FACULITY 0F TECHNOLOGY

SCHOOL OF ELECTRICAL AND COMPUTER ENGINEERING

COMPUTER STREAM

COMPUTER NETWORK SECURITY ASSIGNMENT(1)

GROUP MEMBERS ID NO
1 ALENE MEHARI 00403
2 BIRHANU BERHE 00970
3 BERHE GEZU 00857
4 ASSEFU ABRIHA 00620
5 ALAZAR TEDROS 00327
6 NIGUS SAMRAY 03223

Page5

1
Multi Protocol Label Switching (MPLS)

Introduction
The deployment of a flexible, efficient Internet Protocol/Multiprotocol Label Switching

(IP/MPLS) packet infrastructure has become the key driver for service providers in

building next-generation networks (NGNs). There are compelling financial, technological

and competitive advantages in deploying a converged network. Capital expenditures

(CAPEX) are focused on efficient and extensible packet infrastructures. Convergence

allows service providers flexibility and economies of scale that are not possible with

multiple single-purpose networks.

When moving from circuit-switched to packet-switched technology operators have to

implement packet-based connectivity for both voice and data services in the IP core

network. This means that local area connectivity is needed between core network elements

on the sites and wide area connectivity is needed between the core network sites

MPLS is an Internet Engineering Task Force (IETF) specified framework which provides for

efficient routing, forwarding and switching of traffic packets through the network.

 MPLS depends independent to layer 2 and 3 protocols. This technology maps IP addresses to

fixed length labels used by different packet-forwarding and packet-switching

technologies. MPLS data transmission occurs on label switch paths (LSPs).

LSPs are sequence of labels at each and every node along the path from source to destination and

are established prior to data transmission or upon detection of certain flow of traffic.

For cost efficiency and in order to ensure compatibility with the emerging new services

IP/MPLS and Ethernet Local Area Network (LAN) are the baseline technologies for the IP

NGN network connectivity. In addition to being future proof these technologies offer the
Page5

best price performance ratio and best service availability on the market. Additionally the

IP/MPLS backbone can be used for consolidating dedicated networks such as charging
2
network management and Intranet traffic to one unified infrastructure.

The concepts and components of MPLS

Basic MPLS Concepts

• MPLS is a new forwarding mechanism in which packets are forwarded based on labels
• Labels may correspond to IP destination networks (equal to traditional IP forwarding)
• Labels can also correspond to other parameters (QoS, source address, etc.)
• MPLS was designed to support forwarding of other protocols as well

MPLS is a new switching mechanism that uses labels (numbers) to forward packets. Labels usually
correspond to L3 destination addresses (equal to destination-based routing). Labels can also correspond
to other parameters (Quality of Service [QoS], source address, etc.). MPLS was designed to support
other protocol stacks than IP as well. Label switching is performed regardless of the L3 protocol.

This figure illustrates a situation where the intermediary router does not have to perform a time-
consuming routing lookup. Instead this router simply swaps a label with another label (5 is replaced by
3) and forwards the packet based on the received label (3). In larger networks the result of MPLS
labeling is that only the edge routers perform a routing lookup. All the core routers forward packets
based on the labels
Page5

MPLS Components
3
A key to the success of MPLS and the L3 MPLS VPN is the use of "tunnels" created by the MPLS labeling.
Tunnelling in the service provider cloud has many benefits:

Only edge points (ingress and egress) need to understand the meaning of the inner network information
(prefixes); core routers simply switch traffic based on labels

 You can easily re-direct tunnel traffic explicitely

 Tunnels can be created within tunnels

 The tunnel is less prone to data spoofing

 The overhead with MPLS is relatively low (4 bytes per MPLS header)

Examine the Exhibit as we review some of the additional, key components of the L3 MPLS VPN:mpls
components

Notice how edge routers are known as Label Edge Routers (LERs) or Provider Edge Routers (PEs).
Routers in the core of the provider network are called Label Switching Routers (LSRs) or Provider (P)
routers. Label Switched Paths (LSPs) represent the path traffic takes through the provider MPLS
network. All of the traffic that is to be forwarded using the same path is known as the Forwarding
Equivalence Class (FEC). All of this traffic is forwarded with the same MPLS label. In the simple case of
the Routing and Switching CCIE Exam, the FEC typically consists of all packets with a destination address
of the BGP next-ho

Notice how the network is a thing of beauty for the Label Switching Routers (LSRs)/Provider (P) routers,
especially when you consider scalability. The service provider can add more customers and introduce
many more network prefixes into its infrastructure, but these prefixes only need to exist on Label
(Provider) Edge Routers (LERs/PERs). These edge devices are the "workhorses" of the provider network.
Notice among many jobs, it is their responsibility to identify the Label Switched Path (LSP) that the
packet is destined for.

