Total 254 Blogs

Created by - Orhan Ergun

What does PE-CE mean in MPLS?

What does PE-CE mean in the context of MPLS? What are CE, P, and PE devices in MPLS and MPLS VPN? These are foundational terms and definitions in MPLS. MPLS is one of the most commonly used encapsulation mechanisms in Service Provider networks and before studying more advanced mechanisms, this article is a must-read. In order to understand PE-CE, we need to understand first what are PE and CE in MPLS. I am explaining this topic in deep detail in our CCIE Enterprise and Self-Paced CCDE course. Let’s take a look at the below figure. Note: If you are looking for a much more detailed resource on this topic, please click here.Figure -1 MPLS network PE, P, and CE routers In Figure-1 MPLS network is shown. This can be an Enterprise or Service Provider network. MPLS is not only a service provider technology. It can provide segmentation/multi-tenancy for the enterprise environment as well. Three different types of routers are shown. CE, PE, and P routers. CE devices are located on the customer site. PE and P devices are located on the Service Provider site. If it is an Enterprise network, WAN routers can be considered PE routers, and the switches can be CE devices. PE routers don’t have to be connected to P routers. PE routers can be directly connected to each other. CE devices don’t run MPLS. PE devices run both IP and MPLS. P devices don’t run IP but only MPLS. You find the above sentence everywhere when you study MPLS. It actually means CE devices don’t switch the MPLS label to function. PE devices, when a packet arrives first lookup IP destination address and then use MPLS label to function. P devices don’t do IP lookup at all but only switch MPLS labels. Otherwise, P devices of course have IP addresses on their interfaces as well. In MPLS, the service can be Layer 2 or Layer 3. In Layer 3 MPLS VPN, IP routing is enabled between PE and CE devices. These devices have their own roles. Provider Edge and Customer Edge. The provider Edge device is attached to the customer site and the MPLS network, on the other side Customer Edge device, is at the customer site and doesn't require MPLS protocol for its function. Routing protocols in theory can be Static Routing, RIP, EIGRP, OSPF, IS-IS, and BGP. All of them are IETF standards. But in real life, most service providers only provide Static Routing and BGP as a routing protocol with the customer. PE-CE interface is only IP and not MPLS. This interface is the boundary between the MPLS network and the IP network. If Enterprise purchases MPLS VPN service, this means, the customer is receiving VPN service from the MPLS backbone service provider and the customer doesn't run MPLS with the Service Provider. MPLS is only enabled in the Service Provider network. A specific application of PE-CE as MPLS is called CSC (Carrier Supporting Carrier). But in basic MPLS Layer 3 MPLS VPN, the PE-CE link is always IP. To have a great understanding of SP Networks, you can check my newly published “Service Provider Networks Design and Perspective” Book. It covers the SP network Technologies also explains in detail a factious SP network. Click here

Published - Thu, 21 Apr 2022

Created by - Orhan Ergun

AWS SAA vs. CLF - Can I skip one?

AWS are known for their famous highly demanded Solutions Architect Associate (SAA) Certificate, and many thinks that it is the first step with AWS and Cloud Computing, the question now is it?, or is there any step that should be taken before, like the AWS Cloud Practitioner CLF exam?. in this blog post we will discover and compare the agenda and the main pillars each exam teach you, and see if it worth skipping CLF and start directly with SAA. Cloud Concepts Your very first chapter to start studying AWS CLF with will be the cloud concepts, this will give a general overview of what is the idea and concept of cloud computing, what would AWS provide regarding that, and are you about to experience. Luckily this part is shared between both the exams of AWS CLF and SAA, and we'll find a share for it here and there, to understand what we are about to start with such exams. that makes them equal here, 1-1. Security and Compliance Having zero knowledge about cloud computing and the restrictions and differentiations that might occur with it, upon implementing a new network on the cloud for the first time will require the knowledge of official documents, government restrictions and compliances, regional compliances as well. Now that is a point where CLF wins as it mentions and provides all the necessary documents and resources to check the security and compliances requirements based on the region you are planning to implement a cloud network on. so far 2-1 for CLF. AWS Core Services This pillar represent the back bone of whatever you should study and learn with AWS, all the services hosted on cloud, in other words, inside AWS real Data Centers, are shown and detailed here, service after another. The CLF exam focuses for more than 30% of its weight on the Core services giving you a good knowledge to call it a start with AWS, while the SAA exam is "about" this pillar, you will spend your time with that exam studying the core services, designing the core services, architecting solutions together, all within the same cloud, one solid well-built/designed network on the cloud of AWS. In general, you will learn about the Core services of AWS 3 times more with SAA compared to CLF, making SAA the ultimate beginning with AWS services. we can say it is a point to SAA, so we have 2-2 now. AWS Economics The last pillar to check and talk about in this post is the one that teaches you billing, payments, discounts, Free tier, support, programs, and pricings. All of that is in the CLF exam but NOT mentioned in the SAA exam unfortunately, it is a major and big point for the CLF as ignoring these skills will result is disasters when dealing with AWS services in real life. And that sent the last point for today to the CLF exam, 3-2. Conclusion With all the above being said, does that make starting with AWS SAA directly a mistake or a wrong step in the path of AWS carrier for me! The Answer is that you can practice and prepare the best with AWS by: Either Start with CLF and then SAA Or, start with SAA but refer to the official documents from AWS the fills the gaps of Compliance and Economics which will be equal to the amount of time and efforts spend studying the CLF exam! Resources For us on orhanergun.net, we provide both the AWS CLF and AWS SAA exams courses on the website, detailed explanation based on the official agenda of the exams by AWS, alongside with many other AWS and Cloud courses, you can either get a life-time subscription per course, which will provide all the future exam updates for free. or contact our sales to get a full annual access to a variety of courses based on the tier you desire.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Administrative Distance - How preferred is it

