Scribd
Upload
87 views

Vplsvabgp Mpls VPN: Dichvu

MPLS VPN is a technology that allows customers to connect their multiple sites over a shared MPLS backbone network as if they were using a private network. There are two main types of MPLS VPN services: Layer 3 VPN and Layer 2 VPN. BGP MPLS VPN is a representative technology for Layer 3 VPNs that uses MPLS for tunneling and BGP for exchanging routing information. It provides network isolation, flexibility, and security for customers. VPLS is a representative technology for Layer 2 VPNs that emulates LAN connectivity over an MPLS network.

Uploaded by

MichaelNguyễn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
87 views

Vplsvabgp Mpls VPN: Dichvu

MPLS VPN is a technology that allows customers to connect their multiple sites over a shared MPLS backbone network as if they were using a private network. There are two main types of MPLS VPN services: Layer 3 VPN and Layer 2 VPN. BGP MPLS VPN is a representative technology for Layer 3 VPNs that uses MPLS for tunneling and BGP for exchanging routing information. It provides network isolation, flexibility, and security for customers. VPLS is a representative technology for Layer 2 VPNs that emulates LAN connectivity over an MPLS network.

Uploaded by

MichaelNguyễn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

CONG NGHE VIEN THONG

DICHVU
V P L S VA BGP
MPLS VPN

Tran Quoc Khanh

He thdng mang truyen tii mdi dua tren cdng nghe chuyen mach IP lop 3. Nd cho phep mot mach io
Ethernet, IP vi MPLS dip img nhu cau ket ndi mang hoac dudng ham duge tao tren mang dudng true IP
ndi bo eie doanh nghiep, thay the cie kieu ket ndi vi du Ueu ed the dugc chuyin mach don giin vi
truyen thong bang thdng han hep, chi phi gia thanh nhanh chdng qua dudng him mi khdng cin phin
eao. Vdi IP/MPLS, dich vu mang heng ao (VPN) la tich eie gdi tin rieng hoac tinh toin dinh tuyin din
giai phip ket ndi mang linh hoat, chi phi thap, hd eie nut mang khic. MPLS ciing hd trg chit lugng
trg da dieh vu. Bii viet phin tich 2 loai dich vu dich vu, ky thuat luu lupng vi tinh sin sing cita
VPN tren nen MPLS: Mang heng ao giao thirc cong mang ATM vol kha nang ma rdng, tinh da diem eiia
dudng bien Chuyen mach nhan da 0ao thiic BGP mang IP.
MPLS VPN - VPN Idp 3 vi Dieh vu LAN heng io VPLS Ciu trite ciia mang MPLS gom cac bd dinh tuyin
- VPN Idp 2, so sanh eie uu nhugc diem tren quan bien (router PE) giao tiip vdi thiit bi tai mang khach
diem nhi eung cap dieh vu vi khach hang. hang (CE) vi cae bd dinh rayin trang tam (Router
P) chuyen tiip eic gdi tin MPLS trong mang. PE cd
1. CONG NGHE MPLS VA DICH VU VPN 2 giao dien: giao dien giao tiip vdi mang MPLS vi
MPLS giao dien 0ao tiip vdi mang IP. PE su dung bing
chuyen tiip nhan lua chpn dudng dan ehuyin mach
Mang trayin til ddng vai trd vd cimg quan trgng
trong md hinh mang eiia mdi nha cung cip dich vu - nhan (LSP) din cie router P vi dinh rayin cie gdi
ISP. Vdi nhu ciu gla tang nhanh bing thdng dudng tin IP tren ca sd thdng tin thiit bi CE. Viec phin phdi
true, mang trayin til dugc thiit ki theo hudng day vi trao doi nhan su dung giao thirc phan phdi nhan
phan phire tap nhu dinh rayin ve lop bien, phin (LDP). Cie giao thitc dinh rayin trong mang IP dugc
mang loi chi xit ly don giin nhu chuyen mach de bo sung ky thuat luu lugng trong mang MPLS nhu
ting khi ning dip img cua mang 161. Cdng nghe RSVP-TE, OSPF-TE, ISIS-TE.
MPLS dugc thiit ki cho md hinh niy vol uu diem Mot trong eie dich vu dugc phit triin tren nin
hon so vdi dinh rayen gdi tin thuin tiiy - ehuyin mang MPLS li dich vu VPN. Tren khia carih nha
tiep nhan thay vi dpe gdi tm IP vi lira chgn dudng cung cap dich vu, dich vu VPN - mang rieng io
dinh tiiyen trade khi ehuyin tiep goi tin. MPLS la eung cap dich vu kit ndi nhiiu mang khich hang
kit hgp ciia kiiu chuyin mach ATM Idp 2 tien mang qua mang chia si chung. Dich vu VPN su dung kit

