Definitive MPLS Network Designs [Electronic resources] نسخه متنی

Figure 4-11. Hierarchical VPNs Concept

Chapter 1) to service the needs of these customers.

As with the standard Layer 3 MPLS VPN service, TK manages the CSC-CE router on the customer's behalf. This provides some benefits in terms of routing protocol filtering and QoS control over the links between the CSC-CE router and CSC-PE router.

Because BGP-4 is the preferred PE-CE routing protocol on the existing Layer 3 MPLS VPN service, TK decided to continue using this protocol for the Carrier's Carrier service, with the extensions provided by [BGP+Label]. These extensions allow MPLS labels to be carried along with the BGP routes. Therefore, an additional label distribution protocol, such as the one covered in [LDP], was deemed unnecessary. Static routing was ruled out because of the number of expected next-hop router addresses exchanged across the PE-CE links.

Use of the Carrier's Carrier architecture is restricted to selective mPE routers. This is primarily because new software is required on the edge routers because [BGP+Label] technology appeared in router software after the initial Layer 3 MPLS VPN deployment. Figure 4-12 shows the basic Carrier's Carrier models supported by the design.

Load-Balancing Support with Carrier's Carrier

Load balancing of traffic across the Carrier's Carrier service is supported in the design, but only within the TK Layer 3 MPLS VPN backbone (that is, between CSC-PE routers). This facility is achieved by use of the iBGP multipath feature at the CSC-PE routers when more than one path is available for a given end-customer destination. Figure 4-13 shows a topology where this feature may be useful.

In this case traffic may be load-balanced across the TK backbone between the two egress CSC-PE routers, CSC-PE2 and CSC-PE3. As with the regular Layer 3 MPLS VPN service, this is achieved through the combined use of different RDs for the same VRF on CSC-PE2 and CSC-PE3. The two paths are advertised to CSC-PE1 by the RRs, and as iBGP multipath functionality is configured on CSC-PE1 it can select more than one path toward the next hop 29.1.1.1/32.

Figure 4-13 shows that CSC-PE1 receives packets that contain an MPLS label that points toward a given next-hop address located in another customer site. CSC-PE1 swaps this label for the VPN label received for 29.1.1.1/32 from either CSC-PE2 or CSC-PE3. Then it pushes on the LDP label used in the TK backbone to reach the corresponding CSC-PE router. Load balancing is achieved by performing a hash function on the IP source/destination in the incoming MPLS packets. The result of this hash function provides a result whereby one of the next hops to reach 29.1.1.1/32 may be selected.

The Carrier's Carrier service is enabled using a configuration template, which is shown in Example 4-2.

Example 4-2. Carrier's Carrier Configuration Template

address-family ipv4 vrf vrfname
neighbor CSC-CE-address remote-as remote-asn
neighbor CSC-CE-address activate
neighbor CSC-CE-address send-label

[BGP+Label] BGP process. This filtering ensures that only the next-hop addresses of the customer PE routers (if using the hierarchical VPN service) or customer peering routers (if using the standard Carrier's Carrier service) are advertised to the CSC-PE routers. TK configures this filtering based on the information provided by the CsC customer.

Large Carrier's Carrier Customer Attachment Example

The largest customer attached to the TK Carrier's Carrier service is Kingland Technology, which has 1000 sites. 630 of these sites are remote offices that connect via an IGP (EIGRP in this case) to their nearest regional sites. In addition to the remote sites, Kingland Technology has 350 regional sites and 20 core sites. The regional sites are connected to the TK Carrier's Carrier service via the Level 2 POPs, and the core sites are connected to the six Level 1 POPs. The remote sites are directly connected to a regional site or central site. The routers in the remote sites advertise reachability information to the CSC-CE routers through EIGRP.

Each TK Level 1 POP has on average three connections from Kingland Technology. These connections are serviced using three separate mPE routers. The Level 2 POPs have on average six connections, which are serviced using two separate mPE routers. Figure 4-14 shows this connectivity model.

With this topology, Kingland Technology can run its own internal routing and outsource the advertisement of this information between its sites to TK. To support this configuration, TK runs an internal multihop BGP-4 mesh across the Kingland Technology regional and core sites. The RRs used to exchange this information are kept within the Kingland Technology core sites. Each CSC-CE router runs redundant BGP-4 sessions with the RRs within its nearest core site. Kingland Technology has a total of 10,000 routes. However, these routes have only 370 next hops because the remote sites can be reached through the CSC-CE router of a central or regional site. By running multihop BGP-4 between the CSC-CE-routers, only these 370 CSC-CE router addresses need to be exchanged with TK's Layer 3 MPLS VPN service. The 10,000 routes are hidden from TK's MPC network.