OSPF Administrative Distance, or OSPF AD, is the key of electing OSPF among other routing protocols (if existed) leading to the same target within the same routing table, in this blog post we will discover the basics and types of Administrative Distances for OSPF across multiple different platform. Administrative Distance For Cisco systems operating systems, regardless of their platforms, all the IOS-XE, IOS-XR, and NX-OS OS's treats OSPF based on the "AD" which has the value of "110". Now the most important thing is not just to know the numerical value which will be useless without knowing its order of preference among the other routing protocol Administrative Distances. OSPF AD with Cisco OS's The values will be as follows regarding the Static and Dynamic Routing Protocols: Direct = 0 Static = 1 eBGP = 20 EIGRP = 90 OSPF 110 IS-IS = 115 RIP = 120 iBGP = 200 This Shows that OSPF routes to a specific target can be hidden if one of the dynamics (EIGRP or eBGP) routes was installed in the routing table, that also includes the Direct and Static as well. Route Preference Dealing with devices/platforms from Juniper Networks will get you to face and operate with JunOS, the one unified operating system they have, across their different platforms. with juniper the concept of Administrative Distance still exists and still play the same role, but instead, they name it only differently here by calling it as "Route Preference". OSPF AD with Juniper JunOS Some protocols will be treated differently here, and some others will be missing (cases like EIGRP as it is a Cisco proprietary). Direct/Local = 0 Static = 5 OSPF internal = 10 IS-IS L1/L2 = 15/18 RIP = 100 OSPF external = 150 IS-IS external L1/L2 = 160/165 BGP = 170 OSPF here has to types of routes and stands in the middle of the table, with the absence of EIGRP, only Direct/Local and Static routes can beat OSPF routes, making it the most preferred dynamic routing protocol. Routing Protocol Preference With another operating system like Huawei's Versatile Routing Platform (VRP) we will see many similarities with the one of JunOS, but there is a small difference to catch in the table described below. OSPF AD with Huawei's VRP Still missing EIGRP here, check the surprise of where OSPF stands within the table: Direct = 0 OSPF = 10 IS-IS L1/L2 = 15/18 Static = 60 RIP = 100 OSPF external = 150 BGP = 255 OSPF is the first protocol here!, putting away the Static route, even IS-IS beats Static route as well, interesting... Route Preference Again One more platform to check their preferences and that would be The Nokia Service Router Operating System (SR OS). OSPF AD with Nokia's SR OS It has the same name and many similar numbers to Juniper's JunOS table: Direct = 0 Static = 5 OSPF = 10 IS-IS L1/L2 = 15/18 OSPF external 150 IS-IS external L1/L2 = 160/165 BGP = 170 So at the end we find Cisco is almost the only one who names it differently, have different protocols, different order, and clearly different numbers of values for the Administrative Distances.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Protocol Basic Overview

What is OSPF Language-wise it stands for Open Shortest Path First, and Family wise it belongs to the Link-State Interior Gateway Dynamic Routing Protocols. Done with the CV yet?, OSPF is an open standard internal routing protocol that is supported across all the different vendors manufacturing networking platforms. In this article, we will review the basics and specs of this protocol, and see its own unique features. OSPF Neighbor States As a start, the OSPF routing protocol uses a multicast hello message that is destined to the OSPF Multicast address of 244.0.0.5 seeking any possible other OSPF routers in the area. This message keeps repeating every 10 seconds by default, and that will be out of the interfaces that announced an OSPF configuration, which depends on how you configured it + the vendor-specific configuration template. Upon receiving a multicast hello message from another router we already sent it a hello message earlier, and that should be within the dead timer of 40 seconds maximum (by default). An OSPF neighbor process will start by: Init: at the moment of confirmation that a bidirectional multicast hello has initiated 2-Way: communication from the 2 parts has successfully occurred ExStart: OSPF router-id gets exchanged and database information begins to be shared Exchange: link states bidirectional communication and exchange Loading: final synchronization of LSA's Full: settlement and official neighboring announcement OSPF Routing Protocol Before starting routing, OSPF understands its neighboring environment by drawing a shortest-path tree SPT to those neighbors that it established a neighboring state with them earlier, based on the Dijkstra's Algorithm. Having the tree will allow the OSPF router to know how to reach each neighbor in the best way, and that will depend on the OSPF metric calculated per neighbor. named as the "Cost". OSPF at Rest With no triggers or events, OSPF routers will be calm, with no need to exchange any routes or LSA's, leaving the databases named LSDB's as steady, identical between routers, and containing the same types and amounts of LSA's. Only the OSPF hello message will be forever bidirectionally exchanged to maintain the neighbor state.

