Professional Documents
Culture Documents
Christian Martin
Sr. Director, Network Architecture
Office of the CTO Platform Systems Division, Juniper Networks
ACKNOWLEDGEMENTS
NGCOs
Last 20
Data Miles
Centers
ork
POPs netw
ne w Future
e
Intermediate
ia l of th
Offices
potent
e
COs
t he tru
liz e
Last 5
Rea
Miles New Network Value Proposition
Optical/TDM
Access Universal
Services Universal Universal
Branch Edge Services
Office Remote
Metro-Aggr Long-Haul Packet
Cabinets Universal Fabric
(DSL & Cable) Optical
Edge
Broadband Universal Servers &
Access Edge Storage
Home Packet
Optical
or SOHO Access Optical
Mobile Terminals Long-reach Fiber
(CO consolidation)
The All-IP NGN new network vision:
Cell
Sites INFRASTRUCTURE FOR NEW NETWORK Eliminate silos, consolidate and streamline the
access & metropolitan part of the SP networks
Service Mega Data Centers
Subscribers Optimize service delivery (network, content,
Supercore applications)
Simplify network and service control and operation,
NGCOs
enable streamlined IT Systems
Access & Aggregation Service innovation with software programmable
network, leverage self-organizing network
Further integrate packet and optical network layers
5 Copyright 2009 Juniper Networks, Inc. www.juniper.net
SEAMLESS MPLS - ARCHITECTURE
6 Copyright 2009 Juniper Networks, Inc. www.juniper.net
FIRSTLY - WHY IS MPLS USEFUL ?
Seamless MPLS
EN AN TN TN BN TN TN BN TN TN AN EN
Regions
A single network divided into regions: multiple Metro regions (leafs) interconnected by WAN backbone (core)
Regions can be of different types: (i) IGP area, (ii) IGP instance, (iii) BGP AS
All spanned by a single MPLS network, with any to any MPLS connectivity blueprints (AN to SN, SN to SN, AN to
AN, etc)
Decoupled architectures
Services architecture defines where & how the services are delivered, incl. interaction between SNs and SHs
Network architecture provides underlying connectivity for services
9 Copyright 2009 Juniper Networks, Inc. www.juniper.net
SEAMLESS MPLS ARCHITECTURE
CONNECTIVITY AND SERVICES BLUEPRINT
Seamless MPLS Network
SH SH
SN SN
EN AN TN TN BN TN TN BN TN TN AN EN
C C
Basic Pt-to-Pt Connectivity Services
EN AN Pseudowire AN EN
Centralized
Centralized
Business edge
Business edge
L3 or L2 VPN Services
C S S C
EN AN Pseudowire SN SN Pseudowire AN EN
Any2Any
De-centralized
residential edge Network service provisioning
and operation points:
C S
Content / hosted app. Services SN
EN AN Pseudowire SN
Connectivity provisioned
Any2Any
C by NMS or AAA
CPE CPE
Aggregation Core Aggregation
Seamless BN BN
AN AN
EN EN
Aggregation Core Aggregation
L2 Pt2Pt Services
PW PW
LSP LSP LSP
Seamless SN
BN BN
SN
AN AN
EN EN
Aggregation Core Aggregation
Services
L3 Services
PW PW
LSP SN LSP SN LSP
MSE
MX960 MX960 M/T
Properties
Large scale achieved with hierarchical design
BGP labeled unicast enables any-to-any connectivity between >100k devices no
service dependencies (e.g. no need for PW stitching for VPWS service)
A simple MPLS stack on access devices (static routes, LDP DoD)
Network
ABR LSR LSR ABR
RR3107 RR3107
CPE AGN1 AGN2 AGN2 AGN1 CPE
AN AN
Route flow
ISIS-L1 + LDP-DU ISIS-L2 + LDP-DU ISIS-L1 + LDP-DU
push PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L pop PW-L
PWE3 swap BGP-L BGP-L BGP-L BGP-L BGP-L swap BGP-L BGP-L pop BGP-L
push LDP-L
Service push LDP-L swap LDP-L swap LDP-L swap LDP-L pop LDP-L push LDP-L pop LDP-L
Data Plane Data flow
17 Copyright 2009 Juniper Networks, Inc. www.juniper.net
* IP/MPLS control plane protocol stack and MPLS dataplane per Deployment Scenario #1 in draft-mpls-seamless-mpls-00.
