Transcript Title

MPLS – A USER PERSPECTIVE
Presented by:
Roger Mueller
Eric Severson
Agenda
 Customer centric view of MPLS
 Practical approach
 Tales from the trenches
Traditional Connectivity
 Point-to-Point
 Frame Relay
 ATM
VPN Connectivity
 IPSEC
 L2TP
 MPLS
What is MPLS?
MPLS from the customer standpoint is:
 WAN connectivity
 Looks a lot like traditional connectivity
 A private network with customer-controlled
routing and QOS
 You don’t have to know any MPLS details to
implement an MPLS network!
Why MPLS?
 Cost
 Full mesh by default
 Low latency
 Reduced Carrier Operation Costs
 ATM Complexity/Scalability
 Quality of Service/Traffic Engineering
The Full Mesh Problem
The Full Mesh Problem
Number of circuits = n(n - 1) / 2
example: 10 node network requires 10(10-1)/2 = 45 circuits
The Full Mesh Problem
The old way…
 Hub and spoke networks built
 Suboptimal routing used
 Multiple virtual circuits used (frame relay and
ATM)
The Full Mesh Problem Solved!
CE
CE
PE
PE
CE
PE
CE
PE
PE
CE
MPLS VPN gives you full mesh by default. From the CE router perspective, any
other node in your network will be 3 hops away. CE-PE-PE-CE. If you don’t want full
mesh it can be requested from your service provider.
Vendor Offerings
 Sprint
 AT&T
 Verizon
 Others
MPLS NETWORK DESIGN
Design options
 Data Link protocol
 Routing protocol choices
 Full routing vs. default
 Multicast
 BGP Multipath
 Managed vs. unmanaged
Network Design Document
IMPLEMENTATION
Migration Strategies
 Flash cut
 Gradual migration
CUSTOMER A – CASE STUDY
Customer A - Background
 Multiple Medical Services Provider
 250 Physical Clinics across USA
 ASP for OCR scanning review
 ASP for various other medical application
 Growth via Acquisitions
Customer A – Existing Network
 (400) total locations; (5) data centers
 All across USA
 40% of WAN was ATT FR & MPLS
 60% of WAN was MCI Frame-Relay
 P2P circuits
 IPSEC VPN
 Multiple ISP entry points (over 40)
Customer A – Existing Network
 Access circuits
 56K
 T1 and Fraction T1
 Frac T3
 Frame Relay PVCs - non-fully meshed
 Protocols - EIGRP, OSPF, RIP and Static
 All sorts of Cisco and Bay Network routers
Customer A – Moving to MPLS
 Centralized Data Center
 Due to ASP nature had to have a DR site
 RFI sent out and MCI MPLS was chosen
 All carriers were moving away from FR
 WAN needed to be cleaned up
 Company continued acquisition growth
 Needed to remove EOL WAN gear
 Consolidate WAN to single vendor
Customer A – New Design
 RFI/RFP process MPLS service from MCI
 Multiple T3 circuits at two hub sites
 T1 or bonded T1s at remote sites
 Eliminate 56K FR circuits with 256K MPLS
 Customer to manage CE routers
 Carrier to build on-site SONET ring
access at primary Data Center
Customer A – New Design
 All Cisco network equipment
 Replace all EOL and Bay routers
 Hub sites - Dual Cisco 7000
 Remote sites – Cisco 2801 and 1841
Customer A – New Design
 Replace all frame-relay circuits with MPLS
 Move all sites to MCI MPLS
 Remove P2P circuits
 Consolidate 5 Data Centers into Primary
and Secondary BU DC’s
 Two fully dynamic Internet access points
 Small offices converted to VPN via DSL
Customer A – New Design
 Single BGP AS as WAN routing protocol
 EIGRP as LAN routing protocol
 BGP load sharing at two Data Centers
 Full routes distributed to all sites
CUSTOMER B – CASE STUDY
Customer B - Project Management
 Design
 Procurement
 Implementation
Customer B - Background
 Manufacturer of consumer goods
 Products distributed through Home Depot,
Lowes, Sears and through dealer network
 Most manufacturing done in Mexico
 Product distribution and support from
regional distribution centers
 Extensive dealer network also supported
Customer B - Network
 (30) locations; (3) data centers
 Primarily USA but some Europe and Asia
 Sprint frame relay – multiple PVC
 Point-to-point
 IPSEC VPN
Customer B – Moving to MPLS
 Sprint was primary carrier
 Sprint moving away from frame relay
 Sprint contract expiring
 WAN needed a refresh
 Company poised for growth
Customer B – Existing Network
 Access circuits - T3, T1, Fraction T1
 Sprint frame relay and AT&T frame relay
 Redundant PVCs to redundant hub
routers for HA
 Frame relay PVCs – many 0K CIR
 ISDN backup
 Some point-to-point
 Some IPSEC VPN
Customer B – Existing Network
 EIGRP routing on WAN
 EIGRP on LAN at core sites
 Dialer interface for ISDN backup
 QOS/Avaya voice traffic
Customer B – Existing Equipment
 All Cisco
 1700, 2600, 3600 and 3700 series routers
 Cisco PIX at Internet egress (2 locations)
 Cisco client VPN on VPN 3000 series
concentrators
 Site-to-site VPN tunnels on Cisco IOS
 Not all equipment under maintenance
Customer B – Applications
 Avaya voice traffic
 AS/400 ERP systems
 Lotus Notes email and user productivity
tools
 Citrix
Customer B – New Design
 MPLS VPN service from Sprint
 Multiple T3 circuits at hub sites
 T1 or bonded T1s at remote sites
 Eliminate Fractional T1 access
 Customer to manage CE routers
 IPSEC tunnel at remotes for backup
Customer B – New Design
 All Cisco network equipment
 Use Cisco ISR routers
 Major sites - Cisco 3845
 Remote sites – Cisco 2821
 Multiple MPLS routers at major sites sites
 Make network voice-ready - all routers
would have voice feature set
Customer B – New Design
 Replace all frame-relay circuits with MPLS
 Replace some VPN circuits with MPLS
where cost effective
 Replace ISDN dialer backups with IPSEC
VPN backup
 Replace point-to-point circuits where cost
effective
 Keep Internet access the same
Customer B – New Design
 BGP as routing protocol – unique ASNs
 EIGRP used locally at larger sites
 BGP Multipath for major sites
 Multiple routing instances within Sprint
cloud – Data, Voice, Guest
 Full routes distributed to major sites
 Default route only to remote sites
CUSTOMER B - PROCUREMENT
Customer B - Procurement
 Master Service Agreement – MPLS




service
MPLS circuit orders
Backup circuits – DSL, Cable
Equipment – routers, switches, racks,
cabling
Installation resources – in-house/3rd party
CUSTOMER B - IMPLEMENTATION
Implementation
 All circuits/MPLS brought up in 60 days
 (1) person full-time managing project
 1.5 network engineers
 Use Sprint Concert deployment service
 Used another 3rd party for some sites
Lessons Learned
 Had problems with T3 circuits
 Had problems with BGP multipath
 Long lead times for Aus/NZ
 Aus/NZ very pricey!
 Some sites did not have Internet access
or good 3G access for VPN backhaul
 Doing “regional” Internet egress needs to
be carefully thought out
HOW DO I CONFIGURE MY
EQUIPMENT?
CE Router Configuration
 If you have a single vrf, your configuration
will not have any MPLS-specific
configuration commands
 If you have multiple vrfs, your
configuration will need MPLS-specific
configuration commands
VRF-Aware Commands
 Configuration commands
 Show commands
How to Configure Your Equipment
Multiple vrf configurations must have
commands to…
 Indicate route targets and route
descriptors
 Make BGP aware of the VPN overlay
 Connect interfaces to vrf instances
Configuring CE Routers
ip vrf Newco-General
rd 1:10
route-target export
route-target import
!
ip vrf Newco-Guest
rd 1:30
route-target export
route-target import
!
ip vrf Newco-Voice
rd 1:20
route-target export
route-target import
1:10
1:10
1:30
1:30
1:20
1:20
Configuring CE Routers
router bgp 65004
no synchronization
bgp log-neighbor-changes
no auto-summary
!
address-family ipv4 vrf Newco-General
neighbor 10.150.1.14 remote-as 1803
neighbor 10.150.1.14 password $ecret
neighbor 10.150.1.14 version 4
neighbor 10.150.1.14 activate
synchronization
network 0.0.0.0
network 10.0.8.0 mask 255.255.255.0
network 10.0.9.0 mask 255.255.255.0
exit-address-family
Configuring CE Routers
interface Serial1/0
description Sprint MPLS-1
no ip address
encapsulation frame-relay
ip route-cache flow
dsu bandwidth 22000
scramble
frame-relay lmi-type ansi
service-policy output WAN-INGRESS
!
interface Serial1/0.304 point-to-point
ip vrf forwarding Newco-General
ip address 10.150.1.13 255.255.255.252
frame-relay interface-dlci 304
Configuring CE Routers
router eigrp 100
no auto-summary
!
address-family ipv4 vrf Newco-Voice
redistribute bgp 65004
auto-summary
autonomous-system 20
exit-address-family
Configuring CE Routers
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip vrf forwarding Newco-General
ip address 10.1.1.6 255.255.0.0
!
!
interface GigabitEthernet0/0.200
encapsulation dot1Q 200
ip vrf forwarding Newco-Guest
ip address 172.16.5.6 255.255.255.0
Show Commands
R1# show ip route vrf Newco-General
Routing Table: Newco-General
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.63.7.2 to network 0.0.0.0
B
S
B
B
B
10.0.0.0/8 is variably subnetted, 21 subnets, 3 masks
10.63.48.0/21 [20/0] via 10.154.1.98, 2w1d
10.254.254.0/24 [1/0] via 10.63.7.2
10.63.30.0/24 [20/0] via 10.154.1.98, 7w0d
10.63.25.0/24 [20/0] via 10.154.1.98, 7w0d
10.63.24.0/24 [20/0] via 10.154.1.98, 7w0d
Show Commands
R1# show ip bgp vpnv4 all
BGP table version is 370, local router ID is 10.10.10.25
Status codes: s suppressed, d damped, h history, * valid, > best, i internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Next Hop
Metric LocPrf Weight
Route Distinguisher: 2:70 (default for vrf Newco-Guest)
r> 10.156.1.96/30
10.156.1.98
0
0
*> 10.156.1.116/30 10.156.1.98
0
Route Distinguisher: 2:80 (default for vrf Newco-Voice)
*> 10.155.1.112/30 10.155.1.98
0
*> 10.155.1.116/30 10.155.1.98
0
Route Distinguisher: 2:90 (default for vrf Newco-General)
*> 0.0.0.0
10.63.7.2
0
32768
*> 10.63.0.0/24
10.63.7.2
0
32768
*> 10.63.1.0/24
10.63.7.2
0
32768
Path
1803 ?
1803 ?
1803 ?
1803 ?
i
i
i
Show Commands
R1# ping vrf Newco-General 10.63.128.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.63.128.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
R1# trace vrf Newco-General 10.63.30.1
Type escape sequence to abort.
Tracing the route to 10.63.30.1
1 10.154.1.98 12 msec 20 msec 12 msec
2 10.154.1.114 [MPLS: Label 3232 Exp 0] 36 msec 36 msec 32 msec
3 10.154.1.113 52 msec * 36 msec
QOS
 Use Service provider’s recommendations
 Follow Cisco best practices
QoS Queue Allocation
Type
Precedence
class
percent
Strict Priority
5
Voice
20
CBWFQ
4
Video
15
CBWFQ
3
40
CBWFQ
2
High Priority Data
Medium Priority
Data
CBWFQ
1
Best Effort
10
CBWFQ
0
None
0
15
Further Reading

