SP Cebe Ajibola D 2015 13112015

',*,7$//,%5$5< COPYRIGHT NOTICE
Every effort has been made to remove any material in this project / thesis
where ownership of the copyright does not belong to the author. However,
should you be aware of additional material that may require exclusion due to
copyright restrictions, please contact DigitalLibrary@bcu.ac.uk or call
0121 331 5286.
The University and the Digital Library are not responsible for the inclusion of
any third party copyright material contained in this project / thesis.
Use of this electronically archived project / thesis is restricted to educational

purposes only.
INVESTIGATION AND IMPLEMENTATION OF MULTI-
PROTOCOL LABEL SWITCHING (MPLS)
Beng Telecommunications and Networks
NAME - DAPO AJIBOLA
STUDENT NUMBER
SUPERVISOR - STEVE BARSON
DATE 23/04/2015
UCEEL Copyright Waiver
Student Name: DAPO AJIBOLA
Project/Thesis Title INVESTIGATION AND IMPLEMENTATION OF MULTI-

PROTOCOL LABEL SWITCHING
Course: TELECOMMUNICATIONS AND NETWORKS ENGINEERING
________________________________________________________________________
Student Agreement
1. I confirm that Birmingham City University can electronically archive and make
accessible the project / thesis described above via the UCEEL Electronic Library system. I
retain all other ownership rights to the copyright of the document / project work described
above.
2. I confirm the above project / thesis is a true and unaltered representation of the
project / thesis as submitted to Birmingham City University course tutors and examiners.
3. I confirm that the above project / thesis includes / does not include (please delete
as appropriate) material copied from a source (e.g. a book) where ownership of the copyright
does not belong to myself.
If the project / thesis includes such material please supply the following details:
a) Page reference / item reference:

b) I have obtained and attached a written permission statement from the owner(s) of each
third party copyrighted matter included in my project / thesis
Yes No (please circle)
(If No, I understand the electronic copy of my project / thesis available on UCEEL will omit
these sections from view)
Signature: DAPO AJIBOLA
Print Name: DAPO AJIBOLA
Date: 23/04/2015
N.B. If you are at anytime in consultation with a publisher regarding this work you will
need to declare the copy held on UCEEL. Some publishers may regard the UCEEL
copy as constituting prior publication. The copy can be removed from UCEEL if it
becomes an obstacle to future commercial publication.
Official Use only
ORION unique number: ________________ Date added to the system:

________________
IS228a/Oct07
Figure 1 MPLS (Roby, 2013)
ABSTRACT

Cell switched-based technologies incorporation
Forwarding performance growths
Layer 3 network layer routing scalability
Improved routing services delivery flexibility
All these problems listed above are very much key to the problems internetworking faces
today. These involves incorporating the several technologies that must exist side-by-side,
developing and scaling to accommodate future technologies, and offering improved
performance, with Internet services and applications.
The introduction of MPLS helped fix these problems and many more as explained in further
details in this Dissertation.
Competing technologies such as Multi-Protocol Label Switching (MPLS), Frame Relay,
Asynchronous Transfer Mode (ATM) and Virtual Private Network (VPN) were compared, a
description of what they are and their uses, stating their advantages and disadvantages,
then concludes on which is the best technology in terms of network efficiency, performance,
Quality of Service (QoS), scalability and extensibility.
MPLS was extensively researched, it highlighted features like Label Switching, MPLS
signalling protocols, Traffic Engineering, MPLS Security (how to defend against threats and
attacks), IPv6 on MPLS and the Disadvantages of MPLS which shows where MPLS could
be improved or why it may not be desirable.
Traffic Engineering This is used to manage network performance by monitoring,
predicting and controlling traffic. It helps to fix congestion by re-routing traffic through
a less congested path, when a path is congested.
MPLS Security This was split into two types of attacks which are Control Plane and
Data Plane, this helps preventing and defending against the attacks much easier as
its isolation means you can focus on which it is.
IPv6 on MPLS IPv6 was created to resolve many of the problems associated with
IPv4 such as auto-configuration, global extensibility and flexibility. IPv6 over MPLS
backbones allows IPv6 domains to interact over an MPLS IPv4 core network.
Finally, a conclusion was made to summarize and finalise the reasons why MPLS should be
implemented on networks, the benefits it brings to the network and its clear advantage over
competing technologies.
ACKNOWLEDGEMENTS
First of all I would like to thank God for helping me get through this Dissertation. Then I
would like to thank (Steve Barson, Dissertation Supervisor) and (Doctor Paul Thomas,
Teacher), Birmingham City University staffs for their guidance and assistance with the
writing and completion of this Dissertation.

Contents
ABSTRACT .......................................................................................................................................... 4
ACKNOWLEDGEMENTS .................................................................................................................. 5
TABLE OF FIGURES .......................................................................................................................... 8
CHAPTER 1 INTRODUCTION .......................................................................................................... 9
1.1 Brief Introduction ....................................................................................................................... 9
1.2 Aims .......................................................................................................................................... 10
1.3 Objectives ................................................................................................................................ 11
CHAPTER 2 LITERATURE REVIEW ............................................................................................. 11
2.1 What is a Virtual Private Network (VPN) ............................................................................. 11
.......................................................................................................................................................... 11
2.2 Asynchronous Transfer Mode (ATM) ................................................................................... 13
2.2.1 Disadvantages of ATM .................................................................................................... 14
2.2.2 Advantages of ATM ......................................................................................................... 14
2.3 Frame Relay ............................................................................................................................ 15
2.3.1 Disadvantages of Frame Relay ..................................................................................... 15
2.3.2 Advantages of Frame Relay ........................................................................................... 16
2.4 Multi Protocol Label Switching (MPLS) ................................................................................ 16
2.4.1 Advantages of MPLS ...................................................................................................... 17
2.4.2 Disadvantages of MPLS ................................................................................................. 18
2.5 Conclusion (Why MPLS is better?) ...................................................................................... 18
SCOPE ................................................................................................................................................ 19
CHAPTER 3 METHODOLOGY ....................................................................................................... 19
Waterfall Model .............................................................................................................................. 19
CHAPTER 4 MPLS MULTI PROTOCOL LABEL SWITCHING ............................................... 20
4.1 Label Switching ....................................................................................................................... 21
4.1.1 Advantages of Label Switching ...................................................................................... 21
4.2 How does MPLS work? .......................................................................................................... 22
4.2.1 MPLS Router Roles/Positions ........................................................................................ 22
4.3 Signalling Protocols for MPLS ............................................................................................... 23
4.4 IPv6 over MPLS ...................................................................................................................... 24
4.4.1 Advantages of Deploying IPv6 on MPLS Backbones ................................................. 24
4.5 Label Stacking ......................................................................................................................... 24
4.6 Penultimate Hop Popping (PHP) .......................................................................................... 25
4.7 Traffic Engineering (TE) ......................................................................................................... 25
4.7.1 Traffic Engineering in MPLS .......................................................................................... 26
4.8 Label Switched Path (LSP) Bandwidth ................................................................................ 29
4.9 Layer 2 Virtual Leased Line or Pseudowires ...................................................................... 29
4.9.1 Layer 3 Virtual Private Network (L3VPN) ..................................................................... 30
4.9.2 Virtual Private LAN service (VPLS) ............................................................................... 30
4.10 MPLS fast reroute ................................................................................................................. 30
4.11 MPLS Protection Methods ................................................................................................... 31
4.11.1 One to one protection ................................................................................................... 31
4.11.2 Many to one protection ................................................................................................. 31
4.12 Multi-Protocol Label Switching Auto-Bandwidth ............................................................... 33
CHAPTER 5 MULTI PROTOCOL LABEL SWITCHING SECURITY ......................................... 36
5.1 Control Plane ........................................................................................................................... 36
5.1.1 LSP Creation .................................................................................................................... 37
5.1.2 LSP Message Snooping ................................................................................................. 37
5.1.3 Control Plane Denial of Service ..................................................................................... 37
5.1.4 Cross-Connection of Users ............................................................................................ 37
5.2 Data Plane ............................................................................................................................... 37
5.3 How to defend against Threats and Attacks ....................................................................... 38
5.3.1 Access Controls ............................................................................................................... 38
5.3.2 Physical Security .............................................................................................................. 38
5.3.3 Control Plane Authentication .......................................................................................... 38
5.3.4 Cryptographic Methods and the MPLS Data Plane .................................................... 39
5.3.5 Security and Label-Based Forwarding ......................................................................... 40
5.4 Resource Reservation ProtocolTraffic Engineering Label Switched Path (RSVP-TE
LSP) Priorities ................................................................................................................................ 40
5.5 Label Switched Path Optimization ........................................................................................ 41
5.6 Multi-Protocol Label Switching Limitations .......................................................................... 41
5.6.1 MPLS LSPs Manual Creation ........................................................................................ 42
5.6.2 Large LSPs wont fit through little pipes ....................................................................... 42
5.6.3 Negatives of Auto Bandwidth ......................................................................................... 42
CHAPTER 6 BASIC MPLS NETWORK CONFIGURATION ....................................................... 43
CHAPTER 7 CONCLUSIONS ......................................................................................................... 50
BIBLIOGRAPHY ................................................................................................................................ 52
REFERENCES .................................................................................................................................. 55

TABLE OF FIGURES

Figure 1 MPLS (Roby, 2013) ............................................................................................................. 4
Figure 2 VPN (LogicalNet, n.d.) ....................................................................................................... 11
Figure 3 ATM (GL Communications Inc., 2014) ........................................................................... 13
Figure 4 OSI Model (Arisar, 2011) .................................................................................................. 21
Figure 5 Traffic Engineering (Steenbergen, n.d.) ......................................................................... 27
Figure 9 MPLS No Protection (Steenbergen, n.d.) ....................................................................... 32
Figure 10 MPLS with Protection (Steenbergen, n.d.) ................................................................... 32
Figure 11 MPLS link and Node Protection (Steenbergen, n.d.) ................................................. 33
Figure 12 Working Auto Bandwidth (Steenbergen, n.d.) ............................................................. 34
Figure 13 Auto-Bandwidth not working (Steenbergen, n.d.) ....................................................... 35

