Introduction to MPLS BRKMPL-1100 Travis Jones Customer Solutions Architect CCIE #4603 – DC, R&S, SP, Security, & Voice CCDE 2013::60

Home , Customer edge, Label (command), P Router

#CLUS Introduction to MPLS BRKMPL-1100 Travis Jones Customer Solutions Architect CCIE #4603 – DC, R&S, SP, Security, & Voice CCDE 2013::60

#CLUS Session Goals Objectives • Definition and history of MPLS

• Learn about MPLS customer and market segments

• Understand the problems MPLS is addressing

• Understand the major MPLS technology components

• Understand typical MPLS applications

• Understand benefits of deploying MPLS

• Learn about MPLS futures; where MPLS is going

• Introduction

• MPLS Technology Basics

• MPLS Layer-3 VPNs

• MPLS Layer-2 VPNs

• Advanced Topics

• Summary

Questions? Use Cisco Webex Teams (formerly Cisco Spark) to chat with the speaker after the session How 1 Find this session in the Cisco Events App 2 Click “Join the Discussion” 3 Install Webex Teams or go directly to the team space 4 Enter messages/questions in the team space

Webex Teams will be moderated cs.co/ciscolivebot#BRKMPL-1100 by the speaker until June 18, 2018.

Most Painful Learn

Study

Multi-Protocol: The ability to carry any Multi payload

Have: IPv4, IPv6, Ethernet, ATM, FR Protocol

Uses Labels to tell a node what to do Label with a packet; separates forwarding (hop by hop behavior) from routing (control plane) Routing based on IPv4 or IPv6 lookup. Switching Everything else is Switching.

• Use the best of both worlds • Layer-2 (ATM/FR): efficient forwarding and traffic engineering • Layer-3 (IP): flexible and scalable

• MPLS forwarding plane • Use of labels for forwarding Layer-2/3 data traffic • Labeled packets are being switched instead of routed

• MPLS control/signaling plane • Use of existing IP control protocols extensions + new protocols to exchange label information

• Evolved from tag switching in 1996 to full IETF standard Optimize MPLS covering over 130 RFCs for SDN and Cloud

• Key application initially were Layer-3 VPNs, followed by Optimize MPLS for Traffic Engineering (TE) and Layer-2 VPNs packet transport (Planned) Optimize MPLS for video First SDN/PCE Deployments Complete base MPLS portfolio

First G-MPLS Bring MPLS to Market Deployment

(Planned) First Large Scale First First L2VPN L3VPNs L2VPN Segment Deployments Deployed Deployments Routing Deployments Large Scale Large Scale (Planned) First Cisco ships First MPLS TE First LSM First MPLS TP L3VPN MPLS TE PBB-EVPN MPLS Deployments Deployments Deployments Deployments Deployments Deployments

1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10 MPLS Technology Basics Topics Basics of MPLS Signaling and Forwarding Service (Clients) Management • MPLS reference architecture Layer-3 VPNs Layer-2 VPNs

• MPLS Labels MPLS OAM Transport • MPLS signaling and forwarding

operations IP/MPLS (LDP/RSVP-TE/BGP/OSPF/IS-IS) • MPLS Traffic Engineering MPLS Forwarding • MPLS OAM

. P (Provider) router = Label Switching Router (LSR) – Runs an IGP and LDP . PE (Provider Edge) router = edge router (LSR) – Imposes and removes MPLS labels – Runs an IGP, LDP and MP-BGP . CE (Customer Edge) router – Not required . Label Distribution Protocol – UDP/TCP port 646 (multicast/unicast) – IGP to label binding . Multi-Protocol BGP – Address-family support (IPv4, IPv6, multicast, etc…) – Used for VRF route exchange

• One router assigns the MPLS label independently

• There is no global assignment for the whole network • No global authority

• 20 bits for the label gives label range of 0-1048575 • Default label range might be lower • Label range is limited on some platforms

• Normal MPLS labels are: 16-1048575

• Reserved label range is: 0-15

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 14 MPLS Labels Label Definition and Encapsulation • Labels used for making MPLS Label Stack Entry forwarding decision Label = 20 bits TC S TTL TC = Traffic Class: 3 Bits; S = Bottom of Stack; TTL = Time to Live • Multiple labels can be used for MPLS packet encapsulation • No limit on the number of labels in a stack LAN MAC Header Label, S=1 Layer 3 Packet • Outer label always used for switching MPLS packets in MPLS Label Stack (1 label) network

• Inner labels usually used for services (e.g. L2/L3 VPN) LAN MAC Header Label, S=0 Label, S=1 Layer 3 Packet MPLS Label Stack (2 labels)

• Used for packet classification and prioritization MPLS DiffServ Marking in Traffic Class Bits IP DiffServ Marking • Similar to Type of Service (ToS) field in IP packet (DSCP values) TC DSCP • DSCP values of IP packet mapped into TC bits of MPLS label Layer-2 Header MPLS Header Layer 3 Header • At ingress PE router

• Most providers have defined 3–5 service classes (TC values)

