1 00:00:08,968 --> 00:00:11,244 - One of the very popular services 2 00:00:11,244 --> 00:00:14,595 that are provided by a WAN provider is MPLS, 3 00:00:14,595 --> 00:00:17,639 which is Multiprotocol Label Switching. 4 00:00:17,639 --> 00:00:18,623 And at the CCNE level, 5 00:00:18,623 --> 00:00:21,933 they want you to have a real high understanding of MPLS 6 00:00:21,933 --> 00:00:24,507 and some of the terminology that goes along with it. 7 00:00:24,507 --> 00:00:26,590 So let's talk about that. 8 00:00:29,413 --> 00:00:31,830 So, with traditional routing, 9 00:00:32,914 --> 00:00:37,163 a packet, a Layer 3 packet will come into a router. 10 00:00:37,163 --> 00:00:39,544 And that router will strip off the Layer 2 header. 11 00:00:39,544 --> 00:00:43,381 It might come in with an ethernet header or a PPP header. 12 00:00:43,381 --> 00:00:45,650 The router will strip off that Layer 2 header, 13 00:00:45,650 --> 00:00:46,942 and then right behind it 14 00:00:46,942 --> 00:00:48,665 will be the Layer 3 header. 15 00:00:48,665 --> 00:00:51,417 And then we'll look at the destination Layer 3 address, 16 00:00:51,417 --> 00:00:55,134 like an IP version four, or an IP version six address. 17 00:00:55,134 --> 00:00:57,053 And then that router will go into some table 18 00:00:57,053 --> 00:00:58,167 like a routing table. 19 00:00:58,167 --> 00:01:01,440 Or if that router is running Cisco Express Forwarding, 20 00:01:01,440 --> 00:01:03,536 a copy of the routing table, 21 00:01:03,536 --> 00:01:06,103 sort of the essential elements from the routing table 22 00:01:06,103 --> 00:01:08,452 will be placed into a CEF table. 23 00:01:08,452 --> 00:01:10,035 But either way, the router will look 24 00:01:10,035 --> 00:01:12,736 for some sort of match of that destination IP address, 25 00:01:12,736 --> 00:01:15,667 and then create a new Layer 2 header, 26 00:01:15,667 --> 00:01:18,167 and forward the packet on out. 27 00:01:19,059 --> 00:01:23,168 With MPLS, which stands for Multiprotocol Label Switching, 28 00:01:23,168 --> 00:01:24,067 and I want you to pay attention 29 00:01:24,067 --> 00:01:26,931 to those last two letters, label switching. 30 00:01:26,931 --> 00:01:29,117 MPLS actually does something different. 31 00:01:29,117 --> 00:01:30,702 So when a frame comes in, 32 00:01:30,702 --> 00:01:33,035 a router in the WAN network, 33 00:01:34,336 --> 00:01:36,086 so your service provider's router, 34 00:01:36,086 --> 00:01:38,733 will actually take that Layer 2 header, 35 00:01:38,733 --> 00:01:42,570 and right behind it, just before the Layer 3 header, 36 00:01:42,570 --> 00:01:46,905 it will insert a new field called an MPLS Label, 37 00:01:46,905 --> 00:01:47,911 called a label. 38 00:01:47,911 --> 00:01:49,293 This might sound kinda familiar to you. 39 00:01:49,293 --> 00:01:52,160 Once again, drawing an analogy to switching, 40 00:01:52,160 --> 00:01:54,311 which hopefully you've already studied up to this point. 41 00:01:54,311 --> 00:01:56,143 We know that in the world of switching, 42 00:01:56,143 --> 00:02:00,653 when ethernet frame is going across an 802.1q trunk, 43 00:02:00,653 --> 00:02:02,844 same type of thing happens. 44 00:02:02,844 --> 00:02:04,410 When that frame gets to the switch. 45 00:02:04,410 --> 00:02:07,269 The switch takes input in 802.1q tag, 46 00:02:07,269 --> 00:02:09,454 after the source MAC address, 47 00:02:09,454 --> 00:02:11,954 but before the Layer 3 packet. 48 00:02:13,141 --> 00:02:14,190 It inserts that tag there. 49 00:02:14,190 --> 00:02:15,942 So the same type of thing is happening here, 50 00:02:15,942 --> 00:02:18,676 except instead of a .1q tag being applied, 51 00:02:18,676 --> 00:02:22,221 applying something else called an MPLS label. 52 00:02:22,221 --> 00:02:24,178 And then that label is actually what's used 53 00:02:24,178 --> 00:02:27,629 by all these routers to forward the packet. 54 00:02:27,629 --> 00:02:29,079 And actually, the reason why it's called 55 00:02:29,079 --> 00:02:31,375 Multiprotocol Label Switching 56 00:02:31,375 --> 00:02:33,530 is because MPLS can apply that label 57 00:02:33,530 --> 00:02:35,951 to lots of different things. 58 00:02:35,951 --> 00:02:37,955 We typically think of MPLS as being used 59 00:02:37,955 --> 00:02:40,519 against IP packets, like IP version four 60 00:02:40,519 --> 00:02:42,255 or IP version six. 61 00:02:42,255 --> 00:02:43,662 But MPLS can actually be used 62 00:02:43,662 --> 00:02:45,233 against a wide variety of things, 63 00:02:45,233 --> 00:02:48,368 not even necessarily Layer 3 packets. 64 00:02:48,368 --> 00:02:51,165 That's why its called multiprotocol. 65 00:02:51,165 --> 00:02:53,891 The key idea though is that the routers 66 00:02:53,891 --> 00:02:55,831 in the service provider's cloud, 67 00:02:55,831 --> 00:02:59,165 when they're trying to figure out where does thing go, 68 00:02:59,165 --> 00:03:01,516 they're no longer looking at a Layer 3 header 69 00:03:01,516 --> 00:03:02,983 to answer that question. 70 00:03:02,983 --> 00:03:04,537 They're now looking at this label. 71 00:03:04,537 --> 00:03:07,148 They have a table of labels that says, 72 00:03:07,148 --> 00:03:10,582 if I see this label, I'm gonna send it out this interface. 73 00:03:10,582 --> 00:03:13,039 So it's label switching. 74 00:03:13,039 --> 00:03:14,387 So this here shows an example of 75 00:03:14,387 --> 00:03:16,637 what that label looks like. 76 00:03:17,775 --> 00:03:20,399 So the label is a 32-bit field, 77 00:03:20,399 --> 00:03:22,115 which should hopefully be easy to remember, 78 00:03:22,115 --> 00:03:25,958 because IP version four addresses are 32-bits. 79 00:03:25,958 --> 00:03:28,269 MPLS labels are 32-bits. 80 00:03:28,269 --> 00:03:31,418 And you can see here a breakdown of that label. 81 00:03:31,418 --> 00:03:34,059 Now I'm gonna come back to this in just one second. 82 00:03:34,059 --> 00:03:36,205 I just wanna flash forward here for a second, 83 00:03:36,205 --> 00:03:39,139 and just to give you an idea of where this label goes. 84 00:03:39,139 --> 00:03:42,139 So here is our regular frame, right, 85 00:03:44,306 --> 00:03:46,532 with our Layer 2 header, frame relay, 86 00:03:46,532 --> 00:03:48,650 PPP, ethernet, whatever it is, 87 00:03:48,650 --> 00:03:50,980 followed by our IP Header. 88 00:03:50,980 --> 00:03:53,843 Well in the world of MPLS, we've got a Frame Header 89 00:03:53,843 --> 00:03:57,767 and then the label is placed right here. 90 00:03:57,767 --> 00:03:59,812 So that's where the label goes. 91 00:03:59,812 --> 00:04:04,187 And sometimes you'll hear this called as a Shim Header. 92 00:04:04,187 --> 00:04:06,238 But that's where the label goes. 93 00:04:06,238 --> 00:04:07,665 So now let's go back to the previous slide 94 00:04:07,665 --> 00:04:10,357 and take a look at what does this label look like 95 00:04:10,357 --> 00:04:14,556 if we break it down, what components are in that label? 96 00:04:14,556 --> 00:04:17,709 Okay so here I the label in its entirety. 97 00:04:17,709 --> 00:04:20,959 So most of the label, so 20 bits of it, 98 00:04:21,953 --> 00:04:25,587 20 bits out of the 32, are the label value. 99 00:04:25,587 --> 00:04:27,724 So you can see there's actually quite a few numbers 100 00:04:27,724 --> 00:04:30,206 you can come up with with a 20-bit field. 101 00:04:30,206 --> 00:04:33,915 Then after that, we have a three-bit field, 102 00:04:33,915 --> 00:04:36,031 which is called the experimental field. 103 00:04:36,031 --> 00:04:38,870 So one of the things that MPLS service providers 104 00:04:38,870 --> 00:04:41,964 can offer is something called quality of service. 105 00:04:41,964 --> 00:04:44,846 And this experimental field is what allows them to do that. 106 00:04:44,846 --> 00:04:48,792 So you can send packets into the service provider's network, 107 00:04:48,792 --> 00:04:50,795 maybe some of those packets carry data, 108 00:04:50,795 --> 00:04:53,704 maybe some of those packets carry voice, 109 00:04:53,704 --> 00:04:57,467 and by modifying or changing the bits here 110 00:04:57,467 --> 00:05:00,521 in the experimental field of the label 111 00:05:00,521 --> 00:05:02,924 the voice packets can be differentiated 112 00:05:02,924 --> 00:05:06,134 and identified differently from the data packets, 113 00:05:06,134 --> 00:05:07,584 so they can get better service, 114 00:05:07,584 --> 00:05:10,660 they can take faster paths, paths with less latency, 115 00:05:10,660 --> 00:05:13,423 that's because of the experimental field right here, 116 00:05:13,423 --> 00:05:16,328 which carries our quality of service markings. 117 00:05:16,328 --> 00:05:18,082 And there's a bit here called 118 00:05:18,082 --> 00:05:21,263 the bottom-of-the-stack indicator, 119 00:05:21,263 --> 00:05:23,111 bottom-of-the-stack indicator. 120 00:05:23,111 --> 00:05:25,708 And the reason why that's there 121 00:05:25,708 --> 00:05:29,534 is because in a lot of MPLS offerings, 122 00:05:29,534 --> 00:05:33,037 and I'm gonna talk briefly about MPLS VPNs, as an example, 123 00:05:33,037 --> 00:05:34,855 you might see a situation in which there's 124 00:05:34,855 --> 00:05:38,109 two or more labels applied to something. 125 00:05:38,109 --> 00:05:40,557 Two or sometimes even three labels. 126 00:05:40,557 --> 00:05:43,890 And so, an MPLS device, and MPLS router, 127 00:05:44,778 --> 00:05:47,984 only looks at the top label, what's the top label? 128 00:05:47,984 --> 00:05:51,107 The layer that's right next to Layer 2 header. 129 00:05:51,107 --> 00:05:53,783 So if I go forward for a moment. 130 00:05:53,783 --> 00:05:56,312 So for example, right here, here we have an example 131 00:05:56,312 --> 00:06:00,719 of a frame that has three labels inside of it. 132 00:06:00,719 --> 00:06:03,088 So we can see that the label that's 133 00:06:03,088 --> 00:06:06,154 right after the Layer 2 header, 134 00:06:06,154 --> 00:06:08,497 that's what we consider the top label. 135 00:06:08,497 --> 00:06:11,792 And that's the label that an MPLS router will look at 136 00:06:11,792 --> 00:06:14,215 to determine where do I send this thing, 137 00:06:14,215 --> 00:06:15,697 what's the egress interface where I send 138 00:06:15,697 --> 00:06:19,356 this data structure is the top label. 139 00:06:19,356 --> 00:06:21,174 But then there can be--and that's called the top. 140 00:06:21,174 --> 00:06:23,228 Then there can be labels after that, 141 00:06:23,228 --> 00:06:26,976 and then the very last label, the very last one 142 00:06:26,976 --> 00:06:29,823 is what we call the bottom label. 143 00:06:29,823 --> 00:06:32,253 And the bottom label has that one little bit set, 144 00:06:32,253 --> 00:06:34,767 that bottom-of-the-stack bit set to a one. 145 00:06:34,767 --> 00:06:36,197 Why is that important? 146 00:06:36,197 --> 00:06:38,365 Because, when a router receives 147 00:06:38,365 --> 00:06:41,703 an incoming MPLS labeled structure, 148 00:06:41,703 --> 00:06:44,377 and it sees that label there, 149 00:06:44,377 --> 00:06:47,173 and it sees that the bottom-of-the-stack bit is set to one, 150 00:06:47,173 --> 00:06:51,141 that router knows, aha, okay I need to pop that label off 151 00:06:51,141 --> 00:06:53,569 and revert this thing back to looking like 152 00:06:53,569 --> 00:06:57,214 a normal IP packet without any label at all. 153 00:06:57,214 --> 00:06:59,352 So that bottom-of-the-stack bit indicates 154 00:06:59,352 --> 00:07:00,608 that this is the very last label 155 00:07:00,608 --> 00:07:02,492 and behind it you're going to see 156 00:07:02,492 --> 00:07:04,863 your regular Layer 3 header. 157 00:07:04,863 --> 00:07:09,030 So that's what that bottom-of-the-stack bit is used for. 158 00:07:09,980 --> 00:07:11,480 So let me go back. 159 00:07:12,417 --> 00:07:15,449 And then also we have at the very end, we have a TTL field. 160 00:07:15,449 --> 00:07:19,297 So just like an IP packet has a time to live field, 161 00:07:19,297 --> 00:07:21,758 an MPLS label has a time to live field. 162 00:07:21,758 --> 00:07:23,923 Typically speaking, when an IP packet comes 163 00:07:23,923 --> 00:07:28,382 into an MPLS router, the router will take a look 164 00:07:28,382 --> 00:07:30,647 at the TTL field in the IP packet 165 00:07:30,647 --> 00:07:32,619 and it will take whatever that number is 166 00:07:32,619 --> 00:07:35,119 18, 64, 3, and it will copy it 167 00:07:36,006 --> 00:07:38,817 into the TTL field, right here. 168 00:07:38,817 --> 00:07:40,481 And now as each router gets this, 169 00:07:40,481 --> 00:07:43,971 as each label router gets it and switches it based on labels 170 00:07:43,971 --> 00:07:45,936 just like we would normally take a TTL 171 00:07:45,936 --> 00:07:48,185 in an IP packet and decrement it by one, 172 00:07:48,185 --> 00:07:50,776 well our label switching routers will also 173 00:07:50,776 --> 00:07:54,716 decrement the TTL value here in the label itself by one. 174 00:07:54,716 --> 00:07:56,133 Same rules apply. 175 00:07:57,759 --> 00:08:01,592 Okay so I think we've seen everything on here. 176 00:08:04,859 --> 00:08:05,801 There's nothing--we already talked 177 00:08:05,801 --> 00:08:07,377 about where the label's applied. 178 00:08:07,377 --> 00:08:08,259 And this is just showing you 179 00:08:08,259 --> 00:08:11,467 that it's right after the Layer 2 header. 180 00:08:11,467 --> 00:08:13,057 And sometimes you'll see that MPLS is called 181 00:08:13,057 --> 00:08:14,807 a Layer 2.5 protocol. 182 00:08:16,887 --> 00:08:19,237 In other words when talking about the OSI model, 183 00:08:19,237 --> 00:08:20,790 and people are all, "Well where does this reside? 