Customer networks consist of Customer Edge routers (CEs) and Customer (C) routers. These devices
need no knowledge whatsoever about MPLS. They can be completely oblivious to the fact they are
interacting with a structure that uses MPLS as its basis for forwarding traffic.

In order to master MPLS for the CCIE R&S written and lab exam, this is the first of the terminology we
must commit to memory regarding MPLS. Please join me for future posts in this series.
Page5

MPLS Modes of Operation

4
•MPLS technology is intended to be used anywhere regardless of Layer 1 (L1) media and L2
protocol •MPLS uses a 32-bit label field which is inserted between L2 and L3 headers (frame-
mode) •MPLS over ATM uses the ATM header as the label (cell-mode)

MPLS is designed for use on virtually any media and L2 encapsulation. Most L2 encapsulations
are frame-based and MPLS simply inserts a 32-bit label between the L2 and L3 headers (“frame-
mode” MPLS). ATM is a special case where fixed-length cells are used and a label cannot be
inserted on every cell. MPLS uses the virtual path identifier/ virtual channel identifier (VPI/VCI)
fields in the ATM header as a label (“cell-mode” MPLS).

Label Format
MPLS uses a 32-bit label field that contains the following information: • 20-bit label • 3-bit
experimental field • 1-bit bottom-of-stack indicator • 8-bit time-to-live field (TTL)
LABEL EXP S TTL
0 19 22 23 31 20 24

A 32-bit label contains the following fields:

■ 20-bit label: The actual label
■ 3-bit experimental field: It is used to define a class of service (i.e. IP precedence)
■ Bottom-of-stack bit: MPLS allows multiple labels to be inserted; this bit is used to determine
if this is the last label in the packet
■ 8-bit time-to-live (TTL) field: It has the same purpose as the TTL field in the IP header

Page5

Architecture of MPLS Protocol Stack

Figure 2.4 shows MPLS protocol stack. The two main sections are control plane and data
5
plane. First one could be an embedded processor for fast efficient operation and data plane

could be implemented in programmable logic. The "IP Fwd" is the usual forwarding

module at layer 3 to do routing based on IP FWP next hop information in fact MPLS "Fwd"

forwarding module matches a label to an MPLS outgoing port for a given packet.
FWP
From the diagram LOP module uses TCP for reliable transmission of control data from
Data LINK
one LSR to another during a session. Label distribution protocol (LOP) is a new
protocol PHY

that defines a set of procedures and messages by which one LSR infom1s another of the

label bindings it has made. The LOP maintains the Label information base (LIB) and uses

user datagram protocol (UDP) during discovery phase. During this phase LSR tries to

identify neighboring elements and signals itself to inform about its presence in the

network using hello messages.

LOP protocol structure is illustrated in figure 2.4 and protocol stack fields are described

below. More on LOP messages are explained in section 2.7.4 and LOP header is shown in

figure 2.5 with header fields described below.

LDP CR-LDP

Control plane
TCP UDP

IP FWP

MPLS FWP
Page5

Data plane Data Link

PHY
6
 A B D

A,B;C Packet flow ,MPLS header is attacked for packets B and C

MPLS Applications
MPLS is already used in many different applications:

• Unicast IP routing
Page5

• Multicast IP routing

7
• MPLS-TE

• Quality of Service (QoS)

• Virtual private networks (MPLS VPNs)

• Any Transport over MPLS (AToM) Regardless of the application, the functionality is

always split into the control and the data plane:

• The applications differ only in the control plane

• They all use a common label switching data plane

• Edge LSR L3 data planes may differ

• In general a label is assigned to a Forwarding Equivalence Class (FEC)MPLS can be used in different
applications:

■ Unicast IP routing is the most common application for MPLS

■ Multicast IP routing is treated separately because of different forwarding requirements

■ MPLS-TE is an add-on to MPLS that provides better and more intelligent link utilization

■ Differentiated QoS can also be provided with MPLS

■ MPLS VPNs are implemented using labels to allow overlapping address space between VPNs

■ AToM is allowing transport of L2 frames (or cells) across an MPLS cloud The data plane is the same
regardless of the application. The control plane

however needs appropriate mechanisms to exchange routing information and labels. The term
“Forwarding Equivalence Class” (FEC) is used to describe the packets that are using the same Labeled
Switched Path (LSP) across the network

Page5

8
9
Page5