Professional Documents
Culture Documents
- Tutorial
Madhusudan Nanjanagud
mnanjana@cisco.com
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Agenda
• Introduction
• Feature Overview
• 6VPE – v6 L3VPN
• Service integration
• Configuration flow
• Summary
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Introduction
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Feature Overview
RFC4364 based L3 VPN Services with IP Core
L3VPN services could be for v4 or v6 over the
same IP core
Leverages most of the functionality from MPLS
core based VPN
Presence of IP Core is transparent to Customer
Edge devices
Two common approaches – mGRE & L2TPv3
Tunnel
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Feature Overview
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Tunnel Overlay Model
IP Transport Network
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Encap PE Packet format
Tunnel IP >> To reach Egress PE with PID as 0x73 ( L2TPv3)
Session ID/Cookie >> For L2TPv3 session control/Security
BGP VRF Label >> For remote End point
VPN IP >> Final customer destination prefix
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Session ID/Cookie Values
Part of the L2TPv3 header
Optional “Cookie field” is a random 64 bit value in each
data packet associated with session id
To protect against a malicious blind attack, or
inadvertent insertion of data into the tunnel stream.
IP L2TPv3 Header
20 Bytes 4 - 12 Bytes Payload
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Comparison - MPLS Based Core – L3VPN flow
As per RFC4364, MP-BGP would exchange customer
prefixes between PE routers with Next Hop address.
Ingress PE has LSP established with egress PE –
LDP/RSVP.
Ingress PE resolves the customer prefix within VRF
table.
Ingress PE would impose “IGP Label” + “VPN Label”+
“Customer Payload”
Traffic to be drained over the core uplink interface –
MPLS enabled links.
Core P router does label Swap/Push/Pop
Egress PE – Label lookup ->IP Lookup and then packet
forwarded to egress interface.
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
IP Core - Ingress PE
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12
IP Core – Implementation – Egress PE
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 13
Forwarding Into and Out Of Tunnel
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 14
Control Plane Events
BGP
(4364)
PE2
PE1 2. Get Remote CE-g2
tunnel end points’ via
CE-g1 BGP
PE3 CE-p2
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 15
Control Plane Operation
VPN-v4
VPN-v4 update:
update:
RD:1:27:152.12.4.0/24 NH=PE-1
RD:1:27:152.12.4.0/24 NH=PE-1
RT=1:1,
RT=1:1, Label=(29)
Label=(29) BGP
BGP Route
Route –– imported
imported
IP
IP Core
Core -- IGP
IGP To
To the
the VRF
VRF
PE1 P1 P2 PE2
MP-iBGP
MP-iBGP
VPNv4
VPNv4 && NH
NH info
info
Tunnel
Tunnel session
session VPN-B VRF
Import routes with
route-target 1:1
BGP,
BGP, OSPF,
OSPF, RIP,
RIP, Static
Static BGP,
BGP, OSPF,
OSPF, RIP,
RIP, Static
Static
152.12.4.0/24,NH=CE1 152.12.4.0/24,NH=PE-2
152.12.4.0/24,NH=PE-2
152.12.4.0/24,NH=CE1
CE1 CE2
VPN B
152.12.4.0/24 VPN B
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 16
Forwarding Plane Operation
IPv4 Address
L2TPv3 Header
PE1 P1 P2 PE2
152.12.4.6 29
152.12.4.6 29 VPN Label
src addr
IP
dst addr Tunnel
Session Id Header
L2TPv3 Cookie
152.12.4.6 152.12.4.6
VPN Label
src addr
CE1 dst addr CE2
data
VPN B
152.12.4.0/24 VPN B
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 17
6VPE Analysis – v6 L3VPN
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 18
6VPE Feature overview
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 19
6VPE : MP-BGP role
v4 and v6 VPN iBGP (MBGP) Sessions v4 and v6 VPN
VPN BLUE
VPN BLUE
v6 Only
P P
v4 and v6 VPN
P P v6 Only
v6 Only
VPN YELLOW
IP Core
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 21
6VPE : Flow
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 22
6VPE Forwarding Operation
IPv4 Address
L2TPv3 Header
PE1 P1 P2 PE2
2001::1 29
2001::1 29 VPN Label
src addr
IP
dst addr Tunnel
Session Id Header
L2TPv3 Cookie
2001::1 2001::1
VPN Label
src addr
CE1 dst addr CE2
data
VPN B
152.12.4.0/24 VPN B
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 23
6PE : Global v6 services
145.95.0.0 v4 v6 2001:CAFE::
6PE P P 6PE
Dual Stack IPv4-IPv6 Routers Dual Stack IPv4-IPv6 Routers
2001:F00D:: v6
CE P P
6PE IP Core 6PE
192.76.10.0 v4 v4 192.254.10.0
CE CE
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 24
Sample Configuration Flow
eBGP eBGP
Lo0 ISIS Lo0
5.5.5.5 3.3.3.3
Router
Router
Pos0/1/0/0 PE1 pos pos PE2 Pos0/8/0/0Tester
Tester 53.2.2.1 53.2.2.2 Advertise
120.1.1.0
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 25
BGP Config – vpnv4 & vpnv6 AFI
(Cisco config guide reference)
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 28
Summary
Investment Protection for Providers – IP Core
Enabling L3VPN –v4 & v6 services over the legacy
infrastructure
Newer services can be easily integrated – L2VPN
multicast VPN / Native
Network Troubleshooting / Maintenance simplified
Parity with MPLS based services
Implementation on networking gear is simplified
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 29
Thank You!
Presentation_ID © 2006 Cisco Systems, Inc. All rights reserved. Cisco Confidential 30