《MPLS自己的经验理解通俗易懂教案.pptx》由会员分享,可在线阅读,更多相关《MPLS自己的经验理解通俗易懂教案.pptx(94页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、会计学1MPLS自己的经验理解通俗易懂自己的经验理解通俗易懂MPLS VPN的基本概念目录目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例第1页/共94页传统传统IP路由网络的缺陷路由网络的缺陷第2页/共94页传统的传统的IP数据转发数据转发n n使用路由协议传送使用路由协议传送IPIP路由信息路由信息n n基于基于IPIP包的目标地址进行数据转发包的目标地址进行数据转发n nIPIP包每经过一个路由器都需要进行路由包每经过一个路由器都需要进行路由表的查询表的查询第3页/共94页n nIPIP的逐跳转发,在经过的每一跳处,必须进行路的逐跳转发,在经过的每一跳处,必须进行路由表
2、的最长匹配查找(可能多次),速度缓慢。由表的最长匹配查找(可能多次),速度缓慢。第4页/共94页在传统的在传统的IP转发中的转发中的流量工程问题流量工程问题n nMost traffic goes between large sites A and B and uses only the primary link.Most traffic goes between large sites A and B and uses only the primary link.n nDestination-based routing does not provide any mechanism for l
3、oad Destination-based routing does not provide any mechanism for load balancing across unequal paths.balancing across unequal paths.n nPolicy-based routing can be used to forward packets based on other Policy-based routing can be used to forward packets based on other parameters,but parameters,but t
4、histhis is not a scalable solution.is not a scalable solution.Primary OC192 linkLarge Site ALarge Site BSmall Site CBackupOC48 link第5页/共94页Review Questionsn n列出主要的传统列出主要的传统IPIP路由缺点路由缺点.n nIPIP包的传发是基于那一种信息包的传发是基于那一种信息?n n为什么这种转发机制不适用于大型为什么这种转发机制不适用于大型网络网络?第6页/共94页MPLS架构及相关技术架构及相关技术第7页/共94页MPLS数据转发数据转
5、发n nMPLSMPLS的标签转发,通过事先分配好的标签,为报文建立的标签转发,通过事先分配好的标签,为报文建立了一条标签转发通道(了一条标签转发通道(LSPLSP),在通道经过的每一台设备),在通道经过的每一台设备处,只需要进行快速的标签交换即可(一次查找)。处,只需要进行快速的标签交换即可(一次查找)。第8页/共94页MPLS:多协议标签交换多协议标签交换n nMPLS:Multi-Protocol Label Switchingn n在IP网络实现2.5层数据交换第9页/共94页MPLS 的基本概念的基本概念n n基于标签进行数据转发的机制n n标签对应于IP目标路由网络n n标签可对应
6、于其他相关参数QosQosIPIP源地址源地址n n支持多种协议的转发第10页/共94页MPLS/IP网络网络第11页/共94页MPLS 架构架构n n控制层面(Control plane)n n运用路由协议进行路由信息的交换运用路由协议进行路由信息的交换n n运用标签分发协议进行标签交换运用标签分发协议进行标签交换n n数据层面(Data plane)n n基于标签进行数据转发基于标签进行数据转发第12页/共94页MPLS Architecturen nRouter functionality Router functionality is is divided into two major
7、 parts:divided into two major parts:control plane and data planecontrol plane and data planeData PlaneControl PlaneLabel 17OSPFLDPLFIBLabel 4417Labeled packetLabel 4Labeled packetLabel 17第13页/共94页Label FormatMPLS uses a 32-bit label field that contains the following information:n n20-bit label20-bit
8、 labeln n3-bit experimental field3-bit experimental fieldn n1-bit bottom-of-stack indicator1-bit bottom-of-stack indicatorn n8-bit time-to-live(TTL)field8-bit time-to-live(TTL)fieldLABELEXPSTTL0192223312024第14页/共94页Frame-Mode MPLSFrameHeaderIP HeaderPayloadLayer 2Layer 2Layer 3Layer 3FrameHeaderLabe
9、lIP HeaderPayloadLayer 2Layer 2 Layer 3Routing lookup andlabel assignment第15页/共94页Label Switch Routern nLabel switch router(LSR)Label switch router(LSR)转发打了标签的转发打了标签的IPIP包包n nEdge LSREdge LSR n n给给IPIP包打标签并转发到包打标签并转发到MPLSMPLS域域n n删除标签并把删除标签并把IPIP包从包从MPLSMPLS域转发出去域转发出去MPLS DomainEdge LSRLSRL=3L=5L=43
10、L=31第16页/共94页LSR的功能架构的功能架构LSRs,regardless of the type,perform the following three LSRs,regardless of the type,perform the following three functions:functions:n nExchange routing informationExchange routing informationn nExchange labelsExchange labelsn nForward packets(LSRs and edge LSRs)Forward pack
