A Network Administrator's View of Multiservice Networks

Multiprotocol Label Switching Networks

Demand for Internet bandwidth continues to soar. This has shifted the majority of traffic toward IP. To keep up with all traffic requirements, service providers not only look to scale performance on their core routing platforms, but also to rise above commodity pricing by delivering intelligent services. Ascending to IP at Layer 3 is necessary to prospect for new high-value services with which to capture and grow the customer base. New Layer 3 IP service opportunities are liberating, yet there is also the desire to maintain the performance and traffic management control of Layer 2 switching. The ability to integrate Layer 3 and Layer 2 network services into a combined architecture that is easier to manage than using traditional separate network overlays is also a critical success factor for providers. These essential requirements lead you to MPLS, an actionable technology that facilitates network and services convergence. MPLS is a key driver for next-generation multiservice provider networks.

MPLS makes an excellent technology bridge. By dropping MPLS capability into the core layer of a network, you can reduce the complexity of Layer 2 redundancy design while adding new Layer 3 services opportunity. Multiple technologies and services can be carried across the MPLS core using traffic engineering or Layer 3 VPN capabilities. MPLS capability can be combined with ATM, letting ATM become Layer 3 IP-aware to simplify provisioning and management. Because of these attributes, MPLS has momentum as a unifying, common core network, as it more easily consolidates separate purpose-built networks for voice, Frame Relay, ATM, IP, and Ethernet than any methodology that has come before. In doing so, it portends significant cost savings in both provider capital expenditures (CapEx) and operational expenditures (OpEx).

MPLS is an Internet Engineering Task Force (IETF) standard that evolved from an earlier Cisco tag switching effort. MPLS is a method of accelerating the performance and management control of traditional IP routing networks by combining switching functionality that collectively and cooperatively swaps labels to move a packet from a source to a destination. In a sense, MPLS allows the connectionless nature of IP to operate in a more connected and manageable way.

An MPLS network is a collection of label switch routers (LSRs). MPLS can be implemented on IP-based routers (frame-based MPLS) as well as adapted to ATM switches (cell-based MPLS). The following sections discuss MPLS components, terminology, functionality, and services relative to frame-based and cell-based MPLS.

Frame-Based MPLS

Frame-based MPLS is used for a pure IP routing platform—that is, a router that doesn't have an ATM switching fabric. When moving data through a frame-based MPLS network, the data is managed at the frame level (variable-length frames) rather than at a fixed length such as in cell-based ATM. It is worthwhile to understand that a Layer 3 router is also capable of Layer 2 switching.

Frame-Based MPLS Components and Terminology

Understanding frame-based MPLS terminology is challenging at first so the following review is offered:

• Label switch router (LSR)—The LSR provides the core function of MPLS label switching. The LSR is equipped with both Layer 3 routing and Layer 2 switching characteristics. The LSR functions as an MPLS Provider (P) node in an MPLS network.
• Edge label switch router (eLSR)—The eLSR provides the edge function of MPLS label switching. The eLSR is where the label is first applied when traffic is directed toward the core of the MPLS network or last referenced when traffic is directed toward the customer. The eLSR functions as an MPLS Provider Edge (PE) node in an MPLS network. The eLSRs are functional PEs that send traffic to P nodes to traverse the MPLS core, and they also send traffic to the customer interface known in MPLS terminology as the Customer Edge (CE). The eLSRs use IP routing toward the customer interface and "label swapping" toward the MPLS core. The term label edge router (LER) is also used interchangeably with eLSR.

It is also helpful to understand common terms used to describe MPLS label switching. Table 3-1 shows these terminology comparisons.

Table 3-1 MPLS Label Switching Terminology

It's important to understand that an eLSR device provides both ingress eLSR and egress eLSR functions. This is bidirectional traffic movement and is analogous to source (ingress eLSR) and destination (egress eLSR).

Frame-Based MPLS Functionality

MPLS fuses the intelligence of routing with the performance of switching. MPLS is a packet switching network methodology that makes connectionless networks like IP operate in a more connection-oriented way. By decoupling the routing and the switching control planes, MPLS provides highly scalable routing and optimal use of resources.