SEAMLESS MPLS USE CASE 1*
ROUTE DISTRIBUTION EXAMPLE
iBGP-LU RR: no nhs iBGP-LU RR: nhs iBGP-LU: redist.static
BGP: A1 > D2
ISIS: D2 > AGN2-L BGP: A1 > D2 BGP: A1 > B2 (nhs) BGP: A1 > self
RIB: A1 > D2 ISIS: D2 > LSR-L ISIS: B2 > AGN2-R RIB: A1 > interface
D2 > AGN2-L RIB: D2 > LSR-L RIB: A1 > AGN2-R LFIB: (FEC A1,imp-null) > interface
LFIB:(FEC A1,bgp-lbl) > ABR-R LFIB: (FEC D2,ldp-lbl) > LSR-L LFIB:(FEC A1,bgp-lbl) > AGN1-R
(FEC D2,ldp-lbl) > AGN2-L (FEC B2,ldp-lbl) > AGN2-R
Network
LSR-L LSR-R
ABR-L ABR-R AGN2-R AGN1-R
CPE-L AGN1-L AGN2-L AN-R CPE-R
AN-L
Lo=D2
Lo=A1 Lo=B1 Lo=C1 Lo=D1 Lo=C2 Lo=B2 Lo=A1
Route flow
ISIS-L1 + LDP-DU ISIS-L2 + LDP-DU ISIS-L1 + LDP-DU
push PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L pop PW-L
PWE3 swap BGP-L BGP-L BGP-L BGP-L BGP-L swap BGP-L BGP-L pop BGP-L
push LDP-L
Service push LDP-L swap LDP-L swap LDP-L swap LDP-L pop LDP-L push LDP-L pop LDP-L
Data Plane Data flow
18 Copyright 2009 Juniper Networks, Inc. www.juniper.net
* IP/MPLS control plane protocol stack and MPLS dataplane per Deployment Scenario #1 in draft-mpls-seamless-mpls-00.
LDP DoD LDP Downstream on Demand, RFC5036
SEAMLESS MPLS USE CASE 2* LDP DU LDP Downstream Unsolicited, RFC5036
BGP LU BGP Label Unicast, RFC3107
CONTROL AND DATA PLANE LAYOUTNHS BGP next-hop-self
"Seamless" MPLS Roles
EN AN TN TN BN TN TN BN TN TN AN EN
Network
ABR LSR LSR ABR
RR3107 RR3107
CPE AGN1 AGN2 AGN2 AGN1 CPE
AN AN
Route flow
ISIS-L1 + LDP-DU ISIS-L2 + LDP-DU ISIS-L1 + LDP-DU
push PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L pop PW-L
PWE3 swap BGP-L BGP-L swap BGP-L BGP-L BGP-L swap BGP-L BGP-L pop BGP-L
push LDP-L
Service push LDP-L pop LDP-L push LDP-L swap LDP-L pop LDP-L push LDP-L pop LDP-L
Data Plane Data flow
19 Copyright 2009 Juniper Networks, Inc. www.juniper.net
* IP/MPLS control plane protocol stack and MPLS dataplane per Deployment Scenario #1 in draft-mpls-seamless-mpls-00.
