Label Switched VPNs - PowerPoint PPT Presentation

About This Presentation
Title:

Label Switched VPNs

Description:

Fast reroute - local protection scheme. Two distinct mechanisms for protection and restoration ... Multiprotocol Label Switching Background ... – PowerPoint PPT presentation

Number of Views:121
Avg rating:3.0/5.0
Slides: 21
Provided by: Tietov
Category:
Tags: fast | label | mpls | reroute | switched | vpns

less

Transcript and Presenter's Notes

Title: Label Switched VPNs


1
Helsinki University of Technology Networking
Laboratory
  • Label Switched VPNs
  • Scalability and Performance Analysis

Yavor Ivanov yavor.ivanov_at_hut.fi
2
Outline
  • Introduction
  • Background
  • Practical setup
  • Results
  • Conclusions

3
Introduction
  • Topic
  • Label Switched VPNs scalability and performance
    analysis
  • Thesis Goal
  • The scope of this study focuses on several major
    questions.
  • How traffic engineering will affect the VPN
    performance?
  • What is the scalability potential of Layer3 Label
    Switched VPNs?
  • What is the impact of network failure on the VPN
    performance and how it can be minimized?

4
Background Multiprotocol Label Switching
  • MPLS technology combines the performance of layer
    2 switching with the flexibility of layer 3
    routing.
  • Some of its main features include improved
    forwarding mechanisms, introduction of label
    stack and constraint-based routing.
  • Notorious problems like network scalability,
    traffic engineering, integrated recovery and
    simplified network management are addressed.
  • Mechanism Label edge routers classify the
    incoming packets and based on certain criteria
    assign labels. After this, packets are forwarded
    along a label switched path towards the
    destination. At each hop, Label switch router
    makes forwarding decisions just by examining the
    appended MPLS label.
  • MPLS provides ground for Traffic engineering and
    Virtual private networking two concepts with
    huge significance in the modern networks.

5
Background MPLS Traffic Engineering
  • Provisioning of the limited resources, improved
    network utilization and service differentiation
    are required to guarantee desired QoS level in
    the network.
  • TE is an extension to MPLS for selecting the most
    efficient paths across an MPLS network, based on
    both bandwidth and administrative rules. It
    allows optimization of traffic flows and load
    balancing for underutilized paths.
  • Path establishment is constraint-based, allowing
    parameters like link bandwidth, current link
    utilization, resource requirements, link loads,
    etc. to be considered.
  • Constraint-based routing is used for path
    selection, meaning that traffic flows are routed
    across the network based on their service
    requirements, flow priority and the available
    resources.

6
Background MPLS Virtual Private Networks
  • The term Virtual Private Network has been
    associated with a private communication within a
    companys network over a public infrastructure.
  • L3VPNs - customer sites maintain relationship
    only with the provider edge routers. VPN routes
    are stored and maintained in the PEs, while the
    core routers do not have any knowledge of them.
    Increased network scalability!
  • VPN-IPV4 address family - Customer sites can use
    private addresses, which does not need to be
    advertised publicly and are independent of the
    addresses used by customers of other service
    providers
  • L2VPNs - Allows networks based on link-layer
    technology to be interconnected via an MPLS
    backbone (huge parts of the provider networks are
    based on legacy technology like ATM, Frame Relay
    or Ethernet). The difference between L3 and L2
    VPNs can be found in the relation between
    Provider Edge (PE) and Customer Edge (CE)
    devices. In layer2 VPNs, the PE is not a peer of
    the CE. It does not store the customer routes,
    but just maps the incoming layer2 traffic into
    emulated pseudo wire/LSP.

7
Background MPLS Virtual Private Networks
8
Background Protection and Restoration
  • Networks are complex entities with large number
    of devices and underlying infrastructure
  • To minimize the negative effect of failure
    events, MPLS-TE introduces variety of mechanism
    for network protection and restoration
  • Path protection global protection scheme. This
    is a recovery mechanism providing 11 protection
    for the primary LSP. The head-end node
    pre-establishes a backup tunnel, which is used
    only in case of primary LSP failure. Poor
    scalability.
  • Fast reroute - local protection scheme. Two
    distinct mechanisms for protection and
    restoration one-to-one backup and facility
    backup
  • In one-to-one protection scheme the PLR node
    establishes a separate backup tunnel (called
    Detour LSP) for each primary LSP it routes.
  • Facility backup establishes a single tunnel,
    called bypass tunnel in order to guarantee
    protection for a set of primary LSPs. Relies on
    the MPLS label stack to provide local protection
    against link or node failures. Node and link
    protection.