CHAPTER 1 INTRODUCTION

1.1 Brief Introduction

IP over ATM The IP over ATM model was used as it complied with application
requirements by using Layer 3 functionality at the edges of the network, increasing network
efficiency with high speed, label-swapping ATM switches and permanent virtual circuits
(PVC) in the core. IP routing functionality was restricted to the edges of the network as the
IP over ATM model saw software-based routers as the main reason for an inefficient network
performance.
The rapid rise of internet service providers and availability of technologies and equipments
made the IP over ATM model inefficient due to its fundamental scalability problems. Some of
these problems include ATM segmentation and reassembly (SAR) interfaces bandwidth
limitations, 20% cell tax, the n-squared permanent virtual circuit problem, Interior Gateway
Protocol (IGP) stress and its inability to function over non-ATM infrastructures. The biggest
problem was the complications of operating a network using two dissimilar technologies that
were built separately and for different functions.
This led to the emergence of Multilayer Switching. This offered the performance and price of
an ATM switch and the control of an IP router without the complications experienced in the
IP over ATM model. With this apparent solution, there was still a common problem in that
they werent interoperable, they relied on dissimilar technologies to merge ATM switching
and IP routing into an integrated solution.
The problem with Multilayer Switching then led to the solution Multi-Layer Protocol Switching
(MPLS). Internet Engineering Task Force (IETF) created the MPLS group to build a unified
and a technology that can run over any link layer technology (Interoperability). The IP
functionality was untouched, but all of the ATM protocols were removed and replaced with
MPLS label swapping.
1.2 Aims

This project investigates and evaluates MPLS in comparison with other currently existing
technologies (ATM and Frame Relay). It describes in detail how it works, why MPLS is better
and the benefits it offers if implemented on networks.
How its better - Future networks will commonly carry packets, meaning time-division
multiplexing (TDM) is evolving, and new technologies improved to carry packets are being
defined, MPLS is thought of to be a leading connection-oriented packet transport networking
technology. It offers improved network performance because when data is split into smaller
categories such as real time traffic and low priority traffic, the carrier will carry out the
priorities across the network, which will provide quality of service on the network.
1.3 Objectives

To research and investigate the best method to transport data across Virtual Private
Network (VPNs)
Research and evaluate the currently competing technologies (Frame Relay and
ATM), and discuss the importance of network Traffic Engineering (TE).
Compare MPLS with the currently competing technologies (Frame Relay and ATM)
Run Lab Simulations showing a MPLS network and its benefits
Discuss the future of MPLS in terms of compatibility and efficiency with evolving
network architecture
CHAPTER 2 LITERATURE REVIEW

2.1 What is a Virtual Private Network (VPN)
Figure 2 VPN (LogicalNet, n.d.)

What is a Virtual Private Network?
A Virtual Private Network is a rational network that involves a pair or more of different
physical networks, all of which are safely connected, usually via a public internetwork like the
Internet. There are 3 major types of VPNs:
Extranet This is basically a VPN where a network allows other networks to connect
to it, so data can be exchanged safely.
Individual Remote Access This allows a reliable network user to join the network
from a remote off-net-work site
Site-to-site This connects different sectors of the same network
These 3 types of VPN all share common features such as Scalability, Manageability,
Security and Handling of Private Addresses.
Scalability This is very important as a network needs to be handle growth and

changes as the industry expands.
Manageability A VPN network has to be manageable so it can be configured,
observed and thoroughly controlled.
Security It has to be secure, safe from attacks and threats, so data and traffic are
safe.
Handling of private addresses Since the introduction of IP, networks must be able
to deal with the different types of addresses.
VPNs are split into two depending on where on the OSI level they fall, Layer 2 VPN and
Layer 3 VPN, some vendors even have Layer 4 VPNs, and these are focused on Layer 4
headers and are mostly used to secure tunnels for safe usage, e.g. web traffic and email.
Layer 2 VPN This uses link layer technologies and analyses header to make and execute
VPNs. It also encapsulates various protocols in IP.
Layer 3 VPN This is based on the network layer and implements VPNs and routing with
the network header. It encapsulates IP packets with IP. The most important feature of a
Layer 3 VPN is IP security (IPsec).
Before data travels over a public network, it is encapsulated in encrypted packets, and de-
encapsulated at the receiving end before being sent to the intended receiver.
Data is encapsulated using many different protocols like PPTP, L2TP and IPsec. But the one
thats focused on is the Internet Protocol security (IPsec).
IPsec This is fundamentally a tunnelling protocol used to safely transport IP over a public
network. It has quite a significant potential in the implementation of VPN as it provides a
complete security package, from authentication and encryption to protection against replay.
A great security feature of IPsec is that its connectionless and the tunnel end points doesnt
have to save any protocol state information (even though it has to regulate security data like
keys which may be automatically distributed or manually configured).
Tunnelling This encrypts the whole packet, (both the payload and header) and is
more secure than transport mode.
Transport Mode This encrypts only the payload (the messages in the packet).
The evolution of optical fibres, technological developments and the need for faster
interconnection meant efficient and equally capable WANs and technological tools had to be
developed such as ATMs, Frame Relays and MPLS.
o (Ulfelder, S. 2000, Virtual private networks made easy, Computerworld, Inc,

Framingham.)
o (Davie, Bruce S, and Adrian Farrel. MPLS. Amsterdam: Elsevier/Morgan Kaufmann
Publishers, 2008. Print.)
o (Harnedy, Sean J. The MPLS Primer. Upper Saddle River, NJ: Prentice Hall PTR,
2002. Print.)
2.2 Asynchronous Transfer Mode (ATM)
Figure 3 ATM (GL Communications Inc., 2014)

Asynchronous Transfer Mode (ATM) This is a networking standard for transmitting voice,
video and data at stated quality of service and various speeds, (varies from as low as
nX64Kbps as high as 10Gbps). It allows top-end users to interchange data over an
established network, utilizes bandwidth and is based on packet-switching, with fixed cells 53
bytes in length, 48 bytes of payload with a 5-byte header (unlike Ethernet that varies from 46
1500 Bytes), and operates at the Data Link Layer. ATM switches creates point-to-point
connections between endpoints, so data goes directly from source to destination. It uses the
virtual circuit concept called Virtual Path IDs/Virtual Channel IDs (VPIs/VCIs).
2.2.1 Disadvantages of ATM

It has a very high cost and requires top range network equipments, due to the
Layered technology in ATM (transmitting data in the physical layer, Cell traffic layer
and the layer that controls and maintains data passing through the network), all these
layers all contribute to complexity of ATM.
End users may also experience slow data transfers and unclear Voice over IP (VOIP)
telephone connections because ATM can allow end users to send traffic bursts that
goes past their appointed bandwidth allocation, the network then gets rid of the
excess data cells past the bandwidth limit.
The High cost required in maintaining ATM has led some service providers to drop
this protocol in support for quicker and cheaper protocols.
2.2.2 Advantages of ATM

ATM supports data, voice, video, various media and mixed services over a single
network
Works with currently existing technologies, also has a potential for long term
evolution
Capable of supporting both connection-oriented and connectionless traffic with AALs
Uses Statistical multiplexing to efficiently utilise bandwidth
Can connect Local Area Networks (LAN) to Wide Area Networks (WAN)
Supports high speed networks (Mbps and possibly Gbps)
(Harry G. Perros (2002). an introduction to ATM networks. Chichester: John Wiley &
Sons, Ltd. p1-p45.)
2.3 Frame Relay

Frame Relay - Its a packet-switching protocol made to efficiently utilize cost for transmitting
data traffic between Local area networks (LANs) and across endpoints in a wide area
network (WAN). Frame relay uses frames (variable in size, can be as big as 1k bytes or
more), error connection are checked by the end points, these non-complex factors allows for
a faster data transmission (T-1 and T-3 lines). Frames are prioritized by the organisations,
so some frames gets higher priority than others. Its based on the older X.25 packet
switching tools, but unlike X.25 its a fast packet technology (it doesnt not try to correct
errors), so if an error is found in a frame, the frame is dropped. Voice or video transmission
are not ideal for frame relay because they need a steady flow of transmissions, frame relay
needs a dedicated connection while its transmitting. It forwards packets at the Data Link
Layer of the OSI model and not at the Network Layer. Frame Relay uses the virtual circuit
concept called Data Link connection IDs (DLCIs).
Frame Relay uses a structured frame much the same as LAPD (Integrated services digital
network (ISDN) protocol), the only difference is the frame header is a 2-byte Frame Relay
header field. This carries the user specified DLCI (data link connection identifier) field, which
is the destination address of the frame.
2.3.1 Disadvantages of Frame Relay

Frame relay wont perform to its full strength unless its used in a network with a high
speed and quality transmission tools, and top end endpoints.
It does not support voice because voice traffic is sensitive to the differences in the
delay of transmission established by the networks, so for voice to be supported, it
must be monitored by the network.
Frame relay network access links are currently limited to T1 or E1 rates
End users can lose data if the network traffic is high, which may result in some
frames dropped if all the local area network connected to a frame relay tool had
excess data to send at the same time.
2.3.2 Advantages of Frame Relay

A frame relay switching node has a very low delay. The overall delay of the network
is also reduced because of the high speed access lines used and the backbones
lines have the full bandwidth available to the data as it travels across the network.
Combining these two benefits helps speed the network, hereby increasing
productivity.
Frame relay allows switching of X.25, SNA, TCP/IP or any other HDLC type
protocols.
Frame relay is useful when it comes to data switching, in terms of performance,
endpoints can communicate as long as there is a pre-established connection
identifier. This connection does not put a burden on the network, in terms of number
of access lines, numbers of ports or capacity required on the backbone trunks.
Frame relay adequately meets the current requirements for a speed, packet-mode
network. It can work alongside ISDN and is compatible with future ISDN
implementations like B-ISDN.
(Philip Smith (1993). Frame Relay. Principles and Applications, Addison-Wesley. P1-
p93.)
2.4 Multi Protocol Label Switching (MPLS)

Label Switching helps deal with the problems involved in a normal layer 3 hop routing.
Multi-Protocol Label Switching (MPLS) - Packets are allocated a label which enables
network tools to forward them in the Data Link layer efficiently. This switching technique
basically merges the best qualities of the Layer 2 (Data Link Layer) and Layer 3 (Network
layer), hence why MPLS is often referred to as a Layer 2.5.
MPLS enables most packets to be forwarded at Layer 2 instead of being sent to Layer 3.
Each packet is assigned a label (identifier) upon entry into the network by the Label Edge
Router (LER). These labels contains information based on the routing table entry such as
destination, delay, bandwidth and other metrics, but also IP header field (source IP address),
Layer 4 socket number information, and differentiated service. All subsequent routing
switches forwards the packet based only on the labels assigned at the entry level (they
never look as far as the IP header). The last router strips the labels and forwards the packet
to its destination.
The label controls which pre-established path the packet will take. The paths are called
Label-Switched Paths (LSPs), they allow service providers to pre-establish the best way
traffic will flow within a public or private network.
MPLS can be used to increase the quality of service (QoS), by clarifying LSPs that can meet
certain service level agreements (SLAs) on traffic latency, jitter, loss of packet and
downtime. It allows traffic disassociation and the creation of virtual private networks (VPNs),
virtual private LAN services (VPLS) and virtual leased lines (VLLs).
It supports Internet Protocol (IP), Asynchronous Transport Mode (ATM) and Frame relay
network protocols; either of which can be used to make a LSP. Its a common
misunderstanding that MPLS is only used on private networks, but its used for all ISPs,
internet backbones included.
In a MPLS network, Border Gateway Protocol (BGP) provides good scalability by separating
the forwarding plane from the control plane. BGP is used to carry external routing
information like the customers or the internets routing information. MPLS tunnelling
mechanism makes for core routers to be able to forward packets using only labels and not
needing to look up the destinations in the IP routing tables. Only the edge routers forward
packets looking at the destinations in the routing table so they are the only ones that needs
to run BGP.
2.4.1 Advantages of MPLS

Unlike Virtual Private Network (VPNs), MPLS only travels across the Internet Service
Providers (ISPs) network, and not over the public Internet. Which can be very useful
because data do not leak over to the public internet and remains within the Service
Providers network.
MPLS is also easy to maintain and implement as end users do not have to set it up
and maintain, its mostly installed on edge routers by the Service Providers engineers
and maintained by them also.
It doesnt require as much overhead as Virtual Private Networks (VPNs), as
mentioned above, service providers installs the protocols on their own router, so end
users routers uses less processing power compared to if they had Virtual Private
Networks (VPNs) installed on their routers, which needs a VPN concentrator, RAM
and CPU cycles.
It runs on the same physical links installed on Wide Area Networks (WANs), so it
doesnt require its own links, reduces cost, and uses the bandwidth allocated in the
WAN, whilst still fulfilling its own purpose.
By providing different network paths, in improves network usage and also avoids
congestion.
MPLS improves bandwidth allocation by allowing a lot of different paths to travel on
the network.
2.4.2 Disadvantages of MPLS

If a user wants total control of their network then MPLS may not be the best for this, if
a static routing is configured on the network, the service provider is responsible for
the data routing within the MPLS cloud, and while dynamic routing will work in most
situations, customers and service providers will have to work together to route MPLS
traffic.
Security on MPLS may also be a potential negative, since theres no natural data
protection and an improper implementation, this can leave the network vulnerable.
The service provider and customer should work together to make sure that all the
tools and interfaces are adequately secured to make sure the network is safe, with
less vulnerabilities.
(Davie, Bruce S, and Adrian Farrel. MPLS. Amsterdam: Elsevier/Morgan Kaufmann

2.5 Conclusion (Why MPLS is better?)
MPLS is all about an efficient network performance, it assigns priorities to packets using
labels which in turn improves performance. It is particularly useful for applications that
require QoS (Quality of Service) such as real time applications, Video and Voice over IP
(VoIP), Oracle.
MPLS is provided in the cloud, its a private networking technology which can be comparable
to that of Frame Relay. The fundamental difference between the two technologies is that
QoS can be bought for your applications over your Wide Area Network (WAN). A discussion
with your carrier to conclude the importance of your applications and then this will be
arranged on your WAN.
The important applications are then assigned priority over other traffic when theres a high
load. It may not be the cheapest but is definitely worth it depending on how important the
applications are. For real time applications, MPLS drastically increases quality and efficiency
using its QoS features.
In comparison with VPN and Frame Relay, MPLS can do and will improve the application
uses with better quality and efficiency.
SCOPE
This dissertation intricately researches MPLS and how it could be help improve a networks
performance and efficiency if implemented. It was compared against rival technologies with
a concluding summary that shows it benefits as compared with the others. Then it goes in
extensive detail to show its features such as Virtual Private Network (VPN) and Quality of
Services (QoS).
A basic MPLS configuration was also included to show how its implemented on a network.

CHAPTER 3 METHODOLOGY

Primary Research This research method will be achieved through Cisco LAB simulations
using GNS3
Secondary Research - This research method will include library based research such as
studying books, journal articles, it will also include supervisor meetings.
Waterfall Model

The waterfall model was used in the planning of this project, this model follows a linear
sequential flow, meaning you move on to the next phase only after the previous or current
phase has been completed, theres no going back to make changes once youve moved on.
The following phases were used;
Requirements analysis - Customer (end users or enterprises) requirements, defining

and clarifying how its going to be of any use to them.
Design Stating the tools and equipment needed to implement the technology to an
effective standard
Implementation and Testing Lab simulations are carried out to implement the
technology in a network. Run checks to ensure it is error-free and works properly, if
any errors or defects are found, it is noted and corrected.
Installation and Maintenance After the previous step has been completed, then the
protocol shall be installed on the customers network, with adequate maintenance
taken out periodically to ensure the protocol is efficient at all times.
CHAPTER 4 MPLS MULTI PROTOCOL LABEL SWITCHING
MPLS can be referred to as a Layer 2.5 networking protocol.

Figure 4 OSI Model (Arisar, 2011)
As shown in the table above, the Data Link layer (Layer 2) deals with protocols like Ethernet
and SONET, which carries IP packets only over point-to-point WANs (Wireless Area
Network) or LANs (Local Area Network).
Network Layer (Layer 3) deals with Internet addressing and routing with IP protocols.
In between these 2 layers comes MPLS, it provides extra features for transmitting data over
the network.
4.1 Label Switching

In a typical IP network, every router does an IP lookup (this is known as routing), uses a
routing table to find out the next-hop and then forwards the packet to that next-hop.
Every router makes its own decisions independently of other routers, this is done until the
packet reaches the intended destination.
MPLS also performs label switching but instead of each router determining the next hop
independently, the first device performs a routing lookup to the final destination and chooses
a pre-determined path from itself to the destination. The router then attaches a shim also
known as a label to the packet, and every router from then on uses the shim to route the
traffic to the destination without a need to perform a lookup. When the packet reaches the
final destination, the shim is removed and the packet is delivered using IP routing.
4.1.1 Advantages of Label Switching

It was introduced to reduce IP routing lookups as CIDR (Classless Inter-Domain
Routing) was used for IP routing, this used longest prefix matching for IP routing
which was very difficult to do as it required a lot of memory accesses to route just a
single packet.
Label switching uses exact matching concept, this is basically when one router
performs the only IP lookup needed, then all other routes performs an exact match
switching based on a label. This reduced core routers load and improved
performance, as CIDR required a high performance core router which was hard to
achieve.
If exact matching is cheaper and easier to implement than CIDR, then whats the need for
MPLS?
MPLS is used to implement Traffic Engineering the process of controlling how and where
traffic is routed to on your network, it also helps avoid congestion, allocate priorities to
different services and manage bandwidth.
MPLS can increase network elasticity using MPLS fast reroute.
It can operate various service networks, so IP routing services and data transport services
can be run on the same packet-switched network organization.
4.2 How does MPLS work?

Label Switched Path (LSP), this is one of the most important tools for MPLS uses, this
provides a unidirectional tunnel between two routers, routed across an MPLS network. An
LSP is necessary to forward MPLS.
4.2.1 MPLS Router Roles/Positions

Label Edge Router (LER) In an MPLS Label Switched Path, the label edge router is the
router that primarily encapsulates a packet, this is also the router that determines that route
path.
Label Switching Router (LSR) A LSR router performs MPLS switching in the middle of an
LSP.
Egress Node The last router at the end of an LSP, this router also removes the label.
P Provider Router, this is the core/backbone router which only performs label switching.
Usually found in service provider networks.
PE Provider Edge Router, this is a customer facing router and adds and removes labels.
CE Customer Edge, this is the device that communicates with the PE router.
4.3 Signalling Protocols for MPLS