MPLS removes Layer 3 IP header inspection through core routers, allowing label switching (at Layer 2) to reduce overhead and latency. With MPLS label switching, packets arriving from a customer network connection are assigned labels before they transit the MPLS network. The MPLS labels are first imposed at the edge (eLSR) of the MPLS network, used by the core LSRs, and then removed at the far edge (destination eLSR) of the destination path. The use of labels facilitates faster switching through the core of the MPLS network and avoids routing complexity on core devices.

MPLS labels are assigned to packets based on groupings or forwarding equivalency classes (FECs) at the ingress eLSR. A FEC is a group of packets from a source IP address that are all going to the same destination. The MPLS label is imposed between Layer 2 and Layer 3 headers in a frame-based packet environment, or in the Layer 2 virtual path identifier/virtual channel identifier (VPI/VCI) field in cell-based networks like ATM. The following example presumes the use of frame-based MPLS in the routing of an IP packet.

Customer site "A" sources an IP packet destined for customer site "B" that reaches the service provider's eLSR and then performs an ingress eLSR (PE) function. The ingress eLSR examines the Layer 3 IP header of the incoming packet, summarizes succinct information, and assigns an appropriate MPLS label that identifies the specific requirements of the packet and the egress eLSR (PE). The MPLS label is imposed or, more specifically, "shimmed" between the Layer 2 and Layer 3 headers of the current IP packet.

Prior to the first packet being routed, the core LSRs (P nodes) have already predetermined their connectivity to each other and have shared label information via an LDP. The core LSRs can, therefore, perform simple Layer 2 label swapping and then switch the ingress eLSR's labeled packet to the next LSR along the label-switched path, helping the ingress eLSR get the packet to the egress eLSR. The last core LSR (penultimate hop P node) prior to the target egress eLSR removes the MPLS label, as label swapping has served its usefulness in getting the packet to the proper egress eLSR.

The egress eLSR is now responsible for examining the Customer A-sourced Layer 3 IP header once again, searching its IP routing table for the destination port of customer site B and routing the Customer A packet to the Customer B destination output interface. Figure 3-5 shows the concept of frame-based MPLS label switching.

Figure 3-5 Frame-Based MPLS Label Switching

Cell-Based MPLS

Adding MPLS functionality to ATM switches allows service providers with ATM requirements to more easily deploy Layer 3, high-value IP feature capabilities, supporting MPLS VPNs, MPLS traffic engineering, packet voice services, and additional Layer 3 managed offerings. This is the ultimate definition of next-generation multiservice networks—networks that are capable of supporting circuit-based Layer 2 and packet-based Layer 2 and Layer 3 services on the same physical network infrastructure. By leveraging the benefits of the Cisco IP+ATM multiservice architecture with MPLS, operators are migrating from basic transport providers to service-oriented providers.

MPLS on ATM switches must use the Layer 2 ATM header, specifically the VPI/VCI field of the ATM header. Since this is pure ATM, all signaling and data forwarding is accomplished with 53-byte ATM cells. Therefore, MPLS implementations on the ATM platforms are referred to as cell-based MPLS. Non-ATM platforms such as pure IP-based routers also use MPLS, but that implementation uses frame headers and is referred to as frame-based MPLS, as you learned in the previous section. In the discussion that follows, cell-based MPLS is presumed.

Cell-Based MPLS ATM Components

Implementing MPLS capability on the Cisco Multiservice ATM Switches requires the addition of the Cisco IOS software to the ATM switching platforms. This is accomplished through either external routers such as the Cisco 7200 or via a co-controller card (essentially a router in a card form factor) resident in the ATM switch.