9
Background Protection and Restoration
  • Point of local repair (PLR) - that is the router,
    which initiates the backup tunnel in order to
    protect link or a node.
  • Merge Point (MP) - that is the point where backup
    tunnel ends.
  • Next-hop router (NHop) - this is the router that
    is one hop away from the PLR.
  • Next-next-hop router (NNHop) - it is the node
    that is two hops ways from the PLR

10
Practical setup
  • Goals
  • Study the protection scalability of Label
    switched VPNs.
  • What is the effect of the described restoration
    mechanisms on the network performance?
  • The importance of these questions is growing
    proportionally to the adoption speed of MPLS in
    the core as well as the increasing demand for
    highly reliable service from the customers.
    Thats why this study was focused on the
    resiliency technologies and their application in
    MPLS VPNs.
  • Simulations
  • Different simulations, in normal state and under
    failure conditions, were planed and performed

11
Practical setup
  • Description
  • The practical part of the thesis was divided into
    three simulation scenarios.
  • The first one gives the comparison basis. It
    models an MPLS enabled network without any
    traffic engineering or protection mechanisms.
  • The second simulation implements TE in the core
    of the network,
  • And the last simulation includes protection and
    restoration mechanisms.
  • Simulation1 and Simulation2 were split each in
    two Runs. In the first one the network is in
    stable condition. In the second one, network
    failure was modeled.

12
Practical setup
13
Results Simulation1
  • The IP convergence time of both Simulation Runs
    differs significantly. In Simulation1_Run1 the
    average value is 0.00590s, while for Run2 it is
    0.01835s. Indicates topology changes
  • In the first scenario, increased exchange of
    updates is monitored in the beginning of the run
    (until routing protocol converges) Different is
    the situation with the second scenario where
    next-hop updates mark several peaks in their
    activity

14
Results Simulation1
  • Data from the first simulation shows that VRF
    size increases proportionally to number of sites
    that participate in it. The larger the VPN, the
    more entries are included in the VRF table. Can
    increase the load over the hardware resources.
  • VPN signaling traffic - PEs should be fully
    meshed within a single AS in order to have a
    complete view of the transit routes. The number
    of IBGP sessions between all PEs can be expressed
    by following formula
  • (n) (n - 1)/2 ,where n is the number of PE
    routers.
  • This means that if there are 2 routers, only 1
    BGP session is needed. If there are 4 routers, 6
    sessions should be established and if there are
    20 routers the number of IBGP sessions grows to
    190!
  • To avoid such problems, BGP Route Reflectors were
    deployed in the network.

15
Results Simulation2
  • After the link failure at 1000s, VPN RED delay
    increases from approximately 0.0042 to 0.0058 and
    remains in this range until the end of the
    simulation.
  • For Simulation2_Run1 the highest average number
    of entries in the table was 109.82 registered at
    Area2_PE1. Almost double was the average table
    size in the second run 209.88 entries, which
    were marked by Area3_PE4
  • LSP Area1_PE3-Area3_PE5 in the first simulation
    had average recovery value of 16.678s with a peak
    reaching 30.011s. The same LSP in
    Simulation2_Run2 had average recovery time of
    13.344s and a peak value of 20.012s.

16
Results Simulation2
  • The IP processing delay in the TE enabled network
    was reduced noticeably. Traffic was distributed
    more evenly across the network, which helped to
    take off load from some nodes and put it to
    another. The explicit path configuration of LSPs
    helped to balance the underutilized routes and to
    achieve more optimal traffic distribution.
  • The delay in some VPNs was reduced (VPN PURPLE) -
    traffic load was distributed more evenly over the
    network. This resulted in reduced delay for some
    links in favor of others.
  • The recovery times for some LSPs improved
    significantly.

17
Results Simulation3
  • The average number of updates taken from the
    Area3_PE4 for Simulation2 was 149.40, with a peak
    value reaching 198. Looking at the same node in
    Simulation3 could be seen that the average number
    of route updates was reduced to 145.20 and the
    peak was 186.
  • Average duration of the network convergence was
    also lowered from 30.007s to 26.320s in
    Simulation3.

18
Results Simulation3
  • The modeled failures did not have the negative
    impact on the network as in the first scenario
    and this was expected.
  • Considering the scalability potential of these
    resiliency mechanisms, path protection scheme
    lags behind. Reserving resources on an LSP-basis
    means too much wasted resources
  • Local protection takes care of multiple tunnels
    flowing over a protected link, which is much more
    scalable.
  • In some situations, the protection mechanisms
    might have a negative effect on the delivered
    service. Failure impact is minimized thanks to
    the backup LSPs, however if traffic is rerouted
    to a bypass tunnel with some capacity
    constraints, some LSPs will be dropped in favor
    of other (preempted).

19
Conclusions
  • The network performance was gradually improving
    through the different scenarios mainly because of
    the MPLS TE mechanisms and the implemented
    protection schemes.
  • Expanding the VPN network might cause some
    scalability concerns due to the fact that PE
    nodes should be connected in a full mesh.
    Solution Route Reflectors
  • Local reroute might not be able to meet the TE
    requirements, when failure occurs, which can
    result in serious loss of quality.
  • Path protection mechanism is not as fast as the
    Fast reroute. Simulations analysis proved that
    path protection has poor scalability, which is
    the reason why it is not widely implemented.
  • Expanding the network with its VPN service
    requires support for different types of equipment
    and variety of protocols. Interoperability

20
Thank you!
Write a Comment
User Comments (0)
About PowerShow.com