184 00:08:20,790 --> 00:08:22,465 "Does it reside at the data link layer, 185 00:08:22,465 --> 00:08:24,119 "at the network layer." 186 00:08:24,119 --> 00:08:26,826 They say it's a Layer 2.5 protocol 187 00:08:26,826 --> 00:08:28,425 because it's inserting the label 188 00:08:28,425 --> 00:08:32,898 between the Layer 2 header and the Layer 3 header. 189 00:08:32,898 --> 00:08:35,079 So they say it's a Layer 2.5 protocol, 190 00:08:35,079 --> 00:08:37,412 so you might hear that term. 191 00:08:38,327 --> 00:08:40,131 And so we've already talked about this, 192 00:08:40,131 --> 00:08:42,993 and just this grouping of labels goes 193 00:08:42,993 --> 00:08:46,840 by the term Label Stack, a Label Stack. 194 00:08:46,840 --> 00:08:51,580 So you could have one or more labels in your label stack. 195 00:08:51,580 --> 00:08:55,034 And just remember the key term of the top label, 196 00:08:55,034 --> 00:08:57,838 that's the one right next to the Layer 2 header, 197 00:08:57,838 --> 00:08:59,952 and the bottom label, which is the one right next 198 00:08:59,952 --> 00:09:01,796 to the Layer 3 header. 199 00:09:01,796 --> 00:09:03,490 Of course, if you've only got one label 200 00:09:03,490 --> 00:09:04,901 they're both the same, the top and the bottom 201 00:09:04,901 --> 00:09:09,507 are exactly the same 'cause you've only got one label. 202 00:09:09,507 --> 00:09:14,076 And some terminology that we need to know for MPLS. 203 00:09:14,076 --> 00:09:18,243 So a router that has the capability of looking at a label, 204 00:09:21,675 --> 00:09:24,265 something that comes in that already has a label on it, 205 00:09:24,265 --> 00:09:26,925 and saying okay based on this label value, 206 00:09:26,925 --> 00:09:29,806 not the routing table, but my label table, 207 00:09:29,806 --> 00:09:30,732 I'm gonna be able to figure out 208 00:09:30,732 --> 00:09:33,987 which interface I need to forward this packet on, 209 00:09:33,987 --> 00:09:35,968 or forward this thing on. 210 00:09:35,968 --> 00:09:39,885 We technically call that a Label Switch Router. 211 00:09:41,219 --> 00:09:45,271 And Label Switch Routers fall into sort of three categories, 212 00:09:45,271 --> 00:09:47,249 Ingress Label Switch Router, 213 00:09:47,249 --> 00:09:49,368 Intermediate Label Switch Router, 214 00:09:49,368 --> 00:09:52,356 and Egress Label Switch Router. 215 00:09:52,356 --> 00:09:56,833 So let me show you an example, a picture of this. 216 00:09:56,833 --> 00:09:59,236 So take a look at this as an example. 217 00:09:59,236 --> 00:10:02,066 So let's say that each of these boxes right here 218 00:10:02,066 --> 00:10:04,735 represents a customer site. 219 00:10:04,735 --> 00:10:06,735 And so this router here, 220 00:10:10,996 --> 00:10:14,253 the brown routers, these belong to the customer. 221 00:10:14,253 --> 00:10:15,774 So these are the customer routers 222 00:10:15,774 --> 00:10:19,285 and these routers are at the edge of the customer's network. 223 00:10:19,285 --> 00:10:20,860 In other words, these are at the edge of the network 224 00:10:20,860 --> 00:10:22,221 that connect to the ISP. 225 00:10:22,221 --> 00:10:23,997 So from an MPLS terminology, 226 00:10:23,997 --> 00:10:28,327 these routers are called customer edge routers, 227 00:10:28,327 --> 00:10:29,494 or CE routers. 228 00:10:30,747 --> 00:10:34,684 And yes, you will want to be familiar with this terminology. 229 00:10:34,684 --> 00:10:36,517 Customer edge routers. 230 00:10:40,250 --> 00:10:44,037 Now all the routers here in the MPLS provider's network 231 00:10:44,037 --> 00:10:46,858 are called label switching routers, 232 00:10:46,858 --> 00:10:48,276 every single one of them, 233 00:10:48,276 --> 00:10:50,388 because they either have the ability of taking in 234 00:10:50,388 --> 00:10:54,062 a regular IP packet and slapping a new label on top of it 235 00:10:54,062 --> 00:10:55,701 that did not exist before, 236 00:10:55,701 --> 00:10:59,715 they have the capability of taking in a labeled packet, 237 00:10:59,715 --> 00:11:01,176 looking at that label and figuring out 238 00:11:01,176 --> 00:11:03,995 which egress interface to switch it out of, 239 00:11:03,995 --> 00:11:06,027 or if it's on the other edge, 240 00:11:06,027 --> 00:11:07,680 it has the ability of taking the label, 241 00:11:07,680 --> 00:11:09,504 stripping it off completely, 242 00:11:09,504 --> 00:11:13,419 revealing just a regular IP packet and then sending it out. 243 00:11:13,419 --> 00:11:17,086 So, if we're talking about Customer A, here, 244 00:11:18,290 --> 00:11:19,873 Customer A Site One 245 00:11:23,318 --> 00:11:25,318 and Customer A Site Two, 246 00:11:28,548 --> 00:11:31,692 in terminology we have the customer edge router, 247 00:11:31,692 --> 00:11:34,854 so let's say that our packet comes in this way, 248 00:11:34,854 --> 00:11:37,104 I'll just say P for packet. 