In order to use a Label Switched Path (LSP), it must be signalled across the routers.
A label is a link-local value, but an LSP is a network-wide tunnel.
An MPLS signalling protocol maps LSPs to specific label values.
The two primary types of MPLS signalling protocols in use today are Label Distribution
Protocol (LDP) and Resource Reservation Protocol with Traffic Engineering (RSVP-TE)
Label Distribution Protocol (LDP) LDP is a quite straightforward signalling protocol, it very
much acts like an Interior Gateway Protocol (IGP) like Open Shortest Path First (OSPF) and
Intermediate System-Intermediate System (IS-IS). LDP functions over an IGP configuration,
meaning OSPF or IS-IS has to be running initially. It has to be configured on the interfaces
running IGP. After LDP and IGP have been configured on the interface, LDP can then start
to transmit and receive LDP messages on the interface. It begins by sending LDP discovery
messages to all the interfaces with LDP enabled. When a neighbouring router receives the
message, it establishes a TCP session with the initial router. The routers then maintain
adjacencies after the LDP session is established, and any topology changes results in the
creation of LDP messages which enables LDP to establish new links.
LDPs simplicity is great but its also its weakness, as it doesnt have the strong traffic
engineering properties that RSVP possess. This weakness means that LDP signalled LSPs
is mostly used in Layer 3 VPNs.
Resource Reservation Protocol (RSVP) RSVP is more intricate than LDP and provides
traffic engineering properties that are unavailable with LDP-signalled LSPs. RSVP creates
unidirectional links between an LSP ingress and egress router. When configuring, the LSP
bandwidth must be stated. When the paths are configured and RSVP has been enabled, the
ingress router sends a path message to the egress router, the message comprises of the
configuration data stating the tools needed for the LSP to be established. The egress router
sends a reservation message to the ingress router after it has received the message. Every
router in the initial path message passes on the reservation message, and as when the
ingress router receives the reservation message, then an RSVP path is established.
Established LSP remains active while the RSVP session is active, as long as is transmitting
and responding to the RSVP path and reservation messages. If a message isnt exchanged
within three minutes, the RSVP session is stopped and the LSP is absent.
Every Label Switching Router (LSRs) in the path gets equal reservation and path
messages, the message includes bandwidth reservation requirements, and the routers with
the required bandwidth are placed in the LSP. Any router without the required bandwidth
creates its own reservation message, and a different route excluding that router is created. If
a route can be created then a LSP cant be established.
4.4 IPv6 over MPLS

IPv6 was created to resolve many of the problems associated with IPv4 such as auto-
configuration, global extensibility and flexibility. It broadens the IP address space and can
accommodate just about any device that can be directly connected to the internet.
Many network providers implemented MPLS on their IPv4 networks. But since the
introduction of IPv6, network providers wants to implement it to their customers, but this can
be tricky as this change can be costly, and in a wider sense not worth it to change the whole
IPv4 infrastructure to IPv6 just for a couple of IPv6 traffic. Because of this, there have been
several ways of implementing IPv6 on an existing IPv4 infrastructure without any major
change required to the network backbone.
4.4.1 Advantages of Deploying IPv6 on MPLS Backbones

IPv6 over MPLS backbones allows IPv6 domains to interact over an MPLS IPv4 core
network. Since forwarding is done using labels and not using IP header, the implementation
of IPv6 over MPLS only needs a couple of upgrades to its backbone infrastructure and the
core routers do not need to be reconfigured, this is a very cost-effective method for
implementing IPv6 on MPLS.
Also, MPLSs built in VPN and traffic engineering features helps IPv6 networks to be
incorporated into IPv4s VPN over an infrastructure supporting IPv4 VPNs and MPLS-TE.
4.5 Label Stacking

When a MPLS packet is encapsulated in another MPLS packet, this process is known as
Label Stacking. This is basically adding a MPLS header over a current MPLS header.
Stacking allows the tunnelling of one MPLS Label Switched Path (LSP) inside another LSP.
MPLS labels can be stacked numerous times, the top label controls the packet delivery. This
label is removed when the packet reaches its destination (also known as popping) for the
second label to carry on directing the packet.
Popular stacking applications include VPN/Transport services and Bypass LSPs
VPN/Transport services uses an inner label to direct packets to the interfaces specified and
uses an outer label for routing packets through the network.
When theres a router failure, Bypass LSPs can help protect a lot of LSPs by redirecting
traffic rapidly without the need to fully re-signal every LSP.
4.6 Penultimate Hop Popping (PHP)

Penultimate hop popping also known as Implicit Null, is the removal of a label, one hop
before it reaches its destination. There are two to remove labels, Implicit Null and Explicit
Null. While Explicit Null retains the label till the last router unlike Implicit Null. The difference
between the two is that with Implicit Null, the router routes the packet quicker after it leaves
the LSP as the label has been removed on the one hop before the last router. Or else the
packet has to go through the last router twice, the packet goes through forwarding route to
pop the label and the other to route the packet based on the given information.
4.7 Traffic Engineering (TE)

Internet traffic, especially IP is growing at a very fast rate. Internet Service Providers report
bandwidths on their network backbones increasing nearly every year. This will increase even
more with the demand of voice over IP (VoIP), video and high-speed subscriber access via
digital subscriber lines (DSL) and cable.
One of the main challenges of a network is how to utilise the network efficiently. In previous
IP networks, this was achieved using Interior gateway protocol and traffic engineering layer-
2 infrastructure. With the removal of the layer-2 infrastructure, traffic engineering had to be
done somewhere else.
MPLS traffic engineering works in conjunction with the IP layer to provide this functionality
and looks at future implementation technologies.
Traffic engineering is the process of efficiently managing the performance of a network by
continuously monitoring, predicting and controlling the operations of data transmission over
a network. Traffic engineers can be found in all types of networks, for example Local Area
Networks (LANs) and Wide Area Networks (WANs), Internet etc.
MPLS traffic engineering enables a quicker traffic flow over a network than other IP based
network. It helps fix network congestion where-by packets from a broken or congested path
are re-routed through a less congested path, to allow the flow of traffic without a disruption of
service. This is very useful, for example, during a flooding attack; the packets are re-routed
to a safer and less congested path.
VPN in conjunction with MPLS is very useful in terms of security, congestion reduction etc.,
because it uses MPLS on present VPN networks to route packets. MPLS allows for the
security of various threats like Denial of Services (DOS), data breaching and quick
recoveries from flooding attacks. It provides the multi-path routing feature with the layer 2
switching technique and add label with IP header to route the packets.
(Spraggs, S. 2000, "Traffic Engineering", BT Technology Journal, vol. 18, no. 3, pp. 137-
150.)
4.7.1 Traffic Engineering in MPLS

Typical Interior Gateway Protocols (IGPs) use shortest path first (SPF) algorithm and cost
per link to find the quickest path to the destination, rather than using traffic engineering
methods.
Traffic engineering on the other hand also uses this method but mixes it with constrained
routing using a Constrained Shortest Path First (CSPF) algorithm, this is basically finding the
quickest (shortest) path, but this path also having bandwidth available. This process
increases efficiency as it manages bandwidth efficiently, so instead of traffic to always go
through the shortest path which can lead to congestion, they can take an uncongested path
even if it may have a higher latency than the shortest path, at least bandwidth is being
managed properly leading to an efficient network.
With simple networks, this can be manually using IGP costs, but as networks become more
complex, its increasingly difficult to manage the network manually as the littlest change to
an Interior Gateway Protocol (IGP) cost can drastically affect routing a lot of hops away.
MPLS traffic engineering uses Resource Reservation Protocol (RSVP) to manage bandwidth
across the network. Label Switched Path (LSP) is a path amongst two points in a network.
With RSVP, every LSP has its own bandwidth value, RSVP traffic engineering then finds the
shortest path with enough bandwidth available to carry an LSP, it does this using
constrained routing. If it does have available bandwidth, then the LSP is sent over those
links and its entry is removed from the available bandwidth list. An LSP will not be allowed
over the links if there isnt enough bandwidth available, they will instead be routed through
another path even if that link has a higher latency.
MPLS traffic engineering can also be used make priority lists, so LSPs can be assigned a
higher or lower priority, and some customers or traffic can be mapped onto each one. This
doesnt affect the Quality of Service (QoS) as no packets are discarded, its just that some
traffic are being given allowed access to shorter paths.
Figure 5 Traffic Engineering (Steenbergen, n.d.)


4.8 Label Switched Path (LSP) Bandwidth

There are two ways to calculate a LSP bandwidth, Offline Calculation and Auto-Bandwidth
Offline calculation is done outside a router, its mostly done with some bandwidth modelling
using the applicable tools.
Auto Bandwidth unlike Offline calculation is done inside the router, by occasionally
calculating the amount of traffic that is being forwarded over the LSP, the Resource
reservation protocol (RSVP) will then be renewed with the new number intermittently.
The major difference between both is that offline calculation can be implemented with any
chosen algorithm, some very intricate LSP modelling program can be derived from third
parties which allows for very meticulous LSP planning. This complexities also mean that the
program has to be designed by you or purchased.
Offline calculation is calculated outside the router, so it reacts to traffic based on predictions
and expectations, and in the case of heavy traffic, the network will be congested and the
bandwidth will be inefficiently used. Auto-Bandwidth runs inside the router, this allows it to
react a lot quicker to the dynamic nature of traffic and with fewer overhead. Its also a lot
easier to implement Auto Bandwidth compared to offline calculation as its already in the
router, it just needs to be enabled.
4.9 Layer 2 Virtual Leased Line or Pseudowires

A Pseudowire is basically transporting frames over a MPLS network, encapsulating with
MPLS and signalling with LDP. This is known as Any Transport over MPLS (AToM) and is
the starting point for layer 2 VPNs over MPLS.
A virtual leased line is also used to combine two different technological protocols like
Ethernet to Frame Relay.
A Pseudowire emulates different technologies over an MPLS, Ethernet or IP network. The
technologies it emulates technologies like Ethernet, Frame Relay, ATM or SONET/SDH.
Signalling has been traditionally done using two techniques, either LDP signalling or BGP
signalling.
LDP-signalling Its the easier of the two and most implemented technique
BGP-signalling Its quite intricate and supports auto-discovery for multi-point.
There are two ways Pseudowires is used to provide services to end users, these are Virtual
Private LAN service (VPLS) and Virtual Private Wire Service (VPWS). VPLS allows for
various sites to use an Ethernet broadcast domain using Pseudowires offering any-to-any
connectivity.
4.9.1 Layer 3 Virtual Private Network (L3VPN) - this is an IP only network, it creates virtual
routing domains (VRFs) on its edge routers. It puts end users in a VRF and exchange routes
with the provider router in a secure routing-instance, mostly Interior Gateway Protocol or
Border Gateway Protocol.
It supports intricate networks and connects many infrastructures together. Load-balancing
hash is easily implemented but it can place a considerable load to the Internet service
providers infrastructure, considering the potential edge device has to know the end users
routing table, taking on the sizes of the Routing Information Base (RIB) and Forwarding
Information Base (FIB).
4.9.2 Virtual Private LAN service (VPLS) A VPLS maintains the interconnection of various
networks in a single bridged domain on a controlled MPLS/IP network. VPLS helps with the
Local area network/Wide area network barrier for end users and service providers by giving
an Ethernet interface to end users, which allows for a really fast and flexible service
arrangement, as the bandwidth of the service is not attached to the physical interface. A
VPLS emulates the simple features of a layer 2 switch, such as Broadcasts, Unknown
unicast flooding and Mac learning.
4.10 MPLS fast reroute

