The terms and concepts presented in this appendix should prove helpful in understanding the MPLS, VPN, and (optional) BGP objects that are discovered and monitored by MPLS Manager.
Begin by examining the following diagram.
An MPLS network is typically implemented in a service provider or carrier network. It consists of interconnected devices, known as Provider Edge (PE) devices and P (Provider) devices, that are running MPLS services. The access networks, which are attached to the edge of the MPLS network through Customer Edge (CE) devices and PE devices, may be operated by regional Internet service providers (ISPs), local network operators, or even private companies.
-
802.1ad
An IEEE standard that extends the 802.1Q VLAN tagging standard. 802.1ad defines a mechanism known as VLAN double tagging (also known as VLAN stacking or Q-in-Q) that enables a service provider to assign service VLAN tags to Ethernet frames that are already marked with customer VLAN IDs. VLAN double tagging encapsulates an 802.1Q VLAN frame. Also, see CE-VLAN and S-VLAN
-
802.1Q
An IEEE VLAN tagging standard. 802.1Q defines the encapsulation protocol that is used to multiplex customer VLANs over a single link by adding VLAN tags. Also, see CE-VLAN.
-
AS
Autonomous system. A collection of networks, or more precisely, the routers joining those networks, that are under the same administrative authority and that share a common routing strategy.
-
Attachment Circuit
In an MPLS L2VPN, the circuit or virtual circuit that links a CE device to a PE device. An Attachment Circuit may be a Frame Relay Data Link Circuit Identifier (DLCI), an ATM Virtual Path Identifier/Virtual Channel Identifier (VPI/VCI), an Ethernet port, a VLAN, or some other type of circuit or virtual circuit.
-
BGP
Border Gateway Protocol. A routing protocol, which is defined in RFC 1657, that updates routes between autonomous systems.
-
BGP-signaled L2VPN
An MPLS L2VPN that uses BGP (MBGP) signaling.
-
BGP neighbors
BGP speakers that communicate with one another. Exterior BGP (eBGP) neighbors (also known as eBGP peers) are in different autonomous systems, while interior BGP (iBGP) neighbors (also known as iBGP peers) are in the same autonomous system. Normally, external neighbors are adjacent to each other and share a subnet, while internal neighbors may be anywhere in the same autonomous system.
-
BGP network
Interconnected routers that are running BGP services.
-
BGP peers
See BGP neighbors in this list.
-
BGP router
A router that is running a BGP service.
-
BGP service
A BGP process: An instance of the BGP routing protocol that is running in memory.
-
BGP session
A link between BGP speakers. Sessions between BGP speakers of different autonomous systems are referred to as external sessions or external links. Sessions between BGP speakers within the same autonomous system are referred to as internal sessions or internal links.
-
BGP speaker
Any BGP router that forms a BGP session with any other BGP router.
-
Binding
The process of associating an MPLS label with a forwarding equivalence class (FEC). Control binding, which is a static form of binding, uses control messages (such as LDP) or specific predetermined commands and parameters to bind a label to an FEC.
-
CE device
A router or switch in the customer’s network that operates as a Customer Edge device. A CE device connects to a service provider’s PE device and is involved in an MPLS L2VPN or L3VPN.
In an MPLS L2VPN, a CE is a switch (a Frame Relay switch, an ATM switch, an Ethernet switch, and so on) that switches IP data or non-IP data (NetBEUI, IPX, AppleTalk, and so on). In an MPLS L3VPN, a CE is a router or a switch that operates as a router.
-
Constrained path
In traffic engineering, a path that is determined by using RSVP-TE or CR-LDP signaling and constrained by using CSPF. The ERO that is carried in the packets contains the constrained path information.
-
CR-LDP
Constraint-based Routing Label Distribution Protocol. An MPLS label signaling protocol that is used to advertise labels between PE and P devices to establish, maintain, and remove LSPs. CR-LDP is a revised version of LDP that includes traffic engineering extensions.
-
CSPF
Constrained Shortest Path First. A Shortest Path First (SPF) IGP algorithm that has been modified to take into account specific restrictions when calculating the shortest path across the network.
-
eBGP
Exterior BGP. A session between two BGP peers in different autonomous systems, for the purpose of communicating external routing information between the autonomous systems.
-
EGP
Exterior gateway protocol. A routing protocol that is used to exchange routing information among two routers in a network of autonomous systems. An EGP protocol maintains routes between autonomous systems.