249 00:11:37,965 --> 00:11:40,225 And it gets right here. 250 00:11:40,225 --> 00:11:44,392 So this here would be called an ingress label edge router. 251 00:11:51,428 --> 00:11:54,080 Because it's ingress, it's receiving the ingress packet 252 00:11:54,080 --> 00:11:57,391 and it's on the edge of the labeling network, 253 00:11:57,391 --> 00:11:58,713 the label edge router. 254 00:11:58,713 --> 00:12:02,546 So now this router here would take that packet 255 00:12:03,473 --> 00:12:06,223 and it would apply a label to it, 256 00:12:07,308 --> 00:12:10,047 like we just took a look at. 257 00:12:10,047 --> 00:12:12,547 And then as it went into here, 258 00:12:13,660 --> 00:12:15,249 these routers in the middle would 259 00:12:15,249 --> 00:12:18,253 just be called intermediate, 260 00:12:18,253 --> 00:12:22,002 let's see if I can put that right here. 261 00:12:22,002 --> 00:12:23,252 Intermediate... 262 00:12:29,098 --> 00:12:31,098 Label switching routers. 263 00:12:33,207 --> 00:12:35,030 So an intermediate label switching router 264 00:12:35,030 --> 00:12:36,634 all it does is it receives something 265 00:12:36,634 --> 00:12:38,318 that already has a label on it 266 00:12:38,318 --> 00:12:42,485 and then just switches it through based on that label. 267 00:12:43,467 --> 00:12:45,487 Now once it gets to this guy right here, 268 00:12:45,487 --> 00:12:48,585 so here it comes in, it's got a label. 269 00:12:48,585 --> 00:12:52,752 We also have the packet behind it, so it comes in. 270 00:12:54,326 --> 00:12:56,715 So this guy here is gonna take that label, 271 00:12:56,715 --> 00:12:59,170 he's gonna recognize it, okay this is the last label, 272 00:12:59,170 --> 00:13:00,178 there's no other label left, 273 00:13:00,178 --> 00:13:03,317 he's gonna strip it off and he's gonna reveal the packet 274 00:13:03,317 --> 00:13:06,150 and send the packet as it is, out. 275 00:13:07,183 --> 00:13:09,933 So he will be called an egress... 276 00:13:14,043 --> 00:13:15,543 Label edge router. 277 00:13:18,875 --> 00:13:21,634 So all of these are label switching routers, 278 00:13:21,634 --> 00:13:24,329 all of them are LSRs because they have the capability 279 00:13:24,329 --> 00:13:27,579 of processing and understanding labels. 280 00:13:28,558 --> 00:13:31,500 And a label edge router, like it sounds is at the edge 281 00:13:31,500 --> 00:13:34,083 of the MPLS provider's network. 282 00:13:35,192 --> 00:13:37,203 And ingress or egress just refers 283 00:13:37,203 --> 00:13:38,835 to the direction of the traffic, 284 00:13:38,835 --> 00:13:40,570 is the traffic coming in 285 00:13:40,570 --> 00:13:44,032 or is it leaving the provider's network. 286 00:13:44,032 --> 00:13:45,797 So you should be familiar with those. 287 00:13:45,797 --> 00:13:48,723 Now a lot of times also you'll see in 288 00:13:48,723 --> 00:13:50,188 a lot of books and documents 289 00:13:50,188 --> 00:13:52,903 that in addition to the routers here on the edge 290 00:13:52,903 --> 00:13:54,991 being called label edge routers, 291 00:13:54,991 --> 00:13:57,465 there's another term for those you'll see, 292 00:13:57,465 --> 00:14:00,632 which is called provider edge routers. 293 00:14:03,271 --> 00:14:05,287 Because router one and router two, 294 00:14:05,287 --> 00:14:07,569 they're owned by the service provider. 295 00:14:07,569 --> 00:14:10,867 And just like A One and A Two are owned by the customer 296 00:14:10,867 --> 00:14:13,857 but they are at the edge of the customer's network, 297 00:14:13,857 --> 00:14:16,309 these two routers here, one and two, 298 00:14:16,309 --> 00:14:17,813 well they're owned by the provider 299 00:14:17,813 --> 00:14:21,669 and they are edge of the provider's network. 300 00:14:21,669 --> 00:14:23,322 So we have customer edge routers 301 00:14:23,322 --> 00:14:26,997 which connect to provider edge routers. 302 00:14:26,997 --> 00:14:28,830 So CEs connect to PEs. 303 00:14:31,083 --> 00:14:32,603 Now there's a couple of additional things 304 00:14:32,603 --> 00:14:33,836 about this I want to talk about, 305 00:14:33,836 --> 00:14:35,959 one of the--you might be wondering, 306 00:14:35,959 --> 00:14:38,150 okay, well but really what's the benefit of this. 307 00:14:38,150 --> 00:14:41,818 I mean so we're slapping on this new field called a label 308 00:14:41,818 --> 00:14:45,068 and all of these label switching routers are figuring out 309 00:14:45,068 --> 00:14:47,311 where to forward this thing based on a label 310 00:14:47,311 --> 00:14:49,595 instead of based on IP header. 