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

OSPF Configuration - A sample template on multi-vendor routers

There are commons and differences to the time when it comes to configuring an OSPF routing protocol on a router you manage, based on the router's manufacturer. We will take a look at the basic sample of configuring OSPF on Cisco IOS-XE and Juniper's JunOS operation systems. OSPF on Cisco IOS-XE With ios-xe we start configuring OSPF by mentioning the numerical value of the: OSPF Process ID And what that does mean is just a number to isolate some hierarchical designs of the OSPF process on the router of cisco. Does it have to be matched on both the peering ends?, the answer is NO Does it affect some priorities in some OSPF election processes?, the answer is also NO Is it that mandatory?, well based on that "OS" it is, but it is not a general OSPF concept? As it is missing with the other vendors!! That makes the first line of configuration look like this:         OERouter1(config)#router OSPF [Process ID] i.e. "OERouter1(config)#router ospf 10 OSPF Network Advertisement The later step after getting into the hierarchical mode of OSPF, specifying the process ID as well, is to advertise the networks. These networks prefixes and prefix lengths will be announced to the adjacent neighbors inside the transported LSA's of the OSPF routing protocol. OERouter1(config-router)#network [network prefix] [network wild card mask] _____ i.e. "OERouter1(config-router)#network 10.10.10.0 0.0.0.255 _____ and that will be advertising a network with the prefix of 10.10.10.0 and the prefix length of 24 OSPF Area ID The real key here in OSPF configuration is the Area ID, the Area ID does the isolation, it does the creation of multiple databases LSDB, it generates the need and the role for the ABR Router, It has to be matched on both the ends of the peering OSPF routers, and there will be a database for every area. OERouter1(config-router)#network [network prefix] [network wild card mask] Area [Area ID] i.e. "OERouter(1config-router)#network 10.10.10.0 0.0.0.255 Area 0 That line had just advertised the network of 10.10.10.0/24 into the domain and database of Area 0 Any other participating router within the same area will receive some LSA's carrying the 10.10.10.0/24 network advertisement. OSPF on JunOS OS On the other end, the other router awaiting to peer with the Cisco IOS-XE router will be a router from Juniper Networks, Having the one unified intelligent JunOS OS installed on, Here, just like it is with many other vendors, there will be no "Process ID" Advertise a network and its Area ID under the umbrella of OSPF configuration hierarchy, and that is it. [edit] O[email protected]#edit protocols [dynamic routing protocol] [email protected]#edit area [Area ID] i.e. [email protected]#edit protocols OSPF [email protected]#edit area 0.0.0.0 Areas with JunOS can be mentioned either as a normal numerical value [0] or as a 32-bit value [0.0.0.0] The classic of JunOS is to use the [0.0.0.0] form. After specifying the Area ID, and also making sure that the syntax started with "edit" We will log in another JunOS hierarchical mode, where we can advertise "Participating Interfaces" instead of "Networks" [email protected]#set interfaces [interface_ID.logical_unit] i.e [email protected]#set interfaces ge-0/0/0.0 or: [email protected]#set interfaces ge-0/0/0 unit 0 Now any network getting advertised within the interface ge-0/0/0 generally (unit 0) Will be advertised out of that interface as a network participating in OSPF Area 0, to the other side. Point of Argument Will the above samples of configuring 2 different platforms, running 2 different operating systems, Having 2 different ways of advertising a network out, and also one of them misses a mandatory statement based on the other aspect, Will all of that work!!! The answer is YES, OSPF is an open standard protocol, it is supported across multiple vendors, the slight differences in configuration samples are just some languages differentiations, But neighboring adjacency will come up and full Link-State Databases (LSDB's) will be established and fully synchronized between the routers using LSA's. A more unified method As we've seen earlier, with Cisco IOS-XE, the OSPF configuration was done by advertising a network, while in JunOS it was done by advertising an interface. That can have an alternative way on Cisco's IOS-XE, by also advertising an interface, BUT, from the interface hierarchical config. mode. OERouter1(config)#interface [interface ID] OERouter1(config-if)#ip ospf [Process ID] Area [Area ID] i.e. OERouter1(config)#interface gi 0/1 OERouter1(config-if)#ip ospf 10 area 0

