Posts Tagged ‘MPLS’
Tomorrow (2014-07-09) at 08:00 PDT (15:00 UTC) I will be starting our next major section of the CCIE Routing & Switching Version 5 Advanced Technologies Class – MPLS. This class is free to attend for all at http://live.ine.com – simply sign up for a free INE members account here or sign up for a free trial of our All Access Pass - which includes streaming video access to our entire video library – including all of the new CCIE RSv5 ATC videos up to this point.
For me personally when I was first learning MPLS, the biggest hurdle I found was sorting through all the buzzwords and acronyms. For the life of me no matter how many books I read, I couldn’t figure out why MPLS would even be needed in the first place. Tomorrow’s class will cut to the chase, as essentially MPLS 101 for CCIE Candidates.
Specifically I will be first starting with the main MPLS use case, tunneling BGP over the core. Through live examples on the Cisco IOS CLI I will show why MPLS is the preferred transport method for Service Providers that offer both public and private IPv4 & IPv6 transit services, and then expand into further use cases such as Layer 3 VPN and Layer 2 VPN services, and talk about where MPLS is even applicable in the Enterprise. As always, questions are welcomed and encouraged during the class – the more you put into class ultimately the more you get out of it.
I hope to see you live during class tomorrow at http://live.ine.com!
Edit: For those of you that want to take a look first-hand at these packets, the Wireshark PCAP files referenced in this post can be found here
One of the hottest topics in networking today is Data Center Virtualized Workload Mobility (VWM). For those of you that have been hiding under a rock for the past few years, workload mobility basically means the ability to dynamically and seamlessly reassign hardware resources to virtualized machines, often between physically disparate locations, while keeping this transparent to the end users. This is often accomplished through VMware vMotion, which allows for live migration of virtual machines between sites, or as similarly implemented in Microsoft’s Hyper-V and Citrix’s Xen hypervisors.
One of the typical requirements of workload mobility is that the hardware resources used must be on the same layer 2 network segment. E.g. the VMware Host machines must be in the same IP subnet and VLAN in order to allow for live migration their VMs. The big design challenge then becomes, how do we allow for live migrations of VMs between Data Centers that are not in the same layer 2 network? One solution to this problem that Cisco has devised is a relatively new technology called Overlay Transport Virtualization (OTV).
As a side result of preparing for INE’s upcoming CCIE Data Center Nexus Bootcamp I’ve had the privilege (or punishment depending on how you look at it ) of delving deep into the OTV implementation on Nexus 7000. My goal was to find out exactly what was going on behind the scenes with OTV. The problem I ran into though was that none of the external Cisco documentation, design guides, white papers, Cisco Live presentations, etc. really contained any of this information. The only thing that is out there on OTV is mainly marketing info, i.e. buzzword bingo, or very basic config snippets on how to implement OTV. In this blog post I’m going to discuss the details of my findings about how OTV actually works, with the most astonishing of these results being that OTV is in fact, a fancy GRE tunnel.
INE’s long awaited CCIE Service Provider Advanced Technologies Class is now available! But first, congratulations to Tedhi Achdiana who just passed the CCIE Service Provider Lab Exam! Here’s what Tedhi had to say about his preparation:
Finally i passed my CCIE Service Provider Lab exam in Hongkong on Oct, 17 2011. I used your CCIE Service Provider Printed Materials Bundle. This product makes me deep understand how the Service Provider technology works, so it doesn`t matter when Cisco has changed the SP Blueprint. You just need to practise with IOS XR and finding similiar command in IOS platform.
Thanks to INE and keep good working !
CCIE#30949 – Service Provider
The CCIE Service Provider Advanced Technologies Class covers the newest CCIE SP Version 3.0 Blueprint, including the addition of IOS XR hardware. Class topics include Catalyst ME3400 switching, IS-IS, OSPF, BGP, MPLS Layer 3 VPNs (L3VPN), Inter-AS MPLS L3VPNs, IPv6 over MPLS with 6PE and 6VPE, AToM and VPLS based MPLS Layer 2 VPNs (L2VPN), MPLS Traffic Engineering, Service Provider Multicast, and Service Provider QoS. Understanding the topics covered in this class will ensure that students are ready to tackle the next step in their CCIE preparation, applying the technologies themselves with INE’s CCIE Service Provider Lab Workbook, and then finally taking and passing the CCIE Service Provider Lab Exam!
Streaming access is available for All Access Pass subscribers for as low as $65/month! Download access can be purchased here for $299. AAP members can additionally upgrade to the download version for $149.
Sample videos from class can be found after the break: Continue Reading
One of our most anticipated products of the year – INE’s CCIE Service Provider v3.0 Advanced Technologies Class – is now complete! The videos from class are in the final stages of post production and will be available for streaming and download access later this week. Download access can be purchased here for $299. Streaming access is available for All Access Pass subscribers for as low as $65/month! AAP members can additionally upgrade to the download version for $149.
At roughly 40 hours, the CCIE SPv3 ATC covers the newly released CCIE Service Provider version 3 blueprint, which includes the addition of IOS XR hardware. This class includes both technology lectures and hands on configuration, verification, and troubleshooting on both regular IOS and IOS XR. Class topics include Catalyst ME3400 switching, IS-IS, OSPF, BGP, MPLS Layer 3 VPNs (L3VPN), Inter-AS MPLS L3VPNs, IPv6 over MPLS with 6PE and 6VPE, AToM and VPLS based MPLS Layer 2 VPNs (L2VPN), MPLS Traffic Engineering, Service Provider Multicast, and Service Provider QoS.
Below you can see a sample video from the class, which covers IS-IS Route Leaking, and its implementation on IOS XR with the Routing Policy Language (RPL)
One of the frequent questions I hear regarding L3VPNs, is regarding the bottom VPN label. In this article, we will focus on the control plane that provides both the VPN and transit labels, and then look at the data plane that results because of those labels.
In the topology, there are 2 customer sites (bottom right, and bottom left). The BGP, VRFs, Redistribution, etc are all configured to allow us to focus on the control and data plane. Lets begin by verifying that R1 is sourcing the network, 18.104.22.168/32.
A debug verifies that R1 is sending the updates for 22.214.171.124 to R2.
In this blog post we’re going to discuss the fundamental logic of how MPLS tunnels allow applications such as L2VPN & L3VPN to work, and how MPLS tunnels enable Service Providers to run what is known as the “BGP Free Core”. In a nutshell, MPLS tunnels allow traffic to transit over devices that have no knowledge of the traffic’s final destination, similar to how GRE tunnels and site-to-site IPsec VPN tunnels work. To accomplish this, MPLS tunnels use a combination of IGP learned information, BGP learned information, and MPLS labels.
In this blog post we are going to review a number of MPLS scaling techniques. Theoretically, the main factors that limit MPLS network growth are:
- IGP Scaling. Route Summarization, which is the core procedure for scaling of all commonly used IGPs does not work well with MPLS LSPs. We’ll discuss the reasons for this and see what solutions are available to deploy MPLS in presence of IGP route summarization.
- Forwarding State growth. Deploying MPLE TE may be challenging in large network as number of tunnels grow like O(N^2) where N is the number of TE endpoints (typically the number of PE routers). While most of the networks are not even near the breaking point, we are still going to review techniques that allow MPLS-TE to scale to very large networks (10th of thousands routers).
- Management Overhead. MPLS requires additional control plane components and therefore is more difficult to manage compared to classic IP networks. This becomes more complicated with the network growth.
The blog post summarizes some recently developed approaches that address the first two of the above mentioned issues. Before we begin, I would like to thank Daniel Ginsburg for introducing me to this topic back in 2007.
Last week we wrapped up the MPLS bootcamp, and it was a blast! A big shout out to all the students who attended, as well as to many of the INE staff who stopped by (you know who you are ). Thank you all.
Here is the topology we used for the class, as we built the network, step by step.
The class was organized and delivered in 30 specific lessons. Here is the “overview” slide from class: Continue Reading
Can you solve this puzzle?
R2, R3 and R4 create the service provider network, with MPLS on all three routers, and iBGP at the PE routers. R1 and R5 are the CE routers.
R2, prefers the BGP next hop of 126.96.36.199 for network 188.8.131.52 (R5 loopback). R4, at 184.108.40.206 is an iBGP neighbor.
R2#show ip route vrf v | inc 220.127.116.11 B 18.104.22.168 [200/409600] via 22.214.171.124, 00:06:47
Is R2 preferring an iBGP learned route, which has an AD of 200, over a EIGRP route, which would have an AD of 90?
Can you identify why the routing for 126.96.36.199 on the VRF of R2 is using BGP instead of EIGRP?
Below are the relevant portions of the configuration, which also can serve as a great review of how to configure MPLS VPNs. Continue Reading
In the previous MPLS Components post, we discussed the many benefits that MPLS can bring to the network, and we detailed the typical components found in a Layer 3 MPLS VPN design. In this post, we will provide more details for the MPLS components and their important, inner workings. We will make reference to the previous diagram in this post as well:
When PE1 receives a packet from CE1, it will engage in what we call a Push operation. PE1 is considered the ingress PE router and engages in label imposition. (Notice that we like to speak in fancy terminology here; when we add a label to a packet, it is termed a push or an imposition).