MPLS VPN RD 64-bit or 48-bit ?

各位如果注意看MPLS正式教材的內容,你會發現到一段訊息:
MPLS Vol.2 P.5-22 The RD can be specified in one of these two formats:
。16- bit autonomous system(AS) number followed by a 32-bit decimal number(ASN:nn)
。32-bit IP address followed by a 16-bit decimal number(A.B.C.D:nn)
此時各位如果真的有認真看書的話,你會腦袋中浮現一個問號? RD不是8 bytes(64 bits)嗎? 怎麼這邊加起來只有16 + 32 or 32 + 16 bits ? 後來我詢問了一下我們家資深講師,我大概了解了其中原由,因為RD分為兩種類型(Type 0 & Type 1),因此事實還有兩個位元組(2 bytes * 8=16 bits)就是用來指定類型的。

後來我在網路上找到一篇Jeff Doyle的文章有提到關於這個部份的說明,因此順便摘錄如下:



The first requirement is met by using a Route Distinguisher (RD). The RD is a 64-bit value that is prepended to a prefix to associate it with a specific VPN user. The VPN service provider assigns a unique RD each user, and possibly to each user site. The RD is prepended to every prefix advertised by each user before the prefix is added to the BGP table. 
In our example of five different VPN users advertising 10.1.1.0/24, RDs might be prepended as follows:
-       User A, at site 1:             1:1:10.1.1.0/24
-       User B, at site 1:             2:1:10.1.1.0/24
-       User C, at site 1:             3:1:10.1.1.0/24
-       User D, at site 2:            4:2:10.1.1.0/24
-       User E, at site 3:            5:3:10.1.1.0/24
You can easily see that because of the RDs, the five prefixes that were numerically identical are now unique.
But they are also no longer IPv4 addresses. The addresses created by prepending an RD belong to an address family called VPN-IPv4. And because BGP must advertise this VPN-IPv4 address family in addition to the default IPv4 address family, we use Multiprotocol BGP (MBGP).
For the second requirement, creating policies to determine what prefixes belong in what information tables, a solution might be to create VPN-IPv4 prefix filters for each local information table. But prefix filters don’t scale well operationally, particularly in the presence of hundreds or thousands of individual VPN users.
Filtering on VPN-IPv4 addresses also isn’t as flexible as we would like. For example, user A and user B might want to create a VPN-based intranet between them, advertising a limited subset of their mutual address spaces to each other.
Fortunately, BGP already has a policy tool created especially for applying flexible policies to large groups of prefixes: Communities. The BGP Communities path attribute is a “tag” that can be applied to BGP prefixes. As the name implies, prefixes sharing the same tag comprise a “community” to which some common policy can be applied.
Communities also provide for wide policy flexibility, because a single prefix can have multiple Communities attached to it. So you can create a policy that applies only if a specific Community is recognized, or if some combination of Communities is recognized.
BGP Communities also come in two “flavors”: Standard Communities are 32-bit values; Extended Communities are 64-bit values. And that brings us back to the VPN discussion.
MPLS VPNs use a 64-bit Extended Community attribute called a Route Target (RT). At a given PE, you create an outgoing policy that attaches an RT to prefixes advertised by a VPN user site attached locally to the PE. You then create an incoming policy at all other PEs where that user has attached sites, recognizing the user’s one or more RTs and accepting the associated prefixes into the user’s local VPN information table.
The difference between Route Distinguishers and Route Targets tends to be a source of confusion for many networkers, primarily because they are both 64-bit values that are formatted in exactly the same way. Each has a 2-byte Type field that specifies one of two format types: Either Type 0 or Type 1.  Two fields, the Administrator field and the Assigned Number field, follow the Type field. Type 0 RDs and RTs have a 2-byte Admin field and a 4-byte Assigned Number field; type 1 RDs and RTs have a 4-byte Admin field and a 2-byte Assigned Number field. In both cases the Assigned Number field is some arbitrary number that you define; although the Admin field can also be an arbitrary number if you like, the two types allow you to make that field either a 2-byte AS number or a 4-byte IP address.
The important point, though, is that although RDs and RTs are the same in format they are entirely different animals performing entirely different tricks. Remember that Route Distinguishers serve only to make potentially identical prefixes unique, while Route Targets are a type of BGP Communities attribute that enable distribution of reachability information to the correct information table.

Comments

Post a Comment

Popular posts from this blog

TCP/IP 明確擁塞通知 (ECN)

Image
當路由器擁塞的程度已經達到填滿傳入封包緩衝區而開始捨棄封包時,會影響網路而縮減頻寬,對資料損失敏感或具時效性的傳輸量流動會進而受到衝擊,而且可能在擁塞之後產生連結閒置時間。TCP/IP 明確擁塞通知 (ECN) 讓路由器能夠通知「傳輸控制通訊協定」(TCP) 對等體,由於網路擁塞,緩衝區已滿。TCP 對等體會以減緩資料傳輸來回應,協助防止封包損失。 明確擁塞通知(Explicit Congestion Notification) TCP/IP 的 ECN 支援同時使用 IP 及 TCP 標頭中的未使用位元。 • 在 (IP) 網際網路層上,轉送封包時,傳送主機必須能夠表示有能力執行 ECN,而路由器則必須能夠指出所遇到的擁塞狀況。 • 在 (TCP) 傳輸層,TCP 對等體必須彼此表明有能力執行 ECN。接收端對等體必須能夠通知傳送端對等體,已經從遇到擁塞狀況的路由器接到封包;傳送端對等體必須能夠通知接收端對等體,已經從接收端對等體接到擁塞指標,並且已經降低傳輸速率。 IP 中的 ECN 支援 IP 標頭中的 8 位元 [Type of Service (TOS)] 欄位最先定義於 RFC 791 中,指出封包由路由器進行非預設傳送的傳送優先順序、延遲、輸送量、可靠性,以及成本等特性。TOS 欄位在 RFC 2474 中重新定義,以包含 6 位元區別服務代碼點 (Differentiated Services Code Point, DSCP) 及兩個未使用的位元。DSCP 值表示的傳送優先順序會對應於先前在內部網路的路由器中設定的佇列。IP 中的 ECN 支援使用 RFC 2474 所定義 TOS 欄位的兩個未使用位元。[圖 1] 顯示 ECN 中 TOS 欄位的新定義。 圖 1:ECN 中 TOS 欄位的新定義 RFC 2474 所定義 TOS 欄位中的兩個未使用位元在 RFC 3168 中定義為 ECN 欄位,欄位的值如下: • 00 傳送主機不支援 ECN。 • 01 或 10 傳送主機支援 ECN。 • 11 路由器已遇到擁塞狀況。 具備 ECN 功能的主機傳送其封包時,會將 ECN 欄位設定為 01 或 10。對於具備 ECN 功能的主機所傳送的封包,如果路徑中的路由器具備 ECN 功能,但是正遇到擁塞狀況,則 ECN 欄位會設定為 11。一旦 ECN
Read More »

L2TPv3 Enables Layer 2 Services for IP Networks

Image
White Paper -------------------------------------------------------------------------------- Layer 2 Tunneling Protocol Version 3 Enables Layer 2 Services for IP Networks The competitive environment for service providers has changed considerably since the Internet became a global force in the 1990s. Enterprises are no longer signing up for new IP-based services for the novelty or out of fear of being left behind by the competition. The challenge for service providers today is to grow their businesses by expanding their customer base and service revenue in a more cautious spending environment. Most enterprises are taking a more conservative approach to network investments. New IP-based services give enterprises an opportunity to improve their productivity and competitiveness while lowering their existing network expenses. Service providers that offer these services and savings can grow their customer base and service revenue. This white paper focuses on one such opportunity—offering tra
Read More »

Q-in-Q(Dot1Q Tunnel) Sample Configuration

透過IEEE 802.1q in IEEE 802.1q(Q-in-Q)的方式,我們可以讓VLAN的數量增加超過4096(4096*4096),也可以讓客戶自行設定Trunk穿過Service Provider所提供的Ethernet Solution(如:FTTx)。 假設現在的網路架構為: SW1 F0/1 <- SP VLAN 10 -> SW2 F0/1 兩端的設備都是連接到VLAN 10,因此在兩端的Switch啟用Dot1q Tunnel建立Trunk SW1(config)#vlan dot1q tag native !預設,Native VLAN不會加上tag,如果在Q-in-Q中要針對native vlan加tag,必須使用上述指令 SW1(config)#int f0/1 SW1(config-if)#switchport mode dot1q-tunnel SW1(config-if)#switchport access vlan 10 SW1(config)#system mtu 1508 !一般Switch預設system mtu 1500,為了支援多層tag,必須加大MTU,設定完成必須reload switch SW2(config)#vlan dot1q tag native !預設,Native VLAN不會加上tag,如果在Q-in-Q中要針對native vlan加tag,必須使用上述指令 SW2(config)#int f0/1 SW2(config-if)#switchport mode dot1q-tunnel SW2(config-if)#switchport access vlan 10 SW2(config)#system mtu 1508 !一般Switch預設system mtu 1500,為了支援多層tag,必須加大MTU,設定完成必須reload switch
Read More »