Published - Wed, 20 Apr 2022

Created by - Orhan Ergun

DMVPN vs MPLS VPN

DMVPN - Dynamic Multipoint VPN and MPLS VPN are two of the most popular VPN mechanisms. In this post, we will look at DMVPN vs MPLS VPN comparison, from many different aspects. At the end of this post, you will be more comfortable positioning these private VPN mechanisms. DMVPN vs MPLS VPN When we compare the two protocols, we look at many different aspects. For this comparison, I think very first we should say that DMVPN is a Cisco preparatory tunnel-based VPN mechanism but MPLS VPN is standard-based, RFC 2547, non-tunnel based VPN mechanism. Although, whether MPLS LSP is a tunnel or not is an open discussion in the networking community, we won't start that discussion here again. DMVPN and MPLS VPN over the Internet Another important consideration for MPLS VPN vs DMVPN is, that DMVPN can be set up over the Internet but MPLS VPN works over private networks, Layer 2 or Layer 3 based private networks. DMVPN tunnels can come up over the Internet and inside the tunnels routing protocols can run to advertise the Local Area Networks subnets. But MPLS requires Private network underlay. Figure - DMVPN Networks can run over Internet or Private Networks    DMVPN vs MPLS VPN Security Both VPN mechanisms don't come with encryption by default. Many people wrongly know that DMVPN comes with the IPSEC. In fact, it is wrong. There is only two standard-based technology for DMVPN, they are mandatory for DMVPN. These are; MGRE - Multipoint GRE and NHRP - Next Hop resolution protocol. IPSEC is optional for the DMVPN. Same for the MPLS VPN. IPSEC or GETVPN can run over MPLS VPN but they don't come together with the MPLS VPN, which means that MPLS VPN doesn't require IPSEC or GETVPN for its operation This is true for the DMVPN as well. It doesn't require either of them. Last but not least for the security of the MPLS vs DMVPN, GETVPN can provide the most scalable encryption method for both MPLS VPN as well as DMVPN. MPLS over DMVPN MPLS can run over DMVPN. The reason for it is to create even more scalable VPNs over DMVPN. Without MPLS, if there are many different business units that need to communicate river DMVPN, to segment those business units' network traffic, many different tunnels would be required. With MPLS VPN over DMVPN, which is commonly known as 2547 over DMVPN method, we don't need to create multiple DMVPN tunnels, but with just 1 single DMVPN tunnel, we can carry many different business units by segmenting their traffic in a scalable manner. DMVPN over MPLS VPN DMVPN can run over MPLS VPN as well. So, DMVPN doesn't only run over the Internet but the underlay network for DMVPN can be an MPLS network. In this case, DMVPN tunnel endpoint reachability is provided by the underlay MPLS VPN network. Underlay MPLS network can be MPLS Layer 2 VPN or MPLS Layer 3 VPN. In both cases, MPLS VPNs can provide reachability between the DMVPN Hub and Spokes. So far all this information about MPLS VPN vs DMVPN is applicable for every DMVPN Phase, DMVPN Phase 1, DMVPN Phase 2, and DMVPN Phase 3.  

