Orhan Ergun 24 Comments

MPLS Design Question

MPLS Design Question – MPLS is one of the most commonly used encapsulation method today. Especially on Wide Area Networks of the Service Providers, Large Enterprises and some datacenters.

Service Providers sell MPLS services to customers for decades. When customers want to have Service Provider redundancy so two MPLS circuit from different Service Providers, Inter AS MPLS service is created between those providers.

Or customers have a location where their MPLS service provider don’t have there but customer wants to have end to end MPLS connectivity between their all locations, again Inter MPLS Service is created between the providers.

If you are a visual learners and want to understand the basics of Inter AS MPLS VPN Options, check my youtube channel and subscribe for the more design videos.

Read more

Orhan Ergun 4 Comments

Advanced Carrier Supporting Carrier Design

LDP is the most commonly used label distribution protocol in today MPLS networks. Although it lacks of Traffic Engineering, Admission Control, Fast Reroute capabilities, it scales very well because of its Multi Point to Point Label Switched Path.BGP can also assign a label for the IP and also for the VPN prefixes and in this article I will show you how BGP provides extra level of scalability for the MPLS applications.

LDP can also be used to setup a targeted LDP session which is used by many applications such as L2VPNs, Remote LFA Fast Reroute, LDP over RSVP to scale RSVP networks and so on.

In this post I will explain the differences if you use IGP + LDP and the BGP + Label for the IP prefixes.

Read more

Orhan Ergun 20 Comments

Inter AS Option A Design Considerations and Comparison

Inter AS Option A is the easiest, most flexible, most secure Inter autonomous system MPLS VPN technology.

In the below topology VPN Customers A and B are connected to two different service providers via MPLS Layer 3 VPN. In order to have end to end MPLS VPN service, Service Providers use special mechanisms. In this article, I will explain the most basic one which is Inter-AS Option A, though there are many other things you need to know about Inter-AS Option A.

Our aim is to carry all the customer routes between the service providers.

There are many different ways of handling this case. In this post, I will explain Inter AS Option A MPLS/VPN, also known as VRF-to-VRF approach.

 

 

option a

 

 Figure 1: Inter-AS OptionA

I will use the topology depicted in fig. 1 throughout this post to explain Inter AS Option A operation.

In the above diagram, we have two service providers and the two customers which require Inter-AS MPLS VPN service.

The PE routers that connect the two providers are also known as ASBR (Autonomous System Boundary Router).

Inter AS Option A: an ASBR router in one Autonomous System attaches directly to an ASBR router in another Autonomous System.

The two ASBR routers are attached to multiple sub-interfaces; at least one of the VPNs whose routes need to be passed from one AS to the other AS is attached. In addition, those sub interfaces associate with the VRF table.

For each customer, service providers could use separate physical connection, instead of sub interface. However, doing that would not produce optimal result for resource utilization.

PE routers connected to the CE devices run MP-IBGP, either through full mesh or through RR (route reflector).

 

Inter AS Option A allows ASBR routers to keep all the VRFs for customers who require Inter AS service.

 

SP-A and SP-B ASBR routers maintain VPN forwarding table in LFIB. Furthermore, they keep routing information in RIB and FIB.

Compared to other AS options, ASBRs have high memory usage in Inter AS Option A.

However, other Inter AS VPN options do not have these capabilities.

ASBRs can either run the same routing protocol with the customer on the VRFs or use just EBGP.

For example if the requirement for customer A, is to keep routing information, such as metric end to end, SP-A and SP-B runs  same routing protocol on the ASBRs and the PE devices where the Customer CE device is attached to.

SP-A and SP-B: Inter AS Option A will have to manage redistribution at the ASBRs because the routes appear to the ASBR as BGP route from remote PEs. For customer A, those routes need to be redistributed  from BGP to Customer A PE-CE Routing protocol, and from the Customer A PE-CE routing protocol to BGP.

ASBRs associate each such sub-interface with a VRF.

Inter AS Option A does not require MPLS at the ASBRs unlike the other Inter AS options.

Since we need to have a separate VRF and sub interface for each customer VPN, separate routing protocol, dealing with redistribution for each protocol,  it is operationally cumbersome thus hard to scale.

Among all other Inter AS options since there is only IP routing between the AS, Option A is considered as most secure one.

In addition, it is the easiest option to implement between the AS because Option A does not require another control plane mechanism between service provider ASBRs such as LDP, BGP+label, or BGP-VPNv4.

Between the service providers on ASBRs, either IGP protocols or EBGP is used.

More importantly, other Inter AS Options (Inter AS Option B and Inter AS Option C) require additional control-plane protocols to advertise the customer or infrastructure prefixes between the ASBRs.

Since only IP traffic passes (Not MPLS) between the service providers, most granular QoS implementation is achieved with Option A. (Per sub-interface and IP DSCP vs. MPLS EXP)

For all Inter AS Options, it is very common that customers have to trust to the service provider for data integrity, confidentiality, and availability.

MPLS does not encrypt the packets because if a customer need end-to-end encryption, the user can deploy an IPSEC.

Below Inter AS MPLS VPN Options Comparison Table gives you most comprehensive analysis. In real life and also for the design exams it will be very useful since the comparison are done from the design point of view.

 

Inter-AS MPLS VPN s

Inter AS MPLS VPN Options Comparison

 

Do you use MPLS VPN service? Is it from one provider or multiple providers?

Let’s talk about your design in the comment section.