To understand the various MPLS implementation approaches, you first need to familiarize yourself with the following MPLS terminology:

• Label switch controller (LSC)—The central control function of an MPLS application in an ATM multiservice network. The LSC contains the following:
  • IP routing protocols and routing tables
  • The LDP function
  • The master control functions of the virtual switch interface
• MPLS ATM label switch router (LSR)—Created by combining the LSC with an ATM switch. In MPLS networks, the LSR can support the function of core switching nodes, referred to as the MPLS Provider (P) node, or function as an eLSR to form an MPLS Provider Edge (PE) node. As an example, the BPX 8620 ATM Multiservice Switch is paired with a Cisco 7200 Router acting as the MPLS LSC, and this combination forms an MPLS ATM LSR. The ATM switch provides the Layer 2 switching function, while the 7200 LSC provides the Layer 3 awareness, routing, and switching control. This combination of the Cisco 7200 LSC, and the BPX 8620 is given a model number of BPX 8650.
• Co-controller card—For MPLS on ATM, this is a router-on-a-card called a RPM. The RPM-PR is essentially a Cisco 7200 Network Processing Engine 400 (NPE-400), and the higher-performance RPM-XF is based on the Cisco PXF adaptive processing architecture. Either style of RPM can be used based on performance requirements. Both Layer 3 RPMs are implemented on a card-based form factor that integrates into the Cisco MGX 8800 and MGX 8900 Series multiservice ATM switches. Since the RPM has control function that complements the base ATM switch controller card (PXM), the RPM is generically referred to as a co-controller card. With MPLS configured on the RPM, these ATM switches become MPLS ATM LSRs.
• Universal Router Module (URM)—This is an onboard Layer 3 Route Processor controller card that is platform-specific terminology for the Cisco IGX 8400 ATM switch. The URM allows the IGX 8400 to participate as an MPLS ATM LSR.

Cell-Based MPLS ATM LSR and eLSR Functionality

Using the background terminology information from Table 3-1, it is worthwhile to briefly describe the MPLS ATM LSR and eLSR functionality, examining how they cooperate together to move a packet from customer site "A" to customer site "B" (a unidirectional example). The example is similar in all respects to the frame-based MPLS example, with the exception of the particular header field that is used to carry the MPLS labels, and the fact that fixed-length ATM cells are used between the eLSRs.

Customer site A sources a packet destined for customer site B that reaches the service provider's eLSR or ATM eLSR and then performs an ingress eLSR function. The ingress eLSR examines the Layer 3 IP header of the incoming packet, summarizes succinct information, and assigns an MPLS label that identifies the egress eLSR. The MPLS label is imposed and placed within the ATM VPI/VCI field of the ATM Layer 2 header. This MPLS label allows IP packets to be label-switched as ATM cells through the core ATM LSRs (P nodes) of the MPLS network without further examination of the IP header until the cells reach the egress eLSR (which reassembles the cells back into packets prior to delivery to customer site B).

The core ATM LSRs have already predetermined their connectivity to each other and have shared label information via an LDP. The core ATM LSRs can, therefore, perform simple Layer 2 label swapping within the ATM VPI/VCI field, converting the ingress eLSR labeled packet to cells and switching the labeled cells to the next P node along the label-switched path, helping the ingress eLSR get the sourced packet to the egress eLSR. The last core ATM LSR (penultimate hop P node) prior to the target egress eLSR removes the MPLS label, as label swapping has served its usefulness in getting the cells to the proper egress eLSR.

The egress eLSR is now responsible for reassembling all cells belonging to the original packet, for examining the Customer A-sourced Layer 3 IP header once again, searching its IP routing table for the destination port of customer site B, and routing the Customer A packet to the Customer B destination output interface. Figure 3-6 shows the concept of cell-based MPLS label switching.

Figure 3-6 Cell-Based MPLS Label Switching

One of the caveats of cell-based MPLS is that the use of the fixed-length VPI/VCI field within the ATM Layer 2 header imposes some restrictions on the number of MPLS labels that can be stacked within the field. This can limit certain functionality, such as advanced features within MPLS Traffic Engineering that depend on multiple MPLS labels. It is worthwhile to consult Cisco support for those features, hardware components, and software levels that are supported by cell-based MPLS platforms.