MPLS fast reroute helps to maintain network continuity whenever theres a failure. It pre-
determines alternative routes for failures.
Without MPLS fast reroute in an ordinary network, during a failure, a calculation for the best
path is undertaken, this calculation can sometimes take a while to be calculated especially
on busy routers as the best path needs to calculated first , then the changes are sent to the
router for it to be enforced. Before the changes are enforced, while the calculation is
undergoing, a routing loop can occur as the routers in the network learns about the changes
in the topology.
With MPLS fast reroute, the succeeding path calculation is pre-determined before the
occurrence of a failure. These next best paths are included in the router Forwarding
Information Base (FIB) waiting to be enabled, as soon as failure is detected, the next best
paths are automatically used to reroute traffic in very little time allowing a very efficient
network. Routing loops will not happen with MPLS fast reroute as the entire route is
arranged inside the Label switched path (LSP), even if the next best path is below the
standard path quality.
4.11 MPLS Protection Methods

Label Switched Path protection consists of two contrasting methods:
4.11.1 One to one protection This single alternative path is wholly signalled over Resource
Reservation Protocol (RSVP) for every label switched path (LSP), everywhere security is
offered, such as nodes.
As the label depth stays at 1, a significant amount of reservations can occur allowing for a
weighty overhead.
4.11.2 Many to one protection 1 unused Label Switched Path (LSP) is built amongst 2
nodes to be secured, so when theres a failure, various label switched paths (LSPs) are then
re-sent through the unused LSP.
There are also various kinds of failures that can be prevented such as Link Protection and
Node Protection:
Link Protection An unused Label switched path (LSP) is built for any type of link failure
Node Protection An unused label switched path (LSP) is built for any type of router failure.
Figure 9 MPLS No Protection (Steenbergen, n.d.)
Figure 10 MPLS with Protection (Steenbergen, n.d.)

Figure 11 MPLS link and Node Protection (Steenbergen, n.d.)
4.12 Multi-Protocol Label Switching Auto-Bandwidth

Automatic bandwidth allocation helps an MPLS tunnel automatically regulate the allocation
of its bandwidth depending on the amount of traffic going over the tunnel. Label switched
path can be configured with the least amount of bandwidth, and this bandwidth amount can
change at any time depending on the present traffic. This bandwidth change do not affect
the flow of traffic over the tunnel.
After the allocation of automatic bandwidth time interval, the bandwidth allocated for the
Label Switched Path (LSPs) is compared with the usage of the current highest average
bandwidth, and if the LSP requires more bandwidth then it tries to create a new route which
has an equal bandwidth to the highest current average usage. If this works, then the LSPs
traffic is sent over the new route and previous route is removed. But, if it doesnt work then
the LSP carries on using its previous route.
If the link and router security have been configured for the previous LSP, and traffic is
currently been routed through the bypass LSP, the automatic bandwidth allocation carries on
functioning and takes samples of the bandwidth from the bypass LSP. During the initial cycle
of the bandwidth being adjusted, the highest average bandwidth usage from the initial link is
used alongside the router-protected label switched path to re-signal the bypass label
switched path when theres more bandwidth required.
If fast-reroute has been configured on the router, then this function might not be available for
bandwidth adjustment. Label switched path (LSPs) use a fixed filter (FF) reservation style,
when a new path is signalled, the bandwidth could be double-counted. Double counting can
help stop a fast-reroute LSP from changing its bandwidth when automatic bandwidth is
active.
Figure 12 Working Auto Bandwidth (Steenbergen, n.d.)

Figure 13 Auto-Bandwidth not working (Steenbergen, n.d.)
CHAPTER 5 MULTI PROTOCOL LABEL SWITCHING SECURITY

The use of Label-swapping forwarding paradigm brings up a lot of problems with MPLS, as
this paradigm as this changes the playing field quite differently to the IP datagram model.
Plus, MPLSs control protocols needs to be secured against threats.
The future threats to a MPLS network security include:
Deleting or Altering information being transmitted
Putting data into the traffic stream
Monitoring a customer and/or providers data while its been transmitted
Re-run of a previously transmitted information
Interrupt the connection between provider and end users or between providers
Reducing the end users traffic quality of service (QoS)
Illegal use of stealing the resources of the provider
The threats against the networks can be divided into threats against the data plane and
threats against the control plane.
5.1 Control Plane

The MPLS control plane is made of a lot of protocols, all of which are open to different types
of attacks. Each or all of the following protocols below can be used in an MPLS network:
Open Shortest Path First
IS-IS
Resource Reservation Protocol - Traffic Engineering
Border Gateway Protocol
Layer 2 Tunnelling Protocol Version 3
Label Distribution Protocol
PCE signalling
So each of these protocols should be monitored closely to ensure adequate security

measures against attacks. Some of the attacks are explained below:
5.1.1 LSP Creation If an unapproved device is allowed to transmit MPLS signalling
messages, it can create unapproved LSPs. At the very least this can be a consumption of
rare resources (label table space, cross-connect entries), with RSVP-TE, this can be a
consumption of reserved link bandwidth. Creating an unapproved label switched path LSP
can be an opportunity for attacks like traffic being misrouted. Unauthorized LSPs can also be
used to efficiently tunnel frames that shouldve been filtered out at a trust boundary through
routers.
5.1.2 LSP Message Snooping An attacker can also snoop on traffic by listening to
information being transmitted by an MPLS signalling protocol like RSVP-TE or LDP, this can
be done by tapping a wire or capture wireless messages. He can then use this information to
find out which labels are being used for different purposes.
5.1.3 Control Plane Denial of Service MPLS control plane can be vulnerable to a lot of
Denial of Service (DoS) attack like CPU memory and cycles being used by the transmitting
RSVP-TE messages or starting LDP sessions. Worst cases can be using MPLS signalling
messages to starve the network of link bandwidth. This type of attack isnt unique to MPLS
but its very important to consider this when building the MPLS control plane protocols.
5.1.4 Cross-Connection of Users Since the use of Virtual Private Network (VPNs) in MPLS
is especially meant to segregate end users traffic, when an attack combines different
networks together, this can be very damaging. There are several ways this can happen, a lot
of them tend to be due to misconfiguration than premediated attacks, and some of the ways
this attack can happen are:
A point-to-point pseudo wire wrongly connecting two sites.
When a site is placed in the wrong Layer 2 Virtual Private Network or Layer 3 Virtual
Private Network (VPN).
Interconnecting two VPNs, could be Layer 2 or Layer 3, into one.
5.2 Data Plane

A lot of attacks on the data plane are well known over all kinds of packet network such as:
Analysing Traffic Pattern
Attaching or Removing data packets
Replay attacks
Using the data plane to perform a Denial of Service attack (DoS)
Altering data packets
Monitoring data packets
As MPLS data plane uses label swapping to forward packets, it is quite different from an IP
data plane. Because of this reason, it can be quite difficult as an attacker can direct a frame
to a specific target by using the chosen label. Label stacking makes it even more difficult as
a corrupt label can end up many hops away at the top of stack, a long way from where it was
put in the network.
5.3 How to defend against Threats and Attacks

Some of the ways attacks can be prevented or defended against include:
5.3.1 Access Controls This can be used to prevent attacks, by implementing access lists
which allow or deny connection to network routers. So unknown or untrusted connections
can be denied.
5.3.2 Physical Security - This is the first step to take when considering security, this security
can prevent attacks such as wiretapping, and so secure cables can should be used on the
network. MPLS VPNs should also be secure because if the outer edge routers of the
providers network are very secure, then this makes it very difficult for an attacker to change
the physical interface on which his physical interface enter the network.
5.3.3 Control Plane Authentication This technique can be used to prevent or moderate
attacks. Control plane authentication is basically used to accept control plane messages or
connections only if the source can be confirmed. Authentication allows for a router to prevent
attacks such as the illegal creation of LSPs. It also allows for a router to prevent from
misconfiguration problems.
MPLS control plane protocols such as RSVP-TE, LDP etc, have different authentication
processes. LDP uses an MD5 signature scheme for TCP, this process works as following:
The MD5 Signature Option for Label Distribution Protocol Transmission Control
Protocol (LDPTCP) is a configurable Label Switch Router (LSR) option. Two LSRs
that are configured to use this option will agree to use MD5 signatures to guarantee
the validity of their LDP sessions.
An LSR that uses the MD5 signature option is configured with a password (shared
secret) for every potential LDP peer.
Each LSR applies the MD5 hash algorithm to compute the MD5 digest for a TSCP
segment to be sent to a peer. This computation determines the hash over the peer
password linked with the TCP segment.
When the LSR receives a TCP segment with an MD5 digest, it validates the segment
by calculating the expected MD5 digest (using its own record of the password) and
compares the computed digest with the received digest. If the comparison fails, the
segment is released without any response to the sender.
The LSR overlooks LDP Hellos from an LSR for which a password has not been
configured. This guarantees that the LSR establishes LDPTCP connections only with
LSRs for which a password has been configured.
(Davie, B.S. & Farrel, A. 2008, MPLS: next steps, Elsevier/Morgan Kaufmann Publishers,
Boston.)
This process makes sure that an LDP session can be only be controlled with an LSR using
the correct password. Any transmitted message thats been tampered with will be identified
as the MD5 hash is done over the whole TCP segment. Unless a device knows the shared
secret or it can give the right MD5 hash without knowing the shared secret, then a session
will not be established.
With RSVP-TE, authentication is done on RSVP-TE messages and not TCP sections as
RSVP-TE doesnt run through TCP.
5.3.4 Cryptographic Methods and the MPLS Data Plane

IP control protocols unlike MPLS data plane can be easily implemented into MPLS control
protocols. IP data plane provides a better authentication or encryption features than MPLS
data plane, making it harder since theres no real way that IPsec equivalent feature could be
implemented to MPLS. But even though there are these negatives involving MPLS data
plane, this hasnt been a problem for MPLS because of the following reasons:
MPLS packets can be encapsulated in an IP header and authenticate or encrypt the
packet with IPsec. A realistic example of this will be transmitting MPLS packets using
IPsec tunnels over an unprotected backbone from a Provider Edge to the next.
MPLS Data plane is generally considered secure, so it doesnt need the extensive
authentication and encryption features that IPsec offers, which can be very
expensive to implement, so unless these features are necessary then its not needed
in the network.
If end users are not satisfied with their providers security, they can use protocols like
IPsec, site-to-site or end-to-end for their own data security and not depending on
MPLS to secure their data.
5.3.5 Security and Label-Based Forwarding

The major difference in security between MPLS networks and IP networks is label-based
forwarding. Label-based forwarding opens up the network to attacks only concerning label-
switching, and this is even made more difficult by Label stacking.
Label-based forwarding can be very important in terms of security to a network, like in a
MPLS VPN, the links between the Customer Edge (CE) to the Provider Edge (PE) really only
transport unlabelled packets. So if the PE routers were made not to carry labelled packets
from a Customer Edge, customers will not be able to spoof labels which means the Provider
(P) and PE routers can only receive labelled packets from other P and PE routers. This
provides the Provider with a clear network outline, so a network that sorts out labelled
packets and another in the trust boundary.
Sometimes, either networks cross paths, for example labelled packets crossing a trust
boundary. With some Provider VPNs, labelled packets have to go through Autonomous
system boundary routers (ASBRs). Labelled packets have to go through the Customer Edge
(CE) Potential Edge (PE) interface when a provider provides a Carrier of Carriers VPN
service (Carrier of carriers VPN service is basically when a VPN service provider customer
can be a service provider for an end user). In this situation, the Potential Edge (PE) router or
ASBR must make sure that it receives a valid labelled packets. A label is only valid if the PE
or ASBR receiving the packet advertises the label to the router that sends the labelled
packet. An invalid packet must be dropped.
(Davie, Bruce S, and Adrian Farrel. MPLS. Amsterdam: Elsevier/Morgan Kaufmann

5.4 Resource Reservation ProtocolTraffic Engineering Label Switched Path (RSVP-TE

LSP) Priorities

LSPs can anticipate one another so they can be informed about their available depending on
the assigned priority value.
Every LSP has a SETUP and HOLD priority value, the SETUP priority value is
determined at the start of the tunnel setup while the HOLD priority value is
determined after the tunnel setup.
There are 8 priority values available, the highest priority value is 0.
There are two types of Router pre-emption, which are hard and soft:
Hard LSP is shredded immediately
Soft Much calmer than the hard option, the LSP is given time to reroute itself and get rid of
the previous.
5.5 Label Switched Path Optimization

A network architecture can be modified, changing it, there could be new links installed, links
thats stopped working and replaced etc.
Re-optimization is always looking for a better path for its LSPs, and if need be it can be
manually configured, or if it finds a better path then the router will try to build the LSP again
over the new path.
Fortunately routers are equipped with smart optimization so in a situation where failed links
start working again, (which can prompt an optimization even before the normal timer is due),
the router can handle this, In which case, an optimization is done once so the flapping link
doesnt cramp up.
5.6 Multi-Protocol Label Switching Limitations

One of the major negatives of MPLS is that it conceals substandard topologies from Border
Gateway Protocol (BGP), where various exits can occur for the same path. An example of
this is explained below:
A main network from Birmingham and London
Traffic arriving from Manchester usually goes to Birmingham, but didnt because of
high traffic flow, so the LSP has to go through London first
If it were an IP network, the packet should be redirected to the London peer as it
goes through London
However MPLS will conceal the substandard topology so the packet will carry on till it
reaches Birmingham as thats what Manchester thought was the best exit
MPLS doesnt allow the use of a second exit
5.6.1 MPLS LSPs Manual Creation

MPLS doesnt work fully automatic, some features has to be manually configured. MPLS
doesnt have the ability to automatically discover its speaking nodes, they only exchange
LSP label values, and are not involved in making LSPs.
The person configuring MPLS, creates the LSP tunnels full mesh, meaning the configurator
has to be provided with instructions or scripts explaining how this is done, otherwise its
going to have to be purchased.
Some network vendors provide simple MPLS auto-mesh facilities, vendors like cisco can
automatically build a mesh of LSPs from a template with an access-list router IPs, but this
also has its negatives as a certain LSP configuration cant be controlled, and it also means if
a node wants to be discarded then the whole ACL has to also be discarded, which kills all
dynamic auto-mesh LSP on the box.
5.6.2 Large LSPs wont fit through little pipes
Big LSPs will not go through small links as it cant fit, meaning any LSP thats bigger than the
size of the circuit its passing through will have serious problems going through it. An
example of this is a 3 Gbps LSP unable to pass through an OC48 circuit as its too big.
To get past this problem, a multi parallel LSPs can be made, for example you can have (9) 2
Gbps LSPs and not (3) 6 Gbps LSPs, but unfortunately this is still isnt a well-supported
method.
5.6.3 Negatives of Auto Bandwidth

Auto Bandwidth alongside too many subscribed links will have serious problems, since auto
bandwidth is clueless about link congestion, an example of this is if a link was
oversubscribed and is filled with RSVP, so some packets are released, which then causes
TCP to adjust itself, reducing IP traffic rate, and when auto bandwidth adjusts itself to this
new rate, congestion will occur and this problem will not be fixed until it is sorted out
manually.
Auto-bandwidth doesnt recognise congestion, so small packets Denial of Service (DoS)
attack will be dangerous.
CHAPTER 6 BASIC MPLS NETWORK CONFIGURATION
There are 5 key things that needs to done to get this network successfully running:
1. Implement MPLS on the provider backbone and ensure its enabled
2. Make VRFs and assign them to an interface on a router
3. Configure MP-BGP between the PE routers
4. Configure OSPF between the routers and their attached CE routers
5. Enable route redistribution between the customer sites and backbone
6. Test and Confirm connectivity
VRF Virtual Routing and Forwarding

OSPF Open Shortest Path First
PE Provider Edge
CE Customer Edge
P - Provider
1. Enable MPLS with the Mpls ip command in configuration terminal mode
To verify the configuration - show mpls interfaces
P1(config)# interface f0/1

P1(config-if)# mpls ip
P1(config-if)# interface f1/0
P1(config-if)# do show mpls interfaces
Interface IP Tunnel Operational
FastEthernet0/1 Yes (ldp) No Yes
FastEthernet1/0 Yes (ldp) No Yes
P2(config)# interface f0/1
P2(config-if)# interface f1/0
PE1(config)# interface f1/0
PE1(config-if)# mpls ip
PE2(config-if)# mpls ip
2. Then we make customer VRFs on the PE routers and assign them to the interfaces
facing the customers. Every VRF will then be assigned a route distinguisher (RD) to
distinctively recognize prefixes as belonging to that VRF and a couple of route
targets (RTs) to state how routes should be imported and exported from the VRF.
PE1(config)# ip vrf Customer_A

PE1(config-vrf)# rd 65000:1
PE1(config-vrf)# route-target both 65000:1
PE1(config-vrf)# ip vrf Customer_B
PE2(config)# ip vrf Customer_A
PE2(config-vrf)# ip vrf Customer_B
Then we need to assign a VRF to the correct interfaces and add their IP addresses again.

PE1(config-if)# ip vrf forwarding Customer_A
% Interface FastEthernet0/0 IP address 10.0.1.1 removed due to enabling VRF Customer_A
PE1(config-if)# ip address 10.0.1.1 255.255.255.252
PE1(config-if)# interface f0/1
PE1(config-if)# ip vrf forwarding Customer_B
% Interface FastEthernet0/1 IP address 10.0.1.5 removed due to enabling VRF Customer_B
PE1(config-if)# ^Z
PE1# show ip vrf interfaces
Interface IP-Address VRF Protocol
Fa0/0 10.0.1.1 Customer_A up
Fa0/1 10.0.1.5 Customer_B up
PE2(config-if)# ip vrf forwarding Customer_A
% Interface FastEthernet0/0 IP address 10.0.2.1 removed due to enabling VRF Customer_A
PE2(config-if)# interface f0/1
PE2(config-if)# ip vrf forwarding Customer_B
% Interface FastEthernet0/1 IP address 10.0.2.5 removed due to enabling VRF Customer_B
PE2(config-if)# ^Z
PE2# show ip vrf interfaces
Interface IP-Address VRF Protocol
Fa0/0 10.0.2.1 Customer_A up
Fa0/1 10.0.2.5 Customer_B up
3. To configure MP-BGP on the Provider Edge Routers, this allows us to advertise VRF
routes from a Provider Edge router to the other.
PE1(config)# router bgp 65000