SEAMLESS MPLS USE CASE 2*
ROUTE DISTRIBUTION EXAMPLE
iBGP-LU RR: nhs iBGP-LU RR: nhs iBGP-LU: redist.static
BGP: A1 > D1
ISIS: D1 > AGN2-L BGP: A1 > D2 (nhs) BGP: A1 > B2 (nhs) BGP: A1 > self
RIB: A1 > D1 ISIS: D2 > LSR-L ISIS: B2 > AGN2-R RIB: A1 > interface
D1 > AGN2-L RIB: D2 > LSR-L RIB: A1 > AGN2-R LFIB: (FEC A1,imp-null) > interface
LFIB:(FEC A1,bgp-lbl) > ABR-L LFIB: (FEC A1,bgp-lbl) > ABR-R LFIB:(FEC A1,bgp-lbl) > AGN1-R
(FEC D1,ldp-lbl) > AGN2-L (FEC D2,ldp-lbl) > LSR-R (FEC B2,ldp-lbl) > AGN2-R
Network
LSR-L LSR-R
ABR-L ABR-R AGN2-R AGN1-R
CPE-L AGN1-L AGN2-L AN-R CPE-R
AN-L
Lo=D2
Lo=A1 Lo=B1 Lo=C1 Lo=D1 Lo=C2 Lo=B2 Lo=A1
Route flow
ISIS-L1 + LDP-DU ISIS-L2 + LDP-DU ISIS-L1 + LDP-DU
push PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L PW-L pop PW-L
PWE3 swap BGP-L BGP-L swap BGP-L BGP-L BGP-L swap BGP-L BGP-L pop BGP-L
push LDP-L
Service push LDP-L pop LDP-L push LDP-L swap LDP-L pop LDP-L push LDP-L pop LDP-L
Data Plane Data flow
20 Copyright 2009 Juniper Networks, Inc. www.juniper.net
* IP/MPLS control plane protocol stack and MPLS dataplane per Deployment Scenario #1 in draft-mpls-seamless-mpls-00.
ENABLING IP/MPLS SCALE
WITH BGP LABELED UNICAST (RFC3107)
BGP-LU enables distribution of /32 router loopback MPLS
FECs
Used between Seamless MPLS regions for any2any MPLS
reachability
Enables large scale MPLS network with hierarchical LSPs
LDP DoD use cases (AN, AGN) LDP DoD procedures (Access LSR)
1) (AN, AGN) Initial network setup a) LDP DoD session negotiation
2) (AN) Service provisioning, activation b) Label request, mapping
3) (AN) Service changes, decommissioning c) Label withdraw
4) (AN) Service failure d) Label release
5) (AN, AGN) Network transport failures e) Local repair
LDP DoD Label Distribution Protocol, Downstream on Demand distribution, RFC 5036
LDP DU Label Distribution Protocol, Downstream Unsolicited distribution, RFC 5036
BGP LU Border Gateway Protocol, Label Unicast extensions, RFC 3107
32
(*) Requires inter-area LDP (RFC 5283), match on longest prefix in RIB.
Copyright 2009 Juniper Networks, Inc. www.juniper.net
SEAMLESS MPLS USE CASE WITH
LDP DOD AND ACCESS IGP
LDP DoD Label Distribution Protocol, Downstream on Demand distribution, RFC 5036
LDP DU Label Distribution Protocol, Downstream Unsolicited distribution, RFC 5036
BGP LU Border Gateway Protocol, Label Unicast extensions, RFC 3107
33
(*) Requires inter-area LDP (RFC 5283), match on longest prefix in RIB.
