frames or, sometimes, giants or baby giants). Some
devices support jumbo frames, and some devices need to be
configured to support the frames. Label switching increases the
maximum MTU requirements on an interface because of the
additional label headers. The interface MTU is automatically
increased on WAN interfaces, but not on LAN interfaces. Because
the MTU is not automatically increased on LAN interfaces, you
must increase the MTU manually using the mpls mtu
command. To set the per-interface MTU for labeled packets, use
the mpls mtu interface configuration command as shown in
Figure . The only parameter in the mpls mtu command is
bytes. This parameter specifies the MTU in bytes. The minimum
MTU is 64 bytes. The maximum MTU depends on the type of
interface medium that is being used. Figure shows an example
label switching MTU configuration script. The MPLS MTU size has
to be increased on all routers that are attached to a LAN
segment (in the example, Routers B and C). Additionally, the
LAN switch (Cat6000) that is used to implement switched LAN
segments needs to be configured to support jumbo frames.
Content 4.4 Describing MPLS VPN Technology
4.4.1 MPLS VPN Architecture VPNs have evolved
in a number of virtual networking concepts that are discussed
in this lesson: - VLANs allow you to implement isolated
LANs over a single physical infrastructure.
- Virtual
private dialup networks (VPDNs) allow you to use the dial-in
infrastructure of a SP for private dialup connections.
- VPNs allow you to use the shared infrastructure of a SP to
implement your private networks. There are two implementation
models:
- Overlay VPNs: Includes technologies such
as X.25, Frame Relay, ATM for Layer 2 Overlay VPN, and Generic
Routing Encapsulation (GRE) and IPsec for Layer 3 Overlay VPN.
With overlay VPNs, the SP provides virtual point-to-point links
between customer sites.
- Peer-to-peer VPNs:
Implemented with routers and respective filters, with separate
routers for each customer, or with the MPLS VPN technology.
With peer-to-peer VPNs, the SP participates in customer
routing.
Figure illustrates some key VPN
implementation technologies, highlighting the two major VPN
models, overlay and peer-to-peer. Overlay VPNs—Layers 1, 2,
and 3
Layer 1 overlay VPN: The Layer 1 overlay
VPN model is mentioned only for historical reasons. This
implementation adopts the traditional time-division
multiplexing (TDM). The SP sells Layer 1 circuits (bit pipes)
that are implemented with technologies such as ISDN, digital
service level zero (DS0), E1/T1, synchronous digital hierarchy
(SDH), and SONET. Essentially this means that the SP assigns
bit pipes and establishes the physical-layer (Layer-1)
connectivity. The customer implements all higher layers, such
as PPP, High-Level Data Link Control (HDLC), and IP. Layer 2
overlay VPN: The Layer 2 overlay model is a traditional
switched WAN model and is the basis for traditional VPN
implementations. A Layer 2 overlay VPN is implemented with
technologies including X.25, Frame Relay, ATM, and Switched
Multimegabit Data Service (SMDS). Using the Layer 2 overlay
model, the SP sells virtual circuits (VCs) between customer
sites as a replacement for dedicated point-to-point links. The
SP is responsible for transport of Layer 2 frames between
customer sites, and the customer is responsible for all higher
layers. The figure shows a typical Layer 2 overlay VPN
implemented by a Frame Relay network. Figure is an example of a
Layer 2 overlay VPN using Frame Relay. In this example, the
customer needs to connect three sites to Site A (the central
site, or hub) and orders connectivity between Site A (hub) and
Site B (spoke), between Site A and Site C (spoke), and between
Site A and Site D (spoke). The SP implements this request by
providing three permanent virtual circuits (PVCs) across the
Frame Relay network. Note
The implementation that
appears in this example does not provide full connectivity;
data flow between spoke sites is through the hub. Layer 3
Overlay VPN: Figure illustrates a Layer 3 overlay VPN
implementation. From the Layer 3 perspective, the SP network is
invisible to the customer routers that are linked with emulated
point-to-point links. IP tunneling allows a destination to be
reached transparently without the source having to know the
topology specifics. Therefore, virtual networks can be created
by tying otherwise unconnected devices (at least in an indirect
sense they are not connected), or hosts together through a
tunnel. Tunnels also enable the use of private network
addressing across a SP’s backbone without the need for Network
Address Translation (NAT). The Layer 3 model establishes
tunnels with GRE or IPsec. The routing protocol runs directly
between customer routers that establish routing adjacencies and
exchange routing information. The SP is not aware of customer
routing and has no information about customer routes. The
responsibility of the SP is simply to provide point-to-point
data transport between customer sites. Peer-to-Peer
VPNs
The most significant drawback of the Layer 2
overlay VPN model is the need for customers to establish
point-to-point links or VCs between sites. The peer-to-peer
model adopts a simple routing scheme for the customer. Both the
SP and the customer networks use the same network protocol, and
the SP’s core carries all the customer routes. The provider
edge (PE) routers exchange routing information with the
customer edge (CE) routers, and CE and PE routers at each site
establish Layer 3 routing adjacencies between themselves.
Because of this implementation, peer-to-peer routing between
sites is now optimal. Fully meshed deployment of point-to-point
links or VCs over the SP backbone is no longer required for
attaining optimal routing. Since there is no overlay mesh to
contend with, it is easy to add new sites and circuit capacity
sizing does not create problems. Because the SP now
participates in customer routing, provider-assigned or public
address space needs to be deployed at the customer’s network,
so private addressing is no longer an option. Figure shows an
example of peer-to-peer routing. The formula to calculate how
many point-to-point links or VCs are needed is ([n]*[n-1])/2,
where n is the number of sites that must be connected. For
example, if you need to have full mesh connectivity among four
sites, you will need a total of six (4*[4-1]/2) point-to-point
links or VCs. To overcome this drawback and provide the
customer with optimum data transport across the SP backbone,
Cisco introduced the peer-to-peer VPN concept. In this concept,
the SP actively participates in customer routing. The SP
accepts customer routes, transports those customer routes
across the SP backbone, and finally propagates the routes to
other customer sites.
Content 4.4 Describing
MPLS VPN Technology 4.4.2 Benefits and
Drawbacks of Each VPN Implementation Model Each VPN model
has benefits and disadvantages. Figure shows the benefits and
disadvantages of overlay VPNs: - There are two benefits
of overlay VPNs:
- Overlay VPNs are well known and easy
to implement from both customer and SP perspectives.
- The SP does not participate in customer routing, making the
demarcation point between SP and customer tasks easier to
manage.
- There are three disadvantages of
overlay VPNs:
- Layer 2 overlay VPNs require a full mesh
of VCs between customer sites to provide optimum intersite
routing.
- All VCs between customer sites have to be
provisioned manually, and the bandwidth must be provisioned on
a site-to-site basis (which is not always easy to
achieve).
- The IP-based Layer 3 overlay VPN
implementations (with IPsec or GRE) incur high encapsulation
overhead—ranging from 20 to 80 bytes per transported
datagram.
Figure shows the benefits and
disadvantages of peer-to-peer VPNs: - There are two
benefits of peer-to-peer VPNs: