báo cáo công nghệ MPLS _VPN

7/31/2019 bo co cng ngh MPLS _VPN

1/30

THUT NG VIT TT

Thut ng Ting Anh Ting Vit

A

AS Autonomous System H t tr

ASBR Autonomous System Boundary Router

Bnh tuyn bin trongh t tr

ATM Asynchronous Transfer ModeCh truyn dn khngng b

B

BGP Border Gateway Protocol

Giao thc cng ngbin

C

CAC Connection Admission Control

iu khin chp nhnkt ni

CoS Class of Service Lp dch v

CPE Customer Premise Equipment

Thit b khch hng utin

CPU Central Processing Unit Khi x l trung tm

D

DDoS Distributed Denial Of Service Tn cng t chi dch v

DES Data Encryption Standard

Tiu chun m ha dliu

DiffServ Differentiated Service

Cc dch vc phn

bit

DLCI Data Link Connection IdentiferNhn dng kt ni lin


2/30

kt d liu

DSL Digital Subscriber Line ng dy thu bao s

E

EGP External Gateway Protocol Giao thc cng ngoi

F

FEC Fowarding Equivalent Class

Lp chuyn tip tngng

FR Frame Relay Chuyn tip khung

G

GRE Generic Routing Encapsulation Gi nh tuyn chung

I

ICMP Internet Control Message Protocol

Giao thc bn tin iu

khin Internet

IETF Internet Engineering Task Force

Nhm tc v k thutInternet

IGP Interior Gateway Protocol Giao thc cng trong

IntServ Integrated Service

Cc dch vc tchhp

IP Internet Protocol Giao thc Internet

IPSec IP security

Giao thc bo mt giao

thc Internet

IPX Internetwork Packet Exchange Tng i gi lin mng

ISDN Intergrated Services Digital Network Mng s dch v tch hp

IS-IS

Intermediate System to Intermedia

System

H thng trung gian nh thng trung gian

ISP Internet Service Provider Nh cung cp dch v


3/30


4/30

R

RD Route Distinguisher Tham s phn bit tuyn

RFC Request For Comment Yu cu kin

RSVP Resource Resevation Protocol

Giao thc dnh trc tinguyn

T

TCP Transission Control Protocol

Giao thc iu khintruyn dn

TDP Tag Distribution Protocol Giao thc phn phi th

TE Traffic Engineering K thut lu lng

TTL Time To Live Thi gian sng

V

VCI Virtual Circuit Identifier Nhn dng knh o

VNPT Vietnam Post & TelecommunicationsTng cng ty BCVT VitNam

VPI Virtual Path Identifier Nhn dng ng o

VPN Virtual Private Network Mng ring o

VRF Virtual Routing Forwarding

nh tuyn chuyn tipo

W

WAN Wide Area Network Mng din rng


5/30

CNG NGH MPLS-VPN

1.1 Gii thiu chung v VPN

1.1.1 Khi nim VPN

Mng ring o VPN c nh ngha l mt kt ni mng trin khai trn c s h tng

mng cng cng (nh mng Internet) vi cc chnh sch qun l v bo mt ging nh

mng cc b.

ng hm

Router

Internet

Router

RouterRouter

Mng ring(LAN)

Mng ring(LAN)

Router Router

Hnh 1.1 M hnh VPN

Cc thut ngdng trong VPN nh sau:

Virtual-ngha l kt ni l ng, khng c gn cng v tn ti nh mt kt nikhi lu lng mng chuyn qua. Kt ni ny c ththay i v thch ng vi nhiu

mi trng khc nhau v c kh nng chu ng nhng khuyt im ca mng

Internet. Khi c yu cu kt ni th n c thit lp v duy tr bt chp c s h

tng mng gia nhng im u cui.

Private-ngha l d liu truyn lun lun c gi b mt v ch c th b truycp bi nhng ngui s dng c trao quyn. iu ny rt quan trng bi v giao


6/30

thc Internet ban u TCP/IP- khng c thit k cung cp cc mc bo

mt. Do , bo mt sc cung cp bng cch thm phn mm hay phn cng

VPN.

Network- l thc th h tng mng gia nhng ngi s dng u cui, nhngtrm hay nhng node mang d liu. S dng tnh ring t, cng cng, dy dn,

v tuyn, Internet hay bt kz ti nguyn mng dnh ring khc sn c to nn

mng.

Khi nim mng ring o VPN khng phi l khi nim mi, chng tng c s dng

trong cc mng in thoi trc y nhng do mt s hn chm cng nghVPN cha

c c sc mnh v khnng cnh tranh ln. Trong thi gian gn y, do s pht trinca mng thng minh, c s h tng mng IP lm cho VPN thc s c tnh mi m.