11、ets(LSRs and edge LSRs)The first two functions are part of the control plane.The first two functions are part of the control plane.The last function is part of the data plane.The last function is part of the data plane.第17页/共94页Architecture of LSRsLSRs primarily forward labeled packets.LSRControl Pl
12、aneData PlaneRouting ProtocolLabel Distribution ProtocolLabel Forwarding TableIP Routing TableExchange ofrouting informationExchange oflabelsIncoming labeled packetsOutgoing labeled packets第18页/共94页Architecture of Edge LSRsEdge LSRControl PlaneData PlaneRouting ProtocolLabel Distribution ProtocolLab
13、el Forwarding TableIP Routing TableExchange ofrouting informationExchange oflabelsIncoming labeled packetsOutgoing labeled packetsIP Forwarding TableIncoming IP packetsOutgoing IP packets第19页/共94页MPLS 转发转发LSRLSR功能功能:n n插入(插入(InsertInsert)标签)标签n n交换(交换(SwapSwap)标签)标签n n删除(删除(PopPop)标签)标签第20页/共94页MPLS
14、 域MPLS Forwarding(Frame-Mode)n nOn ingress a label is assigned On ingress a label is assigned and imposed and imposed by the by the IP IP routing processrouting process.n nLSRs in the core swap labels based on the contents of the label forwarding tableLSRs in the core swap labels based on the conten
15、ts of the label forwarding table.n nOn egress the label is removed and a routing lookup is used to forward the packetOn egress the label is removed and a routing lookup is used to forward the packet.路由表10.0.0.0/8 label 3标签转发表LFIBlabel 8 label 3路由表10.0.0.0/8 label 5标签转发表LFIBlabel 3 label 5路由表10.0.0.0
16、/8 next hop标签转发表LFIBlabel 5 pop10.1.1.1310.1.1.1510.1.1.1第21页/共94页MPLS 网络网络IP路由示路由示例例LSRControl PlaneData PlaneOSPF:RT:LIB:FIB:LFIB:10.0.0.0/8 1.2.3.4L=5 10.1.1.110.1.1.110.1.1.1第22页/共94页LSRControl PlaneData PlaneOSPF:RT:LIB:FIB:LFIB:10.0.0.0/8 1.2.3.410.1.1.1L=5 10.1.1.1 Next-hop L=3,Local L=5L=3 1
17、0.1.1.1L=3 10.1.1.1L=5 L=3,L=3MPLS 网络网络IP路由示例路由示例第23页/共94页标签的分配和分发过程标签的分配和分发过程n nIPIP路由协议构造路由协议构造IPIP路由表路由表n nLSRLSR对路由表中每一目标网段独立地分配标签对路由表中每一目标网段独立地分配标签n nLSRLSR把所分配的标签公告给其他把所分配的标签公告给其他LSRLSRn n根据所受到的标签,根据所受到的标签,LSRLSR构建构建LIBLIB,LFIBLFIB和和FIBFIB第24页/共94页路由表的构建路由表的构建n nIP routing protocols are used t
18、o build IP routing tables on all IP routing protocols are used to build IP routing tables on all LSRs.LSRs.n nFIBs are built based on IP routing tables with no labeling FIBs are built based on IP routing tables with no labeling information.information.ABCDENetwork X第25页/共94页分配标签分配标签n nEvery LSR allo
19、cates a label for every destination in the IP Every LSR allocates a label for every destination in the IP routing table.routing table.n nLabels have local significance.Labels have local significance.n nLabel allocations are asynchronous.Label allocations are asynchronous.ABCDENetwork XRouter B assig
20、ns label 25 to destination X.第26页/共94页ABCDENetwork XRouter B assigns label 25 to destination X.LIB 和和 LFIB 的建立的建立LIB and LFIB structures have to be initialized on the LSR LIB and LFIB structures have to be initialized on the LSR allocating the label.allocating the label.Local label is stored in LIB.