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16 Basic MPLS Forwarding Operations How Labels Are Being Used to Establish End-to-end Connectivity • Label imposition (Push) Label Imposition Label Swap Label Swap Label Disposition • By ingress PE router; classify and (Push) (PoP) label packets • Based on Forwarding Equivalence Class (FEC) P P CE PE PE CE L1 L2 L3 • Label swapping • By P router; forward packets using labels; indicates service CE CE class & destination PE P P PE • Label disposition (Pop) • By egress PE router; remove label and forward original packet to destination CE

• LSP signaling protocols IP MPLS

• Either LDP* or RSVP Destination address Label based based • Leverages IP routing Forwarding table Forwarding Forwarding table learned learned from control • Routing table (Routing Information Base – from control plane plane TTL support TTL support RIB) LDP, RSVP, BGP, Control Plane OSPF, IS-IS, BGP • Exchange of labels OSPF, IS-IS • Label bindings Packet Encapsulation IP Header One or more labels • Downstream MPLS node advertises what 8 bit TOS field in IP label to use to send traffic to node QoS 3 bit TC field in label header • MPLS forwarding OAM IP ping, traceroute MPLS OAM • MPLS Forwarding table (Forwarding Information Base – FIB) (*) LDP signaling assumed for next the examples

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18 MPLS Path (LSP) Setup Signaling Options LDP RSVP • LDP signaling LSP or TE Tunnel Forwarding path LSP • Leverages existing routing Primary and, optionally, backup

Based on TE topology database • RSVP signaling Forwarding Based on IP routing database Shortest-path and/or other Calculation Shortest-Path based constraints • Aka MPLS RSVP / TE (CSPF calculation)

• Packet Enables enhanced capabilities, such Single label One or two labels as Fast ReRoute (FRR) Encapsulation

Initiated by head-end node • Can use both protocols simultaneously towards tail-end node By each node independently Uses routing protocol extensions/information • They work differently, they solve Signaling Uses existing routing protocols/information Supports bandwidth different problems reservation Supports link/node protection • Dual-protocol deployments are very common

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19 IP Routing IGP vs. BGP • Exchange of IP routes for Forwarding Table Forwarding Table Forwarding Table Loopback Reachability In Address Out Out In Address Out Out In Address Out Out Label Prefix I’face Label Label Prefix I’face Label Label Prefix I’face Label • OSPF, IS-IS, EIGRP, etc. 10.2.1.1 F0/0 10.2.1.1 NA 10.2.1.1 F0/0 … … … … • iBGP neighbor peering … … … … … …

over IGP transport F0/0 10.2.1.1

F0/0 PE2 • Route towards BGP Next- F0/0 PE1 BGP Update: Hop P You Can Reach 10.2.1.1 Thru Me You Can Reach 2.2.2.2 Through Me By routing towards 2.2.2.2

Routing Updates You Can Reach 2.2.2.2 Thru Me (OSPF)

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20 MPLS Label Switched Path (LSP) Setup with LDP Assignment of Remote Labels Forwarding Table Forwarding Table Forwarding Table • Local label mappings are In Address Out Out In Address Out Out In Address Out Out Label Prefix I’faceLabel Label Prefix I’faceLabel Label Prefix I’faceLabel sent to connected nodes - 2.2.2.2 F0/0 20 20 2.2.2.2 F0/0 30 30 10.2.1.1 F0/0 - - … … … … … … … • Receiving nodes update … … … … … … … … … … … … forwarding table F0/0 10.2.1.1 VRF • Out label F0/0 F0/0 PE2 PE1 • LDP label advertisement P happens in parallel Use Label 20 for 2.2.2.2 (downstream unsolicited) Use Label 30 for 2.2.2.2

Label Distribution BGP Update: Protocol (LDP) You Can Reach 10.2.1.1 Thru Me (Downstream By routing towards 2.2.2.2 Allocation)

• Ingress PE node adds Forwarding Table Forwarding Table Forwarding Table In Address Out Out In Address Out Out In Address Out Out label to packet (push) Label Prefix I’faceLabel Label Prefix I’faceLabel Label Prefix I’faceLabel - 2.2.2.2 F0/0 20 20 2.2.2.2 F0/0 30 30 10.2.1.1 F0/0 - • Via MPLS forwarding table - … … … - … … … … … … … … … … … … … … … • Downstream P node uses

label for forwarding F0/0 10.2.1.1 decision (swap) F0/0 PE2 VRF F0/0 • Outgoing interface PE1 P • Out label 10.2.1.1 Data 20 2.2.2.2 Data 30 2.2.2.2 Data 10.2.1.1 Data

• Egress PE removes label Forwarding based on Label towards BGP and forwards original Next-Hop (Loopback of far end router) BGP Update: You Can Reach 10.2.1.1 Thru Me packet (pop) By routing towards 2.2.2.2

• LDP distributes labels that map to routes

• Packets are forwarded using labels

• …

• So what?