311 00:14:49,595 --> 00:14:51,660 Why do we want to do that? 312 00:14:51,660 --> 00:14:53,995 Where is the benefit of that? 313 00:14:53,995 --> 00:14:57,559 A big reason why people like MPLS services is 314 00:14:57,559 --> 00:15:01,559 because they can get something called MPLS VPNs. 315 00:15:02,770 --> 00:15:06,143 Which stands for Virtual Private Network. 316 00:15:06,143 --> 00:15:08,148 Well, what makes it private? 317 00:15:08,148 --> 00:15:11,968 Here's one of the great things about MPLS VPNs. 318 00:15:11,968 --> 00:15:15,187 I could have Customer A, and maybe Customer A 319 00:15:15,187 --> 00:15:17,891 is using the 10.10 network, 320 00:15:17,891 --> 00:15:21,444 so we've got all sorts of subnets of 10.10 over here 321 00:15:21,444 --> 00:15:25,111 and all sorts of subnets of 10.20 over here. 322 00:15:26,398 --> 00:15:27,450 Now you might be saying, 323 00:15:27,450 --> 00:15:29,287 "But Keith, that's a private address, 324 00:15:29,287 --> 00:15:31,143 "that's not a publicly routeable address." 325 00:15:31,143 --> 00:15:32,337 Actually that's okay. 326 00:15:32,337 --> 00:15:35,347 In this particular example the customer's not using 327 00:15:35,347 --> 00:15:38,326 the MPLS VPN to access the internet. 328 00:15:38,326 --> 00:15:41,517 All this WAN provider's doing is giving them access 329 00:15:41,517 --> 00:15:44,265 so that One's customer site can talk 330 00:15:44,265 --> 00:15:45,889 to another customer site. 331 00:15:45,889 --> 00:15:47,397 It's not for internet access. 332 00:15:47,397 --> 00:15:51,659 It's just for connecting one campus or branch to another. 333 00:15:51,659 --> 00:15:55,409 And then guess what, down here in Customer B, 334 00:15:56,764 --> 00:16:00,931 we could be using the exact same addresses, 10.20.0.0/16. 335 00:16:06,832 --> 00:16:09,299 And the MPLS VPN allows us to have 336 00:16:09,299 --> 00:16:12,399 overlapping address space like this 337 00:16:12,399 --> 00:16:16,528 and it allows the packets to be kept separate. 338 00:16:16,528 --> 00:16:19,251 In other words, Customer A does not have to worry 339 00:16:19,251 --> 00:16:21,934 that his or her packets will ever show up 340 00:16:21,934 --> 00:16:23,934 in Customer B's network. 341 00:16:24,809 --> 00:16:27,905 The MPLS VPN makes sure that customer's packets 342 00:16:27,905 --> 00:16:31,456 are always separate, isolated, they don't go 343 00:16:31,456 --> 00:16:33,252 where they're not supposed to go 344 00:16:33,252 --> 00:16:36,312 and from the provider's perspective it's great 345 00:16:36,312 --> 00:16:40,581 because they can reuse IP addresses on different customers. 346 00:16:40,581 --> 00:16:43,472 Now you might be thinking, well how is that possible, 347 00:16:43,472 --> 00:16:44,827 how does that even work? 348 00:16:44,827 --> 00:16:48,294 Well, without going into too many great details about this, 349 00:16:48,294 --> 00:16:50,453 here's a high-level overview of this. 350 00:16:50,453 --> 00:16:53,080 Up until now when we've been talking about routing, 351 00:16:53,080 --> 00:16:55,832 you had this idea that a router 352 00:16:55,832 --> 00:16:58,499 has one single IP routing table. 353 00:16:59,552 --> 00:17:02,118 Let's just focus on IP version four for now. 354 00:17:02,118 --> 00:17:04,480 It's got one IP version four routing table 355 00:17:04,480 --> 00:17:08,647 and EIGRP or OSPF routes or RIP routes can feed into that, 356 00:17:09,668 --> 00:17:12,252 but ultimately, when a packet comes into a router 357 00:17:12,252 --> 00:17:14,853 it's that one table the router looks at, 358 00:17:14,853 --> 00:17:16,782 we call that the global routing table, 359 00:17:16,782 --> 00:17:19,313 to figure out, what do I do with this packet, 360 00:17:19,313 --> 00:17:21,333 where do I forward it? 361 00:17:21,333 --> 00:17:23,690 Well when we're dealing with MPLS VPNs, 362 00:17:23,690 --> 00:17:26,090 the router still has a global routing table, 363 00:17:26,090 --> 00:17:27,746 so now what we're gonna focus on is 364 00:17:27,746 --> 00:17:29,443 just the provider's networks, 365 00:17:29,443 --> 00:17:33,329 so the customers don't do MPLS at all. 366 00:17:33,329 --> 00:17:36,336 In an MPLS VPN, or even if you're not doing VPN, 367 00:17:36,336 --> 00:17:38,412 the customer routers, the CE routers, 368 00:17:38,412 --> 00:17:40,471 now let me just put that on here, 369 00:17:40,471 --> 00:17:43,054 they have no knowledge of MPLS. 370 00:17:45,089 --> 00:17:46,742 They're not doing any kind of labeling, 371 00:17:46,742 --> 00:17:48,597 they're just sending and receiving 372 00:17:48,597 --> 00:17:51,740 to the provider just regular IP packets 373 00:17:51,740 --> 00:17:55,812 packaged in ethernet frames or PPP frames 374 00:17:55,812 --> 00:17:58,018 or whatever they choose to use 375 00:17:58,018 --> 00:18:00,538 to connect to the provider. 376 00:18:00,538 --> 00:18:02,468 So it's all the provider's equipment in here 377 00:18:02,468 --> 00:18:04,097 that's doing all the labeling and the swapping 378 00:18:04,097 --> 00:18:08,410 and doing all this MPLS VPN stuff I'm about to describe. 379 00:18:08,410 --> 00:18:10,075 So this provider's network, 380 00:18:10,075 --> 00:18:14,286 now this provider's network is probably also used 381 00:18:14,286 --> 00:18:16,089 for them for internal stuff. 382 00:18:16,089 --> 00:18:18,322 For example, they've got their own email system 383 00:18:18,322 --> 00:18:19,884 for their own employees, 384 00:18:19,884 --> 00:18:21,626 they have their own internal websites 385 00:18:21,626 --> 00:18:23,627 for like their payroll, their human resources, 386 00:18:23,627 --> 00:18:25,038 and marketing and stuff, 387 00:18:25,038 --> 00:18:26,702 so it may actually be that this network here 388 00:18:26,702 --> 00:18:30,520 is not only being used to transport packets 389 00:18:30,520 --> 00:18:32,316 from one customer site to another, 390 00:18:32,316 --> 00:18:34,404 it's actually being used also internally 391 00:18:34,404 --> 00:18:36,576 by the service provider itself 392 00:18:36,576 --> 00:18:40,305 as their own enterprise network for themselves. 393 00:18:40,305 --> 00:18:43,505 So there's gonna be some routing protocol running here 394 00:18:43,505 --> 00:18:45,771 within these routers. 395 00:18:45,771 --> 00:18:48,810 It could be anything, whatever, whatever they want to use. 396 00:18:48,810 --> 00:18:52,727 Let's just say, let's just say it's doing OSPF, 397 00:18:53,578 --> 00:18:55,942 although it could be EIGRP, it could be RIP, 398 00:18:55,942 --> 00:18:57,692 it could be anything. 399 00:18:58,806 --> 00:19:02,330 So all of these routers learn about each other 400 00:19:02,330 --> 00:19:04,580 and they're able to reach each other via 401 00:19:04,580 --> 00:19:07,808 whatever interior gateway protocol the service provider's 402 00:19:07,808 --> 00:19:12,468 running for themselves, within their own network right here. 403 00:19:12,468 --> 00:19:16,104 Okay, so now, in addition to that, 404 00:19:16,104 --> 00:19:18,736 so all of that, all of those routes that are being learned, 405 00:19:18,736 --> 00:19:21,948 are being learned in the global routing tables. 406 00:19:21,948 --> 00:19:24,593 And let's just put some terminology back on here 407 00:19:24,593 --> 00:19:26,022 that I mentioned earlier. 408 00:19:26,022 --> 00:19:28,706 So we'll just say this is PE1 409 00:19:28,706 --> 00:19:31,623 and this is provider edge two, PE2. 410 00:19:34,814 --> 00:19:39,008 Okay so, for example, PE1 if you did a show ip route command 411 00:19:39,008 --> 00:19:40,155 and looked at his global routing table 412 00:19:40,155 --> 00:19:43,885 he would know how to reach 3.3.3.3, 4.4.4.4, 413 00:19:43,885 --> 00:19:46,243 and all these other routers in the middle. 414 00:19:46,243 --> 00:19:48,909 But here's what makes an MPLS VPN so powerful, 415 00:19:48,909 --> 00:19:52,110 able to separate customer routes, keep them separate, 416 00:19:52,110 --> 00:19:53,988 even to the extent that one customer 417 00:19:53,988 --> 00:19:57,924 can be using the exact same subnets as another customer. 418 00:19:57,924 --> 00:20:00,168 Which is the fact that on these PE routers, 419 00:20:00,168 --> 00:20:02,822 in addition to the global routing table, 420 00:20:02,822 --> 00:20:06,322 each interface that connects to a customer 421 00:20:07,267 --> 00:20:10,936 is in it's own separate routing table. 422 00:20:10,936 --> 00:20:14,493 It's like these little private routing tables. 