|
|
This section provides component overviews and a technological perspective of a remote access to Multiprotocol Label Switching (MPLS) virtual private network (VPN) end-to-end solution, implemented over a shared infrastructure.
Using MPLS VPN technology, a service provider can create scalable and efficient VPNs across the core of its network for each customer. This solution integrates various access VPN services with MPLS VPN in the service provider's core. This permits the service provider to offer bundled end-to-end VPN service to their ISP customers and enterprise customers.
Remote access technologies in the remote access to MPLS VPN solution include dial, DSL (digital subscriber line), cable, and wireless.
Methods of Dial access covered in this integration solution include:
Methods of DSL access covered in this integration solution include:
Methods of cable access covered in this integration solution include:
 |
Note SSG is an example of a provider service function applied to a session. |
This chapter includes an overview of the basic core MPLS technology:
Overviews of access technologies are covered in their own sections or chapters:
The Cisco IOS Command Line Interface (CLI) overview is summarized in the following section:
Multiprotocol Label Switching (MPLS) is an emerging IETF protocol standard, pioneered by Cisco as tag switching between layer 2 and 3. The key element of MPLS is that packet/cell forwarding is performed using labels, or label values, instead of IP header information, regardless of the network type. When troubleshooting MPLS, network packet forwarding uses labels, hop by hop, so you must look to the label tables for routing information. Labels are assigned a particular destination at the ingress, or entry point, of the MPLS network. They are placed on top of or in front of the IP packet. Each router along the path will forward the "tagged" or MPLS packets based on label value, not IP information.
Refer to the Cisco IOS documentation suite for conceptual MPLS overview and configuration details at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt4/index.htm
IP forwarding is a hop by hop routing process where every node, or router, in the network, has to maintain packet destination information in local routing tables. Each router has to have a routing entry for any given IP packet destination, or the packet gets dropped.
With IP forwarding, the following process takes place:
1. A routing protocol (e.g. OSPF, IS-IS, BGP) establishes reachability to destination networks.
|
Note Transit providers do not do default routing. They need a full routing table in every core router, full BGP mesh, route reflectors or confederations. |
2. An ingress router receives a packet, and performs a lookup in the IP forwarding table at each hop.
3. The packet is delivered to destination.
IP Forwarding is performed based on the longest prefix match of the destination address. A longest match, or a default route, should be present in the forwarding table
IP forwarding is a hop by hop routing process where every node, or router, in the network, has to maintain packet destination information in local routing tables. Each router has to have a routing entry for any given IP packet destination, or the packet gets dropped.
With MPLS forwarding, the following process takes place:
1. Existing routing protocols (e.g. OSPF, IS-IS) establish reachability to destination networks.
2. Label Distribution Protocol (LDP) establishes tag to destination network mappings.
3. Ingress label edge router receives packet, performs layer 3 value-added services, and "label" packets.
4. Label switches, switch tagged packets, using label swapping.
5. Label edge router, at egress, removes the tag, and delivers the packet.
Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) is an IP network infrastructure delivering private network services over a public infrastructure using a layer 3 backbone which:
Refer to the Cisco IOS documentation for conceptual MPLS VPN overview and configuration details at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/switch_c/xcprt4/index.htm
Cisco Virtual Private Network (VPN) Solutions Center offers Multiprotocol Label Switching (MPLS) VPN service providers a customized service and network layers FCAPS (fault, configuration management, accounting, performance, security) management solution facilitating rapid service deployment. It provides a carrier-grade network and service management solution integrated with CSM applications and consisting of functional modules developed to support:
|
Note For more information on the VPN Solution Center features and benefits, refer to the MPLS VPNSC documentation suite at http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/index.htm. |
Cisco VPN Solutions Center is integrated with third-party applications to provide planning, security, and other management functions for the following benefits:
During installation, the install script checks for VPNSC required solaris patches and prompts you to install them if they are not in place. Ensure these patches are installed before using the install script again. These patches can be downloaded from the sun site.
The install script also prompts you for Orbix software and requires the name and path of the browser. It also prompts you for the e-mail address for mailing watchdog alerts. Use the default port of 7500 for the TIBCO Rendezvous.
Every VPN created by VPNSC is created and deleted using a Service Request that has a request ID.
Before creating a Service Request:
1. Define network elements (Targets)
Targets are any device to be managed by the VPNSC. Typically these will be of type Cisco router, whether CE or PE.
VPNConsole > Setup > Create Targets from Router Configurations
b. Specify the directory containing configurations, the network name (a container for targets), and a domain name (optional).
c. Complete the target definitions by adding description and password information in the Network window.
This operation can be performed for individual targets, or multiple targets can be updated simultaneously. Targets can be added or deleted from the Networks window.
2. Define provider admin domain
The PAD is made up of all the "Regions" managed by VPN SC. To define a PAD,
a. Specify a BGP autonomous region number, the PE routers with each region, and the IP address pools for numbered and unnumbered links.
VPN Console > Setup > New Provider Administrative Domain
3. Create VPN customer definition.
a. Specify customer information, customer sites, and associated CE devices to define a VPN customer.
VPNConsole > Setup > New VPN Customer
b. Specify name and contact information in the VPN Customer window.
c. Title each site and "Add" CE devices in the Customer Site window.
a. Select a VPN name and topology to define a VPN. Typically, the VPN named is relative to the customer.