Published - Mon, 18 Apr 2022

Created by - Orhan Ergun

IS-IS Routing Ptrotocol

IS-IS is a link-state routing protocol, similar to OSPF. If you are looking for Service Provider grade, MPLS Traffic Engineering support, and extendible routing protocol for easier future migration then the only choice is IS-IS. Commonly used in Service Providers, Datacenter (as an underlay), and some large Enterprise networks. IS-IS Routing Protocol in Networking IS-IS works based on TLV format. TLVs provide extensibility to the IS-IS protocol. IS-IS TLV Codes - Specified in RFC 1195   You don’t need totally different protocol to support new extensions. In IS-IS IPv6, MTR and many other protocols just can be used with additional TLVs. 1. IPv6 Address Family support (RFC 2308) 2. Multi-Topology support (RFC 5120) 3. MPLS Traffic Engineering (RFC 3316) IS-IS is a Layer 2 protocol and is not encapsulated in IP, thus it is hard if not impossible to attack Layer2 networks remotely, IS-IS is considered more secure than OSPF. IS-IS uses a NET (Network Entity Title) address similar to OSPF Router ID. IP support to IS-IS is added by the IETF after ISO invented it for the CLNS. If IS-IS is used together with IP, it is called Integrated IS-IS. IS-IS doesn’t require an IP address for the neighborship. ISPs commonly choose addresses as follows: 1. First 8 bits – pick a number (49 used in these examples) 2. Next 16 bits – area ID 3. Next 48 bits – router loopback address (6 bytes, every 4 numbers is 2 bytes) 4. Final 8 bits ( 2 Numbers) is 00 on the routers Let's say NET ID is:  49.0001.1921.6800.1001.00 When we look at each part of it: 49.0001 is the IS-IS Area ID 2.192.168.1.1(Router loopback) in Area1 3.00 is the NSEL OSPF vs IS-IS Terminology Comparison IS-IS       vs                   OSPF End System (ES)                                  Host Intermediate System (IS)                   Router Circuit                                                     Link Protocol Data Unit (PDU)                  Packet Designated IS (DIS)                             Designated Router (DR) N/A (no BDIS is used)                         Backup Designated Router (BDR) Link-State PDU (LSP)                          Link-State Advertisement (LSA) Sub-domain/Level                                Area Level 1 IS-IS Domain                            Non-Backbone Area Level 2 IS-IS Domain                           Backbone Area L1L2 Router                                           Area Border Router (ABR) Any Intermediate System (IS)           Autonomous System Boundary Router (ASBR).   There is no Backup DIS concept within IS-IS, because DIS sends CSNP very often, so routers get the latest info all the time and all routers are neighbors of each other, so they send the LSPs to each other anyway, DIS is like a backup mechanism to ensure receiving LSP. SPF (Dijkstra) runs when the topology has to be calculated (SPF Tree). PRC (Partial Route Calculation) runs when IP Routing information has to be calculated. If a router (IS) receives an LSP where only IP information has changed, it will run PRC only (Less CPU compare to SPF), thus better compare to OSPF. IS-IS Scalability •Scalability can be achieved through IS-IS Multi-level design as well which we will discuss next. IS-IS has two Levels: Level 2 and Level 1 Levels are similar to the Backbone Area and Non-Backbone areas of OSPF. Level 2 IS-IS is similar to OSPF Backbone, Level 1 IS-IS is similar to OSPF Non-Backbone Area. How IS-IS Routing Protocol Works If the Area ID is the same on the 2 routers, they can set up both L1 and L2 adjacency. If Area ID is different they can only set up an L2 IS-IS adjacency. There is no backbone area in IS-IS as in the case of OSPF. There are only contiguous Level2 routers. Level 2 domains have to be contiguous. But still for the new learners, the IS-IS level 2 domain can be considered similar to the OSPF backbone area. There are three types of routers in IS-IS IS-IS Level 1 Router 1. Can only form adjacencies with Level 1 routers within the same area 2. LSDB only carries an IS-IS intra area information 3. Use the closest Level 2 router to exit the area 4. This may result in suboptimal routing IS-IS Level 2 Router 1. Can form adjacencies in multiple areas 2. Exchange information about the whole network IS-IS Level1-2 Router 1. These routers keep separate LSDB for each level, 1 for Level 1database, and 1 for level 2 databases. 2. These routers allow L1 routers to reach other L1 in the different areas via the L2 topology. Level 1 routers look at the ATT- Attached bit in L1 LSP of L1-L2 routers. And use it as a default route to reach the closest Level 1-2 router in the area. This can create suboptimal routing in IS IS network. The L1 domain is similar to OSPF Totally NSSA Area since the L1 domain doesn’t accept anything other than the default route from the Level 2 domain and redistribution is allowed into the L1 domain.

Published - Sun, 17 Apr 2022

Created by - Orhan Ergun

Introduction to MPLS - Fundamentals of MPLS

MPLS Multiprotocol Label Switching is one of the most popular and commonly used technologies in today's Service Provider and Enterprise networks. In this post, we will explain the most fundamental topics about MPLS. After reading this post, you will learn a lot about MPLS, why we should use MPLS to MPLS packet formats, USA cases of MPLS to MPLS advantages and MPLS disadvantages, some recommendations about MPLS books, MPLS training, some basics MPLS questions, and many other things will be covered. Sit tight and let's enjoy!. What is MPLS in Networking? Multiprotocol Label Switching - MPLS, is a networking technology that switch the network traffic using the shortest path based on “labels,” rather than IP destination addresses, to handle forwarding over a private Wide Area Network. MPLS is a scalable and protocol-independent solution, that can carry Layer 3 IP and Non-IP and Layer 2 traffic, PPP, HDLC, Frame-Relay, Ethernet, all are possible. MPLS provides transport and can be considered one of the tunneling mechanisms. MPLS transport protocols as of 2022, are LDP, RSVP, Segment Routing and BGP LU. An MPLS network is Layer 2.5, meaning it falls between Layer 2 (Data Link) and Layer 3 (Network) of the OSI 7 layer model hierarchy. When MPLS was invented for the first time, the reason was faster packet processing. The common belief was label switching would be faster compared to IP destination-based lookup. Businesses use MPLS to connect remote branch offices that require access to applications that reside in the organization's data center or company headquarters. Service Providers use MPLS in their network to scale their network and to connect thousands, if not tens of thousands of their customers' locations. What is MPLS used for, Why MPLS is used? MPLS is used to create a transport network actually. It provides an underlay medium for overlay services. The main services that we run with the MPLS are: Layer 2 MPLS VPN with Pseudowires (VPWS, VPLS) EVPN Layer 3 MPLS VPN Inter-AS MPLS VPN Carrier Supporting Carrier MPLS Traffic Engineering with RSVP and Segment Routing RSVP-FRR, TI-LFA Seamless MPLS/Unified MPLS These are some of the reasons/use cases we have MPLS in the networks. What MPLS network consists of? MPLS network consists of  three different types of devices: MPLS PE Router: PE is a Provider Edge device. In MPLS networks, all the intelligence is at the edge. The core is kept as simple as possible. KISS principle in network design comes from the ‘ Intelligent Edge, Dummy Core ‘ idea. PE device looks at the incoming frame or packet and identifies which egress PE device is used for transport. A second lookup is made to determine the egress interface on the egress device MPLS CE Router: CE is customer equipment that can be managed by Service Provider or Customer depending on SLA. It resides in the customer network and doesn't run MPLS with the PE router. The only exception is CSC - Carrier Supporting Carrier Architecture, in that case, LDP or BGP runs between CSC-CE and CSC-PE nodes, otherwise, in any other MPLS service, the CE router doesn't run MPLS. MPLS P Router: P is the Provider device and only has a connection to the MPLS-enabled devices. P device doesn’t have a connection to the customer network. Its main job is to connect the PE devices and provide reachability between the PE nodes. MPLS network can run without P nodes. In that case, the scalability of the MPLS network might be an issue. If the MPLS network runs without P routers, then the LSP - Label switch path is referred to as One-hop LSP.   Figure - MPLS Network nodes/elements MPLS Header MPLS Header is 4 bye - 32 bits field. First 20 bits for MPLS Label, 3 bits for EXP, 1 bit for Bottom-of-stack, and 8 bits for TTL purposes. Labels 16 - 100,000 are in the default range used by Cisco devices. Each router's label range can be specified with the 'mpls label range command'. MPLS Label stack has 4 parts! The MPLS Label consists of four parts: The Label - 20 bits The label holds all of the information for MPLS routers to determine where the packet should be forwarded. It is 20-bits long, thus 1,048,576 labels can be assigned in the MPLS network. Sometimes this amount of labels may not be enough but in this post, we won't cover it. MPLS Experimental - EXP bits - 3 bits Experimental bits are used for Quality of Service (QoS) to set the priority that the labeled packet should have. In DSCP we have 6 bits for QoS, in layer 2 802.1p we have 3 COS - Class of Service bits for QoS and in MPLS, we have 3 bits EXP field. When QoS is done in the MPLS network, COS to EXP or DSCP to EXP mapping is done. Based on the MPLS DiffServ Tunneling mode, Uniform, Short-Pipe, and Pipe Model, EXP bit mapping would be different. Bottom-of-Stack - 1 bit  The Bottom-of-Stack tells MPLS routers whether there are no more labels in the label stack. The bottom--of-stack bit is a field that is set to 1 for the last MPLS header. For example, with MPLS VPN the VPN label will have the bottom-of-stack label set to 1, which tells the MPLS router to process the embedded transport protocol. This bit in some resources is referred to as S-bit. MPLS Time-To-Live - 8 bits This identifies how many hops the packet can make before it is discarded. MPLS TTL, similar to IP header, is an 8-bit value. Similar to the IP header, the TTL field is used to prevent infinite forwarding loops of MPLS frames. Max value is 255 because it is 8-bits. The TTL field can be used for path tracking like MPLS Traceroute. MPLS Reserved Labels Reserved labels 0 - 15 have a special meaning in MPLS Label 0 - Explicit Null in IPv4 - The egress LSR tells the neighboring LSRs to forward the packet keeping the explicit null label (0). The egress router strips the label, paying attention to the QoS value, and makes the IP lookup, without doing a lookup on the label. The biggest advantage of explicit null is transferring the QoS information. Label 1 - Router Alert - the label that informs the LSR to look at the packet using software instead of forwarding in hardware. This is mainly used for traceroute purpose Label 2 - Explicit Null in IPv6 - Same as Label 0 in IPv4 but Label2 is for IPv6 Label 3 - Implicit Null label which is used for Penultimate Hop Popping - PHP purpose. The egress LSR tells the neighboring LSR to pop the topmost label before forwarding to the egress LSR. This also removes the EXP bits which may not be ideal when using MPLS DiffServ Tunneling modes(Uniform and Pipe models). The benefit of doing implicit Null is that egress LSR does not have to do the lookup on the label, strip it, and then lookup IP forwarding. It is done to improve the performance of the network but MPLS TP (Transport Profile) for example, we need the topmost/outer label end to end. MPLS OSI Layer MPLS in OSI Layer is considered as Layer 2.5 As you might know, Ethernet is Layer 2 in the OSI Layering model and IP is Layer 3 based on OSI. MPLS header is placed between Ethernet and IP, meaning between Layer 2 and Layer3, thus MPLS is commonly referred to as Layer 2.5 technology. What is MPLS Connection? Any circuit, layer 2 or layer3, that connects the device to another device for MPLS service to be carried is called MPLS Connection. Over the circuit MPLS, with LDP or RSVP doesn't need to run. The circuit might be an Ethernet and MPLS Layer 2 VPNs can run on top of it. Or Circuit (Link), can be Layer 3 and IP routing might run between the two end-points, and it can support MPLS Layer 3 VPNs. So, MPLS Connection is an underlay connection/transport which provides a medium for the overlay MPLS service. How does MPLS work? MPLS works based on 3 operations. MPLS Label Push, Swap, and POP. Ingress (First node) router does the IP destination-based lookup, assigns a label to the packet, and mid routers change this label towards the Egress router, and Egress router POP all the MPLS labels and forward the packet to the destination. The first device does a routing lookup, just like before in IP Routing But instead of finding a next-hop, it finds the final destination router. And it finds a pre-determined path, called Label switched path,  to that final router The router applies the MPLS label based on this information. Future routers