MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization

So far, we have assumed that a network on which MPLS VPNs are being built is a homogenous MPLS network. This implies that the edge of the network is MPLS enabled and that the core of the network is also MPLS-enabled. Hence, we assumed that the paths set up in the core of the network were label-switched paths (LSP). However, you might be building an MPLS VPN that is required to transit over nonMPLS networks or network elements. In such cases, the MPLS traffic must be tunneled across the nonMPLS network. This can be done in several ways:

  • MPLS in IP tunnel

  • GRE tunnel

  • MPLS in L2TPv3 tunnel

  • MPLS in IPSec tunnel

All the previously listed methods enable tunneling of MPLS VPN packets from ingress PE to egress PE. This implies that the VPNv4 route exchange and that label distribution of VPNv4 routes do not change at all. Using the procedures described in the preceding sections, the VPN routes are imported and traffic labeled. However, in forwarding the traffic to the destination PE instead of imposing an IGP label as described in Figure 5-2, the tunnel header is imposed and the traffic is tunneled across the nonMPLS network to the egress PE.

The method of establishing the tunnel to go across the nonMPLS network can be either static or dynamic. In static establishment, the tunnels are manually preestablished between PE devices where it must cross the nonMPLS boundary. In the dynamic establishment, the tunnels are established by some signaling mechanism that uses its own signaling protocol, such as IPSec end point discovery, or by using BGP extensions, such as the L2TPv3 tunnel. The details of how these tunnels are established can be found in various IETF drafts and also RFC4364.

For example, MPLS packets can be carried across an IPSec tunnel setup across the public network. This provides the security that is needed by the VPN and leverages the public infrastructure that is low cost. Now extend this principle to a network in which only the edge network is MPLS-enabled and the entire core network is a nonMPLS or a pure IP backbone. This becomes the ultimate case of tunneling across the nonMPLS network. In this case, the entire forwarding of frames from one PE to another is done over the IP network. The VPN labels are exchanged in BGP, just as before, and packets are forwarded by the PE devices with a VPN label. The IGP label is replaced by the generic IP tunnel.

The biggest advantage to having this capability to transport MPLS VPN packets across the nonMPLS network is the flexibility it provides in connecting all types of networks and making them appear to be a single network from the VPN's point of view.

Категории