VPNConsole > Setup > New VPN Definition
To provision using the Cisco MPLS VPN SC you create and deploy service requests.
VPNSC is task schedule oriented. These tasks are saved and can be reused. Task examples are:
To create a service request, perform the following:
1. Initialize the VPN Solution Center PAD, Region, IP address pool, PEs, Customer, Sites, CEs, VPNs, and CE routing communities.
2. Create a PE to CE Service Request.
3. Add the VPN Service Wizard to define the service.
c. Define the VPN membership of the CE
d. Choose the routing protocol between PE-CE
e. Select a protocol if redistributed on this link
f. Choose the PE and CE interfaces
g. Enter layer 2 information (i.e. DLCI)
h. Choose an addressing scheme
4. Configure routing protocols.
a. Specify subnets on PE to reach CE addresses
Redistributed Connected and Static by Default from VRF into VPN
Provision > Export SR configlets
Defined service requests are queued and wait in the "Requested" state. Requested SRs can be deployed in batches, or individually, by a scheduled task, or immediately.
a. Upload PE Configuration (read from network)
c. Create MPLS/VPN Configlet based on uploaded configuration
d. Download CE configuration (write to network)
f. Upload PE Configuration (read from network)
h. After Deployment List all Service Requests - requests in "Pending State" if not audited upon deployment
The following Cisco remote access to MPLS VPN Integration solution hardware elements are supported. Refer to the "Reference Documentation" section for platform specific documentation URLs, IOS configuration URLs, MPLS VPNSC reference URLs, and technology overview URLs.
The following Cisco remote access to MPLS VPN Integration solution software elements are supported.
Cisco MPLS VPN access provider, service provider, and customer CPE, CE, PE, concentrator, access server, aggregation, gateway, and headend hardware components use Cisco IOS software. Cisco IOS software provides the capability to configure Cisco routers and switches using command-line interface (CLI) commands.
Keep in mind the following when configuring your Cisco IOS software:
|
Note Cisco IOS software is feature specific and licensed on an "as is" basis without warranty of any kind, either expressed or implied. The version of Cisco IOS software used in this guide varies depending on configuration requisites for presentation purposes, and should not be construed as the Cisco IOS software version of choice for your system or internetwork environment. Consult your Cisco sales representative regarding your Cisco IOS requirements. |
Cisco routers/servers are configured from user interfaces, known as ports, which provide hardware connectivity. They are accessed from the console port on a router or Telnet into a router interface from another host. Typical interfaces are Serial 0 (S0), Serial 1 (S1), and Ethernet (E0). Token Ring interfaces are referenced as (T0) and FDDI interfaces use (F0).
When using the CLI, a command interpreter, called EXEC, is employed by the operating system to translate any command and execute its operation. This command interpreter has two access modes, user and privileged, which provide security to the respective command levels. Each command mode restricts you to a subset of mode-specific commands.
User mode provides restricted access and limits router configuration or troubleshooting. At this level, miscellaneous functionality is performed, such as viewing system information, obtaining basic router status, changing terminal settings, or establishing remote device connectivity.
Privileged mode includes user mode functionality and provides unrestricted access. It is used exclusively for router configuration, debugging, setting operating system (OS) parameters, and retrieving detailed router status information.
There are many modes of configuration within privileged mode that determine the type of configuration desired, such as interface configuration (AS5800(config-if)#), line configuration (AS5800(config-line)#), and controller configuration (AS5800(config-controller)#). Each configuration command mode restricts you to a subset of mode specific commands.
In the following command sequence, command prompts are automatically modified to reflect command mode changes. A manual carriage return is implied at the end of each line item.
The last message is an example of a system response. Press Enter to get the AS5800# prompt.
Table 1-1lists common configuration modes. Configure global parameters in global configuration mode, interface parameters in interface configuration mode, and line parameters in line configuration mode.
Table 1-1 Common Command Modes
Context-sensitive help is available at any command prompt. Enter a question mark (?) for a list of complete command names, semantics, and command mode command syntax. Use arrow keys at command prompts to scroll through previous mode-specific commands for display.
|
Note Cycle through mode specific commands at a mode specific prompt. |
Refer to the chapter "Configuring the User Interface" in the Configuration Fundamentals Configuration Guide for more information about working with the user interface in the Cisco IOS software.
|
Note You can press Ctrl-Z in any mode to immediately return to enable mode (AS5800#), instead of entering exit, which returns you to the previous mode. |
To prevent losing the Cisco AS5800 configuration, save it to NVRAM using the following steps:
AS5800#.
|
Note Press Ctrl-Z to return to privileged EXEC mode. Any subsequent system response message is normal and does not indicate an error. |
Step 2 Execute the copy running-config startup-config command to save configuration changes to nonvolatile random-access memory (NVRAM) so configuration data will not be lost during a system reload, power cycle or outage.
The following message and prompt appears after a successful configuration copy.
To undo a command or disable a feature, enter the keyword no before the command; for example, no ip routing.
Several passwords are used when configuring your Cisco IOS software. Passwords are used to identify user authorization and permission rights, virtual terminal configuration, and network management software initialization. Most passwords can use the same notation.
You need the following types of passwords when configuring Cisco IOS software:
|
Note The enable password and enable secret password should be different. In both cases, you cannot use a number cannot be the first character. Spaces are also valid password characters, but only when following valid characters; lead spaces are ignored. |
Posted: Fri Mar 28 15:56:14 PST 2003
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.