use the label to forward the traffic Without needing to perform any additional IP lookups At the final destination router, the label is removed And the packet is delivered via normal IP routing. MPLS Router Roles Label Edge Router - LER or ingress node: The router first encapsulates a packet inside an MPLS LSP. Also, the route which makes the initial path selection. Label Switching Router - LSR or transit node: A router that only does MPLS switching in the middle of an LSP. Egress Node The final router at the end of a Label Switch Path - LSP, which removes the label What is MPLS Label Swapping? Mid-LSR, Label Switch Router only replaces the incoming label with the outgoing label. So it receives a label from its downstream node, to reach the final destination and advertises another label to its upstream for the same destination. Let's say it receives Label 10 to reach the destination/egress router, it assigns label 20 and advertises to its upstream router. Whenever its upstream router sends the packet with Label 20, LSR swaps/replace the label 20 with label 10 and sends it towards the final destination. What is MPLS Push Operation? Ingress PE router, which is the first router in the MPLS domain, does the IP lookup and assigns a label for the final destination. Assigning a label is called PUSH. Basically, it is adding a label to send the traffic towards the Egress PE router. What is MPLS POP Operation? MPLS POP means basically removing the MPLS labels. The topmost label can be removed if there is PHP, otherwise, MPLS Labels are carried all the way to the egress router and it POPs/removes the MPLS labels and forward the traffic towards the correct MPLS CE interface. What is MPLS Penultimate Hop Popping - PHP? Egress LSR, in order to improve the performance of the network, can send the Implicit Null labels which were explained earlier in the post. The benefit of doing implicit Null is that egress LSR does not have to do the lookup on the label, strip it, and then lookup IP forwarding. This process is called Penultimate Hop Popping. A weird name. But basically, next to the last-hop router, remove the topmost label. Only a service label/VPN label packet might have if MPLS VPN is enabled and the Egress router doesn't have to do a double lookup, one for MPLS and one for IP. Where MPLS PHP is used? Almost in any MPLS application, MPLS PHP is used by default. MPLS Layer 2 VPNs, MPLS Layer 3 VPNs, RSVP-TE, RSVP Fast Reroute, PHP is used. Where MPLS PHP is not used? MPLS Transport Profile - TP, requires an end-to-end label for OAM purposes. Also, when the topmost label needs to be carried for QoS information, Explicit Null is sent to preserve the topmost label header. Thus in general, QoS and MPLS TP don't have MPLS PHP. What is MPLS FEC? Wikipedia's explanation for MPLS FEC is, it is a forwarding equivalence class (FEC) is a term used in Multiprotocol Label Switching (MPLS) to describe a set of packets with similar or identical characteristics which may be forwarded the same way; that is, they may be bound to the same MPLS label. MPLS FEC can be identified by address, tunnel, or CoS - Class of Service. Typically, a device assigns the same label to one MPLS FEC. The traffic of one FEC is forwarded in the same mode and through the same path. However, not all packets with the same label belong to the same FEC. The EXP values of the packets may be different. Therefore, they are processed in different ways and belong to different FECs. Because the ingress LSR needs to classify packets and add labels to the packets, it is responsible for determining the FEC to which packets belong. MPLS FEC Examples: Unicast Packets with the destination IP addresses match the same prefix. Multicast packets belonging to a specific multicast group. Packets that are processed in the same mode based on the process or the IP DSCP field. MPLS Label Signalling Protocols: MPLS Labels can be assigned by 4 protocols currently. LDP, RSVP, BGP, and Segment Routing. For the Service layer/Overlay MPLS Label, SR and RSVP are not used. The service layer which is also referred to as Overlay, LDP, and BGP is used. When LDP is used for the service layer, it is called Targeted LDP - tldp. When LDP is used for transport, sometimes it is referred to as Directed LDP. Underlay/Transport MPLS Label signaling can be done based on LDP, RSVP, Segment Routing, and BGP. BGP here, basically a BGP LU - Labeled Unicast. MPLS Switch and MPLS Routing MPLS is a switching technology. Switching is done based on MPLS Label. But, MPLS with an IP control plane, requires a routing protocol to set up an underlay transport network. For MPLS nodes to communicate with each other, underlay routing needs to provide reachability. Static routing or any dynamic routing protocols can be an underlay routing for MPLS. MPLS Internet Many companies want to have Internet Access with SLA, but unfortunately, this is not possible. Internet is a best-effort service, meaning there can't be Packet Loss, Delay, and Jitter guarantee and Service Providers cannot give an SLA - Service Level Agreement to their customers. MPLS on the other hand can provide SLA for availability, packet loss, latency, jitter, and many other criteria. MPLS and Internet are totally different services. Over the Internet, VPN can be created let's say via GRE, mGRE, or DMVPN technologies and MPLS can run over those technologies. So, MPLS cannot run directly over the Internet, which is a public network, but it can run over some other private networks. Not all though. For example, MPLS cannot run over GETVPN, although GETVPN is an overlay VPN, there is no tunnel with GETVPN, thus MPLS or routing protocols cannot run over GETVPN. is MPLS Layer 2 or Layer3? MPLS doesn’t fit neatly into the OSI seven-layer hierarchy, thus MPLS is not Layer 2 or Layer 3 in OSI layering. Although the Network Engineering community has been discussing whether the OSI layering is suitable for the many protocols for definition, if we would fit MPLS somewhere in the OSI layer, it is considered Layer 2.5 Because the MPLS header is placed between Layer 2 MAC and Layer 3 IP Headers. Thus, MPLS is commonly referred to as Layer 2.5 protocol. Figure - MPLS is layer 2.5 Source: www.mplsinfo.org MPLS Extra StudyTutorials MPLS Recommended Books Network Convergence: Ethernet Applications and Next Generation Packet Transport Architectures Definitive MPLS Network Designs (Networking Technology) MPLS-Enabled Applications: Emerging Developments and New Technologies 3rd Edition MPLS Related Blog Posts Making the case for Layer 2 and Layer 3 VPNs Scalable VPLS Architecture Juniper MPLS Based Layer 2 VPNs Understanding MPLS VPNs Jeff Doyle MPLS Training Suggestions We strongly recommend MPLS Training with Cisco from Orhan Ergun for MPLS Training. This training comes with more than 30 hours of network design and 40 hours of hands-on practical labs using Cisco routers and switches. Network design examples in MPLS training are vendor-neutral, meaning applicable to every vendor. Also, MPLS VPN with Juniper Network Training, explains the MPLS Layer 3 VPN, MPLS Layer 2 VPNs, and EVPN by using Juniper network equipment. is MPLS Point-to-Point? Actually, MPLS depends on the protocol that we used for labeling can be a point to point, point to multipoint, or multipoint to point. If we use regular LDP, it is Multi to Point, which is used in IP Unicast transport networks. If MPLS is used with mLDP - Multipoint LDP, when it is Point to Multipoint or Multipoint to Multipoint and mLDP is used in MPLS Multicast. if regular RSVP is used, then MPLS is a point-to-point, and RSVP is used in IP Unicast transport as well. Last but not least, if RSVP is used for MPLS Multicast, then MPLS would be considered as P2MP - Point to Multipoint. How many Labels do MPLS Layer 3 VPNs have? MPLS Layer 3 VPN has two labels. Most MPLS operation requires a minimum of 2 labels. In MPLS Layer 3 VPN, Transport, and BGP label In Layer 2 VPN, based on pseudowire technology, MPLS labels are Transport and VC Label. What is the most common MPLS use case in 2022? As of 2022, the most common MPLS use case is MPLS VPNs. MPLS Layer 3 VPN and MPLS Layer 2 VPNs are the most common reasons that networks deploy MPLS technology. MPLS Fast Reroute would be considered the second most common use case for MPLS.