• …

• MPLS’s benefit shows up later, in two places: • Divergence from IP routed shortest path • Payload-independent tunneling

• MPLS-TE lets you deviate from the IGP shortest-cost path

• This gives you lots of flexibility around how you send traffic across your network

• Three steps: • Information distribution • Path calculation • LSP signaling

• Flood link characteristics in the IGP IP/MPLS • Reservable bandwidth, link colors, other properties

TE Topology database

n • IGP: Find shortest (lowest cost) Find Link with insufficient bandwidth shortest n Link with sufficient bandwidth path to R8 path to all nodes with 8Mbps IP/MPLS

• TE: Per node, find the shortest R1

(lowest cost) path which meets 15 3 5 R8 constraints 10

10 8 10

TE Topology database

• Set up the calculated path using RSVP

(Resource ReSerVation Protocol) IP/MPLS Head end • Once labels are learned, they’re programmed just like LDP labels • At the forwarding level, you can’t tell whether your label came from RSVP or L=16 RESV Tail end LDP

• All the hard work is in the control plane PATH • No per-packet forwarding hit for any of this TE LSP

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 27 MPLS TE Fast ReRoute (FRR) Implementing Network Failure Protection Using MPLS RSVP/TE • Steady state Router A Router B Router D Router E • Primary tunnel: • A → B → D → E • Backup tunnel: • B → C → D (pre-provisioned)

• Failure of link between router B and D Router X Router Y • Traffic rerouted over backup tunnel Router C Primary Tunnel • Recovery time 50 ms Backup Tunnel • Actual Time Varies—Well Below 50 ms in Lab Tests

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28 MPLS OAM Tools for Reactive and Proactive Trouble Shooting of MPLS Connectivity • MPLS LSP Ping • Used for testing end-to-end MPLS connectivity similar to IP ping • Can we used to validate reachability of LDP-signaled LSPs, TE tunnels, and PWs

• MPLS LSP Trace • Used for testing hop-by-hop tracing of MPLS path similar to traceroute • Can we used for path tracing LDP-signaled LSPs and TE tunnels

• MPLS LSP Multipath (ECMP) Tree Trace • Used to discover of all available equal cost LSP paths between PEs • Unique capability for MPLS OAM; no IP equivalent!

• Auto IP SLA • Automated discovery of all available equal cost LSP paths between PEs • LSP pings are being sent over each discovered LSP path

• Traffic is encapsulated with label(s) at ingress (PE router)

• Labels are removed at egress (PE router)

• MPLS forwarding operations include label imposition (PUSH), swapping, and disposition (POP)

• LDP and RSVP can be used for signaling label mapping information to set up an end-to-end Label Switched Path (LSP)

• RSVP label signaling enables setup of TE tunnels, supporting enhanced traffic engineering capabilities; traffic protection and path management

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 30 MPLS Virtual Private Networks MPLS Virtual Private Networks Topics • Definition of MPLS VPN service Service (Clients) Management Layer-3 VPNs Layer-2 VPNs • Basic MPLS VPN 

deployment scenario MPLS OAM Transport • Technology options IP/MPLS (LDP/RSVP-TE/BGP/OSPF/IS-IS)

 MPLS Forwarding

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 32 What Is a Virtual Private Network? Definition • Set of sites which communicate with each other in a secure way • Typically over a shared public or private network infrastructure

• Defined by a set of administrative policies • Policies established by VPN customers themselves (DIY) • Policies implemented by VPN service provider (managed/unmanaged)

• Different inter-site connectivity schemes possible • Full mesh, partial mesh, hub-and-spoke, etc.

• VPN sites may be either within the same or in different organizations • VPN can be either intranet (same org) or extranet (multiple orgs)

• VPNs may overlap; site may be in more than one VPN

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 33 MPLS VPN Example Basic Building Blocks • VPN policies • PE-CE BGP Route Reflector PE-CE Configured on PE routers (manual Link Link operation) PE PE CE VPN CE • VPN signaling Signaling • VPN VPN Between PEs Policy Policy • Exchange of VPN policies VPN VPN CE Policy Policy CE • VPN traffic forwarding PE PE • Additional VPN-related MPLS label encapsulation

• PE-CE link • Connects customer network to MPLS network; either layer-2 or layer-3

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 34 MPLS VPN Models MPLS VPN Models Technology Options • MPLS Layer-3 VPNs MPLS Layer-2 VPNs MPLS Layer-3 VPNs • Peering relationship between CE and PE • CE connected to PE via IP-based Point-to-Point Multi-Point connection (over any layer-2 type) Layer-2 VPNs Layer-2 VPNs • MPLS Layer-2 VPNs – Static routing • CE connected • CE connected – PE-CE routing protocol; eBGP, • Interconnect of layer-2 to PE via L2 to PE Ethernet OSPF, IS-IS Attachment Circuits (ACs) (Eth, FR, connection • CE routing has peering ATM, etc) • CE-CE L2 relationship with PE router; PE connection (Eth) mp routers are part of customer • Peering relationship between • CE-CE L2 p2p connectivity routing connectivity CE’s • CE-CE • PE routers maintain customer- • CE-CE routing; no SP specific routing tables and • SP not involved in routing routing; no SP involvement exchange customer=specific involvement routing information

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 35 MPLS Layer-3 Virtual Private Networks MPLS Layer-3 Virtual Private Networks Topics • Technology components Service (Clients) Management • VPN control plane

mechanisms Layer-3 VPNs Layer-2 VPNs  MPLS OAM • VPN forwarding plane Transport

• Deployment use cases IP/MPLS (LDP/RSVP-TE/BGP/OSPF/IS-IS) • Business VPN services • Network segmentation  MPLS Forwarding • Data Center access