21、Outgoing action is pop,as B has received no label for X from C.第27页/共94页ABCDENetwork X标签分发标签分发 Label DistributionThe allocated label is advertised to all neighbor LSRs,regardless of The allocated label is advertised to all neighbor LSRs,regardless of whether the neighbors are upstream or downstream
22、LSRs for the whether the neighbors are upstream or downstream LSRs for the destination.destination.X=25X=25X=25第28页/共94页标签通告的接收标签通告的接收(Receiving Receiving Label AdvertisementLabel Advertisement)n nEvery LSR stores the received label in its LIB.Every LSR stores the received label in its LIB.n nEdge L
23、SRs that receive the label from their next-hop also store Edge LSRs that receive the label from their next-hop also store the label information in the FIB.the label information in the FIB.X=25X=25ABCDEX=25Network X第29页/共94页过渡期的数据传送过渡期的数据传送(Interim Packet PropagationInterim Packet Propagation)Forward
24、ed IP packets are labeled only on the path segments where Forwarded IP packets are labeled only on the path segments where the labels have already been assigned.the labels have already been assigned.IP:XLab:25IP:X查询FIB,给IP包打标签.查询LFIB,删除标签ABCE第30页/共94页进一步的标签分配进一步的标签分配(Further Further Label Allocation
25、Label Allocation)Every LSR will eventually assign a label for every destination.Every LSR will eventually assign a label for every destination.ABCDENetwork XRouter C assigns label 47 to destination X.X=47X=47第31页/共94页标签通告的接收标签通告的接收(Receiving Label Receiving Label AdvertisementAdvertisement)n nEvery
26、LSR stores received information in its LIB.Every LSR stores received information in its LIB.n nLSRs that receive their label from their next-hop LSR will also LSRs that receive their label from their next-hop LSR will also populate the IP forwarding table(FIB).populate the IP forwarding table(FIB).A
27、BCDENetwork XX=47X=47第32页/共94页增加增加LFIB条目条目(Populating LFIB)n nRouter B has already assigned a label to X and created an entry Router B has already assigned a label to X and created an entry in the LFIB.in the LFIB.n nThe outgoing label is inserted in the LFIB after the label is The outgoing label is
28、 inserted in the LFIB after the label is received from the next-hop LSR.received from the next-hop LSR.LabelActionNext hop2547CLFIB on BABCDEX=47X=47Network X第33页/共94页数据包通过数据包通过MPLS网络网络的过程的过程IP:XIP:XIngress LSREgress LSRABCELab:25Lab:47查看FIB,给包加标签查询LFIB,删除标签查询 LFIB,执行标签交换第34页/共94页MPLS网络网络LSP的建立的建立第3
