• Author / Uploaded
• Herschel Pomalia

Citation preview

2nd IEEE International Conference on Engineering and Technology (ICETECH), 17th & 18th March 2016, Coimbatore, TN, India.

MPLS Multi-VRF Design and Implementation using GNS simulator Snehal Yadav∗ and Amutha Jeyakumar† ∗ † Department of Electrical Engineering Veermata Jijabai Technological Institute, Mumbai 400039, India ∗ [email protected], † [email protected] Abstract—MPLS(Multi Protocol Label Switching) is an emerging technology [1] which has started attracting all the service provider networks with its exceptional and admirable features. VPN(Virtual Private Network) is one of its most popular feature which carries traffic securely and privately from customer’s one end to another through the service provider’s network. However, in this case the CE(Customer Edge) router is not involved in providing private network through the customary LAN. The Multi-VRF(Virtual Routing and Forwarding) CE feature-also known as VRF-Lite—is a feature whereby the VPN functionality is extended to the CE router in an economical way. A Multi-VRF router can run multiple instances of routing protocols with a neighboring router with overlapping address spaces configured on different VRF instances. Hence, only one CE router is needed for multiple VPNs, thus simplifying provisioning and network management rather than a multiple CE router solution. This paper describes the designing of such a Multi-VRF MPLS network on the service provider’s end which can separate a customer’s large network into smaller sites and keep them isolated in a cost-effective way. GNS(Graphical Network Simulator) software stack with VMware virtualization were chosen for this purpose, as these applications are well suited for emulation of real network environment. The resultant network obtained after this design is a real time solution to many problems and demands in today’s service provider’s network. Index Terms—MPLS, MPLS Virtual Private Network, Virtual Routing and Forwarding, routing protocols, Customer Edge(CE) router, Provider Edge(PE) router, route distinguisher, route target.

I. INTRODUCTION MPLS-VPNs [2] provide protection and isolation as traffic travels through the provider network. The CE router has no means to assure private networks across the conventional LAN network. Usually to provide confidentiality, either a switch is needed to be deployed and each client be located in a separate VLAN or a separate CE router is required for every customer’s organization or IP address combination attached to a PE. These solutions are both expensive to the customer as additional equipment is required and also requires extra network management and provisioning for each customer site. Multi-VRF CE is an attribute, that provides solutions to these problems. Multi-VRF CE extends partial PE functionality to a CE router in an MPLS-VPN network. A CE router now has 978-1-4673-9916-6/16/$31.00 ©2016 IEEE

the capability to maintain different VRF tables so that the privacy and protection of an MPLS-VPN can be extended down to a branch office of the customer rather than just at the PE router node. A VLAN-like configuration is created on the customer side by CE routers using VRF interfaces. The VRF’s present on the CE router and PE router are then mapped to each other. When Multi-VRF CE is configured, the CE router is able to configure the VRF interfaces and it’s routing tables. Only some of the PE functionality is shared with the CE router. The CE router cannot perform functions like label exchange, which is a feature of MPLS, i.e. MPLS is not enabled on the CE routers. CE and PE routers share IP enabled communication between them. The designed network in this paper illustrates the connectivity of companies with a large main site and its smaller sites or departments that are interconnected across an MPLS VPN network. The main site of the company is large and has several departments that are required to be separated from each other for privacy reasons. These departments for example, sales, marketing, human resources, engineering etc., then connect to their respective department remote sites through the MPLS VPN network. This communication is carried using Multi-VRF MPLS. Only one CE router is required at every end to manage the departments, thus simplifying provisioning and network management rather than a multiple CE router solution. CE router has VRF functionality to provide VPN routing information and hence there are less routing updates to manage. Each CE router announces its site's local routes to a PE router, and learns the remote VPN routes from that PE router. Routing information is then shared by the PE routers with CE routers by using static routing or a routing protocol such as BGP,OSPF, RIPv1, or RIPv2. The PE router maintains VPN routes only for which it is directly attached. Every VPN is mapped to a particular VRF. After learning local VPN routes from CEs, VPN routing information is exchanged between other PE routers through internal BGP (IBPG). This paper is organized as follows: Section II illustrates the previous work done in the MPLS domain. Section III elaborates the proposed designing for a multiple customer, multiple site MPLS network, whereas Section IV deals with the analysis of simulation results. The final section summarizes the paper.

2nd IEEE International Conference on Engineering and Technology (ICETECH), 17th & 18th March 2016, Coimbatore, TN, India. II. PREVIOUS WORK Earlier, if the customers were willing to setup a private link between their various sites they would request the service provider for a separate link which was a costly investment. Also, the customers could not use the same private IP addresses while connecting to the service provider network as the service provider could not distinguish between the various customers or its various departments. When MPLS VPN started getting implemented, it enabled the service provider to lease private links to the customer on the same network without any additional links to be installed. Different departments can be separated by implementing VLANs on switches in the main site and mapping each VLAN to a VRF (sub)interface on the PE router. Another way to differentiate between the smaller sites or departments was to have separate CE routers as and when required for every customer’s organization or IP address grouping for a PE router. However, both these solutions are not optimal now as additional setup is required, making the network more complex. III. DESCRIPTION OF PROPOSED NETWORK A. Motivation Now, with the ever increasing expansion of companies and industries, every company has its branches and sites spread all over the globe. The company needs to have connectivity between its various sites along with features like privacy and security. A service provider’s network should be capable enough to handle many such companies and its sites in the same network architecture, satisfying all the needs of its customers. The use of Multi-VRF enables the service provider to handle multiple sites on one CE router itself, reducing the

complexity of the network and also making it cost effective. Every site can connect to its corresponding site, which is remotely located. Multi-VRF helps the CE routers to maintain complete privacy and doesn’t allow any unwanted interference. Multi-VRF also offers the usage of same IP addresses in different sites, i.e. overlapping of IP addresses is possible amongst different sites. B. Design scenario of a sample network The aim of the proposed sample network as shown below in Fig. 1, is to show how the features of Multi-VRF can be utilized to connect large company’s various sites to each other, satisfying certain given constraints by customers. The sample network has two companies: Customer A and B. These two companies have different departments each namely, Sales, Marketing, Human Resources and Engineering, which are spread out at different locations. • CE1 router has connections to company A’s Sales, Marketing, HR and Engineering departments. • CE2 router has connections to company B’s Sales and Marketing departments. • CE3 router has connections to company A’s Sales, and Marketing departments. • CE4 router has connections to company B’s Sales, Marketing, HR and Engineering departments. • CE5 router has connections to company A’s HR and Engineering departments. • CE6 router has connections to company B’s HR and Engineering departments. This sample network insists on the following constraints: • C1: Customer A’s and B’s departments should be able to communicate with their own departments located at different places.

Figure 1: MPLS Multi-VRF enabled sample network

978-1-4673-9916-6/16/$31.00 ©2016 IEEE

2nd IEEE International Conference on Engineering and Technology (ICETECH), 17th & 18th March 2016, Coimbatore, TN, India. • • •

C2: Complete privacy and security should be provided to the departments, not allowing any other department of other field to communicate in between. C3: All the customers and their departments belong to different Autonomous Systems. C4: Minimum number of links should be utilized for communication between these companies and their sites by the service provider.

C. Proposed Solution The proposed solution satisfying these constraints can be shown via emulators like GNS(Graphical Network Simulator) which is applicable for real-time scenarios. The steps for designing this network can be shown as below: • S1: VRFs on CE and PE routers VRF instance is used for each customer’s every department in the network to achieve this. The RouteDistinguisher (RD) and Route-Target (RT) are two different concepts that are both used in an MPLS VPN. The RD is used to keep all prefixes in the BGP(Border Gateway Protocol) table unique, and the RT is used to transfer routes between VRF’s/VPNS. VRFs on CE and PE routers connected to each other should match with same RTs. • S2: Trunk ports MPLS Multi-VRF allows different departments to use the same physical link between the PE and the CE routers. Trunk ports with several VLANs separate packets amongst the departments and hence each department has its own VLAN(Virtual Local Area Network). This reduces the excess use of links between CE and PE routers. • S3: Routing protocol for every VRF and between CE and PE routers For every VRF on CE and PE routers, a routing protocol should be configured. Similarly, a routing protocol should also exist for connectivity between the CE and PE router. Most routing protocols that are commonly used are: BGP, OSPF, EIGRP, RIP, and static routing. In case of OSPF routing protocol, a subcommand : capability vrf-lite is required under router ospf at the CE router. • S4: Enable MPLS in the core service provider network At the core service provider’s network, it makes no difference between MPLS Multi-VRF or normal MPLS VPN that uses multiple CE routers. Hence a standard MPLS configuration is done at the core network. • S5: Routing Protocols within the network Multi-protocol BGP [3][4][7] which allows multiple address families to be transferred across the network in parallel should be used for the exchange of customer’s routing information.BGP is designed to be the protocol operating across multiple Autonomous Systems (AS) and is more suitable for distributing very large amount of routing information along with label distribution for 978-1-4673-9916-6/16/$31.00 ©2016 IEEE

•

MPLS. This information helps in supporting multiple customers. Furthermore, to learn the paths and exchange the LDP(Label Distribution Protocol) labels in the MPLS network, BGP can be used or any other routing protocol can be used simultaneously. S6: Route Reflectors(RR) within the network The architecture of BGP for the internal neighbor ship requires full-mesh of connections between all PEs. RR can be used in order to reduce this amount of iBGP connections. Following this approach RRs are fully meshed and rest of the BGP speakers within AS peer only with this RRs rather than with each other. IV. SIMULATION RESULTS

The sample scenario was implemented in GNS3 and the following results were obtained which are satisfying all the criteria mentioned resulting in a better service provider network with many real-time features included. A. VRFs on CE and PE routers The VRFs configured on CE1, CE4, PE1 and PE4 are as shown in the figures below:

Figure 2: VRFs implemented on CE1 router

Figure 3: VRFs implemented on CE4 router

Figure 4: VRFs implemented on PE1 router

Figure 5: VRFs implemented on PE4 router

2nd IEEE International Conference on Engineering and Technology (ICETECH), 17th & 18th March 2016, Coimbatore, TN, India. B. Trunk ports A FastEthernet link is used between the PE and Multi-VRF CE router. Each VRF is assigned a subinterface of the link as shown below for CE1 and CE2 routers.

D. Enable MPLS in the core service provider network The core MPLS network contains the standard MPLS commands as shown below for P1 router.

Figure 6: VRF Interfaces on CE1 router

Figure 9: MPLS forwarding table on P1 router

Figure 7: VRF Interfaces on CE2 router

C. Routing protocol for every VRF and between CE and PE routers The routing protocol used here is OSPF. The routing table for CE1 router is as shown below:

E. Routing Protocols within the network MP-BGP is run only on the PE routers, for connectivity between the customers and IGP(Internal Gateway Protocol) like OSPF is run in the MPLS core network to learn all the paths. Figure shows BGP neighbors on PE2.

Figure 10: BGP neighbors on PE2 router

F. Route Reflectors(RR) within the network In a MP_BGP MPLS network all PE’s should be connected to each other. In this scenario there are 6 PEs and if all are supposed to be connected to each other then in all 15 links would be required which is not affordable to the service provider. Hence here PE1 and PE2 are declared as RR and other PEs are supposed to get connected to only either one of them which shall be called as its client. Here, PE3 and PE4 are the clients of PE2 and PE5, PE6 are the clients of PE 1 as shown in fig. below for PE1 router.

Figure 8: OSPF routing protocol for every VRF on CE1 router

978-1-4673-9916-6/16/$31.00 ©2016 IEEE

2nd IEEE International Conference on Engineering and Technology (ICETECH), 17th & 18th March 2016, Coimbatore, TN, India. Technological Institute, Mumbai, India for providing the facilities to carry out our research and project work. REFERENCES

Figure 11: Route Reflector Clients of PE1 router.

V. CONCLUSION In today’s time it has become must for the service provider to satisfy all the needs of the customer in limited amount of resources and in a cost effective way. MPLS Multi-VRF feature proves to be a prominent solution to many problems that are faced between the customer and the service provider. This paper provides a design solution for such a scenario. It can be seen that privatization and security both are achieved in the network with minimum links and routers by implementing the scenario in GNS software. The use of this design will limit the wastage of links and instead provide route for every customer at the same instant and in the same network infrastructure. This in turn will prove to be cost effective for both the customers and service provider. ACKNOWLEDGMENT We would like to express our gratitude towards Dr. R.N. Awale for his crucial guidance and assistance in our project. We are also thankful to our institute Veermata Jijabai

978-1-4673-9916-6/16/$31.00 ©2016 IEEE

[1] E. Rosen, A. Viswanathan and R. Callon, “Multiprotocol Label Switching Architecture,” Internet Engineering Task Force, RFC 3031, 2001 [2] Ivan Pepelnjak and Jim Guichard, “MPLS and VPN Architectures,” Cisco Press, March 2001. [3] E. Rosen and Y. Rekhter, “BGP/MPLS VPNs,” Internet Engineering Task Force, RFC 2547, 1999. [4] T. Bates, R. Chandra, D. Katz and Y. Rekhter, “Multiprotocol Extensions for BGP-4,” Internet Engineering Task Force, RFC 2283, 1998. [5] Lan jun and Lin bi ying, “Research for Service Deployment Based on MPLS L3 VPN Technology,” in 2011 International Conference on Mechatronic Science, Electric Engineering and Computer, Jilin, China, August 19-22 2011. [6] LI Ming-hui and XIA Jing-bo, “Research and Simulation on VPN Networking Based on MPLS,” in 2008 International Conference on Wireless Communications, Networking and Mobile Computing, Dalian, China, October 12-17 2008. [7] Md. Arifur Rahman, Ahmedul Haque Kabir, K. A. M. Lutfullah, M. Zahedul Hassan and M. R. Amin, “Performance Analysis and the Study of the behavior of MPLS Protocols,” in Proceeding of the International Conference on Computer and Communication Engineering 2008, Kuala Lumpur, Malaysia, May 13-15 2008. [8] Jasmina Barakovic, Himzo Bajric and Amir Husic, “Multimedia Traffic Analysis of MPLS and non-MPLS Network,” in 48th International Symposium ELMAR-2006, Zadar, Croatia, June 07-09 2006.