New Cisco MPLS Features

   
  Peter J. Welcher
 
   
 

Introduction

I'm writing this in early July in Tokyo, two weeks into "Pete's Asia-Pac Tour". Thanks to NIL (www.nil.si ) and Cisco for the chance to teach two weeks of SE classes in Tokyo (Router Architecture, QoS, MPLS)! And thanks to HP Taiwan for the chance to visit Taipei to consult with and train folks on MPLS technology, capabilities, and design! Eating my way around the capitals of the two countries has been fun! Not to mention weekend/evening sight-seeing.

This week's article is going to take a look at some new or coming Cisco MPLS features, as well as other recent Cisco MPLS announcements.
 

Prior MPLS Articles  
Introduction to MPLS http://www.netcraftsmen.net/welcher/papers/mplsintro.html
MPLS, Part II http://www.netcraftsmen.net/welcher/papers/mpls2.html
BGP and MPLS-Based VPNs http://www.netcraftsmen.net/welcher/papers/mplsvpn.html


Relevant IETF Documents  
Encapsulation Methods for Transport of Layer 2 Frames Over IP and MPLS Networks http://www.ietf.org/internet-drafts/draft-martini-l2circuit-encap-mpls-04.txt
Transport of Layer 2 Frames Over MPLS http://www.ietf.org/internet-drafts/draft-martini-l2circuit-trans-mpls-09.txt
Layer 2 VPNs Over Tunnels http://www.ietf.org/internet-drafts/draft-kompella-ppvpn-l2vpn-02.txt
PPVPN L2 Framework http://www.ietf.org/internet-drafts/draft-andersson-ppvpn-l2-framework-01.txt
Single-Sided Signaling for L2VPNs http://www.ietf.org/internet-drafts/draft-rosen-ppvpn-l2-signaling-01.txt
Multicast in MPLS/BGP VPNs http://www.ietf.org/internet-drafts/draft-rosen-vpn-mcast-03.txt


There are a lot more good IETF RFC and draft documents pertaining to MPLS. The best way to find recent developments is to visit the IETF Working Groups pages. If you're interested in MPLS, you'll want the MPLS, TEWG, and PWE3 working groups (see below). You may also find PPVPN of interest.
 

MPLS-Related IETF Working Groups  
List of IETF Working Groups http://www.ietf.org/html.charters/wg-dir.html
Multiprotocol Label Switching (mpls) http://www.ietf.org/html.charters/mpls-charter.html
Internet Traffic Engineering (tewg) http://www.ietf.org/html.charters/tewg-charter.html
Pseudo Wire Emulation Edge to Edge (pwe3) http://www.ietf.org/html.charters/pwe3-charter.html
Provider Provisioned Virtual Private Networks (ppvpn) http://www.ietf.org/html.charters/ppvpn-charter.html


Adobe Acrobat PDF versions of the Cisco Networkers 2002 talks from San Diego are available online, and the MPLS talks were particularly well-organized and clear this year. Recommended highly! (I'm not giving you the URL since I'm not sure Cisco wants it publicly posted yet.)

What Is ATOM?

Any Transport Over MPLS (ATOM) is the most recent MPLS development from Cisco. It is soon to be shipping basic functionality (12.0(22) SY for 7200/7500, 12.0(23) or (24) S for 12000 GSR). ATOM Phase I should provide for like-to-like transport of Frame Relay, ATM AAL5 cells, or Ethernet frames across an MPLS network. Parts like Ethernet Over MPLS and ATM AAL5 Over MPLS may already be shipping in some devices.

A later phase is intended to allow any-to-any connections. Transparent transport of trunking is also planned but not yet available. That is, Ethernet over MPLS (EoMPLS) can only currently be configured at the VLAN level. Packet Over SONET Over MPLS (POSoMPLS) is also planned. Plus transport of general ATM cells. Plus more features! Target platforms: 12000 GSR, 7200, 7500. (So those of us using 2600/3600 for our MPLS test and practice labs may not be able to try this out for a while yet.)

Why ATOM?

The key idea here is to provide Layer 2 VPN services over IP-based MPLS networks (with better economics than using classical ATM gear).

You may be wondering: "Why is this a Good Thing?" Or "I thought Layer 3 MPLS VPN was the hot technology."

A previous article covered Layer 3 MPLS VPN's. We saw that these had a lot of advantages, both to Service Provider (SP) and customer, but they do require mingling customer and SP routing. Some customers may however just want connectivity (particularly at commodity pricing for connectivity without additional services). Layer 2 VPN's address this market. They just provide a Layer 2 link, no routing, no other services. They also eventually allow the inversion of services: instead of IP over ATM over SONET, we can perhaps see a transition to ATM or POS over MPLS (over IP) as prices for Gigabit Ethernet and faster gear plummet. The Cisco ATOM Layer 2 VPN's also use a common IP and MPLS infrastructure with the Layer 3 VPN's. They look like they should scale well, in terms of not adding great complexity or memory or CPU usage in MPLS routers (LSR's) already offering RFC 2547-based MPLS VPN's.

Label distribution and the IGP routing protocol automatically set up a full mesh of label paths from PE to PE. These are used to transport Layer 3 MPLS VPN traffic between VRF's in the PE's. They can now also be used as traffic trunks carrying many Layer 2 MPLS VPN's between the same PE's. This strikes me as similar to the idea of Virtual Path switching in SP-scale ATM switches.

Cisco's implementation of ATOM uses directed LDP sessions for signalling. The alternative (draft by Kompella) uses BGP for signalling. Cisco has proposed an alternative (draft by Rosen). Discussion of the best approach appears to be continuing.

Virtual LAN services are anticipated for the future. They might be called Virtual Private LAN Services (VPLS). When doing VPLS, the MPLS network acts like a giant distributed Ethernet switch, with PE's acting as edge bridges or switches. I'm not sure I like this idea: I currently design to keep Spanning Tree (STP) to very small scale in campuses. Campuses I or my peers design have many Layer 3 switching points. And the network are generally very stable. I or my peers have seen some pure Layer 2 campues "melt down" when someone accidentally created a Spanning Tree loop. That's an event you hope to experience at most once. Most sites that have seen it do not wish to ever see it again! Outages are bad; campus-wide outages are really bad!

Having STP running from many companies across a shared MAN or WAN backbone scares me. I'd like to be convinced this is a sane act. All the vendors seem pursuing this for the MAN optical arena. I find myself wondering whether this means the optical / Service Provider folks haven't talked to the Campus Switching people about scaling and what works (and what doesn't work). I also recall wondering about ATM LANE fanatics telling us, in effect, how wonderful broadcasts across the ATM WAN were the future. Bandwidth never got inexpensive enough. Does that still apply?

One alternative that does come to mind: as virtual LAN services evolve, perhaps we'll see fewer small site routers. Maybe small sites will look like different VLAN's running into a central site router, in the typical small-medium corporate network of the future. That keeps the STP domain size down, although it does assume broadcasts across the WAN become a non-issue, in terms of cost.

To find Cisco materials on ATOM, look under VPN's, under the Unified VPN Suite (3rd link below ). In addition to the links listed below, there are links to public presentations and other interesting materials!
 

Cisco ATOM Links  
Overview -- Cisco Any Transport Over MPLS http://www.cisco.com/warp/public/cc/so/neso/vpn/unvpnst/atomf_ov.htm
White Paper -- Cisco Any Transport Over MPLS http://www.cisco.com/warp/public/cc/so/neso/vpn/unvpnst/atomf_wp.htm
Cisco Unified VPN Suite (Main Page) http://www.cisco.com/warp/public/cc/so/neso/vpn/unvpnst/index.shtml

How Does ATOM Work?