-
ERO
Explicit route object. Extension to RSVP or LDP that allows an RSVP-TE Path message or CR-LDP Label Request to traverse an explicit sequence of devices where the sequence is independent of conventional shortest-path IP routing.
-
Explicit route
A route that is specified at the point of origination. Does not require routing decisions at each hop of the network.
-
Fast reroute
A mechanism for effecting local repair by automatically rerouting traffic from a TE LSP if a node or link in the LSP fails, thus reducing the loss of packets that are traveling over the LSP.
-
FEC
Forwarding equivalence class. A group of IP packets that are forwarded through the MPLS network over the same path with the same priority and the same label; for example, all IP traffic going to the same subnet (say, 172.16). Each FEC defines a specific LSP and label.
An FEC can be based on a variety of access control list matches such as source address, destination address, BGP next hop, application type, and Differentiated Services (DiffServ) marking.
-
Forwarder
An L2VPN object that is hosted by a PE device and contains the procedures to make the switching and forwarding decisions for an MPLS L2VPN.
In a VPWS L2VPN, a Forwarder binds exactly one MPLS-side pseudowire to exactly one customer-side Attachment Circuit—a VLAN or an Ethernet port, for example—that is attached to a CE. A VPWS Forwarder has exactly one ForwarderEndpoint.
In a VPLS L2VPN, a Forwarder binds a set of pseudowires to an Attachment Circuit. A VPLS Forwarder has multiple ForwarderEndpoints.
-
ForwarderEndpoint
An L2VPN object that is defined for each Forwarder logical interface on the host PE device. A ForwarderEndpoint terminates one end of a pseudowire connection and holds, from an endpoint’s point of view, the status of the pseudowire connection.
-
Headend
The PE or P device at which a TE tunnel originates. The tunnel’s “head” or tunnel interface resides at this device.
-
iBGP
Interior BGP. A session between two BGP peers in the same autonomous system, for the purpose of communicating externally derived routing information within the autonomous system. iBGP peers can be attached by using a full-mesh topology or the route reflector (RR) model.
-
L2VPN
See MPLS Layer 2 VPN.
-
L3VPN
See MPLS Layer 3 VPN.
-
Label
A short identifier, often called a shim or a tunnel label, that identifies the path (LSP) that the labeled packet or frame should take through the MPLS network. The label, a 20-bit unsigned integer in the range 0 through 1048575, is part of a 32-bit (4-byte) MPLS header that is prepended by an ingress PE device to an IP packet for an MPLS L3VPN, or to a Layer 2 frame for an MPLS L2VPN.
A label contains an index into a forwarding table, which specifies the next hop for the packet or frame. It is a shorthand notation that indexes the forwarding decision made by the intermediate P devices to route the packet or frame to the destination egress PE device. The label is exchanged or swapped at each intermediate P device.
-
Label (or MPLS) signaling protocol
A signaling protocol between the PE/P devices to create, maintain, and delete LSPs. The protocol (LDP, CR-LDP, or RSVP-TE) is responsible for assigning labels, managing quality of service issues, and handling error conditions.
-
Label stacking
Adding multiple MPLS labels to a single packet. Label stacking is used for MPLS VPNs and when traversing multiple MPLS networks. Also, see LSP stacking.
-
Label swapping
Using the incoming label to determine the outgoing label, encapsulation, and port; then replacing the incoming label with the outgoing label.
Label swapping takes place at P devices, not at ingress or egress PE devices. The swap operation consists of looking up the incoming label in the local label table to determine the outgoing label and the output port.
-
Label table
See MPLS forwarding table.
-
LDP
Label Distribution Protocol. An MPLS label signaling protocol that is used to advertise labels between PE and P devices to establish, maintain, and remove LDP LSPs. LDP is also used in LDP-signaled L2VPNs to exchange VPN reachability information between PE devices.
-
LDP LSP
An LSP that is constructed by standard routing protocols and LDP.
-
LDP session
A session between directly connected LDP peers or non-directly connected LDP peers. The former, called a non-targeted LDP session, participates in the setup and maintenance of LDP LSPs. The latter, called a targeted LDP session, participates in the setup and maintenance of pseudowires in MPLS L2VPNs.
-
LDP-signaled L2VPN
An MPLS L2VPN that uses LDP signaling.