MPLS Fundamentals. By Luc De Ghein. Luc De Ghein. Cisco Press. ISBN-10: 1-58705197-4; ISBN-13: 978-1-58705-197-5. 2007

Multiprotocol Label Switching (MPLS) Architecture Overview. Jim Guichard, Ivan
Pepelnjak. Cisco Press.

MPLS and Next-Generation Networks: Foundations for NGN and Enterprise
Virtualization. Azhar Sayeed, Monique J. Morrow. Cisco Press. ISBN-10: 1-58720-120-8;
ISBN-13:

QoS for IP/MPLS Networks. Santiago Alvarez. Cisco Press. ISBN-10: 1-58705-233-4;
ISBN-13: 978-1-58705-233-0; 2006

Selecting MPLS VPN Services. Chris Lewis, Steve Pickavance. Cisco Press. ISBN-10: 158705-191-5; ISBN-13: 978-1-58705-191-3; Copyright 2006

MPLS Configuration on Cisco IOS Software. Umesh Lakshman, Lancy Lobo. ISBN-10:
1-58705-199-0; ISBN-13: 978-1-58705-199-9; Copyright 2006
Next Month
MPLS In Depth – Tom Young
Questions?
Roger Mueller – ciscowiz at yahoo.com
Eric Severson – eric at network-specialties.com