Egress Protection (draft-shen-mpls-egress-protection-framework) Presented by Krzysztof G. Szarkowicz NANOG71 October 4, 2017

Similar documents
MPLS Egress Protection Framework draft-shen-mpls-egress-protectionframework-02

High Availability for 2547 VPN Service

MPLS IN THE AGGREGATION 2.0

Deploy MPLS L3 VPN. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

BraindumpsQA. IT Exam Study materials / Braindumps

What You Will Learn By the end of this appendix, you should know and be able to explain the following:

MPLS VPN--Inter-AS Option AB

Cisco Training - HD Telepresence MPLS: Implementing Cisco MPLS V3.0. Upcoming Dates. Course Description. Course Outline

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

MPLS VPN Inter-AS Option AB

Implementing MPLS Layer 3 VPNs

TELCO GROUP NETWORK. Rafał Jan Szarecki 23/10/2011

BGP Best External. Finding Feature Information

HP 5920 & 5900 Switch Series

MPLS VPN C H A P T E R S U P P L E M E N T. BGP Advertising IPv4 Prefixes with a Label

Internet Engineering Task Force (IETF)

BGP/MPLS L3VPN s Deployment Scenario s

Multi-Protocol Label Switching (MPLS) Support

IPv6 Switching: Provider Edge Router over MPLS

RFC2547 Convergence Characterization and Optimization

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

Deploying MPLS L3VPN. Apricot Cisco and/or its affiliates. All rights reserved. Cisco Public

IPv6 Switching: Provider Edge Router over MPLS

BGP Anycast. In This Chapter SR Advanced Configuration Guide Page 937. This section describes advanced BGP anycast configurations.

Global Table Multicast with BGP-MVPN Protocol draft-zzhang-mboned-mvpn-global-table-mcast-00

Network Configuration Example

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Configuring MPLS L3VPN

HP A-MSR Router Series MPLS. Configuration Guide. Abstract

Multiprotocol Label Switching (MPLS)

Operation Manual MPLS VLL. Table of Contents

Internet Engineering Task Force (IETF) Category: Standards Track. T. Morin France Telecom - Orange Y. Rekhter. Juniper Networks.

Configuring MPLS L3VPN

Alcatel-Lucent 4A Alcatel-Lucent Virtual Private Routed Networks. Download Full version :

BrainDumps.4A0-103,230.Questions

Testking.4A0-103,249.QA 4A Alcatel-Lucent Multi Protocol Label Switching

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

InterAS Option B. Information About InterAS. InterAS and ASBR

Fundamentals of Egress Peering Engineering. Application Note

Label Distribution Protocol and Basic MPLS Configuration. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

HP Routing Switch Series

internet technologies and standards

Establishing MPLS LSPs Across Multiple Autonomous Systems for Next-Gen Multicast VPNs

HP MSR Router Series. MPLS Configuration Guide(V5) Part number: Software version: CMW520-R2513 Document version: 6PW

Design, Deployment and Troubleshooting Scalable MPLS Architecture (Platform : IOS-XR, IOS-XE)

Deploying MPLS-based IP VPNs

Network Configuration Example

Implementing MPLS Label Distribution Protocol

IOS Implementation of the ibgp PE CE Feature

Introduction to External Connectivity

Pass4sure JN q

Network Configuration Example

CCIE R&S Techtorial MPLS

MPLS design. Massimiliano Sbaraglia

HP MSR Router Series. MPLS Configuration Guide(V7) Part number: Software version: CMW710-R0106 Document version: 6PW

HP A5820X & A5800 Switch Series MPLS. Configuration Guide. Abstract

Table of Contents Chapter 1 MPLS Basics Configuration

Multiprotocol Label Switching (MPLS)

Configuring Multicast VPN Inter-AS Support

Basic MPLS commands. display mpls forwarding ilm. Syntax. Views. Predefined user roles. Parameters. Usage guidelines. Examples

