I. Why HoVPN?
In MPLS L3VPN solutions, PEs are the key devices. They provide two functions:
- User access. This means that the PEs must have a large amount of interfaces.
- VPN route managing and advertising, and user packet processing. These require that a PE must have a large-capacity memory and high forwarding capability.
MPLS L3VPN, on the contrary, is a plane model where performance requirements are the same for all PEs. If a certain PE has limited performance or scalability, the performance or scalability of the whole network is influenced.
Due to the above difference, you are faced with the scalability problem when deploying PEs at any of the three layers. Therefore, the plane model is not applicable to the large-scale VPN deployment.
2) HoVPN
To solve the scalability problem of the plane model, MPLS L3VPN must transition to the hierarchical model.
In MPLS L3VPN, hierarchy of VPN (HoVPN) was proposed to meet that requirement. With HoVPN, the PE functions can be distributed among multiple PEs, which take different roles for the same functions and form a hierarchical architecture.
As in the typical hierarchical network model, HoVPN has different requirements on the devices at different layers of the hierarchy.
II. Implementation of HoVPN
Basic architecture of HoVPN
Devices
directly connected to CEs are called underlayer PEs (UPEs) or user-end
PEs, whereas devices that are connected with UPEs and are in the
internal network are called superstratum PEs (SPE) or service
provider-end PEs.
The hierarchical PE consists of multiple UPEs and SPEs, which function together as a traditional PE.
Note:
With the HoVPN solution, PE functions are implemented hierarchically. Hence, the solution is also called hierarchy of PE (HoPE).
- A UPE allows user access. It maintains the routes of the VPN sites that are directly connected with it, It does not maintain the routes of the remote sites in the VPN, or only maintains their summary routes. A UPE assigns inner labels to the routes of its directly connected sites, and advertises the labels to the SPE along with VPN routes through MP-BGP.
Different roles mean different requirements:
Note that the concepts of SPE and UPE are relative. In the hierarchical PE architecture, a PE may be the SPE of its underlayer PEs and a UPE of its SPE at the same time.
The HoPE and common PEs can coexist in an MPLS network.
2) SPE-UPE
The MP-BGP running between SPE and UPE can be either MP-IBGP or MP-EBGP. Which one to use depends on whether the UPE and SPE belong to a same AS.
With MP-IBGP, in order to advertise routes between IBGP peers, the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. However, it does not act as the RR of the other PEs.
3) Recursion and extension of HoVPN
HoVPN supports HoPE recursion:
With recursion of HoPEs, a VPN can be extended infinitely in theory.
A
three-level HoPE. The PE in the middle is called the middle-level PE
(MPE). MP-BGP runs between SPE and MPE, as well as between MPE and UPE.
MP-BGP advertises all the VPN routes of the UPEs to the SPEs, and advertises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs.
The SPE maintains the VPN routes of all sites in the HoVPN, while each UPE maintains only VPN routes of its directly connected sites. The number of routes maintained by the MPE is between the above two.
- SPE: An SPE is required to have large-capacity routing table, high forwarding performance, and fewer interface resources.
- UPE: A UPE is required to have small-capacity routing table, low forwarding performance, but higher access capability.
Note that the concepts of SPE and UPE are relative. In the hierarchical PE architecture, a PE may be the SPE of its underlayer PEs and a UPE of its SPE at the same time.
The HoPE and common PEs can coexist in an MPLS network.
2) SPE-UPE
The MP-BGP running between SPE and UPE can be either MP-IBGP or MP-EBGP. Which one to use depends on whether the UPE and SPE belong to a same AS.
With MP-IBGP, in order to advertise routes between IBGP peers, the SPE acts as the RR and advertises routes from IBGP peer UPE to IBGP peer SPE. However, it does not act as the RR of the other PEs.
3) Recursion and extension of HoVPN
HoVPN supports HoPE recursion:
- A HoPE can act as a UPE to form a new HoPE with an SPE.
- A HoPE can act as an SPE to form a new HoPE with multiple UPEs.
- HoVPN supports multi-level recursion.
With recursion of HoPEs, a VPN can be extended infinitely in theory.
Recursion of HoPE
Note:
The term of MPE does not really exist in a HoVPN model. It is used here just for the convenience of description.MP-BGP advertises all the VPN routes of the UPEs to the SPEs, and advertises the default routes of the VPN instance of the SPEs or the VPN routes permitted by the routing policies to the UPEs.
The SPE maintains the VPN routes of all sites in the HoVPN, while each UPE maintains only VPN routes of its directly connected sites. The number of routes maintained by the MPE is between the above two.
No comments:
Post a Comment