Copyright 2009 Juniper Networks, Inc. www.juniper.net
ENABLING IP/MPLS SCALE
WITH LDP LDP DOD SUMMARY
In the Seamless MPLS design, scaling into the access
does introduce new functional and operational
requirements
LDP DoD approach provides a simple yet very effective
solution for access network in a large scale MPLS design
The solution meets all of the requirements and relies on
defined standard IP/MPLS protocols
LDP DoD design can be adopted to other large scale IP/
MPLS deployments e.g. MPLS to cell site gateways
Immediate benefits
No multiple breakouts in/from Ethernet VLAN trunks
Greater flexibility of service edge placement
Simpler e2e design
s
s
bq c p m wr
MPLS
Packet Flows Transit
Flows
Packet Flow
Compute
Residential - automate T, MX Storage
service provisioning and
Apps
operation: Q-FAB
Network port Content
pseudowire
Socket in the wall Mobility
User T, PTX T, PTX SRX, MX
Service MX
Business - uniform
service provisioning and
operation: MX
L3 and L2 services
Access + Metro Backbone Access + Metro
CONVERGED ALL-IP NETWORK
40 Copyright 2009 Juniper Networks, Inc. www.juniper.net
SIMPLER SERVICE DELIVERY
WITH DE-CENTRALIZED UNIVERSAL EDGE - MX
Reduced number of network elements
Simplicity principle Simple protocol stack
driving the design Simple service creation
Service creation points: Simple e2e restoration
Network
Internet
Data Center 3rd Party 3rd Party
Data Center
CPE/HG
Compute
Residential - automate T, MX Storage
service provisioning and
Apps
operation: Q-FAB
Network port Content
Socket in the wall Mobility
User T, PTX T, PTX SRX, MX
Service MX
Business - uniform
service provisioning and
operation: MX
L3 and L2 services
Access + Metro Backbone Access + Metro
CONVERGED ALL-IP NETWORK
41 Copyright 2009 Juniper Networks, Inc. www.juniper.net
POTENTIAL FUTURE DEVELOPMENTS:
SERVICE RELOCATION AND AUTO-PROVISIONING
Service provisioning Connectivity L3/L3+ Services
and operation points: C provisioned by NMS or AAA S provisioned by NMS or AAA
Internet Access
CE1
CE3
PE2 PE4
P2 P4
time5 time6
Level of shortcut (the lower the better) is key for Deterministic FIB updates
20 - 50ms
200 1000+ ms
CE1
CE3
PE2 PE4
P2 P4
CE1
CE3
PE2 PE4
P2 P4
Global-repair Local-repair
Fast IGP - IS-IS, OSPF PE-CE link failure
As for transit failures (1) Vrf-table-label with IP lookup
Used as a trigger for BGP next-hop (2) PE-CE link protection
change
Hierarchical FIB Egress PE node protection !
Hierarchical FIB with pre-programmed LSP tailend protection with context label lookup
alternate BGP next-hops Local-repair by PLR* transit router
Based on the Junos indirect- and
composite-next-hop technologies
Business Edge
Pseudowire per subscriber (customer) line, carries a single service or bundle of
services (service per VLAN, multiple VLANs)
Implementation based on JUNOS LT, later on Pseudowire Services IFD
Broadband Edge
Pseudowire per access node (DSLAM), carries multiple subscriber lines and
sessions
Implementation based on JUNOS Pseudowire Services IFD
hosting associated LT
apart from local-repair no other
impact on service traffic LFA
local- PE
repair
path
Failed
link
pri-RE bkp-RE
IP redundancy - once IS-IS CPE
converges traffic directed by AGN1a
AGN2a
vpn core ECMP path
global-repair
no impact on access PW traffic AN
X LT-IFD
vpn
PFE1.1 PFE3.1
Edge LC1 Core LC3
Same scheme applies to the
adjacent AGN2 node failure
core ECMP path
AGN1b
AGN2b
PFE2.1 PFE4.1
Edge LC2 Core LC4
X
CPE
LT-IFD core ECMP path
AN
VPN
PFE1.1 PFE2.1
Edge LC1 Core LC3
LT-IFD
pre-programmed redundant LT AN
vpn
linecard failure
via backup link to PE Failed
edge
linecard
then to rLT-IFD PE
LFA
local-
repair
path
pri-RE bkp-RE
IP redundancy - once IS-IS CPE
AGN1a
AGN2a
vpn
converges traffic directed by core ECMP path
global-repair AN
X
rLT-IFD
vpn
act vpn
rLT-IFD
vpn
core ECMP path
AGN1b
AGN2b
PFE2.1 PFE4.1
Edge LC2 Core LC4
Transit: PE-P, P-P link, P node failure Egress: PE node failure (new)(*)
LFA based on IGP/LDP; if no 100% LFA LSP tailend protection with context label
coverage, delta with RSVP-TE lookup on the backup PE
RSVP-TE FRR Failure repaired locally by adjacent P
router using LFA (or TE-FRR)
Packet based networks finally can provide E2E service protection similar to
SDH 1:1 protection, regardless of network size and service scale
This provides network layer failure transparency to service layers,
becoming a major enabler for network consolidation
(*) High Availability for 2547 VPN Service, Y.Rekhter, MPLS&Ethernet World Congress, Paris 2011.