-
LER
Label edge router. Essentially, an LER is a PE device without the software upgrade that is needed to support MPLS as a network-based VPN tunneling mechanism. See PE device.
-
LSP
Label switched path. A concatenation of LSP hops that form an end-to-end forwarding path through the MPLS network. An LSP starts at an ingress PE device, crosses one or more P devices, and ends at an egress PE.
An LSP can be set up permanently by manually defining specific paths across a network for specific types of traffic, or set up on-the-fly using constraint-based routing that is based on parameters that constrain the forwarding direction. Constraint-based routing involves programming traffic-engineering parameters into the network.
-
LSP hop
See LSP segment.
-
LSP segment
One hop between MPLS-enabled (PE/P) devices. An LSP consists of a set of defined hops between two PE devices. In the MPLS Managerenvironment, LSP incoming and outgoing segments represent incoming and outgoing labels in a PE/P device’s MPLS forwarding table.
-
LSP stacking
The adding of multiple MPLS LSP labels to a single packet. Also, see Label stacking.
-
LSR
Label switching device. An LSR is a P device. See P device.
-
MBGP (also known as MP-BGP or MPBGP)
Multiprotocol Border Gateway Protocol. An extension to iBGP that allows the advertising of IPv6, multicast, and other non-IPv4 topologies within and between BGP autonomous systems. For MPLS L3VPNs and BGP-signaled L2VPNs, MBGP is the mechanism that is used to distribute VPN-related information between the PE devices.
-
MBGP session
Multiprotocol Border Gateway Protocol session. A link between PE devices in an MPLS network that supports MPLS L3VPNs or BGP-signaled L2VPNs.
-
MPLS
Multiprotocol Label Switching. A set of protocols, developed by the Internet Engineering Task Force (IETF), that enables IP packets to be switched through the Internet, by forwarding IP packets in accordance with a short identifier known as a label. MPLS overcomes some of the shortcomings of IP networks through its ability to build virtual circuits called LSPs across IP networks. MPLS is also a key enabler for IP-based services such as L3VPNs.
Although originally designed to handle IP packets, MPLS can also handle non-IP packets by using an L2VPN service, by carrying customer Layer 2 frames from one customer site to another through LSPs and the MPLS backbone.
-
MPLS FIB
MPLS forwarding information base. See MPLS forwarding table.
-
MPLS forwarding table
MPLS forwarding table, also known as the MPLS FIB or label table, is a label/interface look-up table that is used by PE devices to assign packets, received from CE devices/devices, to labels, and used by P devices to rapidly switch data traffic through the MPLS network.
-
MPLS Layer 2 VPN
A provider-provisioned Layer 2 VPN, based on the Martini proposal, that supports MPLS as a network-based VPN tunneling mechanism at the Layer 2 level, such as Frame Relay, ATM, Ethernet, and so on. All functions that are associated with establishing, maintaining, and operating an MPLS Layer 2 VPN take place in the PE devices. Signaling between the PE devices is accomplished through LDP or MBGP.
-
MPLS Layer 3 VPN
A provider provisioned Layer 3 VPN, as defined by RFC-2547bis, that supports MPLS as a network-based VPN tunneling mechanism at the Layer 3 level. All functions that are associated with establishing, maintaining, and operating an MPLS Layer 3 VPN take place in the PE devices. Routing updates between the PE devices are accomplished through MBGP.
-
MPLS network
MPLS network, also known as MPLS-enabled network or MPLS domain, is typically a large group of interconnected PE and P devices that span a large geographic area.
-
MPLS service
A device (PE, P) that is running MPLS software. The MPLS service has a slightly different meaning in the MPLS Managerenvironment: MPLS Managercreates an MPLS service instance for each device that is discovered in the topology, regardless of whether the device supports MPLS. The instance contains the device type: P, PE, CE, MULTI_VRF_CE, or Other.
-
Multi-VRF CE device
Multi-VRF Customer Edge device. A device, running in the customer’s network, that is connected to a service provider’s PE device and is involved in an MPLS L3VPN.
A multi-VRF CE is a router or a switch that operates as a router.
-
Multicast group
An IP address in the range of 224.0.0.0 to 239.255.255.255 inclusive. Data that is sent to an address in this range can be received by any host that makes a request to join the multicast group.
-
Multicast VPN
Multicast routing over a Layer 3 VPN. Multicast VPN enables customers to send the same stream of data to multiple destinations.