The "magic" used here is relatively simple, if you're already used to MPLS. Just as with Layer 3 MPLS VPN's, we need a LSP label path between any two PE routers for ATOM to work. The layer 2 frames arrive at one PE, are encapsulated, and are sent to the corresponding PE at the other end of the "Layer 2 Pseudo-Wire". The egress PE removes the encapsulation and sends out the layer 2 frame.

The encapsulation used adds three headers:

  • MPLS LSP tunnel header
  • Demultiplexer field / circuit ID
  • VC encapsulation info
The outermost encapsulation is just an MPLS LSP label for the path to the egress PE. It could be a GRE or L2TP tunnel if those are the tunnel protocol being used. The demultiplexer field in MPLS is another label, identifying the logical circuit or "pseudo-wire", since many such may be carried via this one PE-PE LSP. If the transporting tunnel is GRE, then the demultiplexer field might be a GRE key. The innermost field contains a type code for the layer 2 frame type, as part of the 32 bit "control word", which also can carry crucial bits from the former layer 2 header.
 
 

In ATOM then, the outermost label (tunnel header) is thus a normal LSP label from the IGP (Internal Gateway Protocol) route to the destination PE. The demultiplexer label comes from directed LDP between the PE routers, caused by our configuration telling the routers to set up a virtual circuit ("pseudo-wire").

There are lots of details as to the type codes to use, how and what to encode in the control word (FECN, BECN, etc.). We'll skip those -- see also the drafts with "martini" in the name, above. If there is a problem, the PE router is required to use Frame Relay LMI and supposed to use ATM ILMI to notify what is connected that the circuit has gone down. The PE router is also supposed to withdraw the label assigned to the pseudo-wire.

Configuring this is reasonably straight-forward. Samples from what's documented for EoMPLS (e.g. on 7600):

interface GigabitEthernet0/0.1
encapsulation dot1q 30
mpls l2transport route 1.0.0.2 300 sequencing
This tells the router to take 802.1q VLAN 30, and provide a Virtual Circuit (VC) or Pseudo-Wire (PW) with ID 300 to 1.0.0.2. The other PE, 1.0.0.2, needs a matching configuration command. Note that cross-connecting VLAN's, e.g. VLAN 4 to VLAN 5, may have interesting STP (Shared Spanning Tree with PVST+) effects and surprises, and is not advisable. The "sequencing" option causes enforcement of in-sequence frame delivery by means of sequence numbers.

Sample HDLC serial port connectivity (preliminary sample) is similar:

interface Serial 1/0:0
no ip address
mpls l2transport route 1.0.0.2 200
This also can be done with PPP as encapsulation, same commands, just add "encapsulation ppp".
interface ATM1/0.100
pvc 0/100
encapsulation aal5snap
mpls l2transport route 1.0.0.2 200 sequencing

Recent Cisco MPLS Announcements

The general title for this set of announcements was MPLS for Shared Services. Included are four features that can enable shared services for MPLS VPN customers of a Service Provider. The presentation below explains how these are helpful to SP's wishing to provide more managed services to their customers.
  • NAT for MPLS
This allows SP's to provide outsourced NAT services to Enterprises. The obvious place where a privately addressed MPLS VPN customer might need NAT is for connecting to services provided by the MPLS SP, also for Internet connectivity (another service the MPLS SP might offer).
  • On Demand Address Pools (ODAP) for MPLS
ODAP allows automatic expansion of SP DHCP address pools on an as-needed basis. This provides more efficient use of SP address space. It is based on the IOS DHCP server functionality.
  • HSRP/VRRP Support for MPLS VPN
The recent Cisco GRIP announcements apply to MPLS VPN PE's, allowing fast failover for redundant CE-PE connections.
  • VPN Select for MPLS
Customers with broadband links can select which ISP to use. If the ISP provides MPLS VPN connectivity, the user can then access their corporate MPLS VPN from home.
  • Multicast for MPLS VPN's
The existing standard for IP multicast with MPLS doesn't scale well for MPLS VPN's. Cisco is proposing and implementing a scalable alternative that uses a scalable dynamic multicast tree in the core network. This also appears to enable multicast-based multimedia services in conjunction with MPLS VPN's. See the second Rosen link above for technical details.
 