Implementing Cell-Based MPLS on Cisco ATM Multiservice Switches

You can use any of the Cisco switches mentioned earlier to perform the function of an eLSR (PE). The BPX 8600 series uses the external Cisco 7200 router in combination to become an MPLS ATM eLSR. The MGX 8800 and 8900 switches use the onboard RPM-PR or RPM-XF co-controller cards for the eLSR function, and the IGX-8400 uses the URM card for the eLSR functionality. All platforms except for the MGX 8250 can also be configured as core LSRs (P nodes). Table 3-2 shows a summary of these MPLS realizations.

Table 3-2 MPLS LSR and eLSR Implementation Summary

Utilizing MPLS, the Cisco next-generation multiservice ATM infrastructure allows the unique features of ATM for transport aggregation to combine with the power and flexibility of IP services.

Functionally, both frame-based and cell-based MPLS eLSRs support Layer 3 routing toward the customer, Layer 3 routing between other eLSRs, and Layer 2 label switching toward the provider core, while the core LSRs provide Layer 2 label switching through the core. You could draw the analogy that an MPLS label is a tunnel of sorts, invisibly shuttling packets or cells across the network core. The core LSRs, therefore, don't participate in customer routing awareness as a result, reducing the size and complexity of their software-based routing and forwarding tables. This blend of the best features of Layer 3 routing with Layer 2 switching allows MPLS core networks to scale very large, switch very fast, and converge Layer 2 and Layer 3 network services into a next-generation multiservice network.

In summary, both frame-based and cell-based MPLSs provide great control on the edges of the network by performing routing based on destination and source addresses, and then by switching, not routing, in the core of the network. MPLS eliminates routing's hop-by-hop packet processing overhead and facilitates explicit route computation on the edge. MPLS adds connection-oriented, path-switching capabilities and provides premium service-level capabilities such as differentiated levels of QoS, bandwidth optimization, and traffic engineering.

MPLS Services

MPLS provides both Layer 2 and Layer 3 services. Layer 2 services include Ethernet and IP VPNs. Ethernet is migrating from LANs to WANs but needs service-level agreement (SLA) capabilities such as QoS, traffic engineering, reliability, and scalability at Layer 2. For example, the ability to run Ethernet over MPLS (EoMPLS) improves the economics of Ethernet-based service deployment and provides an optimal Layer 2 VPN solution in the metropolitan area. Ethernet is a broadcast technology, and simply extending Ethernet over classic Layer 2 networks merely extended all of these broadcasts, limiting scalability of such a service. EoMPLS can incorporate some Layer 3 routing features to enhance Ethernet scalability. MPLS is also access technology independent and easily supports a direct interface to Ethernet without using Ethernet over SONET/SDH mapping required by many traditional Layer 2 networks. Using a Cisco technology called Virtual Private LAN Service (VPLS), an MPLS network can now support a Layer 2 Ethernet multipoint network.

Additional MPLS Layer 2 services include Any Transport over MPLS (AToM). At Layer 2, AToM provides point-to-point and like-to-like connectivity between broadband access media types. AToM can support Frame Relay over MPLS (FRoMPLS), ATM over MPLS (ATMoMPLS), PPP over MPLS (PPPoMPLS), and Layer 2 virtual leased-line services. This feature allows providers to migrate to a common MPLS core and still offer traditional Layer 2, Frame Relay, and ATM services with an MPLS-based network. Both VPLS and AToM are discussed further in Chapter 4, "Virtual Private Networks."

MPLS Traffic Engineering (MPLS TE) is another MPLS Layer 2 service that allows network managers to more automatically direct traffic over underutilized bandwidth trunks, often forestalling costly bandwidth upgrades until they're absolutely needed. Since IP routing always uses shortest path algorithms, longer paths connecting the same source and destination networks would generally go unused. MPLS TE simplifies the optimization of core backbone bandwidth, replacing the need to manually configure explicit routes in every device along a routing path. It should be noted that MPLS TE works for frame-based and cell-based MPLS networks; however, in cell-based networks, there are some limitations to the MPLS TE feature set. For example, the ability to combine MPLS TE Fast Re-Route (FRR) isn't supported, as it requires additional labels. MPLS TE using FRR would require multiple labels, and the ATM VPI/VCI fixed-length, 20-bit field used for cell-mode MPLS cannot be expanded to accommodate the multiple labels. More traditional forms of ATM PVC traffic engineering are options even in a cell-based ATM MPLS network.