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 37 MPLS Layer-3 VPN Overview Technology Components • VPN policies • Separation of customer routing via virtual VPN routing table (VRF) • In PE router, customer interfaces are connected to VRFs

• VPN signaling • Between PE routers: customer routes exchanged via BGP (MP-BGP)

• VPN traffic forwarding • Separation of customer VPN traffic via additional VPN label • VPN label used by receiving PE to identify VPN routing table

• PE-CE link • Can be any type of layer-2 connection (e.g., FR, Ethernet) • CE configured to route IP traffic to/from adjacent PE router • Variety of routing options; static routes, eBGP, OSPF, IS-IS

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 38 Virtual Routing and Forwarding Instance Virtual Routing Table and Forwarding to Separate Customer Traffic • Virtual routing and forwarding table • On PE router CE • Separate instance of routing (RIB) and VPN 1 VRF forwarding table Green PE • Typically, VRF created for each customer VPN CE MPLS Backbone • Separates customer traffic VPN 2 VRF • VRF associated with one or more customer Blue interfaces

• VRF has its own routing instance for PE-CE configured routing protocols • E.g., eBGP

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 39 Virtual Routing and Forwarding Instance - VRF Virtual Routing Table and Forwarding Separate to Customer Traffic • Logical routing context within the same PE device

• Unique to a VPN

• Allows for customer overlapping IP addresses

• Deployment use cases • Business VPN services • Network segmentation • Data Center access

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 40 VPN Route Distribution Exchange of VPN Policies Among PE Routers • Full mesh of BGP sessions among all PE BGP Route Reflector routers PE-CE PE-CE Link Link • Or BGP Route Reflector (common) PE PE • Multi-Protocol BGP extensions (MP-iBGP) CE CE

to carry VPN policies Blue VRF Blue VRF

• Red VRF Red VRF PE-CE routing options CE CE • Static routes PE PE • eBGP • OSPF • IS-IS • EIGRP

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 41 VPN Control Plane Processing Exchange of routing information • Make customer routes unique: • Route Distinguisher (RD): • 8-byte field, VRF parameters; unique value to make VPN IP routes unique • VPNv4 address: RD + VPN IP prefix

• Selective distribute VPN routes: • Route Target (RT): • 8-byte field, VRF parameter, unique value to define the import/export rules for VPNv4 routes • MP-iBGP: advertises VPNv4 prefixes + labels

Use Case VPNv4 iBGP Relationship

111:1:10.1.1.0/24 Cust A Site 2 Cust A Site 1 10.1.1.0/24 10.2.1.0/24 10.1.1.0/24 111:1:10.2.1.0/24 10.2.1.0/24 CE1 CE2 VRF A P1 P2 VRF A PE1 PE2 Cust B Site 1 VRF B VRF B Cust B Site 2 10.1.1.0/24 P3 P4 10.2.1.0/24 CE1 CE2 OSPF Area 0 222:1:10.1.1.0/24 10.1.1.0/24 10.2.1.0/24 222:1:10.2.1.0/24 1. PE routers service multiple customers 2. Once PE redistributes customer routes into MP-BGP, they must be unique 3. RD is prepended to each prefix to make routes unique

VPNv4 prefixes are the combination of a 64-bit RD and a 32-bit IPv4 prefix. VPNv4 prefixes are 96-bits in length

Use Case VPNv4 iBGP Relationship VRF A VRF B Cust A Site 1 Import 222:1 Cust A Site 2 Import 333:1 Import 111:1 10.1.1.0/24 Export 222:1 10.1.2.0/24 CE1 Import 444:1 CE1 Export 111:1 VRF A P1 P2 VRF B PE1 PE2 Cust A Site 3 VRF C VRF D Cust A Site 4 10.1.3.0/24 VRF C P3 P4 10.1.4.0/24 CE1 VRF D CE1 Import 111:1 OSPF Area 0 Import 111:1 Export 333:1 Export 444:1 1. Route Targets dictate which VRF will receive what routes 2. Can be used to allow specific sites access to centralized services 3. Cust A Site 2, Site 3 and Site 4 will not be able to exchange routes with each other

Route Targets are a 64-bit value and are carried in BGP as an extended community

Interactions Between VRF and BGP VPN Signaling BGP advertisement: • CE1 redistribute IPv4 route to PE1 VPN-IPv4 Addr = 1:100:16.1.0.0 via eBGP BGP Next-Hop = PE1 Route Target = 100:1 Label=42 • PE1 allocates VPN label for prefix eBGP: eBGP: learnt from CE1 to create unique 16.1.0.0/16 16.1.0.0/16 VPNv4 route PE1 PE2 CE1 Blue VPN CE2 • PE1 redistributes VPNv4 route into MP-iBGP, it sets itself as a next hop and relays VPN site routes to PE2

ip vrf blue-vpn • PE2 receives VPNv4 route and, via VRFRD 1:100parameters: Nameroute -=target blue- exportvpn processing in local VRF (blue), it 1:100RD = 1:100 redistributes original IPv4 route to Importroute- Routetarget -importTarget = 100:1 1:100 CE2 Export Route-Target = 100:1

• PE2 imposes pre-allocated VPN label to IPv4 packet received from CE2 IPv4 IGP VPNv4 IPv4 IGP VPNv4 IPv4 IGP VPNv4 IPv4 IPv4 Label C Label Label B Label Label A Label • Learned via MP-IBGP IPv4 IPv4 Packet • PE2 imposes outer IGP label A (learned via Packet PE1 P1 P2 PE2 LDP) and forwards labeled packet to next- CE1 CE2 hop P-router P2

• P-routers P1 and P2 swap outer IGP label and forward label packet to PE1 • A->B (P2) and B->C (P1)

• Router PE1 strips VPN label and IGP labels and forwards IPv4 packet to CE1

• Deployment Use Case Managed VPN Service • Delivery of IP VPN services to Unmanaged VPN Service

business customers Edge Core Core Edge CPE VPN CPE • Benefits • Leverage same network for multiple services and customers (CAPEX) Network Segment CPE Edge Core • Highly scalable MPLS Node CE PE P • Service enablement only Typical Platforms ASR1K ASR9K CRS-3 requires edge node ISR4K ASR90X GSR configuration (OPEX) ASR90X ASR1K ASR9K • Different IP connectivity can ASR903 NCS5K be easily configured; e.g., ME3800X full/partial mesh

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 47 Enterprise Deployment Scenario MPLS Layer-3 VPNs for Implementing Network Segmentation • Deployment Use Case MPLS VPNs for L3 Network Segmentation • Segmentation of enterprise

network to provide selective Edge Core Core Edge connectivity for specific user Access VPN Access groups and organizations

• Benefits Network Segment Access Edge Core • Network segmentation only requires edge node MPLS Node CE PE P configuration Typical Platforms CAT2K N7K ASR9K CAT3K ASR1K CAT6K • Flexible routing; different IP connectivity can be easily ISR4K CAT6K N7K configured; e.g., full/partial mesh CAT9k CAT3K NCS5K CAT9K

MPLS VPNs terminating on DC aggregation • Deployment Use Case MPLS VPNs • Segmented WAN Layer-3 at at DC edge

Data Center edge Access Core Core Top Of Rack Distribution Edge • Layer-3 segmentation in Data Center

• Benefits Data Centre • Only single Data Center edge Network Segment Distribution Core Edge node needed for segmented MPLS Node CE or PE P or CE PE

layer-3 access Typical Platforms N7K N7K ASR9K • Enables VLAN/Layer-2 scale (> 6500 6500 7600 4K)

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 49 Summary Key Takeaways • MPLS Layer-3 VPNs provide IP connectivity among CE sites • MPLS VPNs enable full-mesh, hub-and-spoke, and hybrid IP connectivity

• CE sites connect to the MPLS network via IP peering across PE-CE links

• MPLS Layer-3 VPNs are implemented via VRFs on PE edge nodes • VRFs providing customer routing and forwarding segmentation

• BGP used for signaling customer VPN (VPNv4) routes between PE nodes

• To ensure traffic separation, customer traffic is encapsulated in an additional VPN label when forwarded in MPLS network

• Key applications are layer-3 business VPN services, enterprise network segmentation, and segmented layer-3 Data Center access

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 50 MPLS Layer-2 Virtual Private Networks MPLS Layer-2 Virtual Private Networks Topics • L2VPN technology options Service (Clients) Management • P2P services (VPWS) • Overview & Technology Basics  Layer-3 VPNs Layer-2 VPNs  • VPN control plane MPLS OAM Transport • VPN forwarding plane

• MP2MP services (VPLS / xEVPN) IP/MPLS (LDP/RSVP-TE/BGP/OSPF/IS-IS) • Overview & Technology Basics • VPN control / forwarding plane  MPLS Forwarding • Deployment use cases • L2 Business VPN services • Data Center Interconnect

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 52 MPLS Layer-2 Virtual Private Networks Technology Options • VPWS services MPLS Layer-2 VPNs • Point-to-point • Referred to as Pseudowires (PWs) Point-to-Point Multipoint-to-Multipoint • VPLS services Layer-2 VPNs (VPWS) Layer-2 VPNs • Multipoint

• EVPN EVPN • Multipoint with BGP-based MAC VPLS learning

• PBB-EVPN PBB-EVPN • Combines scale tools from PBB (aka MAC-in-MAC) with BGP- based MAC learning from EVPN

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 53 Virtual Private Wire Services (VPWS) Overview of Pseudowire (PW) Architecture • Based on IETF’s Pseudo-Wire (PW) Attachment Attachment Reference Model Circuit (AC) Circuit (AC) Pseudo-Wire 1 PE1 PE2 • Enables transport of any Layer-2 CE CE traffic over MPLS Layer-2 Layer-2

• PE-CE link is referred to as Attachment Circuit (AC) CE CE Layer-2 Layer-2 Pseudo-Wire 2 PE3 PE4 • Provides a p2p service

• Discovery: manual (config) Emulated Layer-2 Service

• Signaling: LDP

• Learning: none

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 54 VPWS Control Plane Processing Signaling of a New Pseudo-Wire • (1) New Virtual Circuit (VC) cross- connect connects customer L2 interface (AC) to new PW via VC ID and remote PE