29、5页/共94页MPLS网络的优化网络的优化MPLS Domainn nDouble lookup is not an optimal way of Double lookup is not an optimal way of forwarding labeled packetsforwarding labeled packets.n nA label can be removed one hop earlierA label can be removed one hop earlier.L=19L=18L=17LFIB18 19FIB10/8 NH,19LFIB17 18FIB10/8 NH,
30、18LFIB35 17FIB10/8 NH,17LFIB19 untaggedFIB10/8 NH10.1.1.11710.1.1.11810.1.1.11910.1.1.1Double lookup is needed:1.LFIB:remove the label.2.FIB:forward the IP packet based on IP nexthop address.第36页/共94页倒数第二跳弹出倒数第二跳弹出(Penultimate Penultimate Hop PoppingHop Popping)MPLS Domainn nA label is removed on th
31、e router before the last hop A label is removed on the router before the last hop within an MPLS domainwithin an MPLS domain.L=popL=18L=17LFIB18 popFIB10/8 NH,19LFIB17 18FIB10/8 NH,18LFIB35 17FIB10/8 NH,17LFIBFIB10/8 NH10.1.1.11710.1.1.11810.1.1.110.1.1.1Pop or implicit null label is advertised.One
32、single lookup.第37页/共94页小结小结第38页/共94页MPLS VPN的基本概念目录目录MPLS的基本概念1 13 3MPLS 及MPLS VPN举例第39页/共94页什么是什么是VPN?第40页/共94页Customer SiteLarge Customer SiteVPN术语(术语(VPN Terminology)用户网络(Cnetwork):the part of the network still under customer control运营商网络(Pnetwork):the service provider infrastructure used to prov
33、ide VPN services用户站点:a contiguous part of the customer network(can encompass many physical locations)第41页/共94页VPN业务网络视图业务网络视图第42页/共94页VPN的分类类型的分类类型第43页/共94页Overlay VPN(一层(一层VPN)n n运营商提供物理层的连接运营商提供物理层的连接n n用户负责数据链路层和用户负责数据链路层和ip ip层层n n用户自行管理路由用户自行管理路由ISDNE1,T1,DS0SDH,SONETPPPHDLCIP第44页/共94页Overlay V
34、PN(二层(二层VPN)n n运营商提供数据链路层的连接运营商提供数据链路层的连接n n用户负责用户负责ip ip层层n n用户自行管理路由用户自行管理路由X.25Frame RelayATMIP第45页/共94页Overlay VPN(IP隧道)隧道)n n用户负责用户负责ip ip层层n n用户自行管理路由用户自行管理路由Generic Route Encapsulation(GRE)IP Security(IPSec)IPIP第46页/共94页Service Provider NetworkPeer-to-Peer VPN ConceptCustomer SiteRouter ACust
35、omer SiteRouter BCustomer SiteRouter CCustomer SiteRouter DPERouterPE RouterPE RouterPE RouterRouting information is exchanged between CE and PE routers.PE routers exchange customer routes through the core network.Finally,the customer routes propagated through the PE network are sent to other CE rou
