Using MPLS In The Enterprise
February 23, 2012
In the data center, the MPLS/VPN architecture offers an attractive alternative to increasing the size of Layer 2 domains. Some players in the industry are promoting protocols such as Transparent Interconnection of Lots of Links (TRILL) to solve Spanning Tree Protocol (STP) scalability problems. Rather than making Layer 2 networks bigger to enable cloud and other services, why not move toward a Layer 3-centric data center network? MPLS/VPN has been deployed in large networks for a decade; the technology is proven, and you can adopt best practices on MPLS/VPN available on the Internet.
The introduction of MPLS within the enterprise network means you can move away from VLANs for segmentation. Let's examine how segmentation works in an MPLS network. The MPLS/VPN architecture divides routers into three classes: provider (P), provider edge (PE) and customer edge (CE). The P routers are core routers. PE routers are edge routers that connect to CE routers. This terminology is based on service provider usage. In the enterprise, the PE routers might be the demarcation between a department or building and the enterprise backbone.
You may have heard of RFC2547bis VPNs in the context of MPLS. This document defines how multiple MPLS labels are used to provide virtual segmentation. On the PE routers, virtual routing and forwarding instances (VRFs) separate routing information such that each "customer" can use overlapping IP address space. The PE routers encapsulate IP packets using two labels. The P routers make forwarding decisions based on labels; destination IP addresses are effectively hidden in the core. The CE routers are unaware of labels and serve as generic IP routers.
The combination of the Border Gateway Protocol (BGP) and a label distribution protocol are used to communicate prefix and label information. These protocols permit a nearly automatic set-up of the Layer 3 VPN as any-to-any or hub-and-spoke topologies. Compare this with the messy techniques required to scale and manage VLANs in large Layer 2 networks.
While I see Layer 3 VPNs as the primary driver for the introduction of MPLS in the enterprise, MPLS has other uses. Network architects use MPLS to build Layer 2 VPNs in the form of point-to-point or any-to-any topologies. Point-to-point connections are commonly referred to as pseudowires or virtual leased lines. Frame relay and Ethernet are two examples of Layer 2 protocols that can be transported across the MPLS backbone. Virtual Private LAN Service (VPLS) is an any-to-any topology. The MPLS network emulates a switch that connects all sites in a single Layer 2 domain.
MPLS is one of many enabler technologies for the transition from IPv4 to IPv6. Recall that the core of MPLS does not make forwarding decisions based on the IP header. The use of labels hides the IP packet, creating tunnels between PE devices. The core routers are largely indifferent to IP version. A technology called 6PE encapsulates IPv6 packets at the CE with two labels. The remote PE strips the label before forwarding to the CE.
In 6PE networks, the PE routers must be IPv6-ready. The P routers in the core do not need to fully support IPv6. How is this relevant to IPv6 transition? The number of routers you must configure and potentially upgrade for IPv6 is limited to PE and CE routers. The addition of IPv6 functionality can be performed incrementally. You may have a few IPv6-enabled LANs that you want to communicate with IPv6 LANs in other regions. Only the PE and CE routers associated with those IPv6 LANs must be configured for IPv6. Your path to a fully enabled IPv6 network is simplified.
You are not operating in uncharted territory by deploying MPLS in your enterprise. Although most MPLS deployments are in service provider networks, enterprises are introducing MPLS into their networks. The use cases discussed in this article--Layer 3 VPN, Layer 2 VPN and IPv6 transition--are just a few of many ways in which MPLS is used. The next time your network team meets to discuss the roadmap for the network, consider how MPLS may meet the requirements of the today's network.