ID 3 Label Mapping Messages 4 4 • (2) New targeted LDP session between 2 LDP session PE1 PE2 PE1 and PE2 is established, in case one CE1 CE2 does not already exist 1 1 • (3) PE binds VC label with customer layer-2 interface and sends label- Emulated Layer-2 Service mapping to remote PE

• (4) Remote PE receives LDP label binding message and matches VC ID with local configured VC cross-connect

• PE2 pushes VC (inner) label to L2

packet received from CE2 Eth IGP PW Eth IGP PW Eth IGP PW Eth Eth Label C Label Label B Label Label A Label

• PE2 pushed outer (Tunnel) label Ethernet Ethernet Frame Frame and forwards packet to P2 PE1 P1 P2 PE2 CE1 CE2 • P2 and P1 forward packet using outer (tunnel) label (swap)

• Router PE1 pops Tunnel label and, based on VC label, L2 packet is forwarded to customer interface to CE1, after VC label is removed

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 56 Virtual Private LAN Services Overview of VPLS Architecture • VPLS network acts like a virtual Attachment Attachment Circuit (AC) Circuit (AC) switch that emulates

conventional L2 bridge PE1 PE2 CE CE • Fully meshed or Hub-Spoke Eth Eth topologies supported CE CE • Provides a multipoint ethernet Eth Eth PE3 PE4 service

• Discovery: manual or auto (BGP) Emulated Virtual Switch

• Signaling: LDP or BGP (PW label) Pseudo-Wire

• Learning: data plane

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 57 EVPN BGP advertisement: L2VPN/EVPN Addr = CE1.MAC BGP Next-Hop = PE1 • Ethernet VPN Route Target = 100:1 Label=42 • Provides a multipoint ethernet service BGP RR • Discovery: BGP, using MPLS CE1 PE 1 PE 3 CE3 VPN mechanisms (RT)

• Signaling: BGP (MAC prefixes) CE4

• Learning: Control plane (BGP) CE2 PE 2 PE 4

• Allows for multihomed CEs Emulated Virtual Switch

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 58 PBB-EVPN BGP advertisement: L2VPN/EVPN Addr = PE1.B-MAC BGP Next-Hop = PE1 • Combines Provider Backbone Bridging Route Target = 100:1 (MAC-in-MAC) with EVPN Label=42 • Scales better than EVPN (CE-CE MAC addresses learned in the data plane) • Removes the need to advertise Customer MAC addresses in BGP BGP RR PE 1 PE 3 CE1 B-MAC B-MAC CE3 • Provides multipoint ethernet service

• Discovery: BGP, using MPLS VPN CE2 B-MAC CE4 mechanisms (RT) B-MAC • Signaling: BGP (B-MAC prefixes) PE 2 PE 4

• Learning: Control plane (BGP) and forwarding plane Emulated Virtual Switch C-MAC = Customer MAC address • Allows for multihomed CEs B-MAC = Backbone MAC address #CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 59 MPLS Use Cases Why Virtualize?

• Logical Segmentation

. Traffic isolation per application, group, service etc…

. Logically separate traffic using one physical infrastructure Guest Access Merged Company Isolated Services

Virtual Network Virtual Network Virtual Network

Virtual “Private” Network

Actual Physical Infrastructure

. Service isolation – Telephony systems, building control, surveillance – Security policies are unique to each virtual group/service . Meet regulatory compliance requirements – HIPAA Low Medium High Security Security Security – PCI Guest Access Merged Company Isolated Services – SOX – etc… Virtual Network Virtual Network Virtual Network

Actual Physical Infrastructure

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 62 Service Provider Deployment Scenario PWs for Offering Layer-2 Business VPN Services • Deployment Use Case • Delivery of E-LINE services to business customers Layer-2 VPN Service • Benefits PE P P PE • Leverage same network for CE CE multiple services and customers (CAPEX) • Highly scalable • Service enablement only requires edge node configuration (OPEX)

• Deployment Use Case Data Center

• E-LAN services for Data DC Center interconnect Edge Data Center Core Core Edge • Benefits DC Data Center • Single WAN uplink to connect Edge Edge DC to multiple Edge Data Centers Core Core Edge • Easy implementation of segmented layer-2 traffic between Data Centers

• L2 packets encapsulated into additional VC label

• Both LDP and BGP can be used Pseudowire (PW) signaling

• PWs suited for implementing transparent point-to-point connectivity between Layer- 2 circuits (E-LINE services)

• VPLS suited for implementing transparent point-to-multipoint connectivity between Ethernet links/sites (E-LAN services)

• EVPN / PBB-EVPN are next-generation L2VPN solutions based on BGP control- plane for MAC distribution/learning over the core

• Typical applications of L2VPNs are layer-2 business VPN services and Data Center interconnect

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 65 Advanced Topics MPLS And IPv6 IPv6 Support for Native MPLS Deployments and MPLS Layer-3 Services • MPLS allows IPv6 to be deployed

as an edge-only service, no need IPv6 IPv4 MPLS IPv6 to run v6 in the core 6PE P P 6PE • Easier to deploy CE CE • Security mechanism

• 6PE: All IPv6 can see each other IPv6 IPv4 MPLS IPv6 (single VPN) 6VPE P P 6VPE • IPv6+label (no RD, no RT) CE CE