Network Configuration Example

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

ENTERPRISE MPLS. Kireeti Kompella

Achieving Sub-50 Milliseconds Recovery Upon BGP Peering Link Failures

Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS

LDP Fast Reroute using LDP Downstream On Demand. 1. Problem: 2. Summary: 3. Description:

SDN Workshop. Contact: WSDN01_v0.1

Configuring multicast VPN

Fast Reroute for Node Protection in LDP based LSPs

Practice exam questions for the Nokia NRS II Composite Exam

RFC2547 Convergence: Characterization and Optimization

MPLS VPN Inter-AS IPv4 BGP Label Distribution

Configure SR-TE Policies

Deploying MPLS Traffic Engineering

Interdomain VPLS and deployment experiences

MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

Vendor: Alcatel-Lucent. Exam Code: 4A Exam Name: Alcatel-Lucent Multiprotocol Label Switching. Version: Demo

MPLS VPN Multipath Support for Inter-AS VPNs

Deploying MPLS-based IP VPNs

MPLS VPN Carrier Supporting Carrier

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Network Configuration Example

Intended status: Standards Track. July 16, Scalable BGP FRR Protection against Edge Node Failure draft-bashandy-bgp-edge-node-frr-03.

Scaling the Service Provider NGN with unified MPLS

Achieving Sub-50 Milliseconds Recovery Upon BGP Peering Link Failures

Cisco. Maintaining Cisco Service Provider VPNs and MPLS Networks (MSPVM)

Multiprotocol Label Switching (MPLS)

OPTIMAL ROUTING VS. ROUTE REFLECTOR VNF - RECONCILE THE FIRE WITH WATER

MPLS Core Networks Николай Милованов/Nikolay Milovanov

VRF, MPLS and MP-BGP Fundamentals

Multiprotocol Label Switching Virtual Private Network

Juniper JN0-101 Exam Questions & Answers

MENOG 18. Segment Routing. Vahid Tavajjohi. From HAMIM Corporation

IP Fast Reroute Applicability. Pierre Francois Institute IMDEA Networks

Multi Topology Routing Truman Boyes

Junos OS Multiple Instances for Label Distribution Protocol Feature Guide Release 11.4 Published: Copyright 2011, Juniper Networks, Inc.

BGP MPLS VPNs. Introduction

Cisco Evolved Programmable Network Implementation Guide for Large Network with End-to-End Segment Routing, Release 5.0

"Charting the Course...

Configuration Commands. Generic Commands. shutdown BGP XRS Routing Protocols Guide Page 731. Syntax [no] shutdown

Transcription:

Egress Protection (draft-shen-mpls-egress-protection-framework) Presented by Krzysztof G. Szarkowicz NANOG71 October 4, 2017

Current status draft-shen-mpls-egress-protection-framework-05 Co-authored by Juniper Networks, Orange, RtBrick, Deutsche Telekom and Huawei Technologies Current draft (05) issued around two months ago (on July 31, 2017) Discusses the overall framework for egress node protection egress link protection Provides some examples for egress node protection egress link protection First deployment started few years ago in one of DT s network Proven and stable architecture

Lets start Lets start with Clarifying the model Clarifying the terminology Before jumping to the deeper level

Seamless MPLS Architectural Model NODES AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Inter-domain endto-end LSP model LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP

E2E protection Terminology NODES Access Node (AN) Non-MPLS node connected to MPLS based Service Node (PE) AN (CE, CPE) in seamless MPLS architecture Ingress Node (IN) First node of intra-area (LDP/RSVP) LSP SN (PE) or BN (ABR, ASBR) in seamless MPLS architecture Egress Node (EN) Last node of intra-area (LDP/RSVP) LSP BN that has directly connected downstream BGP-LU neighbor with not underlying LDP/RSVP LSP (e.g. ASBR scenario) SN (PE) or BN (ABR, ASBR) in seamless MPLS architecture Transit Node (TN) Transit node (between ingress and egress) in intra-area (LDP/RSVP) LSP TN (P) in seamless MPLS architecture Each intra-area (LDP/RSVP) LSP has exactly one ingress node, exactly one egress node and may have (multiple) transit node(s), if LSP is longer than one hop