VPN cho php thit lp cc kt ni ring vi nhng ngi dng xa, cc vn phng chi

nhnh ca cng ty v i tc ca cng ty ang s dng chung mt mng cng cng.

1.1.2 Chc nng v u im ca VPN

1.1.2.1 Chc nng

VPN cung cp ba chc nng chnh l: tnh xc thc (Authentication), tnh ton vn

(Integrity) v tnh bo mt (Confidentiality).

Tnh xc thc : thit lp mt kt ni VPN th trc ht c hai pha phi xcthc ln nhau khng nh rng mnh ang trao i thng tin vi ngi mnh

mong mun ch khng phi l mt ngi khc.

Tnh ton vn: m bo d liu khng bthay i hay m bo khng c bt kzs xo trn no trong qu trnh truyn dn.

Tnh bo mt : Ngi gi c th m ho cc gi d liu trc khi truyn quamng cng cng v d liu sc gii m pha thu. Bng cch lm nh vy,

khng mt ai c th truy nhp thng tin m khng c php. Thm ch nu c

ly c th cng khng c c.


7/30

1.1.2.2 u im

VPN mang li li ch thc s v tc thi cho cc cng ty. C th dng VPN khng ch

n gin ho vic thng tin gia cc nhn vin lm vic xa, ngi dng lu ng, m

rng Intranet n tng vn phng, chi nhnh, thm ch trin khai Extranet n tn

khch hng v cc i tc ch cht m cn lm gim chi ph cho cng vic trn thp hn

nhiu so vi vic mua thit bv ng dy cho mng WAN ring. Nhng li ch ny d

trc tip hay gin tip u bao gm: Tit kim chi ph (cost saving), tnh mm do

(flexibility), khnng m rng (scalability) v mt su im khc.

Tit kim chi phVic s dng mt VPN s gip cc cng ty gim c chi ph u t v chi ph thngxuyn. Tng gi thnh ca vic s hu mt mng VPN sc thu nh, do ch phi tr t

hn cho vic thu bng thng ng truyn, cc thit b mng ng trc v duy tr

hot ng ca h thng. Gi thnh cho vic kt ni LAN-to-LAN gim t 20% ti 30% so

vi vic s dng ng thu ring truyn thng. Cn i vi vic truy cp t xa gim t

60% ti 80%.

Tnh linh hotTnh linh hot y khng ch l linh hot trong qu trnh vn hnh v khai thc m n

cn thc s mm do i vi yu cu s dng. Khch hng c th s dng kt ni T1, T3

gia cc vn phng v nhiu kiu kt ni khc cng c thc s dng kt ni cc

vn phng nh, cc i tng di ng. Nh cung cp dch v VPN c th cung cp nhiu

la chn cho khch hng, c th l kt ni modem 56 kbit/s, ISDN 128 kbit/s, xDSL, T1,

T3

Khnng mrngDo VPN c xy dng da trn c s h tng mng cng cng (Internet), bt cni

no c mng cng cng l u c th trin khai VPN. M mng cng cng c mt khp


8/30

mi ni nn khnng m rng ca VPN l rt linh ng. Mt c quan xa c th kt ni

mt cch ddng n mng ca cng ty bng cch s dng ng dy in thoi hay

DSLV mng VPN d dng g b khi c nhu cu.

Khnng m rng bng thng l khi mt vn phng, chi nhnh yu cu bng

thng ln hn th n c thc nng cp d dng.

Gim thiu cc h trkthutVic chun ho trn mt kiu kt ni ti tng di ng n mt POP ca ISP v vic

chun ho cc yu cu v bo mt lm gim thiu nhu cu v ngun h tr k thut

cho mng VPN. V ngy nay, khi m cc nh cung cp dch vm nhim cc nhim v

h tr mng nhiu hn th nhng yu cu h tr k thut i vi ngi s dng ngy

cng gim.

Gim thiu cc yu cu v thit bBng vic cung cp mt gii php n cho cc x nghip truy cp bng quay s truy cp

Internet, VPN yu cu v thit b t hn, n gin hn nhiu so vi vic bo tr cc

modem ring bit, cc card tng thch (adapter) cho cc thit bu cui v cc mych truy cp t xa. Mt doanh nghip c th thit lp cc thit b khch hng cho mt

mi trng n, nh mi trng T1, vi phn cn li ca kt ni c thc hin bi

ISP. B phn T1 c th lm vic thit lp kt ni WAN v duy tr bng cch thay i di

modem v cc mch nhn ca Frame Relay bng mt kt ni din rng n c thp

ng nhu cu lu lng ca cc ngi dng t xa, kt ni LAN-LAN v lu lng Internet

cng mt lc.

p ng cc nhu cu thng miCc sn phm dch v VPN tun theo chun chung hin nay, mt phn m bo kh

nng lm vic ca sn phm nhng c l quan trng hn l sn phm ca nhiu nh

cung cp khc nhau c th lm vic vi nhau.


9/30

i vi cc thit b v Cng ngh Vin thng mi th vn cn quan tm l chun ho,

khnng qun tr, khnng m rng, khnng tch hp mng, tnh ktha, tin cy

v hiu sut hot ng, c bit l khnng thng mi ca sn phm.

1.1.3 Phn loi VPN

Mc tiu t ra i vi cng ngh mng VPN l tho mn ba yu cu c bn sau:

Ti mi thi im, cc nhn vin ca cng ty c th truy nhp t xa hoc ding vo mng ni b ca cng ty.

Ni lin cc chi nhnh, vn phng di ng. Khnng iu khin c quyn truy nhp ca khch hng, cc nh cung cpdch v hoc cc i tng bn ngoi khc.

Da vo nhng yu cu c bn trn, mng ring o VPN c phn lm ba loi:

Mng VPN truy nhp t xa (Remote Access VPN) Mng VPN cc b (Intranet VPN) Mng VPN m rng (Extranet VPN)

1.1.3.1 Mng VPN truy nhp t xa

Cc VPN truy nhp t xa cung cp khnng truy nhp t xa. Ti mi thi im, cc nhn

vin, chi nhnh vn phng di ng c khnng trao i, truy nhp vo mng ca cng

ty. Kiu VPN truy nhp t xa l kiu VPN in hnh nht. Bi v, nhng VPN ny c th

thit lp bt k thi im no, t bt cni no c mng Internet.

VPN truy nhp t xa m rng mng cng ty ti nhng ngi s dng thng qua c s h

tng chia s chung, trong khi nhng chnh sch mng cng ty vn duy tr. Chng c thdng cung cp truy nhp an ton t nhng thit bdi ng, nhng ngi s dng di

ng, nhng chi nhnh v nhng bn hng ca cng ty. Nhng kiu VPN ny c thc

hin thng qua c s h tng cng cng bng cch s dng cng ngh ISDN, quay s, IP


10/30

di ng, DSL v cng ngh cp, v thng yu cu mt vi kiu phn mm client chy

trn my tnh ca ngi s dng.

POPPOPDSLcable

Mobile

POP

Extranet

khchhngt i cngty

Router

Internet

or

or

Hnh 1.2 M hnh mng VPN truy nhp t xa

Cc u im ca mng VPN truy nhp t xa so vi cc phng php truy nhp t

xa truyn thng nh:

Mng VPN truy nhp t xa khng cn s h tr ca nhn vin mng bi vqu trnh kt ni txa c cc ISP thc hin.

Gim c cc chi ph cho kt ni t khong cch xa bi v cc kt nikhong cch xa c thay thbi cc kt ni cc b thng qua mng Internet.

Cung cp dch v kt ni gi r cho nhng ngi s dng xa. Bi v cc kt ni truy nhp l ni b nn cc Modem kt ni hot ng

tc cao hn so vi cc truy nhp khong cch xa.

VPN cung cp khnng truy nhp tt hn n cc site ca cng ty bi vchng h tr mc thp nht ca dch v kt ni.

Mc d c nhiu u im nhng mng VPN truy nhp t xa vn cn nhng nhc

im c hu i cng nh:

Mng VPN truy nhp t xa khng h tr cc dch vm bo QoS.


11/30

Nguy c b mt d liu cao. Hn na, nguy c cc gi c th b phn phtkhng n ni hoc mt gi.

Bi v thut ton m ho phc tp, nn tiu giao thc tng mt cchng k.

1.1.3.2 Mng VPN cc b

Cc VPN cc bc s dng bo mt cc kt ni gia cc a im khc nhau ca

mt cng ty. Mng VPN lin kt tr schnh, cc vn phng, chi nhnh trn mt c s

h tng chung s dng cc kt ni lun c m ho bo mt. iu ny cho php tt c

cc a im c th truy nhp an ton cc ngun d liu c php trong ton b mng

ca cng ty.

Nhng VPN ny vn cung cp nhng c tnh ca mng WAN nh khnng m rng,

tnh tin cy v h tr cho nhiu kiu giao thc khc nhau vi chi ph thp nhng vn

m bo tnh mm do. Kiu VPN ny thng c cu hnh nh l mt VPN Site- to-

Site.

v nphngxa

Router

InternetInternetPOPPOP

Remote siteCentral site

or

PIX Firewall

Vn phng

trung tm

Hnh 1.3 M hnh mng VPN cc b

Nhng u im chnh ca mng cc b datrn gii php VPN bao gm:

Cc mng li cc b hay ton b c thc thit lp (vi iu kin mngthng qua mt hay nhiu nh cung cp dch v).


12/30

Gim c s nhn vin k thut h tr trn mng i vi nhng ni xa. Bi v nhng kt ni trung gian c thc hin thng qua mng Internet, nnn c th d dng thit lp thm mt lin kt ngang cp mi.

Tit kim chi ph thu c t nhng li ch t c bng cch s dng ngngm VPN thng qua Internet kt hp vi cng ngh chuyn mch tc cao. V

dnh cng ngh Frame Relay, ATM.

Tuy nhin mng cc b da trn gii php VPN cng c nhng nhc im i cng nh:

Bi v d liu c truyn ngm qua mng cng cng mng Internet chonn vn cn nhng mi e da v mc bo mt d liu v mc cht lng

dch v (QoS).

Khnng cc gi d liu b mt trong khi truyn dn vn cn kh cao. Trng hp truyn dn khi lng ln d liu, nh l a phng tin, vi yucu truyn dn tc cao v m bo thi gian thc l thch thc ln trong mi

trng Internet.

1.1.3.3 Mng VPN m rng

Khng ging nh mng VPN cc b v mng VPN truy nhp t xa, mng VPN m rng

khng b c lp vi thgii bn ngoi. Thc tmng VPN m rng cung cp khnng

iu khin truy nhp ti nhng ngun ti nguyn mng cn thit m rng nhng i

tng kinh doanh nh l cc i tc, khch hng, v cc nh cung cp


13/30


14/30

Kh nng bo mt thng tin, mt d liu trong khi truyn qua mng cngcng vn tn ti.

Truyn dn khi lng ln d liu, nh l a phng tin, vi yu cutruyn dn tc cao v m bo thi gian thc, l thch thc ln trong mi trngInternet.

Lm tng kh nng ri ro i vi cc mng cc b ca cng ty.1.1.3.4 Ti sao s dng cng ngh MPLS- VPN?

Xu hng ton cu ha buc cc doanh nghip, cc t chc ngy cng phi

hiu qu ha h thng thng tin ca chnh mnh. Cc Cng ty ln, cc tp on xuyn

quc gia hin nay thng c h thng tr s, chi nhnh ri rng trn khp th gii. Mts ngnh c th nh vin thng, ngn hng, ti chnhnhu cu kt ni, giao dch thng

tin gia cc chi nhnh, gia Cng ty v cc i tc l rt ln. Do vic phi s dng

mt mng kt ni - trao i thng tin ring (WAN) trong ni b Cng ty c nhiu chi

nhnh l v cng quan trng. Vic kt ni cc Cng ty, t chc vi nhau bng phng

thc bo mt, tin cy cng c ngha quan trng v cc thng tin trao i c nhiu thng

tin nhy cm nh chin lc kinh doanh, k hoch ti chnh,

m bo cc thng tin truyn i gia cc khu vc a l khc nhau c bo

mt, iu kin tin quyt cn phi c mng ng trc p ng c cc yu cu v bo

mt, v d liu khi c lu chuyn trn mng din rng d b l nht. Do vic xy

dng mng ng trc c n nh v an ton cao lun l yu t quan trng vi cc nh

cung cp dch v Internet.

Vi cc cng ngh mng trc y nh Leased Line hoc Frame Relay hoc

VPN, kt ni gia cc chi nhnh vi Vn phng, doanh nghip s phi u t chi phrt ln v c thitb mng cng nh chi ph s dng. Tuy nhin, do hn ch v cng

ngh, cng ngh mng truyn thng ny rt phc tp, kh qun tr, v kh nng m

rng mng kh khn.


15/30


16/30

Kh nng m rng n gin: Mi cu hnh kt ni u thc hin ti mngMPLS core, thnh vin mng khng cn bt k mt cu hnh no.

Tc cao, a ng dng v cam kt QoS:MPLS-VPN cho php chuynti d liu ln ti tc Gbps qua h thng truyn dn cp quang. Khng ch l Data,MPLS-VPN c th trin khai y cc ng dng v thi gian thc nh VoIP, Video

Conferencing vi tr thp nht. Cung cp cc kh nng cam kt tc v bng

thng ti thiu ( QoS).

Cng ngh MPLS c th s dng kt hp vi nhiu cng nghkhc nh IP, ATM, tuy

nhin ng dng ng ch { nht hin nay l s dng MPLS trong mng IP xy dng

mng ring o phc v cho nhu cu kt ni ca cc t chc v doanh nghip. Vi kh

nng qun l v m rng d dng v da trn c s hng tng Internet hin c, ng

dng ny ang c pht trin rt mnh m ti nhiu khi ngnh: cc doanh nghip,

cc t chc ti chnh, ngn hngc bit l cc t chc yu cu tin cy v bo mt

d liu mc cao.

y chnh l cc c s thc t n chn nghin cu gii php trin khai MPLS-VPN.

1.2 Gii thiu chung v MPLSChuyn tip gi IP truyn thng phn tch a chIP ch cha trong tiu ca lp

mng mi gi. Mi bnh tuyn phn tch a chch c lp mi chng trong

mng. Giao thc nh tuyn ng hay tnh khi xy dng c s d liu cn phi phn tch

a chIP ch to ra bng nh tuyn. Qu trnh ny gi l nh tuyn unicast tng

chng da trn ch n ca cc gi tin. Vic nh tuyn bng cc giao thc phi kt ni

p ng c nhu cu n gin ca khch hng. Khi mng Internet pht trin v m

rng, lu lng Internet trn mng bng n, phng thc chuyn tip gi hin ti t ra

khng hiu qu, mt tnh linh hot. Do cn mt k thut mi gn a ch v m

rng cc chc nng ca cu trc mng da trn IP.


17/30


18/30

nh tuyn trong mng tng. Thng thng vic thit lp kt ni ny c thc hin bi

giao thc bo hiu. Giao thc ny cung cp cc thng tin trng thi lin quan n kt

ni cho cc chuyn mch nm trn ng nh tuyn. Chc nng iu khin chp

nhn kt ni CAC m bo rng cc ti nguyn lin quan n kt ni hin ti s khngc a vo s dng cho cc kt ni mi. iu ny buc mng phi duy tr trng

thi ca tng kt ni (bao gm thng tin v s tn ti ca kt ni v ti nguyn m kt

ni s dng) ti cc node c d liu i qua. Vic la chn tuyn c thc hin da

trn cc yu cu vQoS i vi kt ni v da trn khnng ca thut ton nh tuyn

trong vic tnh ton cc tuyn c khnng p ng cc yu cu QoS . Do khnng

nhn dng mng, khnng c lp tng kt ni vi cc ti nguyn lin quan n kt ni

trong sut thi gian tn ti ca kt ni m mi trng hng kt ni c thm bo

cht lng cho tng lung thng tin. Mng s gim st tng kt ni, thc hin nh

tuyn li trong trng hp c s c v vic thc hin nh tuyn li ny cng phi thng

qua bo hiu.

Tc chtruyn tin ta thy mng hng kt ni thch hp vi cc ng dng yu cu

phi m bo QoS mt cch nghim ngt v cc ng dng c thi gian kt ni ln. i

vi cc ng dng c thi gian kt ni ngn th mi trng hng kt ni dng nh

khng thch hp do thi gian thit lp kt ni cng nh t l phn thng tin header

ln. Vi cc loi lu lng nh vy th mi trng phi kt ni vi phng thc nh

tuyn n gin, trnh phi s dng cc giao thc bo hiu phc tp s ph hp hn.

Nh vy cn c mt phng thc chuyn mch c th phi hp u im ca IP (nh c

cu nh tuyn) v ca ATM (nh phng thc chuyn mch). thc s ph hp vi

mng a dch v th c hai cng nghATM v IP u phi c nhng thay i, c th l

a thm khnng phi kt ni vo cng ngh ATM, v khnng hng kt ni vo cng

ngh IP.


19/30


20/30

mt gi tin c th si din cho FEC (Forwarding Equivalence Class- lp chuyn tip

tng ng) m gi tin cn nh.

Dng ca nhn ph thuc vo phng thc truyn gi tin ca lp 2. V d cc tbo

ATM s dng gi trVPI/VCI nh nhn, Frame Relay s dng DLCI lm nhn. i vi cc

phng tin gc khng c cu trc nhn, mt trng m c chm thm vo s

dng lm nhn. Khun dng trng m 4 byte c cu trc nh sau:

EXP S TTLLabel

203 1 8

Hnh 1.6 nh dng nhn

ngha ca cc trng nh sau:

Label: c di 20 bit, cha gi tr nhn MPLS. EXP: c di 3 bit, biu th nhm dch v, tc ng n thut ton xp hngi v loi b vi gi tin.

S : c di 1 bit. MPLS cung cp khnng s dng ngn xp nhn, c nghal nhiu nhn c gn vo mt gi tin. Khi mt nhn cha bit S c gi tr 1 th n

l nhn cui cng, nm y ca ngn xp nhn (tnh theo chiu tmo u lp

2 n mo u lp 3). Thao tc nh tuyn c thc hin da trn thng tin ca

nhn nm trn nh ngn xp.

TTL: c di 8 bit, c chc nng ging trng TTL trong mo u gi IP, nquyt nh s nt trn mng m gi tin c thi qua trc khi b loi b nhmtrnh s quay vng ca gi tin trn mng. i vi cc khung PPP hay Ethernet gi

tr nhn dng giao thc c chn thm vo u mo khung tng ng thng

bo khung l MPLS unicast hay multicast.


21/30


22/30

Hnh 1.7 Mt phng iu khin v mt phng dliu IP

Trn cc giao thc Internet, cc mt phng iu khin chnh l cc giao thc nh tuyn

(OSPF, IS-IS, BGP,...) cho php IP (trong mt phng d liu) c thc chuyn tip

ng. Cc bn tin iu khin c thay i gia cc router thc hin mt lot cccng vic khc nhau, bao gm:

Trao i cc bn tin gia cc nt thit lp mt s nht tr v cc thamsnh tuyn (bao gm c sng v bo mt).

Trao i cc bn tin mt cch tun hon bit chc l nt lng gingang hot ng hay khng.

Trao i cc bn tin qung b a chv nh tuyn xy dng cc bngnh tuyn s dng cho mc ch chuyn tip IP.

Trong hnh 1.7 mi tn ch t mt phng iu khin n bng nh tuyn c ngha rng

con ng nh tuyn c tm ra bi cc giao thc nh tuyn c lu tr trong bng

nh tuyn. Mi tn hai chiu gia bng nh tuyn v mt phng d liu c ngha IP

qun l bng nh tuyn thc hin hot ng chuyn tip ca n.

1.3.3 Mt phng iu khin v mt phng d liu MPLS

Cu trc c chia ra thnh hai thnh phn ring bit: thnh phn chuyn tip -

forwarding (hay cn gi l mt phng d liu - data plane), v thnh phn iu khin -

control (hay cn gi l mt phng iu khin - control plane). Thnh phn chuyn tip

s dng c s d liu chuyn tip nhn (c duy tr bi mt switch nhn) thc hin

chuyn tip cc gi d liu da vo vic gn nhn cc gi tin. Thnh phn iu khin

chu trch nhim v vic to v duy tr thng tin chuyn tip nhn gia mt nhm ccswitch nhn lin kt vi nhau.


23/30

Hnh 1.8 Mt phng iu khin v dliu MPLS

Hnh 1.8 biu din cu trc v chc nng c bn ca mt node MPLS thc hin nhtuyn IP.

Mt phng iu khin: ti y cc giao thc nh tuyn lp 3 thit lp ccng i c s dng cho vic chuyn tip gi tin. Mt phng iu khin p ng cho

vic to ra v duy tr thng tin chuyn tip nhn gia cc router chy MPLS (cn gi l

binding ).

Mt phng d liu: s dng c s d liu chuyn tip nhn c duy trbi cc router chy MPLS thc hin vic chuyn tip cc gi tin da trn thng tin

nhn.

Mi MPLS node chy mt hoc nhiu giao thc nh tuyn IP (hoc c th s dng nh

tuyn tnh) trao i thng tin nh tuyn vi MPLS node khc trong mng. Trong


24/30

MPLS, bng nh tuyn IP c s dng quyt nh vic trao i nhn, ti cc

node MPLS cn ktrao i nhn vi nhau theo tng subnet ring bit c trong bng

nh tuyn. Vic trao i nhn ny c thc hin bng hai giao thc l TDP v LDP.

TDP l sn phm ca Cisco, LDP l phin bn ca TDP nhng do IETF to nn. Tin trnhiu khin nh tuyn IP MPLS s dng vic trao i nhn vi cc node MPLS xy

dng thnh bng chuyn tip nhn, bng ny l c s d liu ca mt phng d liu

c s dng chuyn tip cc gi tin c gn nhn qua mng MPLS.

Nh vy cng vic chnh ca mt phng iu khin l qung b nhn, a ch v gn

chng li vi nhau -c ngha l kt mt nhn n mt a ch. Bnh tuyn chuyn

mch nhn (LSR) l mt router c cu hnh h tr MPLS. LSR s dng thng tintrong bng chuyn tip nhn c bn (LFIB) x l mt gi MPLS n, nh xc nh nt

ktip m s nhn gi ny. LFIB i vi MPLS nh mt bng nh tuyn i vi IP. Nhiu

giao thc c th hot ng trn mt phng iu khin ca MPLS, RSVP c m rng

cho php s dng giao thc ny qung b, phn phi, v kt nhn cho a ch IP.

S m rng giao thc ny gi l RSVP-TE. Mt giao thc c tn l giao thc phn phi

nhn (LDP) l mt tuz chn khc cho vic thc thi trn mt phng MPLS. Chng ta c th

m rng cc giao thc khc nh OSPF v BGP, chng cng hot ng trn mt phng

iu khin l cc giao thc OSPF-E, BGP-E. Cc bn tin iu khin c trao i gia

cc LSR thc hin mt lot cc hot ng, bao gm:

Trao i cc bn tin gia cc nt thit lp mi quan h (bao gm c bomt). Sau khi hot ng ny hon thnh, nt c gi l cc LSR ngang cp (LSR

peer).

Trao i cc bn tin mt cch tun hon (gi l bt tay) chc chn nt lngging c hot ng hay khng.


25/30

Trao i cc bn tin vnhn v a ch kt a ch vi nhn v xy dngbng chuyn tip (LFIB), m c s dng bi mt phng d liu MPLS

chuyn tip cc lung lu lng.

Sau khi cc nt MPLS trao i cc nhn v a ch IP cho nhau, chng s kt cc nhn

v a ch vi nhau. Sau , mt phng d liu ca MPLS s chuyn tt c d liu nhn

c bng vic xem xt nhn c gn trong tiu ca gi. a chIP khng c xem

xt cho n khi gi i ra khi mng, nhn sau b loi b, v a ch IP li c s

dng li trong mt phng d liu IP ti cc nt khng c ci t hot ng MPLS

n ngi dng cui cng.

Mi nt MPLS phi chy mt hay nhiu giao thc nh tuyn IP (hoc da vo nh

tuyn tnh) trao i thng tin nh tuyn IP vi cc node MPLS khc trong mng.

Trong trng hp ny, mi nt MPLS l mt router IP trn mt phng iu khin.

Trong mt nt MPLS, bng nh tuyn IP c s dng xc nh nhn bt buc trao

i, ni m nt MPLS gn ktrao i nhn cho tng subnet nm trong bng nh tuyn

IP. Nhn bt buc trao i cho vic nh tuyn IP da trn ch n xc nh c thc

hin s dng giao thc c quyn ca Cisco phn phi nhn (Tag Distribution Protocol -TDP) hoc chun IETF l giao thc phn phi nhn (Label Distribution Protocol - LDP).

Qu trnh iu khin nh tuyn IP MPLS s dng cc nhn trao i vi cc node gn k

xy dng bng chuyn tip nhn (Label Forwarding Table - LFT), l c s d liu mt

phng chuyn tip c s dng chuyn tip cc gi tin c gn nhn thng qua

mng MPLS.

1.4 Cng ngh MPLS-VPN

C hai m hnh VPN chnh l:

VPN xp chng (overlay) VPN ngang hng (peer-to-peer).


26/30

M hnh VPN overlay, c s dng ph bin nht trong mng ca nh cung cp dch

v, thit kv cung cp cc knh o phc v cho bt kz lung lu lng no thng qua

mng xng sng. Trong trng hp ca mt mng IP, iu ny c ngha l nu cng

nghc s l kt ni v hng (connectionless), n cng gn nh yu cu mt dch vkt ni c hng (connection-oriented). Nhn t pha nh cung cp dch v, tnh linh

hot ca m hnh VPN overlay s b gim i ng k khi phi qun l v cung cp mt s

lng ln cc knh/ng hm gia cc thit b ca khch hng. Nhn t pha khch

hng, vic thit kgiao thc cng vo pha trong (Interior Gateway Protocol) l phc

tp v cng rt kh qun l.

M hnh VPN peer-to-peer thiu s c lp gia cc khch hng v s cn thit v khnggian a ch IP lin kt gia cc thit b ca h.

Vi vic a ra giao thc chuyn mch nhn a giao thc MPLS, c s kt hp ca

chuyn mch lp 2 vi nh tuyn v chuyn mch lp 3, n to ra khnng xy dng

mt k thut kt hp nhng u im ca VPN overlay (nh l tnh bo mt v s bit

lp gia cc khch hng) v nhng u im nh tuyn n gin khi thc hin m hnh

VPN peer-to-peer em n. K thut mi c gi l MPLS-VPN, lm cho vic nh

tuyn ca khch hng n gin hn v khnng cung cp ca nh cung cp dch vcng

n gin hn. MPLS cng b sung mt s nhng u im mi ca mt kt ni gn nh

c hng vo mu nh tuyn IP, thng qua vic thit lp cc ng chuyn mch nhn

(LSP-Label Switched Path).

Cu trc MPLS-VPN cung cp khnng to ra mt mng ring thng qua mt c s h

tng chung. Tuy nhin cc phng php c dng cung cp dch v li khc nhau.

1.4.1 Cc thnh phn trong mng MPLS-VPN

Vc bn cu trc t chc ca mt mng d liu ng dng cng ngh chuyn mch

nhn IP/MPLS c m tnh trong hnh 1.9.


27/30

MPLS Domain

CE router PE router CE routerPE router

E-LSRLSR LSR

P router 1 P router 2

C Network(Customer Control) P Network (Provider control)

C Network(Customer Control)

LDP

Hnh 1.9 Cc thnh phn trong mng MPLS-VPN

C nhiu thnh phn c nh ngha trong cu trc MPLS-VPN. Cc thnh phn ny

thc hin nhng chc nng khc nhau nhng kt hp vi nhau cu thnh mng

MPLS-VPN, bao gm:

Provider network (P-network): Mng nh cung cp, mng li MPLS/IP cqun tr bi nh cung cp dch v.

Provider router (P-router): L router chy trong mng li ca nh cung cp,cung cp vic vn chuyn dc mng backbone v khng mang cc route ca khch

hng.

Provider edge router (PE-router): Router bin ca mng backbone, n cung cpphn phi cc route ca khch hng v thc hin p ng cc dch v cho khch

hng t pha nh cung cp.


28/30


29/30

Hnh 1.10 Chc nng router PE

Mi khch hng c gn vi mt bng nh tuyn c lp. nh tuyn qua backbone

thc hin bng mt tin trnh nh tuyn trong bng nh tuyn ton cc. Router P cung

cp chuyn mch nhn gia cc router bin ca nh cung cp v khng bit n cctuyn VPN. Cc router CE trong mng khch hng khng nhn bit c cc router P v

do cu trc mng ni b ca mng nh cung cp trong sut i vi khch hng.

1.4.3 Bng nh tuyn v chuyn tip o

Mi VPN c kt hp vi mt bng nh tuyn - chuyn tip o (VRF- Virtual Routing

and Forwarding tables) ring bit. VRF cung cp cc thng tin v mi quan h trong VPN

ca mt site khch hng khi c ni vi PE router. Bng VRF bao gm thng tin bngnh tuyn IP (IP routing table), bng CEF (Cisco Express Forwarding), cc giao din ca

forwarding table; cc quy tc, cc tham s ca giao thc nh tuyn... Mi site ch c th

kt hp vi mt v ch mt VRF. Cc VRF ca site khch hng mang ton b thng tin v

cc tuyn c sn t site ti VPN m n l thnh vin.

i vi mi VRF, thng tin s dng chuyn tip cc gi tin c lu trong cc IP

routing table v CEF table. Cc bng ny c duy tr ring r cho tng VRF nn n ngn

chn c hin tng thng tin b chuyn tip ra ngoi mng VPN cng nh ngn chn

cc gi tin bn ngoi mng VPN chuyn tip vo cc router bn trong mng VPN.

VRF cha mt bng nh tuyn IP tng ng vi bng nh tuyn IP ton cc, mt bng

CEF, lit k cc giao tip tham gia vo VRF, v mt tp hp cc nguyn tc xc nh giao

thc nh tuyn trao i vi cc router CE. VRF cn cha cc nh danh VPN (VPN

identifier) nh thng tin thnh vin VPN.

1.5 Kt lun chng

Trong nhng nm gn y, cng ngh MPLS- VPN ginh c rt nhiu s quan tm

ca cc nh khai thc cng ngh mng nhm hng ti mt mng tc cao v bo

mt. Thng thng, mi cng nghu c nhng u nhc im ring. Cng ngh


30/30

MPLS- VPN ra i l s kt hp cc c im ca VPN v MPLS. VPN c nh ngha

nh l mng kt ni cc site khch hng m bo an ninh trn c s h tng mng

chung cng vi cc chnh sch iu khin truy nhp v bo mt nh mt mng ring.

Tuy c xy dng trn c s h tng sn c ca mng cng cng nhng VPN li cc cc tnh cht ca mt mng cc bnh khi s dng cc ng thu ring. N cho

php ni lin cc chi nhnh ca mt cng ty cng nh l vi cc i tc, cung cp kh

nng iu khin quyn truy nhp ca khch hng, cc nh cung cp dch v hoc cc i

tng bn ngoi khc. Do vy, khnng ng dng ca VPN l rt ln.

báo cáo công nghệ MPLS _VPN

Documents

Transcript of báo cáo công nghệ MPLS _VPN