-
NLRI
Network Layer Reachability Information. The part of an MBGP routing update (control traffic) that contains the VPN-IP address. For RFC 2547bis functionality, the NLRI represents a route to an arbitrary customer site or a set of customer sites within the VPN.
-
P device
An MPLS-capable router or switch in an MPLS network that operates as a Provider device. A P device connects to PE or other P devices and participates in the establishment of LSPs in accordance with pre-established IP routing information. It switches packets in accordance to labels instead of making IP forwarding decisions. The incoming label instructs the P device where to forward the packets.
-
P2MP LSP
Point-to-multipoint LSP. Composed of multiple subLSPs and used to carry multicast traffic.
-
PE device
An MPLS-capable router or switch at the edge of an MPLS network that operates as a Provider Edge device. A PE device connects to CE and P devices and handles and controls MPLS L2VPN and L3VPN routing.
For an L2VPN (and assuming a point-to-point VPN—see VPWS), an ingress PE device maps the incoming Layer 2 frame to an LSP and attaches two labels to the data frame. The P devices in the MPLS network use the outer label to route the Layer 2 frame to the appropriate egress PE device. The egress PE device uses the inner label to forward the frame to its destination.
For an L3VPN, an ingress PE device examines the incoming packet’s IP address, determines a route, assigns an LSP, and attaches two labels to the IP packet. The P devices in the MPLS network use the outer label to route the IP packet to the appropriate egress PE device. The egress PE device uses the inner label and standard IP routing to forward the IP packet to its destination.
The fact that two labels temporarily exist between the source and destination is completely transparent to the customer, the applications, and even the customer’s networking equipment.
-
Penultimate hop pop (PHP)
Penultimate hop pop, also known as penultimate label pop, is a process by which the penultimate device is directed to pop the outer label prior to forwarding the packet to the egress PE device. Using LDP, this action is accomplished by assigning the special label “3” (implicit Null label) as the outgoing label in the penultimate device’s MPLS forwarding table.
-
Penultimate device
The last P device in an LSP. The penultimate device removes the outer label from a packet.
-
Pseudowire
An L2VPN object that, in the MPLS environment, provides a bidirectional virtual connection over a pair of LSPs, and is terminated by a pair of ForwarderEndpoints. A Pseudowire provides connectivity between two Attachment Circuits that are on the edges of the MPLS network.
-
Route distinguisher
An 8-byte value that is placed in front of a BGP IPv4 network route advertisement to identify the VRF to which a particular MPLS L3VPN route belongs. Route distinguisher is also relevant to BGP-signaled L2VPNs.
Typically, each VRF is assigned a unique route distinguisher, although it is common practice to assign the same route distinguisher to all the VRFs that belong to the same VPN. The route distinguisher is the means by which the PE device keeps track of overlapping customer IP address spaces.
A route distinguisher consists of a 2-byte Type field, a 2-byte Autonomous System Number (ASN) field, and a 4-byte Assigned Number field. Typically, only the ASN and Assigned Number fields are included in a route distinguisher; for example, 100:3000.
-
Route reflector
An alternative to the iBGP full mesh topology. In this model, an iBGP peer that is configured as a route reflector is responsible for passing iBGP learned routes to a set of iBGP neighbors. The route reflector model may be implemented for an entire autonomous system or within individual BGP confederation members.
-
Route reflector cluster
Two or more route reflectors that back up the same set of iBGP peers and share the same cluster ID.
-
Route target
A VPN identifier in MPLS L3VPNs and BGP-signaled L2VPNs. Route targets determine what routes a PE device exports from a VRF into BGP, and what routes a PE device imports from BGP into the VRF.
Each VRF has a list of route target communities with which it is associated; the list is defined for both export and import. The host PE device attaches the route target export list to each route that is advertised by the VRF. The host PE device adds a route to the VRF if the route target list that is attached to an advertised route contains at least one of the members in the VRF’s route target import list.
The export list and the import list implicitly determine the VPN topology. Implementing a simple VPN topology, such as full mesh, requires only one route target, whereas implementing a more complex VPN topology, such as hub and spoke, requires more than one route target. In the former case, a VRF’s export list and import list contain the same route target. In the latter case, a VRF’s export list and import list contain different route targets.
-
RSVP-TE
Resource Reservation Protocol with traffic engineering extensions. An MPLS label signaling protocol that is used to advertise labels between PE and P devices to establish, maintain, and remove TE LSPs.