36、ters.第47页/共94页共享共享PE的方式的方式第48页/共94页专用专用PE的方式的方式第49页/共94页MPLS VPN第50页/共94页第51页/共94页路由型路由型MPLS VPN的架构的架构第52页/共94页客户边界路由器客户边界路由器第53页/共94页运营商边界路由器运营商边界路由器第54页/共94页运营商路由器运营商路由器第55页/共94页VPN路由及转发表(路由及转发表(VRF)第56页/共94页PE的路由表的路由表第57页/共94页地址复用地址复用第58页/共94页路由区分器(路由区分器(Route Distinguisher)n nRD:64比特地址用于区分PE中每个用
37、户的路由n nVPNv4地址=RD+IPv4地址n nVPNv4地址通过BGP在PE之间进行交换多协议BGP(MP-BGP)第59页/共94页路由区分器的运用路由区分器的运用第60页/共94页第61页/共94页使用路由区分器使用路由区分器第62页/共94页路由标记(路由标记(Route Targets)n n多个用户站点分属于不同的VPN,需要使用RT标记各自的VPN路由n n附加在VPNv4路由中传送以标记不同的VPNn nRT加入到BGP的扩展属性中进行传送n nRT的灵活应用可支持不同的VPN拓扑第63页/共94页RT的工作原理的工作原理n nExport RT:路由发送标记,定义VPN
38、组n nImport RT:路由接收标记,识别VPN组n n在发生端的PE,IPv4转换成VPNv4路由时加入Export RTn n在接收端的PE,根据Import RT进行检查n n收到的路由的RT与Import RT匹配,接收路由第64页/共94页第65页/共94页RT的灵活应用的灵活应用1第66页/共94页RT的灵活应用的灵活应用2第67页/共94页RT的灵活应用的灵活应用3第68页/共94页路由型路由型MPLS VPN的路由模型的路由模型第69页/共94页MPLS VPN路由路由n nCECE运行路由协议运行路由协议n nPEPE运行路由协议与运行路由协议与CECE交换路由信息交换路
39、由信息n nPEPE运行运行MPLSMPLS传送传送VPNVPN路由路由n nP P运行运行MPLSMPLS第70页/共94页CE第71页/共94页PE第72页/共94页PE路由器的路由路由器的路由第73页/共94页P第74页/共94页MPLS VPN端到端的路由信息流端到端的路由信息流1第75页/共94页MPLS VPN端到端的路由信息流端到端的路由信息流2第76页/共94页MPLS VPN端到端的路由信息流端到端的路由信息流3第77页/共94页路由型路由型MPLS VPN的数据转发的数据转发第78页/共94页传送原始传送原始IP数据包数据包第79页/共94页传送打了标签的传送打了标签的IP
40、包包第80页/共94页给给IP包打两次标签包打两次标签n nVPN标签由Ingress PE路由器标记并发布第81页/共94页MPLS L2VPN第82页/共94页MPLS L2VPNn nMPLS L2VPN MPLS L2VPN 提供基于提供基于 MPLSMPLS网络的二层网络的二层 VPNVPN服务,服务,使使运营商可以在统一的运营商可以在统一的 MPLS MPLS 网络上提供基于不同数据链网络上提供基于不同数据链路层的二层路层的二层 VPNVPN。n n简单来说,简单来说,MPLS L2VPN MPLS L2VPN 就是在就是在 MPLS MPLS 网络上透明传输网络上透明传输用户二层
41、数据。从用户的角度来看,用户二层数据。从用户的角度来看,MPLSMPLS网络是一个二网络是一个二层交换网络,可以在不同节点间建立二层连接。层交换网络,可以在不同节点间建立二层连接。n n相对于相对于 MPLS L3VPNMPLS L3VPN,MPLS L2VPN MPLS L2VPN 具有以下优点:具有以下优点:n n可扩展性强:可扩展性强:MPLS L2VPN MPLS L2VPN 只建立二层连接关系,不引入和管只建立二层连接关系,不引入和管理用户的路由信息。理用户的路由信息。n n可靠性和私网路由的安全性得到保证可靠性和私网路由的安全性得到保证n n支持多种网络层协议:包括支持多种网络层协
42、议:包括 IPIP、IPXIPX等等第83页/共94页MPLS L2VPN的基本概念的基本概念n n在在 MPLS L2VPN MPLS L2VPN 中,中,CECE、PEPE、P P 的概念与的概念与 MPLS MPLS L3VPN L3VPN 一样,原理也相似。一样,原理也相似。n nMPLS L2VPN MPLS L2VPN 通过标签栈实现用户报文在通过标签栈实现用户报文在 MPLS MPLS 网络中的透明传送:网络中的透明传送:n n外层标签(称为外层标签(称为 Tunnel Tunnel 标签)用于将报文从一个标签)用于将报文从一个 PE PE 传递到另一个传递到另一个 PEPE;n