• 6VPE: Separate IPv6 VPNs • VPNv6, includes RD and RT

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 67 Label Switched Multicast (LSM) Point-to-Multi-Point MPLS Signaling and Connectivity • What is Label Switched Multicast? Uni-Directional • MPLS extensions to provide LSP P2MP connectivity MPLS / • RSVP extensions and multicast LDP IP IP/MPLS • Why Label-Switched Multicast? • Enables MPLS capabilities, which can not be applied to IP multicast traffic (e.g., FRR) P2MP or MP2MP LSP Tree • Benefits of Label-Switched Multicast Label Switched • Efficient IP multicast traffic forwarding Multicast (LSM) • Enables MPLS traffic protection and IP/MPLS BW control of IP multicast traffic

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 68 Segment Routing Control Plane • Segment routing provides A B 101 102 • Rich forwarding behaviors 203 • Simple IS-IS / OSPF extensions program 202 MPLS forwarding plane E • IGP advertises 201 201 103 • Node segment id (label) per node (globally significant) 203 202 • Adjacency segment id (label) per link (locally significant) C D 105 104 Node Segment • Packet with node segment id forwarded Identifier (label) along shortest path to destination Adjacency Segment Identifier (label)

202 202 E 201 E E 103 202 C D C D C D 202 201 201 102 103 202 202 202 202 202 Payload Payload Payload Payload Payload Payload Payload Payload Payload

C D E C D B E C D B E (php) (php)

Inter-Area MPLS TE SDN WAN Orchestration Applicatio n Stateless PCE Path Request LSP DB Stateful PCE TED TED Area 0 Stateless PCE PCEP Stateless PCE (ABR) (ABR) PCEP BGP-LS / PCEP BGP-LS / PCEP SNMP / CLI SNMP / CLI Area 0 Stateless PCC Area 1 Area 2 Stateful PCC-initiated PCC LSP PCE-initiated Stateless Area 1 Area 2 LSP PCC PCC-initiated LSP • ABRs act as stateless PCEs • Out-of-network, stateless PCE • Out-of-network, stateful PCE • ABRs implement backward recursive server server PCE-Based Computation • PCC initiates LSPs • PCE always initiates LSPs • Introduced in IOS XR 3.5.2 • Introduced in IOS XR 3.5.2 • Introduced in IOS XR 5.1.1

WAN Orchestration PCE/SDN

MPLS Multilayer Control Plane Optimization Simplification PCE/GMPLS Segment Routing

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 72 Summary Summary Key Takeaways • It’s all about labels … • Label-based forwarding and protocol for label exchange • Best of both worlds … L2 deterministic forwarding and scale/flexible L3 signaling

• Key MPLS applications are end-to-end VPN services • Secure and scalable layer 2 and 3 VPN connectivity

• MPLS supports advanced traffic engineering capabilities • QoS, bandwidth control, and failure protection

• MPLS is a mature technology with widespread deployments • De facto for most SPs, large enterprises, and increasingly in Data Centers

• Ongoing technology evolution • Control-plane simplification (Segment Routing) and WAN orchestration (PCE/SDN)

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 74 Consider MPLS When … Decision Criteria • Is there a need for network segmentation? • Segmented connectivity for specific locations, users, applications, etc.

• Is there a need for flexible connectivity? • E.g., Flexible configuration of full-mesh or hub-and-spoke connectivity

• Is there a need for implementing/supporting multiple (integrated) services? • Leverage same network for multiple services

• Are there specific scale requirements? • Large number of users, customer routes, etc.

• Is there a need for optimized network availability and performance? • Node/link protection, pro-active connectivity validation • Bandwidth traffic engineering and QoS traffic prioritization

• http://www.ciscopress.com

• MPLS and VPN Architectures — Cisco Press® • Jim Guichard, Ivan Papelnjak

• Traffic Engineering with MPLS — Cisco Press® • Eric Osborne, Ajay Simha

• Layer 2 VPN Architectures — Cisco Press® • Wei Luo, Carlos Pignataro, Dmitry Bokotey, and Anthony Chan

• MPLS QoS — Cisco Press ® • Santiago Alvarez

Webex Teams will be moderated cs.co/ciscolivebot#BRKMPL-1100 by the speaker until June 18, 2018.

Give us your feedback to be entered into a Daily Survey Drawing. Complete your session surveys through the Cisco Live mobile app or on www.CiscoLive.com/us.

Don’t forget: Cisco Live sessions will be available for viewing on demand after the event at www.CiscoLive.com/Online.

#CLUS BRKMPL-1100 © 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 78 Continue Demos in Walk-in Meet the Related your the Cisco self-paced engineer sessions education campus labs 1:1 meetings

#CLUS #CLUS Terminology Reference Acronyms Used in MPLS Reference Architecture Terminology Description AC Attachment Circuit. An AC Is a Point-to-Point, Layer 2 Circuit Between a CE and a PE. AS Autonomous System (a Domain) CoS Class of Service ECMP Equal Cost Multipath IGP Interior Gateway Protocol LAN Local Area Network LDP Label Distribution Protocol, RFC 3036. LER Label Edge Router. An Edge LSR Interconnects MPLS and non-MPLS Domains. LFIB Labeled Forwarding Information Base LSP Label Switched Path LSR Label Switching Router NLRI Network Layer Reachability Information P Router An Interior LSR in the Service Provider's Autonomous System

PE Router An LER in the Service Provider Administrative Domain that Interconnects the Customer Network and the Backbone Network.