E2E protection Terminology ACCESS NODE (AN) AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Inter-domain endto-end LSP model LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP

E2E protection Terminology INGRESS NODE (IN) AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Inter-domain endto-end LSP model LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP

E2E protection Terminology TRANSIT NODE (TN) AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Inter-domain endto-end LSP model LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP

E2E protection Terminology EGRESS NODE (EN) AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Inter-domain endto-end LSP model LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP

E2E protection Terminology INGRESS AND TRANSIT PROTECTION Ingress Protection Measures to protect against failure of ingress Service Node (ingress SN) Point of Local Repair (PLR) is AN that is multi-homed to multiple SNs AN after detecting failure (via LOS, OAM, BFD, etc.) of SN (or link to SN) switches the outgoing traffic to another SN Transit Protection Measures to protect against failure of Transit Node (TN) Point of Local Repair (PLR) is IN or TN (non-penultimate node) of intra-area LSP Downstream node IN or TN on intra-area LSP after detecting the failure of upstream TN (or link to upstream TN) redirects the traffic (going still to the same EN) via different transit link/ node: LFA (basic LFA, RLFA, TI-LFA) RSVP + facility protection (node-link protection) RSVP + one-to-one protection (fast-reroute) Both ingress and transit protection are well known techniques, thus they are not covered in this presentation

E2E protection Terminology INGRESS PROTECTION AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport Inter-domain endto-end LSP model IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Point of Local Repair (PLR) Node being protected

E2E protection Terminology TRANSIT PROTECTION AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport Inter-domain endto-end LSP model IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Point of Local Repair (PLR) Node being protected

E2E protection Terminology TERMS USED WITH EGRESS PROTECTION Primary Egress Node Primary EN (SN) SN (PE) with multi-homed access site, that terminates VPN traffic flow originated at Ingress SN (PE) Backup Egress Node Backup EN (SN) SN (PE) having corresponding (backup) VPN route as Primary Egress SN (PE) Multi-homed access sites are connected to Primary and Backup Egress SN (PE)

E2E protection Terminology EGRESS PROTECTION (TRADITIONAL) Egress Protection Measures to protect against failure of Egress Node (EN) Traditionally, egress protection is executed on ingress node Ingress node realizes primary egress node failure Ingress node switches the traffic to backup egress node using pre-programed nexthop in the FIB This concept is called BGP Prefix Independent Convergence (PIC) Edge

Egress protection Concept EGRESS PE PROTECTION WITH BGP PIC EDGE AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE Traffic flow direction AS X AS Y Ingress PE Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Primary Egress PE Backup Egress PE Ingress PE pre-installs next-hops towards both egress PEs in the FIB Traffic restoration independent from the size of BGP table

Egress protection Concept EGRESS PE PROTECTION WITH BGP PIC EDGE Ingress PE must realize primary egress PE failure in order to switch to pre-installed backup egress PE This might be achieved using Global IGP convergence in single IGP domain design Typically ~200-500 ms in small IGP domains Typically ~0.5 1 (or more) seconds in large IGP domains Global IGP + BGP-LU convergence in multiple IGP domain design Might reach multiple seconds in large network PE-to-PE OAM (BFD) Might introduce scaling challenges when large number of BFD (for MPLS tunnels) session with aggressive timers are deployed

Egress protection Concept EGRESS PE PROTECTION WITH BGP PIC EDGE Depending on traffic restoration requirements (sub-second, sub-500 ms, sub-100 ms, etc.) network complexity (small IGP domain, large IGP domain, multiple IGP domains) BGP PIC Edge might not provide suitable protection for egress PE failure New concept of egress protection shifts the duty of protecting the traffic from ingress PE to some node closer (directly connected) to egress PE Large global IGP/BGP-LU convergence irrelevant No problems with BFD scaling only local link BFD might be required