-
RSVP session
A session between directly connected RSVP (RSVP-TE) peers. An RSVP session participates in the setup and maintenance of TE LSPs.
-
subLSPs
Also known as source-to-leaf (S2L) sub-LSPs. RSVP-TE signaled LSPs that are set up between ingress and egress PE devices and appropriately combined by the branch P devices to form a P2MP LSP.
-
Tailend
The PE or P device at which a TE tunnel terminates.
-
TE
Traffic engineering. The process of mapping traffic flows to paths other than the paths that would have been chosen by standard routing protocols. Traffic engineering can be achieved either manually or through a set of defined parameters whose requirements are then met by each appropriate network resource to establish the optimal path.
-
TE LSP
An LSP that is constructed by a signaling protocol such as RSVP-TE. A TE LSP is an explicitly routed LSP between headend and tailend devices.
A TE LSP consists of one insegment at the ingress PE or P device, and one outsegment at the egress PE or P device, where each segment is associated with an MPLS interface. Additionally, at an intermediate P device, a connection consists of one or more insegments and/or one or more outsegments. The binding or interconnection between insegments and outsegments is performed by using a cross-connect.
-
TE tunnel
TE tunnels are virtual paths between headend and tailend devices in an MPLS network. The devices may be PE or P devices. A TE tunnel is associated with one or more TE LSPs.
-
Virtual connection
A connection, between end users, that has a defined route and endpoints.
-
VLAN
Virtual LAN. A group of PCs, servers, and other network devices that behave as if they are connected to a single network segment, even though they are connected to multiple network segments. A VLAN is typically implemented in a switched network environment.
-
VPLS
Virtual private LAN service (L2VPN service). A VPLS consists of a set of VPLS ForwarderEndpoints that are connected by pseudowires. In a VPLS, each CE device has one or more LAN interfaces that lead to a virtual backbone. The CE devices that belong to a specific VPLS appear to be on a single bridged Ethernet.
-
VPN
Virtual private network. A private multi-site network that is created by using shared resources within a public network. No site outside the VPN can intercept packets or inject new packets into the VPN.
An MPLS L3VPN is a collection of VRFs that are members of the same VPN. An MPLS L2VPN is a collection of Forwarders and Pseudowires (and, for BGP-signaled L2VPNs, VRFs) that are members of the same VPN.
-
VPN path
The data traffic path between two customer sites in a VPN.
-
VPN peers
A pair of peer VRFs that are hosted by different PEs and are part of the same MPLS L3VPN or BGP-signaled L2VPN.
-
VPN site
A VPN endpoint.
-
VPN topology
The way traffic is routed between the various sites within a VPN. Options include full mesh (where each customer site can communicate directly with every other customer site in the VPN), hub and spoke (where all traffic flows to/from a central hub site), and partial mesh. A partial-mesh VPN is a hub-and-spoke VPN that has multiple hubs.
-
VPN-IP address
Virtual private network IP Address. An address that consists of an 8-byte route distinguisher and a 4-byte IPv4 address. A VPN-IP address identifies the VRF to which the particular VPN route belongs.
-
VPWS
Virtual private wire service (L2VPN service). A point-to-point circuit (link) that connects two CE devices by way of two PE devices in the MPLS network. Each CE connects through an Attachment Circuit to a PE device.
-
VRF
VPN routing and forwarding instance on a PE device. The VRF is an important component in MPLS L3VPNs and BGP-signaled L2VPNs. A PE device maintains a separate VRF for each directly connected customer VPN site.
A VRF is configured with a name, a route distinguisher, a route target export list, and a route target import list. For example:
ip vrf CE
rd 100:130
route-target export 100:3000
route-target import 100:3000
A VRF consists of an IP routing table, a derived forwarding table, a set of logical interfaces (tied to the locally attached customer VPN site) that use the forwarding table, and a set of rules and routing protocols that determine what goes into the forwarding table.
RFC 2547bis specifies MBGP for intra-VRF route exchange. BGP updates are based on the export and import routing policies that are configured within each PE device.
-
VRF route table
A table in a VRF that stores routing information for a particular VPN user. The table maps the VPN-IP route for the user to two labels:
-
An outer label
Used to reach the PE device that is directly connected to the customer VPN site that is associated with the advertised NLRI.
-
An inner label
Used to reach the advertised NLRI.
-