TAP CHI CNTT&TT KY 1 (12.2009) 37


CONG NGHE V I E N THONG

Service Provider
MPLS Backbone
PE CE Tren n i n MPLS, dich vu VPN dugc phit triin
thanh 2 kiiu: VPN Idp 3 v i VPN lop 2. Diim khac
biet chinh eua 2 dich vu nay l i VPN lap 3 thuc hien
cdng viee dinh rayin phite tap cho mang cita khich
hing, cdn trong VPN Idp 2, khich hang phii tir ciu
hinh, quan ly dinh tuyin giiia eic site trong mang
cita minh. BGP MPLS VPN v i VPLS li 2 cdng nghe
dai dien cho VPN lop 3 v i Idp 2 tren n i n MPLS.
Hinh 1. Mo hinh mang MPLS

- PE 2. D I C H V U BGP MPLS V P N

BGP MPLS VPN cho phep cae site cita khach hing
kit ndi qua mang true IP nhu sit dung mang rieng.
BGP MPLS VPN dugc dinh nghia trong chuan IETF
RFC 2547bis. BGP MPLS VPN sit dung MPLS chuyen
tiip gdi tin qua mang trac v i BGP phin phdi dinh
rayin qua mang true. Mdi BGP MPLS VPN l i mdt
mang IP rieng vol eie dia chi IP cau hinh theo mang
Hinh 2. Mo hinh mang VPN khich h i n g tai eie CE v i PE.
Prjvoto Rout«s P« ering botween
Customer A CE and PE Mdi router PE quin ly mot Co eg thdng tin ehuyin
S«rvlco Provider
MPLS Backbono
tiep rieng ciia timg VPN, gpi l i bing Chuyen tiip
PE
PE
'- « dinh rayen io - VRF. Bing VRF chira eic thdng tin
paJ
CEV'*'^"^
dinh tuyin nhan tir thiit hi CE. Router PE sit dung
E3 k '
\ CE BGP lim bio hieu va cie giao thire dinh tuyin d i
l^apE phan phdi hudng di gdi tin d i n cie thiit bi CE. Thiet
Private Rout«s bl CE tro thinh ngang h i n g vdi router PE. Router
Custo tnor B E^CE
PE luu trii cie bing VRF ciing vdi bing dinh rayin
Intemet cua n h i cung cap dich vu.
Hinh 3. Mo hinh BGP MPLS VPN
Vai trd chuyen tiip MPLS l i quan trong bdi router
ndi io d i dim bio tinh rieng ra dir Ueu khich hang
P trong mang ldi khdng can biit vi thdng tin dinh
khi trayin qua mang dimg chung.
tuyin rieng dau khich hing. Router PE sit dung 2
Trong ha tang mang trayin til MPLS, eie site cua mio dau MPLS d i giao tiip tiidng tin dinh rayin.
khich hang A cd thi kit ndi bao mat qua mang n h i Router PE vao tiiem mio diu Next-Hop BGP v i mio
cung cip dich vu ma khdng bi can thiep bdi mang dau Next-Hop IGP (Interior Gateway Protocol) vao
cita khach h i n g B. Luu lupng mang A chay qua eic
gdi tin. Tai router PE ra, gdi tin dugc loai bo phan
dudng ham kit ndi rieng dugc tao ra trong mang
mio diu MPLS v i p h i n phdi tiip theo gdi tin IP d i n
MPLS kit noi eie site cua A. Cie kit ndi nay nhin
Router CE.
tii phia khach hing gidng nhu dich vu kenh rieng,
U'u nhu'dc diem ciia BGP MPLS VPN
hoac qua mdt dudng io bio mat tien ciing mdt kit
BGP MPLS VPN ed mdt sd uu diem khi lua chgn
ndi vat ly.

38 TAP CHI CNTT&TT KY 1 ( 1 2 . 2 0 0 9 )


CONG NGHE V I E N THONG

cho dich vu VPN: bang duih rayin, thuc hien nhiiu ehuc ning nen
- Tinh kit noi WAN - Cdng nghe niy su diing cho router PE phii ed eau hinh cao, thim chi dit hon
kit ndi nhiiu dia diim each biet vi vat ly, duge trien Router ldi.
khai nhu dieh vu thay thi hoac kit hgp vdi dich vu - Mang phire tap - Sd lugng dinh rayin ddng
VPN trayin thdng. nhiiu lim gia ting tii, lam giim kha ning xit ly cita
- Tinh dgng vi mim deo - Nhiing thay ddi ttong PE. Neu sd lugng khich hang ci nhin tang thi mang
sa do kit ndi cd the thuc hien tren VPN mi khdng can md rdng, bo sung eic router PE.
can cau hinh thu cdng tren thiet hi mang phia khich - Tinh on dinh vi toan ven mang - BGP MPLS VPN
hang. ed thi lim inh hudng din tinh on duih vi toan ven
- Tinh tirong thich - BGP MPLS VPN cd tiie duge cita mang. Niu thiit hi CE tai mdt khich hing boat
triin khai tren cie dich vu tray nhap trayin thdng ddng khdng on dinh vi tic dpng din router PE, thi
nhu Frame relay, dudng rieng, ATM. Ben canh dd, cae kenh dieh vu VPN eua khich hing khac cd thi
cie dieh vu hien tai di ding ning cap len mang hi anh hudng.
VPN mi khdng phii thay doi vi mat ciu tnic. - Quin ly mang phite tap - Cau hinh vi quan ly
- Tich hgp di dang - VPN cd thi dugc tich hgp di dieh vu phire tap, mdi khich hing ed mdt hd sa
ding cie dich vu IP khic nhu tray nhap Intemet, rieng tren router PE. Can phii quin ly bing dinh
web, IPSec VPN. tuyin rieng tren PE ddi vol moi khich hing. Quin
ly cau hinh CE la router ciing phire tap hon so vol
- Tinh mg rdng vi dp tin cay - BGP MPLS VPN ma
thiit bi Switch.
rdng di ding, kha nang ma rdng tdi da chi gidi han
bdi BGP vi dat dp tin cay eao dua tren BGP. - Them ciu hinh phia khich hing - Khich hing
phii cau binh, quin ly them viec dinh rayin den
Tuy nhien, BGP MPLS VPN ed mot sd gidi ban:
PE thay vl dinh tuyin din eie router trong mang
- Chi mang IP - Chimg chi diiu khiin luu lugng
eiiahg.
IP, khdng diiu khien luu lupng tren mang khic nhu
SNA hay IPX neu ehiing khdng duge ddng gdi tiong Trong khi mot vii cac han chi tren cd thi giii
gdi tin IP. Mac dii phan Idn khach hing dang chuyen quyit nhu ning cap phin cimg, phin mim cita
qua ca sd ha tang IP duy nhit, ray nhien van eon router PE de bo sung eic tinh ning va ning lire xu
rihiiu img dung chay tren cie mang khic. ly khic, thi mdt so han chi khic khdng di ding xu
ly. Khdng thi triin khai dich vu vol khach hang cd
- Chia se dinh tuyin - BGP MPLS VPN yeu ciu
nhiiu giao thire trong mdi tradng LAM neu mang cita
khich hang chia se thdng tin vi mien dinh rayin
hg khdng phai mang toin IP. Viee chia si thdng tin
tiong mang cita hg vol router PE. Diiu niy khdng
dinh rayen rieng trong mang khich hang vdi router
dugc nhiiu khich hing chap nhan vi tiit Id boat
PE eua nhi cung cap dich vu khdng dugc nhiiu
ddng ciing nhu cau tnic trong mang cita hp.
ngudi chap nhin. Hp mudn cd mot kit noi dich vu
- Router CE - De chia se thdng tin dinh rayin, trong sudt tir phia nha cung cip dich vu di tu quan
thiit bi CE tai khich hing phii li mot router chir ly, diiu khien vi bio mit ttong mang npi bg.
khdng duge la thiit bi don giin nhu Switch. Diiu
Ddi vdi mot sd nhi cung cap dich vu cd mang
niy raong img khich hing phii tdn tiiem ehl phi
dudng true IP Idn va da triin khai router ldi, BGP
tiang bi thiit bi cho mdi diim kit ndi.
MPLS VPN la lua chpn tdt phat tilin khi hp di dang
- Phu thudc eic router PE - Do yeu cau luu trii
them, bdt va thay doi dich vu, sit dung khim pha

TAP CHI CNTT&TT KY 1 (12.2009) 39


CONG NGHE V I E N THONG

No CE-PE routing Nguyen tic boat ddng co bin ciia dich vu VPLS
sit dung giao tiiirc phan phdi nhan (LDP) di tiiinh
lap mot mang diy dii eac dudng din chuyen mach
nhan (LSP) - dudng ham giua tit ci cie nut PE. Cie
dudng him dd dugc gin cie VPLS-ID nhin dang cie
kit ndi io (VC LSP) gitra cie nut PE cho mang VPN.
Cac VC LSP tao mdt ciu ndi logic cie PE ciu hinh
VPLS cho khach hang.
Hinh 4. Dich vu VPLS Tinh ning co bin ciia VPLS li khi nang tu hgc
XIC UHt., 1 I.uB>
dia chi MAC giti tii phia mang khich hing eiia cac
VIU lUCUb,, -^„ ^lU F.D
^nlllOT
m Ett LK.) hnl IM Dtr R-n-
router PE. Cie PE tiep nhin vi hpc dia chi MAC qua
cac gdi tin unicast hoac multicast girl qua mang. Cie
dia chi MAC sau khi tu hgc se dugc gin vdi mdt LSP
la ea so eho viec chuyin tiip gdi tin trayin giiia cac
nut PE.
Viee quin ly sd lugng Idn dia chi MAC trong VPLS
cd the thiie hien theo 2 giai phip. Cich thir nhat,
phia khach hang sit dung cac thiit bi CPE la router,
Hinh 5, Cache hoc dja chi MAC goi tin Broadcast khi dd cie PE nhin eic site phia khach hang nhu
mot dia chi MAC duy nhit. Cich thir 2, khi cie CPE
dinh tuyin tu ddng eua BGP, Tuy nhien vdi phin Idn
li thiit hi Switch, eic PE phii ed khi ning gidi ban
nhi eung cip dich vu Metro, gidi ban chinh eita BGP
sd dia chi MAC cd thi hpc tit mdi kit ndi din.
MPLS VPN li chi phi vi dp phire tap trong viec quan
ly vi tich hgp vdi he thdng diiu hinh (OSS). Cac u'u nhu'dc diem ciia VPLS

VPLS cd uu diem quan ttpng trong viec lua chgn


3. DICH v y VPLS dich vu Ethemet VPN
Giai phap lop 2 MPLS mdi nhat cung cap dich vu - Kit ndi dd thi - Ky thuat niy li y radng cho kit
da diem li dieh vu LAN rieng io - VPLS (Virraal ndi nhiiu diim trong mot khu vuc dd thi vi cd thi
Private LAN Service). Vdi VPLS, nhiiu mang khach trien khai thay thi hoac md rpng dich vu kit ndi
hing cd the giao tiip nhu kiiu kit ndi qua phan LAN-LAN trayin tiling.
doan mang LAN Ethemet rieng. VPLS nim tren - Chi phi bleu qui - VPLS cho phep nha cung cip
trayin tii MPLS vi viy thiit bi 161 li tuong tu BGP dich vu dugc Igi tir chi phi thip eua thiit bi Etiiemet,
MPLS. Diim khic nhau chinh li glac tiip giiia thiit don giin vi phd biin mi khdng phii thuc hien md
bi CE vi PE. Trong VPLS, CE khdng can li mot router rdng, dam bio dp tin eiy, ky thuat luu lugng vi cam
vi PE khdng ngang hang vdi thiit bi CE nen PE kit SLA.
khdng ein quin ly rieng biet bing dinh rayin ciia - Don 0 i n hda tien router PE - Vdi VPLS, cie PE
mil CE. VPLS don giin chi anh xa luu lugng lop 2 khdng phai quin ly nhiiu bing dinh tuyin rieng
din cua khich hang vio mdt LSP thich hgp trong cita khach hang.
MPLS. VPLS boat ddng theo md hinh bao phu trong - Da giao tiiire - Ngoii luu lugng IP, VPLS ed the
khi BGP MPLS VPN li mo hinh ngang hing. hd tig cac luu lugng khic nhu SNA, IPX.

40 I TAP CHI CNTT&TT KY 1 f 12.2009')


CONG NGHE V I E N THONG

- Vimg dinh tuyin rieng - VPLS khdng yeu ciu HieruihicalVPLS


khich hing chia se thdng tin dinh rayin mang npi
bd vdi PE
- Thiit bi CE don giin - Khi thdng tm dinh rayen
khich hang khdng can chia se, eic CE cd the li
thiit bi don gian nhu Ethemet switch, bridge hoac
Hinh 6. Mo hinh phan cap VPLS dang Hub-and-Spoke.
Hub.
- Sir phan ranh gidi - VPLS eung cap mdt ranh
gidi rd ring giiia mang rieng khich hing va mang
nhi ciing cip dich vu.
- Bao hieu ddng - VPLS su dung MPLS di xac dinh
bio bleu dgng eie dudng din mdi, cho phep luu
lugng nhanh chdng ehuyin qua dudng du phdng
hpic dudng tinh toin trade.
- Tray nhap dich vu BGP MPLS VPN - Chimg cd the
dugc sit dung di mang luu lugng tir mang Metro qua Hinh 7. Tich hpp VPLS vol mang hien co
mang dudng true trong tray cap BGP MPLS VPN.
trao ddi thdng tin vdi cie vimg Spoke.
- Di ding quan ly - VPLS li don gian va chi phi
Tich hdp VPLS vdi mang hien co
thap vi mat quan ly
- Tich hgp Metro Ethernet - VPLS cd the tich hgp VPLS ed thi khdng chi su dung trong dich vu
vol dieh vu Metro Ethemet khic nhu Intemet, Web, Metro Net mi cd the tich hgp vdi mang ldi IP VPN
dich vu du phdng vi khdi phuc. chay tren eie cdng nghe ldi khic nhu mang SDH thi
he mdi, DWDM, RPR.
- Tich hgp quan ly - Chimg tich hgp di ding vdi
dieh vu Idp 2 nhu Frame relay vi ATM vdi cie thinh Cac ISP cd thi tiip tuc phit triin eie dich vu
phan cung cip ha ting khic trong raong lai. trayin thdng nhu kenh rieng. Frame relay trong khi
gidi thieu dich vu mdi li img dung cita mang Metro
Dieh vu Ethemet VPN tren VPLS ciing tdn tai mot
nhu VPLS, vi vay trinh phii loai bd loi nhuan hien
sd diim ban chi:
cd.
- Khim phi tu ddng (Auto discovery) - VPLS
Cie ISP gidi thieu dich vu bing rpng mdi tren
khdng hd trg khim phi tu ddng cita PE tren ca sd
cdng nghe DSL, cip vi WLAN ddi vdi khach hing
LDP. VPLS sit dung LDP de xic dinh cich thinh lap
nhd hoac thi tradng SME. Tuy nhien, su canh tranh
mach diem da diim Ethemet.
vi chat lugng, gii thinh lim dich vu bang rdng
- Khi nang md rdng - Khi ma rdng mang VPLS, trayin thdng chay tren ATM vi SDH khdng gia tang
sd lugng cie LSP full mesh, eic LDP ngang cap vi them dugc. Sit dung Metto Ethemet vdi VPLS eho
viec phin phdi cie gdi tin sao chep gia tang, din phep cie nhi cung cip dich vu kit hgp dich vu
den viec quin ly phiic tap, tieu ton til nguyen mang
bang rpng hieu qua hon, vuon gin tdi khich hing
ciing nhu khi nang bi tin cdng flooding dia chi
hon mi khdng tdn them chi phi.
MAC. Vin de niy ed the giai quyit bdi sit dung md
hinh VPLS phan cap theo kiiu Hud - and - Spoke. Mae dii dudng kenh rieng. Frame relay tiip tuc
Trong dd, cie VPLS PE ddng vai tid nhu cae Hub, gdp phan dap img nhu cau chia se dii Ueu, it cie

TAP CHI CNTT&TT KY 1 ( 1 2 . 2 0 0 9 ) 41


CONG NGHE V I E N THONG

BGP MPLS VPN Uneh hpp vdi mdi tradng mang


dudng mic, kit ndi nhiiu khu vuc qua mang WAN.
Khi ning ma rdng vi viec su dung BGP, MPLS li giii
phip tot md rpng cie mang VPN tren mang dudng
true IP/MPLS trayin tiidng. BGP MPLS VPN sit dung
kit ndi cie site VPN cita mang Metro niy sang site
VPN cua mang Metro khic.
Md hinh kit hgp VPLS vi BGP MPLS VPN se tan
dung cac uu diim ciia mil cdng nghe. VPLS duge
triin khai tai cie mang Metro, giim thieu yeu eau
Hinh 8. Mo hinh ket hpp djch vu VPLS va BGP MPLS VPN
xit ly tren router Metro, trien khai don gian, chi phi
quin ly thap. BGP MPLS VPN phit trien tren mang
ISP hoic khach hing cd the bio ve ngudn von bo true IP kit ndi mang VPN giiia cie Metro, tang do tin
sung eho cie dich vu don giin dd dam bio hieu qui cay kit ndi Uen mang dua tren BGP.
vi tiit kiem chi phi ban so vdi Ethemet, IP, MPLS.
Hinh 8 li vi du dich vu MPLS lap 3 tren mang true
Trong tuong lai, cac ISP cd thi xiy dung nhiiu hon
cd thi kit hpp vol dich vu MPLS lop 2 tren mang
mang trayen tai hieu qua chi phi va md rpng dich
Metro di cung cip dieh vu VPLS trong mang Metro
vu hien ed din khich hing mdi ma khdng ein cie
vi dieh vu IP VPN giiia cac mang Metro. Lpi ich cita
ISP hay khach hang diu ra them chi phi so vdi dieh
cac nha cung cap dich vu gia tang khi su dung kit
vu trayin thdng.
hgp hai md hinh niy mi khdng lim tang dp phire
tap cua mang loi, tan dung duge nhiing uu diim
4 . KET H O P D I C H V U VPLS VA BGP tren mang Metro. Ve phia khich hing, hg ciing cd
MPLS V P N them cie lira chgn dich vu phii hgp vdi md hinh
Tren day da phan tich chi tiit nhiing diem manh kinh doanh ciia minh.
eiia hai cdng nghe VPN. Mdi nha cung cap dich vu se
lira chpn giai phap phii hgp vdi yeu ciu eiia khich
Tai lieu t h a m l<hao
hang theo diiu kien thuc ti. Cdng nghe VPLS la lua
[1]. RFC 2858: Multiprotocol Extensions for BGP-4
chpn tdt vdi cac dich vu trong mdi tradng Metro,
[2]. RFC 2547: BGP/MPLS VPNs
kit ndi nhiiu site eua khich hang trong mot mang
[3], RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)
Ethemet LAN duy nhit. VPLS li giii phip thay thi,
[4]. RFC 2764: A Framework for IP Based Virtual Private
nang cip dich vu LAN-to-LAN trayin thdng, trien
Networks
khai cie dich vu tang img dung din mang khich
[5]. RFC 3392; Capabilities Advertisement with BGP-4
hing.
[6]. RFC 2917: A Core MPLS IP VPN Architecture

[7]. RFC 3107: Carrying Label Information in BGP-4

[8]. RFC 4026: Provider Provisioned Virtual Private Network

(VPN) Terminology

[9]. RFC 4577: OSPF as the Provider/Customer Edge Protocol


for BGP/MPLS IP Virtual Private Networks (VPNs)

42 TAP C H I CNTT&TT KY 1 ( 1 2 . 2 0 0 9 )

You might also like