E2E protection Terminology EGRESS PROTECTION (NEW) Egress Protection Measures to protect against failure of Egress Node (EN) Point of Local Repair (PLR) is penultimate node (one before EN: IN for single-hop LSPs, TN for multi-hop LSPs) of intra-area LSP Penultimate node on intra-area LSP after detecting the failure of EN (or link to EN) switches the traffic to another (protector/backup) EN Protector/backup EN must understand the labels (e.g. VPN labels) assigned by first (primary) EN in order to be able to forward the traffic Labels allocated by EN have local significance (e.g. label for VPN prefix X allocated by primary EN is different than label allocated for the same VPN prefix X allocated by protector/backup EN) Primary and protector/backup EN has to understand (exchange and use: mirror) each other labels Due to this paradigm, egress protection (called as well service mirroring ) is more complex than ingress or transit protection

E2E protection Terminology ADDITIONAL TERMS USED WITH EGRESS PROTECTION Point of Local Repair PLR Penultimate router directly connected to Primary EN Upon detection of Primary EN (or link to Primary EN) failure, PLR redirects traffic via MPLS local repair mechanism (e.g. LFA) to Protector/Backup EN Protector Performs translation between Primary and Backup EN labels Protector Must know Primary and Backup EN routes Can be combined (and usually is) with Backup EN on one node In this presentation only combined Protector/Backup EN deployment is discussed Context-ID Virtual next-hop address advertised (originated) in IGP by Primary EN and Protector Primary EN advertises Context-ID as preferred by IGP (e.g. with IGP metric 1) Protector advertises the same Context-ID as non-preferred by IGP (e.g. with IGP metric max-1) Context-ID must be used as BGP protocol next-hop (instead of usually used lo0.0) IP address in NLRIs advertised by Primary EN for egress protection to work Upon Primary EN failure detection, PLR redirects the traffic to Protector using MPLS local repair mechanism for Context-ID

E2E protection Terminology EGRESS PROTECTION AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction This node is being protected, as well as acting as PLR for upstream ASBR AS Y Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 Intra-domain (area or autonomous system) transport Inter-domain (area or autonomous system) transport Inter-domain endto-end LSP model IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP IGP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP LDP/RSVP ibgp-lu ibgp-lu ibgp-lu ebgp-lu ibgp-lu ibgp-lu ibgp-lu nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs nhs LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) Point of Local Repair (PLR) Node being protected

Egress protection Concept EGRESS PE PROTECTION AN SN TN BN TN BN TN BN BN TN BN TN BN TN SN AN CE PE P ABR P ABR P ASBR ASBR P ABR P ABR P PE CE AS X Traffic flow direction AS Y Ingress PE Area 1 Area 0 Area 2 Area 1 Area 0 Area 2 PLR Primary Egress PE Protector/ Backup Egress PE Legend AN Access Node (CE, CPE) BN Border Node (ABR, ASBR) SN Services Node (PE) TN Transport Node (P) LDP/RSVP LSP LDP/RSVP LDP LDP/RSVP LDP LDP/RSVP LSP LDP/RSVP LSP LDP/RSVP LSP BGP-LU LSP

Egress protection Concept EGRESS PE PROTECTION Ingress PE PLR Primary Egress PE (PE1) 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (1) Ingress PE PLR 1.1, m=1 Primary Egress PE (PE1) Egress PE protection elements 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (2) Ingress PE PLR 1.1, m=1 Primary Egress PE (PE1) Egress PE protection elements 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 2. PE2 advertises 1.1 (protector context-id) with worst IGP parameters 1.1, m=16m 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (3) Ingress PE PLR 1.1, m=1 Primary Egress PE (PE1) Egress PE protection elements 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 2. PE2 advertises 1.1 (protector context-id) with worst IGP parameters 3. PLR builds LFA FIB structure for 1.1 (context- ID) with primary/backup next-hops programed in PFE to prefer PE1 over PE2 1.1, m=16m 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (4) Ingress PE RD:10/8, nh=1.1 Egress PE protection elements RR 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 2. PE2 advertises 1.1 (protector context-id) with worst IGP parameters 3. PLR builds LFA FIB structure for 1.1 (context-id) with primary/backup next-hops programed in PFE to prefer PE1 over PE2 4. PE1 advertises service prefixes (e.g. L3VPN) with 1.1 (context-id) as next-hop RD:10/8, nh=1.1 RD:10/8, nh=1.1 PLR 1.1, m=1 1.1, m=16m Primary Egress PE (PE1) 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (5) Ingress PE RD:10/8, nh=1.1 Egress PE protection elements RR 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 2. PE2 advertises 1.1 (protector context-id) with worst IGP parameters 3. PLR builds LFA FIB structure for 1.1 (context-id) with primary/backup next-hops programed in PFE to prefer PE1 over PE2 4. PE1 advertises service prefixes (e.g. L3VPN) with 1.1 (context-id) as next-hop 5. For service prefixes with 1.1 as next-hop (for which PE2 is protector) PE2 builds appropriate FIB structures using info (service labels) from primary egress PE RD:10/8, nh=1.1 RD:10/8, nh=1.1 PLR 1.1, m=1 1.1, m=16m Primary Egress PE (PE1) 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (6) Ingress PE RD:10/8, nh=1.1 Egress PE protection elements RR 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 2. PE2 advertises 1.1 (protector context-id) with worst IGP parameters 3. PLR builds LFA FIB structure for 1.1 (context-id) with primary/backup next-hops programed in PFE to prefer PE1 over PE2 4. PE1 advertises service prefixes (e.g. L3VPN) with 1.1 (context-id) as next-hop 5. For service prefixes with 1.1 as next-hop (for which PE2 is protector) PE2 builds appropriate FIB structures using info (service labels) from primary egress PE 6. Ingress PE sends the service (e.g. L3VPN) traffic using LSP established towards 1.1 (context-id) RD:10/8, nh=1.1 RD:10/8, nh=1.1 PLR 1.1, m=1 1.1, m=16m Primary Egress PE (PE1) 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (7) Ingress PE RD:10/8, nh=1.1 PLR RR RD:10/8, nh=1.1 1.1, m=1 Primary Egress PE (PE1) Egress PE protection elements 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 2. PE2 advertises 1.1 (protector context-id) with worst IGP parameters 3. PLR builds LFA FIB structure for 1.1 (context-id) with primary/backup next-hops programed in PFE to prefer PE1 over PE2 4. PE1 advertises service prefixes (e.g. L3VPN) with 1.1 (context-id) as next-hop 5. For service prefixes with 1.1 as next-hop (for which PE2 is protector) PE2 builds appropriate FIB structures using info (service labels) from primary egress PE 6. Ingress PE sends the service (e.g. L3VPN) traffic using LSP established towards 1.1 (context-id) 7. Upon failure of PE1 or PLRà PE1 link, traffic is locally repaired on PLR and PE2 until global convergence happens RD:10/8, nh=1.1 LDP/RSVP tunnel labels locally repaired 1.1, m=16m Service labels locally repaired 10/8 Protector/Backup Egress PE (PE2)