PE1(config-router)# neighbor 10.0.0.4 remote-as 65000
PE1(config-router)# neighbor 10.0.0.4 update-source loopback 0
PE1(config-router)# address-family vpnv4
PE1(config-router-af)# neighbor 10.0.0.4 activate
PE2(config-router)# neighbor 10.0.0.3 remote-as 65000
PE2(config-router)# neighbor 10.0.0.3 update-source loopback 0
PE2(config-router)# address-family vpnv4
PE2(config-router-af)# neighbor 10.0.0.3 activate
To verify that Multiprotocol-Border Gateway Protocol adjacency has been successfully

formed between PE1 and PE2, show bgp vpn4 unicast all summary
PE1# show bgp vpnv4 unicast all summary

BGP router identifier 10.0.0.3, local AS number 65000
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.0.0.4 4 65000 12 12 1 0 0 00:06:05 0
4. Configure Provider Edge-Customer Edge OSPF

To exchange routes with the customer sites, we need to configure Internal Gateway Protocol
(IGP) between the PE routers and CE routers attached to them.
PE1(config)# router ospf 2 vrf Customer_A

PE1(config-router)# router-id 10.0.1.1
PE1(config-router)# interface f0/0
PE1(config-if)# ip ospf 2 area 0
PE1(config-if)# router ospf 3 vrf Customer_B
PE2(config)# router ospf 2 vrf Customer_A
PE2(config-if)# router ospf 3 vrf Customer_B
To see if the PE routers have formed adjacencies with the CE routers, show ip route vrf
Customer A
PE1# show ip route vrf Customer_A

Routing Table: Customer_A
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
O 172.16.1.0/24 [110/11] via 10.0.1.2, 00:04:21, FastEthernet0/0
10.0.0.0/30 is subnetted, 1 subnets
C 10.0.1.0 is directly connected, FastEthernet0/0
PE1# show ip route vrf Customer_B
Routing Table: Customer_B
5. Finally, we have to combine all the sections together with route redistribution, so
enable route redistribution from the customers to OSPF to MP-BGP and do the same
for the PE routers.

PE1(config-router)# address-family ipv4 vrf Customer_A
PE1(config-router-af)# redistribute ospf 2
PE1(config-router-af)# address-family ipv4 vrf Customer_B
PE2(config-router)# address-family ipv4 vrf Customer_A
PE2(config-router-af)# address-family ipv4 vrf Customer_B
To verify that the routes learned from the customers section are now in the BGP table, show
ip bgp vpn4 vrf Customer A
PE1# show ip bgp vpnv4 vrf Customer_A

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:1 (default for vrf Customer_A)
*> 10.0.1.0/30 0.0.0.0 0 32768 ?
*>i10.0.2.0/30 10.0.0.4 0 100 0?
*> 172.16.0.1/32 10.0.1.2 11 32768 ?
*>i172.16.0.2/32 10.0.0.4 11 100 0?
*> 172.16.1.0/24 10.0.1.2 11 32768 ?
*>i172.16.2.0/24 10.0.0.4 11 100 0?
PE1# show ip bgp vpnv4 vrf Customer_B
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 65000:2 (default for vrf Customer_B)
*> 10.0.1.4/30 0.0.0.0 0 32768 ?
*>i10.0.2.4/30 10.0.0.4 0 100 0?
*> 172.17.0.1/32 10.0.1.6 11 32768 ?
*>i172.17.0.2/32 10.0.0.4 11 100 0?
*> 172.17.1.0/24 10.0.1.6 11 32768 ?
*>i172.17.2.0/24 10.0.0.4 11 100 0?
Now its time to the same thing, except this time its done the other way around, from the
BGP to the customer OSPF.
PE1(config)# router ospf 2

PE1(config-router)# redistribute bgp 65000 subnets
PE1(config-router)# router ospf 3
PE2(config)# router ospf 2
PE2(config-router)# router ospf 3
6. To test and confirm that the whole configuration was successful, showing that within
each VRF, a Customer router can connect to another, and they both have a full
routing table.
CE1A# show ip route

C 172.16.1.0/24 is directly connected, Loopback1
O IA 172.16.2.0/24 [110/21] via 10.0.1.1, 00:03:50, FastEthernet0/0
O IA 10.0.2.0 [110/11] via 10.0.1.1, 00:03:50, FastEthernet0/0
CE2A# show ip route
O IA 10.0.1.0 [110/11] via 10.0.2.1, 00:02:49, FastEthernet0/0
We can also ping from a Customer Edge router to the other
CE1A# ping 172.16.0.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/21/32 ms
(Packetlife.net,. 'Creating An MPLS VPN - Packetlife.Net'. N.p., 2015.)
CHAPTER 7 CONCLUSIONS

Through extensive investigation and research, this dissertation has identified what MPLS is.
MPLS is a way of making sure that packets arrive at its intended target safely, through a
functional path and correctly assigns and executes priorities as configured.
Each packets are assigned a label or labels, and as they are carried across the network, the
labels are either added, replaced or removed. The network exchanges information so that
every switch understands what it should do if it comes across a label.
MPLS was then compared with competing technologies such as VPN, ATM and Frame
Relay, each technology were accurately explained and their features, advantages and
disadvantages pointed out. A conclusion was conducted after the comparison which
highlighted MPLS has the most beneficial of all due to its many benefits such as:
Increase in Uptime MPLS decreases this by sending packets over a substitute path
within 50 milliseconds.
Better user experience because MPLS prioritise traffic, applications such as VoIP
and video will run smoothly.
Bandwidth Utilisation Due to various types of traffic that runs on the links, high
priority traffic can borrow bandwidth capacity from lower priority streams and the
lower priority can borrow capacity aswel when it needs to surge past its usual
bandwidth capacity.
Scalable VPNS MPLS makes it very easy to add sites to VPN, you dont have to
configure a complex mesh of tunnels as should normally be done.
Decrease Congestion Because of MPLS traffic engineering features, traffic can be
transmitted over non-default paths, as the shortest path may be undesirable due to
congestion, this decreases latency, and also because it didnt send traffic through
some already busy links, it manages to avoid congestion also, leading to a very
efficient network.
Hidden network intricacy An MPLS connection between 2 sites can be configured
to behave like an Ethernet cable, so the hops are not seen (Virtual Private LAN
Service, VPLS).
Other than the benefits of MPLS and its implementation, Security, Traffic Engineering, MPLS
disadvantages were also researched
Security, detailing how to secure your network against threats and attacks, isolating into 2
types Data and Control plane, this makes it so much easier to tackle the problem or prevent
against the threat.
Traffic Engineering shows how to efficiently manage a network to improve performance
make it efficient.
MPLS negatives helps point out the features that could be improved, as no technology is
perfect or free from limitations, but even with these, this dissertation showed that the MPLS
benefits far outweigh these limitations.
And finally a basic MPLS network simulation was then configured to show MPLS in action,
and how to implement it in a network, it was tested and confirmed to be correct.
Overall this dissertation has shown that MPLS is a multi-use technology and a should have,
if not a must have for any network, as theres a considerable difference in network efficiency
and performance when using MPLS as compared to its rivals. Its scalability and extensibility
also shows that it can handle changes now and for future technologies.
BIBLIOGRAPHY

Davie, B.S. & Farrel, A. 2008, MPLS: next steps, Elsevier/Morgan Kaufmann
Publishers, Boston.
Technet.microsoft.com,. 'TCP/IP V4 And V6'. N.p., 2015. Web. 13 Apr. 2015.
Cisco,. 'This Documentation Has Been Moved - Implementing Ipv6 Over MPLS
[Support]'. N.p., 2015. Web. 15 Apr. 2015.
Steenbergen, Richard A. MPLS For Dummies. 1st ed. nLayerCommunications, Inc.

Web. 10 Apr. 2015
Harnedy, Sean J. The MPLS Primer. Upper Saddle River, NJ: Prentice Hall PTR,
2002. Print.
Network Solution Experts,. 'MPLS Compared With Frame Relay And Internet VPN'.
N.p., 2012. Web. 11 Apr. 2015.
Juniper.net,. 'Configuring Automatic Bandwidth Allocation For Lsps - Technical

Documentation - Support - Juniper Networks'. N.p., 2015. Web. 10 Apr. 2015.
Cisco,. 'Virtual Private LAN Services (VPLS)'. N.p., 2015. Web. 5 Apr. 2015.
SearchNetworking,. 'What Is Pseudowire? - Definition From Whatis.Com'. N.p.,

2015. Web. 1 Apr. 2015.
Garson, Steve. 'What Is A Pseudowire?'. Network Solution Experts. N.p., 2008. Web.
7 Apr. 2015.
Mplsvpn.info,. 'What Is PHP (Penultimate Hop Popping) |MPLSVPN- This Blog Is

Basically For MPLS Service Provider Domain.'. N.p., 2008. Web. 4 Apr. 2015.
Networks, Signaling. 'Signaling Protocols In MPLS Networks - For Dummies'.

Dummies.com. N.p., 2015. Web. 5 Apr. 2015.
Doyle, Jeff. 'Understanding MPLS Label Stacking'. Network World. N.p., 2015. Web.
7 Apr. 2015.
Packetlife.net,. 'Creating An MPLS VPN - Packetlife.Net'. N.p., 2015. Web. 1 Apr.