Published - Tue, 12 Apr 2022

Created by - Orhan Ergun

What is IP Anycast? Where it is used in networking?

What is IP Anycast? Is IP Anycast a routing protocol? Where IP Anycast is used in Networking?. In this post, I will answer these questions. I discuss these questions and often ask them in my training as well. I always receive many different answers but you will see how it is easy to understand the idea behind anycast after reading this post. IP Anycast is a way of assigning IP addresses. The same IP address is assigned to multiple nodes. It is not a routing protocol, switching protocol, or a special network design. Just a way of assigning an IP address. There are many use cases for it. Internally in the networks, Multicast uses IP Anycast for load balancing and redundancy. Specifically, PIM ASM (Protocol Independent Multicast - Any Source Multicast) uses IP Anycast for the RP (Rendezvous Point) address assignment. The same IP address is assigned on multiple nodes in the network and the underlying IGP protocol shortest path is used to determine the closest RP in a topology. IP Anycast for  CDN (Content Delivery Networks) IP Anycast is a special method for request routing in CDN architecture. Let's have a look at what is request routing and how Anycast is used in request routing. Request routing or also known as server redirection is a method to bring the customer to the optimal server in a CDN architecture.   Figure - IP Anycast vs. Unicast   In this approach, the same IP address is assigned to multiple servers located in a distributed manner. When the client sends requests to the IP address, the requests will be routed to the nearest server defined by the routing policy. With this approach content providers may lose some server selection flexibility. Consider a scenario in which Anycast forwards requests to the nearest (yet overloaded) server, by simply respecting a distance-based routing policy. CDN service providers who configure their platform with Anycast set a single IP address for all their nodes! Unlike a DNS Based CDN Redirection, where every node has a unique IP address and recursive DNS routes the client to the closest node, it uses the Border Gateway Protocol (BGP) to route clients using the natural network flow of the Internet BGP is a network-level protocol that is used by Internet edge routers to exchange routing and reachability information so that every node on the network, even though it is autonomous, knows the state of its closest network neighbors. Anycast uses this information to efficiently route traffic based on hop count ensuring the shortest traveling distance between the client and its final destination.

Published - Mon, 11 Apr 2022