59 Copyright 2009 Juniper Networks, Inc. www.juniper.net
PROTECTING A (SERVICE) TUNNEL ENDPOINT
PE3
vrf
10.0.0.3
CE1 PLR PE1 vrf CE2
172.16.0.0/16 vrf
PE4
BGP
LDP
Traffic
PLR: Point of Local Repair this is one hop from the point of failure
POP
mpls.0
POP, MPLS->IPv4
backup-mpls.0
PE3
l2vpn
vrf
CE1
10.0.0.3 PLR PE1 l2vpn
vrf CE2
172.16.0.0/16 vrf
l2vpn PE4
BGP
LDP
Configuration on PE2:
Configuration on PE1:
protocols {
protocols { l2circuit {
l2circuit { neighbor 1.1.1.4 {
neighbor 1.1.1.3 { interface fe-1/0/2.1001 {
interface fe-1/0/1.1001 { egress-protection {
egress-protection { protected-l2circuit PW31 {
protector-pe 1.1.1.2 ingress-pe 1.1.1.3;
context-identifier 10.0.0.3; egress-pe 1.1.1.1;
} virtual-circuit-id 13;
} }
} }
} }
} }
}
62 } www.juniper.net
Copyright 2009 Juniper Networks, Inc.
L3VPN PE-CE LINK PROTECTION (11.4)
Service provider Region
Customer
Customer
region 2 Primary region 1
l3vpn
l3vpn
Backup
l3vpn
ldp
bgp
Traffic
Normal m-IBGP
l3vpn
Backup
l3vpn
ldp
bgp
Traffic
Normal m-IBGP
protocols {!
Configuration on Backup PE:! bgp {!
! group internal !
[edit routing-instances vpn-xy]!
family [inet-vpn|inet6-vpn|iso-vpn]!
interface ge-0/1/0.200 {! unicast {!
egress-protection {! egress-protection {!
context-identifier 10.0.0.3;! context-identifier 10.0.0.3;!
}! }!
}! }!
}!
}!
64 Copyright 2009 Juniper Networks,
}! Inc. www.juniper.net
PE-CE LINK FAILURE
LOCAL-REPAIR - SOLUTION
Primary path Route Flow
Backup path Traffic Flow local failure
detection
P1 P3
PE1 PE3-PLR
CE2
CE1
CE3
PE2 PE4
P2 P4
P1 P3-PLR protected
PE1 PE3
CE2
CE1
protector CE3
PE2 PE4
P2 P4
Protector PE4 maintains a mirror image of the protected PE3 service label table a
context specific label space identified by a context-id (an IP address) present on both
protected and protector PEs
Protected PE3 owns the context-id address, advertising it in the BGP Next_Hop attribute
(context-id is never used for control plane peerings)
In case of protected PE3 failure, P3-PLR diverts the traffic destined to the context-id
address to the protector PE4 using TE FRR or IP FRR procedures
Protector PE4 looks up received packets in the context-specific label table for PE3
(identified by the label associated with PE3 context-id), and forwards packets to the right
destination
* draft-minto-2547-egress-node-fast-protection
66 Copyright 2009 Juniper Networks, Inc. www.juniper.net
IPFRR LFA VS. NOTVIA VS. PQ
LFA is useful and networks are being designed to improve
coverage (draft-ietf-rtgwg-lfa-applicability)
but LFA doesnt guarantee 100% coverage.
Increasing Demand for IP/LDP Fast-Reroute with 100% Coverage
NotVia can guarantee coverage but requires significant network state
Research done to reduce it, but nothing sufficiently practical & its been years