PSN Tunnel Packet Switching Tunnel

Terminology Description Pseudo-Wire A Pseudo-Wire Is a Bidirectional “Tunnel" Between Two Features on a Switching Path. PWE3 Pseudo-Wire End-to-End Emulation QoS Quality of Service RD Route Distinguisher RIB Routing Information Base RR Route Reflector RT Route Target RSVP-TE Resource Reservation Protocol based Traffic Engineering VPN Virtual Private Network VFI Virtual Forwarding Instance VLAN Virtual Local Area Network VPLS Virtual Private LAN Service VPWS Virtual Private WAN Service VRF Virtual Route Forwarding Instance VSI Virtual Switching Instance

Course Description Cisco Certification

CCIE R&S Advanced Workshops (CIERS-1 & Expert level trainings including: instructor led workshops, self CCIE® Routing & Switching CIERS-2) plus assessments, practice labs and CCIE Lab Builder to prepare candidates Self Assessments, Workbooks & Labs for the CCIE R&S practical exam.

• Implementing Cisco IP Routing v2.0 Professional level instructor led trainings to prepare candidates for the CCNP® Routing & Switching • Implementing Cisco IP Switched CCNP R&S exams (ROUTE, SWITCH and TSHOOT). Also available in Networks V2.0 self study eLearning formats with Cisco Learning Labs. • Troubleshooting and Maintaining Cisco IP Networks v2.0 Interconnecting Cisco Networking Devices: Builds on ICND1 to provide capabilities needed to configure, implement CCNA® Routing & Switching Part 2 (or combined) and troubleshoot a small enterprise network. Including: understanding of Quality of Service (QoS), how virtualized and cloud services interact and impact enterprise networks, along with an overview of network programmability and the related controller types and tools that are available to support software-defined network architectures. Also available in self study eLearning format with Cisco Learning Lab.

Interconnecting Cisco Networking Devices: Understand layer 2 and layer 3 networking fundamentals needed to CCENT® Routing & Switching Part 1 install, configure, and provide basic support of small/branch networks. Covers network device security and IPv6 basics. Also available in self study eLearning format with Cisco Learning Lab.

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth

Course Description Cisco Certification

Designing Cisco Network Service Architectures Provides learner with the ability to perform conceptual, intermediate, CCDP® (Design Professional) (ARCH) Version 3.0 and detailed design of a network infrastructure that supports desired capacity, performance, availability required for converged Enterprise (Available Now) network services and applications.

Designing for Cisco Internetwork Solutions Instructor led training focused on fundamental design methodologies CCDA® (Design Associate) (DESGN) Version 3.0 used to determine requirements for network performance, security, voice, and wireless solutions. Prepares candidates for the CCDA (Available Now) certification exam.

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth

Course Description Cisco Certification

Deploying Cisco Service Provider Network Routing SPROUTE covers the implementation of routing protocols (OSPF, IS-IS, BGP), CCNP Service Provider® (SPROUTE) & Advanced (SPADVROUTE) route manipulations, and HA routing features; SPADVROUTE covers advanced routing topics in BGP, multicast services including PIM-SM, and IPv6; Implementing Cisco Service Provider Next- Generation Core Network Services (SPCORE) SPCORE covers network services, including MPLS-LDP, MPLS traffic engineering, QoS mechanisms, and transport technologies; Edge Network Services (SPEDGE) SPEDGE covers network services, including MPLS Layer 3 VPNs, Layer 2 VPNs, and Carrier Ethernet services; all within SP IP NGN environments.

Building Cisco Service Provider Next-Generation The two courses introduce networking technologies and solutions, including OSI CCNA Service Provider® Networks, Part 1&2 (SPNGN1), (SPNGN2) and TCP/IP models, IPv4/v6, switching, routing, transport types, security, network management, and Cisco OS (IOS and IOS XR).

Implementing Cisco Service Provider Mobility UMTS The three courses (SPUMTS, SPCDMA, SPLTE) cover knowledge and skills Cisco Service Provider Mobility Networks (SPUMTS); required to understand products, technologies, and architectures that are found CDMA to LTE Specialist; Implementing Cisco Service Provider Mobility CDMA in Universal Mobile Telecommunications Systems (UMTS) and Code Division Cisco Service Provider Mobility Networks (SPCDMA); Multiple Access (CDMA) packet core networks, plus their migration to Long- UMTS to LTE Specialist Implementing Cisco Service Provider Mobility LTE Term Evolution (LTE) Evolved Packet Systems (EPS), including Evolved Packet Networks (SPLTE) Core (EPC) and Radio Access Networks (RANs).

Implementing and Maintaining Cisco Technologies Service Provider/Enterprise engineers to implement, verification-test, and Cisco IOS XR Specialist Using IOS XR (IMTXR) optimize core/edge technologies in a Cisco IOS XR environment.

For more details, please visit: http://learningnetwork.cisco.com Questions? Visit the Learning@Cisco Booth