43、 n内层标签(称为内层标签(称为 VC VC 标签)用于区分不同标签)用于区分不同 VPN VPN 中的中的不同连接;不同连接;n n接收方接收方 PE PE 根据根据 VC VC 标签决定将报文转发给哪个标签决定将报文转发给哪个 CECE。第84页/共94页MPLS L2VPN 标签栈处理标签栈处理第85页/共94页MPLS L2VPN 的实现方式的实现方式n n还没有形成正式的标准。还没有形成正式的标准。IETF IETF 的的 PPVPNPPVPN工作组工作组制订了多个框架草案,其中最主要的两种称为制订了多个框架草案,其中最主要的两种称为 Martini Martini 草案和草案和 K
44、ompella Kompella 草案:草案:n ndraft-martini-l2circuit-trans-mpls draft-martini-l2circuit-trans-mpls n ndraft-kompella-ppvpn-l2vpn draft-kompella-ppvpn-l2vpn n nMartini Martini 草案定义了通过建立点到点的链路来实现草案定义了通过建立点到点的链路来实现 MPLS L2VPN MPLS L2VPN 的方法。它以的方法。它以 LDPLDP为信令协议来传递双为信令协议来传递双方的方的 VC VC 标签,称为标签,称为 Martini Ma
45、rtini 方式方式 MPLS L2VPNMPLS L2VPN。n nKompella Kompella 草案则定义了在草案则定义了在 MPLS MPLS 网络上以端到端网络上以端到端(CE CE 到到 CECE)的方式建立)的方式建立 MPLS L2VPNMPLS L2VPN。目前它采用。目前它采用扩展了的扩展了的 BGPBGP为信令协议来发布二层可达信息和为信令协议来发布二层可达信息和 VC VC 标签,称为标签,称为 Kompella Kompella 方式方式 MPLS L2VPNMPLS L2VPN。第86页/共94页MPLS VPN的基本概念目录目录MPLS的基本概念1 13 3M
46、PLS 及MPLS VPN举例第87页/共94页衢州电信城域网衢州电信城域网MPLS 域域第88页/共94页衢州电信城域网衢州电信城域网核心网核心网MPLS 域域LSREdge LSRs第89页/共94页衢州电信城域网衢州电信城域网MPLS VPN环环境境MPLS 环境环境PPE第90页/共94页城域网城域网三层三层MPLS VPN实例实例(环保监控)(环保监控)江山SR1:description CTVPN45002-HuangBaoJianKong vrf-import vprn200017_import route-distinguisher 4809:45002 auto-bind l
47、dp vrf-target target:4809:4500200 interface ge-lag-2.3899 create description HBJK_HuangBaoJu local-proxy-arp sap lag-2:3899.*create ingress qos 105 exit egress qos 400 exit exit exit interface ge-lag-2.3910 create description HBJK_HengChangShiYe local-proxy-arp sap lag-2:3910.*create ingress qos 105
48、 exit egress qos 400 exit exit exit 龙游SR1:description CTVPN45002-HuangBaoJianKong vrf-import vprn200017_import route-distinguisher 4809:45002 auto-bind ldp vrf-target target:4809:4500200 interface ge-5/1/2.3901 create description HBJK_TianTingYaLun sap 5/1/2:1592.3901 create ingress qos 105 multipoi
49、nt-shared exit egress qos 400 exit exit exit interface ge-5/1/2.3907 create description HBJK_JuHuaKuangYe sap lag-2:3907.*create ingress qos 105 exit egress qos 400 exit exit exit第91页/共94页城域网城域网二层二层MPLS VPN实例实例(邮政)(邮政)南区SR1:description VPLS_Youzheng stp shutdown exit sap 5/1/1:3800.*create ingress q
50、os 111 exit egress qos 210 exit exit sap 5/1/8:1304.3800 create description HeHuaSanLu ingress qos 111 exit egress qos 210 exit exit mesh-sdp 128:303800 create exit mesh-sdp 131:303800 create exit 江山SR1:split-horizon-group 303800 create exit stp shutdown exit sap lag-1:1452.1357 split-horizon-group