Cisco MPLS Services Announcement Links  
Press Release: New Cisco Technologies Enable Shared Services Over MPLS http://www.cisco.com/warp/public/732/Tech/mpls/docs/pressrelease0602.pdf
MPLS for Shared Services Presentation http://www.cisco.com/warp/public/732/Tech/mpls/docs/customerpreso0602.pdf

Other MPLS Topics

Topics that came to mind as worthy of more discussion. But not in this article, which is getting too long!
 
Other MPLS Topics  
Routing for MPLS TE In previous articles, we never really talked about why traffic wants to use the TE tunnel. This merits some solid discussion.
CSC and Inter-AS MPLS How one carrier can connect to others or provide connectivity to regional carriers, without taking on lots of VPN or Internet routes.
Internet Access via MPLS How to connect customers to ISP's without taking on Internet routes in a VRF. (There's a pattern here: one really good idea, applied in various ways.)
L2TP and MPLS VPN, or IPsec and MPLS VPN Cisco's Universal VPN's.
MPLS VPN management: VPNSC, Tunnel Builder Cisco MPLS management tools.

Conclusion

If you haven't checked out NIL's remote labs, you might want to. Good labs (in English!) on OSPF, BGP, QoS, MPLS, can be rented and operated remotely. See www.nil.si . Virtual classroom and Web-based training are also available. Ivan Pepelnjak of NIL is co-author of the MPLS and VPN Architectures book by Cisco Press. The CCIP edition just came out, fixing some typos and generally improving on the first edition.

Interesting reading: recent Cisco presentations (Networkers, also the above MPLS Shared Services presentation) cite Cisco MPLS as being in use in 140 deployments today. The Cisco news pages also have some interesting reading about Bell Canada's deployment of IP MPLS based VPN's. Customers apparently use a Web interface to select QoS and bandwidth on demand.

Also exciting: Cisco's new routing convergence options (Networkers 2002) and the GRIP announcements. These topics perhaps would fit well with a 1-2 article series on High Availability.

Prior to (and during) this road trip, I and the other folks of Chesapeake NetCraftsmen have been doing some exciting and interesting consulting. (Thanks to those who brought us in to work with them!)  I'm considering an article about new trends in corporate networks, based on what we've been seeing. Anonymous of course, to protect our clients. Our work includes some large switched campus networks, one company with mainframe diversity and 30 Gbps of FICON/ESCON over MAN dark fiber, another looking at a new WAN network with voice and data sharing the same links. It also includes a major debit card organization. And design and implementation and sequencing of MPLS features for a nation-wide MPLS network supporting GPRS and 3G voice as well as data.

If you think my comments about Virtual LAN services are overly negative, conservative, or that I'm just showing my age, please let me know! I'd love to debate it by email, or try to understand other points of view on this!

Dr. Peter J. Welcher (CCIE #1773, CCSI #94014) is a Senior Consultant with Chesapeake NetCraftsmen. NetCraftsmen is a high-end consulting firm and Cisco Premier Partner dedicated to quality consulting and knowledge transfer. NetCraftsmen has nine CCIE's, with expertise including large network high-availability routing/switching and design, VoIP, QoS, MPLS, network management, security, IP multicast, and other areas. See http://www.netcraftsmen.net for more information about NetCraftsmen. Pete's links start at http://www.netcraftsmen.net/welcher . New articles will be posted under the Articles link. Questions, suggestions for articles, etc. can be sent to pjw@netcraftsmen.net .

7/9/2002
Copyright (C)  2002,  Peter J. Welcher