MPLS also supports VPNs at Layer 3. Essentially a private intranet, Layer 3 MPLS VPNs support any-to-any, full-mesh communication among all the customer sites without the need to build a full-mesh Layer 2 PVC network, as would be required in a classic ATM network. MPLS VPNs can use and overlap public IP or private IP address space since each VPN uses its own IP routing table instance, known as a VPN routing and forwarding (VRF) table. MPLS structures Layer 3 protocols more creatively and effectively on Layer 2 networks. MPLS VPNs are covered in more detail in Chapter 4.

For other MPLS information, there are a number of additional MPLS features discussed at the Cisco website (http://www.cisco.com), as well as books from Cisco Press dedicated specifically to MPLS networks.

MPLS Benefits for Service Providers

For service providers, MPLS is a build once, sell many times model. MPLS helps reduce costs for service providers while offering new revenue services at the network layer. Compared to traditional ATM transport, IP routers and technologies are getting faster, sporting less protocol overhead, and costing less to maintain. Within the carrier space, MPLS is one of the few IP technologies capable of contributing to both the top and bottom of the balance sheet, and for this reason, it is gaining popularity with carriers of all sizes and services.

With MPLS, service providers can build one core infrastructure and then use features such as MPLS VPNs to layer or stack different customers with a variety of routing protocols and IP addressing structures into separate WANs. In a sense, these are virtual WANs (VWANs), operating at Layer 3, which means that the IP routing tables are maintained in the service provider's MPLS network. In addition to Layer 3 IP services, MPLS also offers Layer 2 VPN services and other traffic engineering features. For example, service providers can structure distinct services, such as VoIP services, into a unique VPN that can be shared among customers, or create a VPN for migration to IPv6. In addition, ATM and Frame Relay networks can be layered on the MPLS core using MPLS Layer 2 features while maintaining SLAs in the process. The flexibility of MPLS is why service providers are specifying MPLS as a critical requirement for their next-generation networks.

Figure 3-7 shows the concept of an MPLS service provider network with MPLS VPNs. The LSRs (P nodes) are not shown, because they are rather transparent in this example. The eLSRs are labeled as PEs 1, 2, and 3 and maintain individual VPN customer routing (VRFs) for VPNs 10 and 15. Border Gateway Protocol (BGP) is used as the PE-to-PE routing protocol to share customer routing information for any-to-any reachability. For example, the VPN 10 routes on PE-1 are advertised via BGP to the same VPN 10 VRF that exists on PEs 2 and 3. This allows all Company A locations to reach each other. The VRF for VPN 10 on PE-1 (as well as the other PEs) is a separate VRF from the VRF allocated to VPN 15, an entirely different customer. This demonstrates the build once, sell many times model of MPLS VPN services.

Figure 3-7 MPLS Core Network with MPLS VPNs

MPLS Example Benefits for Large Enterprises

For a large enterprise, MPLS can provide logical WANs and VPNs, secure VPNs, mix public and private IP addressing support; can facilitate network mergers and migrations; and can offer numerous design possibilities. For example, a large enterprise that needs to migrate its network to a different core routing protocol could consider using MPLS. For example, one MPLS VPN could run a large Enhanced Interior Gateway Routing Protocol (EIGRP) customer network while a second MPLS VPN could run Open Shortest Path First (OSPF) routing. These two MPLS VPNs can be configured to import and export certain routes to each other, maintaining any-to-any connectivity between both during the migration. In this way, migration of networks from the EIGRP VPN to the OSPF VPN could occur in stages, while access to shared common services could be maintained. Another example is where an enterprise might elect to use separate MPLS VPNs to migrate from IPv4 addressing to IPv6.

Table 3-3 introduces a general application of MPLS technology.

Table 3-3 MPLS Technology Application