Key Points in CCIE Exam - MPLS VPN Technology

MPLS VPN technology is a key point in the CCIE exam. Does it have practical uses in real networks? Can these technologies be implemented in practice? Can MPLS VPN technology improve your job search?

Routing comes first, then data

1. Briefly explain what MPLS VPN is

MPLS VPN technology has been deployed since 2002, but after decades of development, a set of methods have been formed to implement and maintain this technology. MPLS VPN can actually be divided into MPLS and VPN technologies. MPLS VPN refers to multi-protocol label switching technology. VPN is isolated at the routing level. MPLS VPN can be understood as multi-protocol label switching technology isolated by routing.

2. What effects can MPLS VPN achieve?

On the premise of a set of physical hardware, the routing tables are separated according to different services, and the routing tables of each business network run independently.

(1) MPLS VPN Design

• MPLS VPN Step 1: Address Planning MPLS VPN
• Step 2: IGP routing planning MPLS VPN
• Part 3: BGP Design and Planning MPLS VPN
• Part 4: Post-network maintenance

(2) Address planning

• Physical address: The address for interconnection between network devices, mainly /30, with two valid addresses;
• Loopback address: mainly specified by route-id, used by IBGP to establish neighbors, and mainly used for later maintenance and management of equipment;
• Business address: data planning business address of access devices such as PCs or server devices;

The three types of addresses should not be repeated because they have different purposes.

Knowledge point: Understand the differences between physical address, loopback address and business address;

• Physical address: interconnection between major network devices;
• Loopback address: mainly route-id, IBGP, and device management;
• Business address: PC, Server, business terminal;

(3) IGP routing planning

Protocol Design Topology

Network point: The network point design uses multi-area segmentation to reduce LSA flooding;

Cities:

• The downstream device ospf 100 in the prefecture-level city redistributes to ospf 591 for route filtering, and publishes the network point loopback port address (/32 address) to the prefecture-level city;
• The static routes from the city's downstream devices to the city's upstream devices are redistributed to ospf 100;
• At the IGP level, it is necessary to ensure that the loopback address of the network point is reachable to the loopback address of the upstream device in the city to establish a BPG neighbor;

Knowledge point: OSPF design needs to take into account the SPF algorithm calculation problem caused by LSA flood prevention

• If there are many devices, we need to design multiple areas;
• In complex environments, OSPF aggregation and filtering can be performed by considering OSPF multi-process redistribution for filtering;

(4) BGP Planning

In BGP VPNV4 planning, we need to determine the roles, PE as the egress of traffic, P device as part of the pipeline, and RR device route reflection to neighbors;

• PE: As the traffic egress, it opens up the service network and MPLS VPN pipeline and can identify BGP data packets;
• P: As part of the pipeline in MPLS VPN, it mainly transmits data through label switching and cannot identify BGP packets;
• RR: As the part of BGP VPNV4 that transmits routes, its main function is similar to that of RR in BGP;

Knowledge point: MPLS VPN planning, we need to know the role of each role

• The PE device is located at the exit of the VPN pipeline and can determine the device that opens the pipeline and the direction of the exit traffic;
• P device VPN pipe, unable to identify the structure in the data;
• The RR device plays the same role as the RR in BGP, reflecting BGP VPNV4 routes to neighbors;

Routing in MPLS VPN goes through several processes:

• The virtual routing table corresponding to the route is marked with the corresponding RD and RT, where the RT value is (community);
• The peer PE receives the tag with the RT value and adds it to the corresponding virtual routing table;

3. Understanding MPLS VPN

(1) Routing and data

We need to discuss MPLS VPN from two aspects, the routing level and the data level; the routing tag is divided into rd and rt values, and the data level is divided into inner and outer labels;

(2) How to understand rd and rt

To split the routing table into several parts for transmission, first mark the corresponding routing table to distinguish the routing table;

• rd is the local marked routing, because the rt value is based on the bgp route selection, and then the community is performed, so the rd value exists;
• t is the community tag transmitted in BGP; (when the route fails, there will be no community tag, at this time, the rd value should be used to mark the failed route); simply understand that the rd value is the local tag, which is valid locally; the rt value is transmitted in BGP VPNv4, and local redistribution will also flow back to the local area;

(3) How to understand double-layer labels

Labels are divided into inner and outer labels

• When the data packet is connected from the CE device to the interface of the PE device, an inner label is added;
• When the PE device sends data to the P device, it adds an outer label;
• When it reaches the peer PE device, the outer label pops up;
• When the peer PE device sends the message to the CE device, the inner label is popped up;