116 |
VIRTUAL PRIVATE NETWORKS (VPNs) |
via that PE that is impacted, not all future access via all PEs (until the RADIUS server is fixed).
8.2.5 VIRTUAL PRIVATE LAN SERVICE (VPLS)
As the name suggests, this is a mechanism to provide a virtual LAN between remote sites giving apparently switched LAN connectivity between those sites. It is implemented as a set of point-to-multipoint VPNs.
A VPLS CE can be a Layer 2 Ethernet switch or a Layer 3 router with an Ethernet interface. Given that VPLS is emulating a LAN, it is only necessary to have Ethernet encapsulation. However, there are some new challenges when implementing a virtual private LAN over a large network with many PEs. In particular, it is necessary for the CE and PE to learn Ethernet MAC information so that it is possible to correctly direct packets through the network.
Each CE in the VPLS instance connects to a PE and, just as any other edge device, it sends Layer 2 frames onto the network. If the destination is on the same subnet but not on the same segment, the bridge (in this case, the bridge is the VPLS PE) receives the packet and recognizes that it is not for a local host. On receipt of the frame, the PE must decide if it knows the destination for the packet. If it does, the packet is sent directly to the appropriate remote PE. If the PE does not know the destination for the packet, the packet is broadcast to all other PEs within the VPLS instance. Each PE then forwards the packet to its associated CEs. The CE, to which the destination is connected, forwards the packet. All other CEs simply drop the packet.
Figure 8.3 shows a network with four PE LSRs and four CE switches. There are workstations attached to CE1 and CE3 that wish to communicate. Let us assume that no
|
|
|
CE1 |
PE1 |
P1 |
PE4 |
|
CE4 |
|||||||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Workstation
PE2 |
PE3 |
CE2 |
CE3 |
|
Workstation |
Figure 8.3 VPLS example
8.2 VPNS AT LAYER 2 |
117 |
Ethernet MAC addresses have been learned by any of the PE LSRs in the network, that the CEs know the MAC addresses of their attached workstations and that workstation 1 (attached to CE1) wishes to send a packet to workstation 3 (attached to CE3).
Workstation 1 transmits the packet to CE1. CE1 now knows that workstation 1’s Ethernet MAC address is reached via the port over which the packet was received. Since CE1 does not know how to reach workstation 3, it broadcasts the packet on all ports. PE1 receives the packet. It does not know how to reach workstation 3’s MAC, so it also broadcasts the packet to each of the known PEs. PE2, PE3 and PE4 each receive a copy of the packet. None of them knows the path to the MAC for workstation 3 so they broadcast the packet. The PE LSRs transmit to CE2, CE3 and CE4 respectively. Neither CE2 nor CE4 have the MAC address for workstation 3, so they silently drop the packet. CE3, however, knows that workstation 3 is attached directly to it and transmits the packet to the destination. In the process of transmitting the packet throughout the network, each of the PE LSRs and CE switches now knows the path back to workstation 1’s MAC address.
Workstation 3 then replies to the received packet. It transmits to CE3. CE3 knows that workstation 1 is reached via PE3. PE3 knows that it has to send the packet back to PE1. PE1 knows that workstation 1 is connected via CE1. CE1 has a direct connection to workstation 1. In addition, CE3, PE3, PE1 and CE1 now know the path back to workstation 3’s MAC address. Note that because the packet from workstation 3 was not broadcast, CE2, PE2, PE4 and CE4 do not have any information about the MAC address of workstation 3. This mechanism for learning the MAC addresses of attached devices is analogous to the behaviour of a standard learning bridge.
VPLS on Juniper routers requires the use of a Tunnel Services PIC (or an Adaptive Services PIC) because two labels must be pushed and popped in a single device.
8.2.6LAYER 2 TUNNELLING PROTOCOL (L2TP)
L2TP is a protocol that originally was designed to provide a mechanism to transport PPP frames across an intervening Layer 3 network. The original protocol is defined in RFC 2661. Subsequent extensions to the protocol have facilitated the use of L2TP to carry other Layer 2 frames. It is clear that L2TP could potentially be used as a means for providing point-to-point VPNs.
Many believe that GRE and L2TP provide more efficient mechanisms to transport the data in VPNs and, when used in conjunction with auto-discovery mechanisms such as the RADIUS-based system described earlier in this chapter, can provide all the flexibility and scalability of an MPLS-based VPN.
9
Class of Service and Quality
of Service
From the earliest days of the Internet, traffic has been transported on a best efforts basis. For a long time, this was perfectly satisfactory. However, at a time when SPs can charge more for premium services, best effort delivery is no longer sufficient.
Traditionally, service providers operated separate networks for their data, video and voice services, each of which placed different quality demands upon the networks over which they were operated. However, the desire for financial savings based on building, operating and maintaining only one network rather than several has driven service providers towards convergence of those networks. This has led to vastly more stringent demands upon their IP networks. Various features exist within IP, MPLS and the underlying transport media to support Quality of Service (QoS).
9.1DESIGN AND ARCHITECTURAL ISSUES OF CoS/QoS
As stated above, Class of Service (CoS) and QoS place new demands upon the IP and MPLS infrastructures operated by service providers. These are particularly relevant to the scaling of networks. The extra control traffic and state required to maintain the quality of service across a network can place extra demands on the processors and memory of all network devices. In addition, the management of queues and scheduling can be especially complex. Many products have a constrained number of queues per port, several having just four queues. While this can be an issue, particularly in environments where per-subscriber class of service implementations are required, in core environments it is uncommon to
Designing and Developing Scalable IP Networks G. Davies
2004 Guy Davies ISBN: 0-470-86739-6