2015.
Smith, Philip. Frame Relay. Wokingham, England: Addison-Wesley Pub. Co., 1993.
Print.
Dictionary.com, "label switching," in The Free On-line Dictionary of Computing.
Source location: Denis Howe. http://dictionary.reference.com/browse/label switching.
Available: http://dictionary.reference.com. Accessed: November 09, 2014.
Technet.microsoft.com, (2014). IPsec. [online] Available at:

http://technet.microsoft.com/en-us/network/bb531150.aspx [Accessed 19 Nov. 2014].
Whatismyipaddress.com, (2014). What is a VPN?. [online] Available at:

http://whatismyipaddress.com/vpn [Accessed 19 Nov. 2014].
Mitchell, (2014). Beginner's Guide to Asynchronous Transfer Mode (ATM). [online]

About. Available at:
http://compnetworking.about.com/od/networkprotocols/g/bldef_atm.htm [Accessed 19
Nov. 2014].
eHow UK, (2014). The disadvantages of atm protocol | eHow UK. [online] Available
at: http://www.ehow.co.uk/list_6119408_disadvantages-automatic-teller-
machines.html [Accessed 19 Nov. 2014].
Searchenterprisewan.techtarget.com, (2014). What is frame relay? - Definition from

WhatIs.com. [online] Available at:
http://searchenterprisewan.techtarget.com/definition/frame-relay [Accessed 19 Nov.
2014].
Protocols.com, (2014). Frame Relay. [online] Available at:

http://www.protocols.com/pbook/frame.htm [Accessed 19 Nov. 2014].
Searchenterprisewan.techtarget.com, (2014). What is Multiprotocol Label Switching

(MPLS)? - Definition from WhatIs.com. [online] Available at:
http://searchenterprisewan.techtarget.com/definition/Multiprotocol-Label-Switching
[Accessed 19 Nov. 2014].
Usfca.edu, (2014). [online] Available at: http://www.usfca.edu/fac-

staff/morriss/478/projects_972/page7.htm [Accessed 19 Nov. 2014].
Webopedia.com, (2014). What is Multiprotocol Label Switching (MPLS)? Webopedia.

[online] Available at: http://www.webopedia.com/TERM/M/MPLS.html [Accessed 19
Nov. 2014].
Casey, J. (2014). The Advantages of MPLS | eHow. [online] eHow. Available at:
http://www.ehow.com/info_12097513_advantages-mpls.html [Accessed 19 Nov.
2014].
Searchtelecom.techtarget.com, (2014). What is traffic engineering? - Definition from
WhatIs.com. [online] Available at:
http://searchtelecom.techtarget.com/definition/traffic-engineering [Accessed 19 Nov.
2014].
Netalliance.net, (2014). [online] Available at:

http://www.netalliance.net/images/vpn/what_is_vpn.jpg [Accessed 19 Nov. 2014].
Gl.com, (2014). OC-3 / STM-1 and OC-12 / STM-4 Analyzer for ATM Mode. [online]
Available at: http://www.gl.com/lightspeed1000-atm-analyzer.html [Accessed 19 Nov.
2014].
Singh, N. and Kumar, K. (2013). Layer Based M PLS V PN Security Under Flooding
Attack in Wireless Mesh Network. 3rd ed. [ebook] Firozpur Punjab: Department of
Computer Science & Engineering, pp.p1-p6. Available at:
http://www.ijarcsse.com/docs/papers/Volume_3/9_September2013/V3I9-0351.pdf
[Accessed 19 Nov. 2014].
Homepages.uel.ac.uk, (2014). Advantages and Disadvantages of ATM. [online]

Available at:
http://homepages.uel.ac.uk/u0124452/MyPage/Advantages%20and%20Disadvantag
es%20of%20ATM.htm [Accessed 3 Dec. 2014].
Usfca.edu, (2014). [online] Available at: http://www.usfca.edu/fac-

staff/morriss/478/projects_972/page7.htm [Accessed 4 Dec. 2014].
Ongoingoperations.com, (2014). Pros and Cons of an MPLS network. [online]

Available at: http://ongoingoperations.com/blog/2013/01/mpls-network-pros-cons/
[Accessed 4 Dec. 2014].
Etinc.com, (2014). Frame Relay FAQ Emerging Technologies Bandwidth

Management. [online] Available at: http://www.etinc.com/96/Frame-Relay-FAQ
Roby's, I. (2013). 10 Benefits of MPLS for Large Businesses. [online] News.

Available at: http://www.elitetele.com/news/read/10-reasons-to-switch-to-mpls
Elfiq.com, (2014). MPLS (Multi Protocol Label Switching) Load Balancing | ELFIQ.
[online] Available at: http://www.elfiq.com/mpls [Accessed 4 Dec. 2014].
Cisco, (2014). Understanding MPLS-TP and Its Benefits [MPLS]. [online]
Available at: http://www.cisco.com/en/US/technologies/tk436/tk428/white_paper_c11-
562013.html [Accessed 4 Dec. 2014].
Gwi.net, (2014). Which is Best for Your Business: VPN, Metro Ethernet or MPLS in
Maine?. [online] Available at: http://www.gwi.net/policy/blog/which-is-best-for-your-
business-vpn-metro-ethernet-or-mpls-in-maine/ [Accessed 4 Dec. 2014].
Infocellar.com, (2015). History of MPLS. [online] Available at:

http://www.infocellar.com/networks/MPLS/history.htm [Accessed 6 Dec. 2014].
Networkers-online.com, (2015). The Role of BGP in MPLS networks. [online]

Available at: http://www.networkers-online.com/blog/2010/04/the-role-of-bgp-in-mpls-
networks/ [Accessed 2 Dec. 2014].

REFERENCES
Gl.com, (2015). OC-3 / STM-1 and OC-12 / STM-4 Analyzer for ATM Mode.
[online] Available at: http://www.gl.com/lightspeed1000-atm-analyzer.html
Roby's, I. (2013). 10 Benefits of MPLS for Large Businesses. [online] News.

Available at: http://www.elitetele.com/news/read/10-reasons-to-switch-to-mpls
Justanothergeeksite.com, (2015). [online] Available at:

http://justanothergeeksite.com/wp-content/uploads/2013/11/what_is_vpn.jpg
Arisar, Jahanzeb. 'Data Communication & Networking: OSI

Model'.Datacombasic.blogspot.co.uk. N.p., 2011. Web. 6 Apr. 2015.
Steenbergen, Richard A. MPLS For Dummies. 1st ed. nLayerCommunications,

Inc. Web. 10 Apr. 2015.
Ulfelder, S. 2000, Virtual private networks made easy, Computerworld, Inc,

Framingham.
Davie, Bruce S, and Adrian Farrel. MPLS. Amsterdam: Elsevier/Morgan

Kaufmann Publishers, 2008. Print.
Harnedy, Sean J. The MPLS Primer. Upper Saddle River, NJ: Prentice Hall PTR,
2002. Print.
Harry G. Perros (2002). an introduction to ATM networks. Chichester: John Wiley

& Sons, Ltd. p1-p45.
Philip Smith (1993). Frame Relay. Principles and Applications, Addison-Wesley.

P1-p93.
Spraggs, S. 2000, "Traffic Engineering", BT Technology Journal, vol. 18, no. 3,
pp. 137-150.
Packetlife.net,. 'Creating An MPLS VPN - Packetlife.Net'. N.p., 2015.fhb

SP Cebe Ajibola D 2015 13112015

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SP Cebe Ajibola D 2015 13112015

Uploaded by

Copyright:

Available Formats

',*,7$//,%5$5< COPYRIGHT NOTICE

Use of this electronically archived project / thesis is restricted to educational

NAME - DAPO AJIBOLA

SUPERVISOR - STEVE BARSON

Student Name: DAPO AJIBOLA

Project/Thesis Title INVESTIGATION AND IMPLEMENTATION OF MULTI-

Course: TELECOMMUNICATIONS AND NETWORKS ENGINEERING

a) Page reference / item reference:

Signature: DAPO AJIBOLA

Print Name: DAPO AJIBOLA

Official Use only

ORION unique number: ________________ Date added to the system:

Run Lab Simulations showing a MPLS network and its benefits

CHAPTER 2 LITERATURE REVIEW

2.1 What is a Virtual Private Network (VPN)

Figure 2 VPN (LogicalNet, n.d.)

Scalability This is very important as a network needs to be handle growth and

o (Ulfelder, S. 2000, Virtual private networks made easy, Computerworld, Inc,

2.2 Asynchronous Transfer Mode (ATM)

Figure 3 ATM (GL Communications Inc., 2014)

2.2.1 Disadvantages of ATM

2.2.2 Advantages of ATM

2.3 Frame Relay

2.3.1 Disadvantages of Frame Relay

2.4 Multi Protocol Label Switching (MPLS)

2.4.1 Advantages of MPLS

2.4.2 Disadvantages of MPLS

(Davie, Bruce S, and Adrian Farrel. MPLS. Amsterdam: Elsevier/Morgan Kaufmann

2.5 Conclusion (Why MPLS is better?)

Requirements analysis - Customer (end users or enterprises) requirements, defining

CHAPTER 4 MPLS MULTI PROTOCOL LABEL SWITCHING

MPLS can be referred to as a Layer 2.5 networking protocol.

4.1 Label Switching

4.1.1 Advantages of Label Switching

4.2 How does MPLS work?

4.2.1 MPLS Router Roles/Positions

4.4 IPv6 over MPLS

4.4.1 Advantages of Deploying IPv6 on MPLS Backbones

4.5 Label Stacking

4.6 Penultimate Hop Popping (PHP)

4.7 Traffic Engineering (TE)

4.7.1 Traffic Engineering in MPLS

Figure 5 Traffic Engineering (Steenbergen, n.d.)

Figure 7 Traffic Engineering (Steenbergen, n.d.)

4.8 Label Switched Path (LSP) Bandwidth

4.9 Layer 2 Virtual Leased Line or Pseudowires

4.10 MPLS fast reroute

4.11 MPLS Protection Methods

Figure 10 MPLS with Protection (Steenbergen, n.d.)

4.12 Multi-Protocol Label Switching Auto-Bandwidth

Figure 12 Working Auto Bandwidth (Steenbergen, n.d.)

5.1 Control Plane

So each of these protocols should be monitored closely to ensure adequate security

5.2 Data Plane

5.3 How to defend against Threats and Attacks

5.3.4 Cryptographic Methods and the MPLS Data Plane

5.3.5 Security and Label-Based Forwarding

(Davie, Bruce S, and Adrian Farrel. MPLS. Amsterdam: Elsevier/Morgan Kaufmann

5.4 Resource Reservation ProtocolTraffic Engineering Label Switched Path (RSVP-TE

5.5 Label Switched Path Optimization

5.6 Multi-Protocol Label Switching Limitations

MPLS doesnt allow the use of a second exit

5.6.1 MPLS LSPs Manual Creation