Egress protection Concept EGRESS PE PROTECTION (8) Ingress PE RD:10.10, RD:10/8, nh=1.2 nh=1.1 PLR RR RD:10/8, nh=1.1 1.1, m=1 Primary Egress PE (PE1) Egress PE protection elements 1. PE1 advertises 1.1 (primary context-id) with best IGP parameters 2. PE2 advertises 1.1 (protector context-id) with worst IGP parameters 3. PLR builds LFA FIB structure for 1.1 (context-id) with primary/backup next-hops programed in PFE to prefer PE1 over PE2 4. PE1 advertises service prefixes (e.g. L3VPN) with 1.1 (context-id) as next-hop 5. For service prefixes with 1.1 as next-hop (for which PE2 is protector) PE2 builds appropriate FIB structures using info (service labels) from primary egress PE 6. Ingress PE sends the service (e.g. L3VPN) traffic using LSP established towards 1.1 (context-id) 7. Upon failure of PE1 or PLRà PE1 link, traffic is locally repaired on PLR and PE2 until global convergence happens 8. After global convergence, ingress PE switches to LSP towards 1.2 (primary context-id on PE2) RD:10.10, RD:10/8, nh=1.2 nh=1.1 LDP/RSVP tunnel labels locally repaired 1.1, m=16m Service labels locally repaired 10/8 Protector/Backup Egress PE (PE2)

Protector Functions OVERALL As mentioned previously, regardless of the label protocol (LDP/RSVP) protector always binds real label to protector context-id This protector context-id label is used to point to RIB/FIB structure in order to translate labels Packet arrives to protector with protector context-id label (on the top) and label stack with next label allocated by primary PE Protector uses context-id label to point to the table with labels learned from primary PE

Protector Functions PE (L3VPN) PROTECTION Protector Function MPLS-Lookup: For each advertised Protector Context-ID, transport (real) label mpls.0 RIB entry is created, which points to the Context-ID specific MPLS RIB ( 10.1.1.1 mpls.0). mpls.0 POP MPLS-lookup (Context Label Table): VPN label lookup, based on the VPN label advertised by Primary PE. Entry points to Context-ID/VPN specific IP RIB, with the name based on VRF, if VRF defined locally on Protector (e.g. 10.1.1.1-<vrf-name>.inet.0) or with the name based in RT, if VRF not defined locally on Protector (e.g. 10.1.1.1-<rt-name>.inet.0). 10.1.1.1.mpls.0 POP IP lookup (Context IP/VPN Table): IP lookup (within context Context-ID and VPN/RT) to figure out how to send the packet to Backup PE. è effectively Protector does Label translation from Primary PE VPN label to Backup PE VPN label. 10.1.1.1-<vrf-name>.inet.0 10.1.1.1-<rt-name>.inet.0 Backup PE Function <vrf-name>.inet.0 Protector function and Backup PE function can be deployed on one physical device à Combined Protector/Backup PE design

Protector Functions PE (L3VPN) PROTECTION Protector Function root@pe2> show route table mpls.0 ( ) 301600(S=0) *[MPLS/0] 01:11:20 to table 10.1.1.1.mpls.0 ( ) Real label allocated by Protector (PE2) for Ctx-ID 10.1.1.1 mpls.0 POP root@pe2> show route table 10.1.1.1.mpls.0 ( ) 300368 *[Egress- Protection/170] 01:36:09 to table 10.1.1.1- vpn- 101.inet.0 ( ) VPN labels of VPN prefixes advertised by primary (PE1) with NH=10.1.1.1 10.1.1.1.mpls.0 POP 10.1.1.1-<vrf-name>.inet.0 10.1.1.1-<rt-name>.inet.0 root@pe2> show route table 10.1.1.2- vpn- 101.inet.0 ( ) 172.15.89.0/24 *[Egress- Protection/170] 01:18:20 to 10.0.2.2 via ge- 0/0/9.0 172.15.90.0/24 *[Egress- Protection/170] 01:18:20 to 10.0.2.4 via ge- 0/0/3.0 ( )

Conclusion EGRESS PE PROTECTION Traffic repair duty moved from ingress PE (as in case of BGP PIC Edge) to router(s) closer to egress PE Sub-100 ms protection in case of egress PE failure, independent from IGP scale BGP scale No requirement for large scale BFD with aggressive timers BFD First deployment started at Deutsche Telekom couple of years ago Proven architecture Remarkable traffic restoration times No issues observed

Q & A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback