLS自己的经验理解通俗易懂.pptx（94页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、MPLS VPN的基本概念目录目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例第1页/共94页传统IP路由网络的缺陷第2页/共94页传统的IP数据转发使用路由协议传送IP路由信息基于IP包的目标地址进行数据转发IP包每经过一个路由器都需要进行路由表的查询第3页/共94页IP的逐跳转发，在经过的每一跳处，必须进行路由表的最长匹配查找（可能多次），速度缓慢。第4页/共94页在传统的IP转发中的流量工程问题Most traffic goes between large sites A and B and uses only the primary link.Destination-

2、based routing does not provide any mechanism for load balancing across unequal paths.Policy-based routing can be used to forward packets based on other parameters,but this is not a scalable solution.Primary OC192 linkLarge Site ALarge Site BSmall Site CBackupOC48 link第5页/共94页Review Questions列出主要的传统I

3、P路由缺点.IP包的传发是基于那一种信息?为什么这种转发机制不适用于大型网络?第6页/共94页MPLS架构及相关技术第7页/共94页MPLS数据转发MPLS的标签转发，通过事先分配好的标签，为报文建立了一条标签转发通道（LSP），在通道经过的每一台设备处，只需要进行快速的标签交换即可（一次查找）。第8页/共94页MPLS:多协议标签交换MPLS:Multi-Protocol Label Switching在IP网络实现2.5层数据交换第9页/共94页MPLS 的基本概念基于标签进行数据转发的机制标签对应于IP目标路由网络标签可对应于其他相关参数QosIP源地址支持多种协议的转发第10页/共94

4、页MPLS/IP网络第11页/共94页MPLS 架构控制层面（Control plane）运用路由协议进行路由信息的交换运用标签分发协议进行标签交换数据层面（Data plane）基于标签进行数据转发第12页/共94页MPLS ArchitectureRouter functionality is divided into two major parts:control plane and data planeData PlaneControl PlaneLabel 17OSPFLDPLFIBLabel 4417Labeled packetLabel 4Labeled packetLabel

5、17第13页/共94页Label FormatMPLS uses a 32-bit label field that contains the following information:20-bit label3-bit experimental field1-bit bottom-of-stack indicator8-bit time-to-live(TTL)fieldLABELEXPSTTL0192223312024第14页/共94页Frame-Mode MPLSFrameHeaderIP HeaderPayloadLayer 2Layer 2Layer 3Layer 3FrameHe

6、aderLabelIP HeaderPayloadLayer 2 Layer 2 Layer 3Routing lookup andlabel assignment第15页/共94页Label Switch RouterLabel switch router(LSR)转发打了标签的IP包Edge LSR 给IP包打标签并转发到MPLS域删除标签并把IP包从MPLS域转发出去MPLS DomainEdge LSRLSRL=3L=5L=43L=31第16页/共94页LSR的功能架构LSRs,regardless of the type,perform the following three fun

7、ctions:Exchange routing informationExchange labelsForward packets(LSRs and edge LSRs)The first two functions are part of the control plane.The last function is part of the data plane.第17页/共94页Architecture of LSRsLSRs primarily forward labeled packets.LSRControl PlaneData PlaneRouting ProtocolLabel D

8、istribution ProtocolLabel Forwarding TableIP Routing TableExchange ofrouting informationExchange oflabelsIncoming labeled packetsOutgoing labeled packets第18页/共94页Architecture of Edge LSRsEdge LSRControl PlaneData PlaneRouting ProtocolLabel Distribution ProtocolLabel Forwarding TableIP Routing TableE

9、xchange ofrouting informationExchange oflabelsIncoming labeled packetsOutgoing labeled packetsIP Forwarding TableIncoming IP packetsOutgoing IP packets第19页/共94页MPLS 转发LSR功能:插入（Insert）标签交换（Swap）标签删除（Pop）标签第20页/共94页MPLS 域MPLS Forwarding(Frame-Mode)On ingress a label is assigned and imposed by the IP r

10、outing process.LSRs in the core swap labels based on the contents of the label forwarding table.On egress the label is removed and a routing lookup is used to forward the packet.路由表10.0.0.0/8 label 3标签转发表LFIBlabel 8 label 3路由表10.0.0.0/8 label 5标签转发表LFIBlabel 3 label 5路由表10.0.0.0/8 next hop标签转发表LFIBl

11、abel 5 pop10.1.1.1310.1.1.1510.1.1.1第21页/共94页MPLS 网络IP路由示例LSRControl PlaneData PlaneOSPF:RT:LIB:FIB:LFIB:10.0.0.0/8 1.2.3.4L=5 10.1.1.110.1.1.110.1.1.1第22页/共94页LSRControl PlaneData PlaneOSPF:RT:LIB:FIB:LFIB:10.0.0.0/8 1.2.3.410.1.1.1L=5 10.1.1.1 Next-hop L=3,Local L=5L=3 10.1.1.1L=3 10.1.1.1L=5 L=3,

12、L=3MPLS 网络IP路由示例第23页/共94页标签的分配和分发过程IP路由协议构造IP路由表LSR对路由表中每一目标网段独立地分配标签LSR把所分配的标签公告给其他LSR根据所受到的标签，LSR构建LIB，LFIB和FIB第24页/共94页路由表的构建IP routing protocols are used to build IP routing tables on all LSRs.FIBs are built based on IP routing tables with no labeling information.ABCDENetwork X第25页/共94页分配标签Every

13、 LSR allocates a label for every destination in the IP routing table.Labels have local significance.Label allocations are asynchronous.ABCDENetwork XRouter B assigns label 25 to destination X.第26页/共94页ABCDENetwork XRouter B assigns label 25 to destination X.LIB 和 LFIB 的建立LIB and LFIB structures have

14、 to be initialized on the LSR allocating the label.Local label is stored in LIB.Outgoing action is pop,as B has received no label for X from C.第27页/共94页ABCDENetwork X标签分发 Label DistributionThe allocated label is advertised to all neighbor LSRs,regardless of whether the neighbors are upstream or down

15、stream LSRs for the destination.X=25X=25X=25第28页/共94页标签通告的接收（Receiving Label Advertisement）Every LSR stores the received label in its LIB.Edge LSRs that receive the label from their next-hop also store the label information in the FIB.X=25X=25ABCDEX=25Network X第29页/共94页过渡期的数据传送（Interim Packet Propag

16、ation）Forwarded IP packets are labeled only on the path segments where the labels have already been assigned.IP:XLab:25IP:X查询FIB，给IP包打标签.查询LFIB，删除标签ABCE第30页/共94页进一步的标签分配（Further Label Allocation）Every LSR will eventually assign a label for every destination.ABCDENetwork XRouter C assigns label 47 to

17、 destination X.X=47X=47第31页/共94页标签通告的接收（Receiving Label Advertisement）Every LSR stores received information in its LIB.LSRs that receive their label from their next-hop LSR will also populate the IP forwarding table(FIB).ABCDENetwork XX=47X=47第32页/共94页增加LFIB条目（Populating LFIB）Router B has already as

18、signed a label to X and created an entry in the LFIB.The outgoing label is inserted in the LFIB after the label is received from the next-hop LSR.LabelAction Next hop2547CLFIB on BABCDEX=47X=47Network X第33页/共94页数据包通过MPLS网络的过程IP:XIP:XIngress LSREgress LSRABCELab:25Lab:47查看FIB，给包加标签查询LFIB，删除标签查询 LFIB,

19、执行标签交换第34页/共94页MPLS网络LSP的建立第35页/共94页MPLS网络的优化MPLS DomainDouble lookup is not an optimal way of forwarding labeled packets.A label can be removed one hop earlier.L=19L=18L=17LFIB18 19FIB10/8 NH,19LFIB17 18FIB10/8 NH,18LFIB35 17FIB10/8 NH,17LFIB19 untaggedFIB10/8 NH10.1.1.11710.1.1.11810.1.1.11910.1.1

20、.1Double lookup is needed:1.LFIB:remove the label.2.FIB:forward the IP packet based on IP nexthop address.第36页/共94页倒数第二跳弹出（Penultimate Hop Popping）MPLS DomainA label is removed on the router before the last hop within an MPLS domain.L=popL=18L=17LFIB18 popFIB10/8 NH,19LFIB17 18FIB10/8 NH,18LFIB35 17

21、FIB10/8 NH,17LFIBFIB10/8 NH10.1.1.11710.1.1.11810.1.1.110.1.1.1Pop or implicit null label is advertised.One single lookup.第37页/共94页小结第38页/共94页MPLS VPN的基本概念目录目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例第39页/共94页什么是VPN?第40页/共94页Customer SiteLarge Customer SiteVPN术语（VPN Terminology）用户网络(Cnetwork):the part of the

22、network still under customer control运营商网络(Pnetwork):the service provider infrastructure used to provide VPN services用户站点:a contiguous part of the customer network(can encompass many physical locations)第41页/共94页VPN业务网络视图第42页/共94页VPN的分类类型第43页/共94页Overlay VPN（一层VPN）运营商提供物理层的连接用户负责数据链路层和ip层用户自行管理路由ISDNE

23、1,T1,DS0SDH,SONETPPPHDLCIP第44页/共94页Overlay VPN（二层VPN）运营商提供数据链路层的连接用户负责ip层用户自行管理路由X.25Frame RelayATMIP第45页/共94页Overlay VPN（IP隧道）用户负责ip层用户自行管理路由Generic Route Encapsulation(GRE)IP Security(IPSec)IPIP第46页/共94页Service Provider NetworkPeer-to-Peer VPN ConceptCustomer SiteRouter ACustomer SiteRouter BCusto

24、mer SiteRouter CCustomer SiteRouter DPERouterPE RouterPE RouterPE RouterRouting information is exchanged between CE and PE routers.PE routers exchange customer routes through the core network.Finally,the customer routes propagated through the PE network are sent to other CE routers.第47页/共94页共享PE的方式第

25、48页/共94页专用PE的方式第49页/共94页MPLS VPN第50页/共94页第51页/共94页路由型MPLS VPN的架构第52页/共94页客户边界路由器第53页/共94页运营商边界路由器第54页/共94页运营商路由器第55页/共94页VPN路由及转发表（VRF）第56页/共94页PE的路由表第57页/共94页地址复用第58页/共94页路由区分器（Route Distinguisher）RD：64比特地址用于区分PE中每个用户的路由VPNv4地址=RD+IPv4地址VPNv4地址通过BGP在PE之间进行交换多协议BGP（MP-BGP）第59页/共94页路由区分器的运用第60页/共94页第

26、61页/共94页使用路由区分器第62页/共94页路由标记（Route Targets）多个用户站点分属于不同的VPN，需要使用RT标记各自的VPN路由附加在VPNv4路由中传送以标记不同的VPNRT加入到BGP的扩展属性中进行传送RT的灵活应用可支持不同的VPN拓扑第63页/共94页RT的工作原理Export RT：路由发送标记，定义VPN组Import RT：路由接收标记，识别VPN组在发生端的PE，IPv4转换成VPNv4路由时加入Export RT在接收端的PE，根据Import RT进行检查收到的路由的RT与Import RT匹配，接收路由第64页/共94页第65页/共94页RT的灵活

27、应用1第66页/共94页RT的灵活应用2第67页/共94页RT的灵活应用3第68页/共94页路由型MPLS VPN的路由模型第69页/共94页MPLS VPN路由CE运行路由协议PE运行路由协议与CE交换路由信息PE运行MPLS传送VPN路由P运行MPLS第70页/共94页CE第71页/共94页PE第72页/共94页PE路由器的路由第73页/共94页P第74页/共94页MPLS VPN端到端的路由信息流1第75页/共94页MPLS VPN端到端的路由信息流2第76页/共94页MPLS VPN端到端的路由信息流3第77页/共94页路由型MPLS VPN的数据转发第78页/共94页传送原始IP数据

28、包第79页/共94页传送打了标签的IP包第80页/共94页给IP包打两次标签VPN标签由Ingress PE路由器标记并发布第81页/共94页MPLS L2VPN第82页/共94页MPLS L2VPNMPLS L2VPN 提供基于 MPLS网络的二层 VPN服务，使运营商可以在统一的 MPLS 网络上提供基于不同数据链路层的二层 VPN。简单来说，MPLS L2VPN 就是在 MPLS 网络上透明传输用户二层数据。从用户的角度来看，MPLS网络是一个二层交换网络，可以在不同节点间建立二层连接。相对于 MPLS L3VPN，MPLS L2VPN 具有以下优点：可扩展性强：MPLS L2VPN 只

29、建立二层连接关系，不引入和管理用户的路由信息。可靠性和私网路由的安全性得到保证支持多种网络层协议：包括 IP、IPX等第83页/共94页MPLS L2VPN的基本概念在 MPLS L2VPN 中，CE、PE、P 的概念与 MPLS L3VPN 一样，原理也相似。MPLS L2VPN 通过标签栈实现用户报文在 MPLS 网络中的透明传送：外层标签（称为 Tunnel 标签）用于将报文从一个 PE 传递到另一个 PE；内层标签（称为 VC 标签）用于区分不同 VPN 中的不同连接；接收方 PE 根据 VC 标签决定将报文转发给哪个 CE。第84页/共94页MPLS L2VPN 标签栈处理第85页/

30、共94页MPLS L2VPN 的实现方式还没有形成正式的标准。IETF 的 PPVPN工作组制订了多个框架草案，其中最主要的两种称为 Martini 草案和 Kompella 草案：draft-martini-l2circuit-trans-mpls draft-kompella-ppvpn-l2vpn Martini 草案定义了通过建立点到点的链路来实现 MPLS L2VPN 的方法。它以 LDP为信令协议来传递双方的 VC 标签，称为 Martini 方式 MPLS L2VPN。Kompella 草案则定义了在 MPLS 网络上以端到端（CE 到 CE）的方式建立 MPLS L2VPN。目

31、前它采用扩展了的 BGP为信令协议来发布二层可达信息和 VC 标签，称为 Kompella 方式 MPLS L2VPN。第86页/共94页MPLS VPN的基本概念目录目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例第87页/共94页衢州电信城域网MPLS 域域第88页/共94页衢州电信城域网核心网MPLS 域域LSREdge LSRs第89页/共94页衢州电信城域网MPLS VPN环境MPLS 环境环境PPE第90页/共94页城域网三层MPLS VPN实例（环保监控）江山SR1：description CTVPN45002-HuangBaoJianKong vrf-impo

32、rt vprn200017_import route-distinguisher 4809:45002 auto-bind ldp vrf-target target:4809:4500200 interface ge-lag-2.3899 create description HBJK_HuangBaoJu local-proxy-arp sap lag-2:3899.*create ingress qos 105 exit egress qos 400 exit exit exit interface ge-lag-2.3910 create description HBJK_HengCh

33、angShiYe local-proxy-arp sap lag-2:3910.*create ingress qos 105 exit egress qos 400 exit exit exit 龙游SR1:description CTVPN45002-HuangBaoJianKong vrf-import vprn200017_import route-distinguisher 4809:45002 auto-bind ldp vrf-target target:4809:4500200 interface ge-5/1/2.3901 create description HBJK_Ti

34、anTingYaLun sap 5/1/2:1592.3901 create ingress qos 105 multipoint-shared exit egress qos 400 exit exit exit interface ge-5/1/2.3907 create description HBJK_JuHuaKuangYe sap lag-2:3907.*create ingress qos 105 exit egress qos 400 exit exit exit第91页/共94页城域网二层MPLS VPN实例（邮政）南区SR1：description VPLS_Youzhen

35、g stp shutdown exit sap 5/1/1:3800.*create ingress qos 111 exit egress qos 210 exit exit sap 5/1/8:1304.3800 create description HeHuaSanLu ingress qos 111 exit egress qos 210 exit exit mesh-sdp 128:303800 create exit mesh-sdp 131:303800 create exit 江山SR1:split-horizon-group 303800 create exit stp shutdown exit sap lag-1:1452.1357 split-horizon-group 303800 create exit sap lag-1:1443.3800 split-horizon-group 303800 create exit sap lag-1:3800.*create exit mesh-sdp 130:303800 create exit第92页/共94页网络操作维护中心网络操作维护中心2012年年3月月第93页/共94页感谢您的观看。第94页/共94页