423 00:20:14,493 --> 00:20:17,176 We actually call these VRFs, 424 00:20:17,176 --> 00:20:21,343 Virtual Routing and Forwarding instances, VRFs, a VRF. 425 00:20:24,005 --> 00:20:26,502 So right now, as I've drawn it, 426 00:20:26,502 --> 00:20:29,851 if we just focus in right now on provider edge one, 427 00:20:29,851 --> 00:20:33,154 he actually has three routing tables he's keeping track of, 428 00:20:33,154 --> 00:20:34,938 he's got the global routing table, 429 00:20:34,938 --> 00:20:36,195 for all the routes he's learned about 430 00:20:36,195 --> 00:20:38,122 about his own internal network, 431 00:20:38,122 --> 00:20:42,088 and he's got a separate private VRF routing table 432 00:20:42,088 --> 00:20:43,338 for Customer A, 433 00:20:44,701 --> 00:20:47,284 and another VRF for Customer B. 434 00:20:48,636 --> 00:20:49,859 So right there that's one thing 435 00:20:49,859 --> 00:20:51,058 that keeps the route separate 436 00:20:51,058 --> 00:20:53,937 because the 10.10 network that's learned, 437 00:20:53,937 --> 00:20:56,246 and by the way between the CE and PE, 438 00:20:56,246 --> 00:20:58,481 there's going to be some routing protocol running. 439 00:20:58,481 --> 00:21:00,496 Let's just put that right here. 440 00:21:00,496 --> 00:21:02,683 And once again that's completely between the customer 441 00:21:02,683 --> 00:21:04,766 and between the provider. 442 00:21:06,578 --> 00:21:10,745 So for example, Customer B, they might choose to run EIGRP 443 00:21:16,284 --> 00:21:19,217 between their customer edge router 444 00:21:19,217 --> 00:21:21,331 and the provider edge router. 445 00:21:21,331 --> 00:21:24,581 And Customer A, might choose to run RIP 446 00:21:26,446 --> 00:21:28,808 between their customer edge routers 447 00:21:28,808 --> 00:21:31,562 and the provider edge router. 448 00:21:31,562 --> 00:21:33,583 So there's some sort of routing going on here 449 00:21:33,583 --> 00:21:36,133 so that the customer can say, "Hey service provider, 450 00:21:36,133 --> 00:21:38,408 "here's all the routes I'm using in my network. 451 00:21:38,408 --> 00:21:40,268 "Here they are." 452 00:21:40,268 --> 00:21:42,931 So you can see that the customer edge router 453 00:21:42,931 --> 00:21:47,314 is forming a neighborship, if it's EIGRP or OSPF, 454 00:21:47,314 --> 00:21:49,272 with the service provider, 455 00:21:49,272 --> 00:21:51,338 with the service provider's PE router 456 00:21:51,338 --> 00:21:54,187 there's a neighborship being formed. 457 00:21:54,187 --> 00:21:55,612 Okay so that's one thing. 458 00:21:55,612 --> 00:21:57,050 So that's how we keep the routes separate, 459 00:21:57,050 --> 00:21:58,779 is because these interfaces are actually assigned 460 00:21:58,779 --> 00:22:03,412 to their own private routing tables called VRFs. 461 00:22:03,412 --> 00:22:07,579 And then in order to actually complete the MPLS VPN 462 00:22:08,644 --> 00:22:09,871 to keep the route separate, 463 00:22:09,871 --> 00:22:14,038 there is actually from these PE routers right here 464 00:22:16,089 --> 00:22:18,924 they are talking to each other via 465 00:22:18,924 --> 00:22:22,007 the border gateway protocol, via BGP. 466 00:22:23,687 --> 00:22:26,515 So I'm not gonna go into much more detail than this, 467 00:22:26,515 --> 00:22:28,264 this is actually already going into more detail 468 00:22:28,264 --> 00:22:31,120 than the CCNA books go into that I've looked at. 469 00:22:31,120 --> 00:22:33,162 But the main takeaway that I wanted you to have 470 00:22:33,162 --> 00:22:36,262 is that an MPLS VPN has several benefits. 471 00:22:36,262 --> 00:22:38,824 Number one, the customer's routes 472 00:22:38,824 --> 00:22:41,452 will be kept separate from any other customer's routes. 473 00:22:41,452 --> 00:22:42,540 By having this combination 474 00:22:42,540 --> 00:22:45,023 of virtual routing and forwarding tables, 475 00:22:45,023 --> 00:22:47,940 by doing routing with the provider, 476 00:22:49,118 --> 00:22:52,827 and by having BGP running in the provider's network, 477 00:22:52,827 --> 00:22:55,764 the combination of all that, along with labels, 478 00:22:55,764 --> 00:22:57,265 labels play a factor in this, 479 00:22:57,265 --> 00:22:59,472 labels play a very important factor, 480 00:22:59,472 --> 00:23:03,283 is what helps keep the customers' traffic separate. 481 00:23:03,283 --> 00:23:05,423 So Customer A's traffic will never show up 482 00:23:05,423 --> 00:23:07,423 in Customer B's network. 483 00:23:08,531 --> 00:23:11,338 Also this MPLS VPN is a very good thing 484 00:23:11,338 --> 00:23:12,911 from the provider's point of view 485 00:23:12,911 --> 00:23:15,900 because it helps them to conserve IP addresses. 486 00:23:15,900 --> 00:23:18,045 They can provide the same subnets 487 00:23:18,045 --> 00:23:20,011 to totally different customers, 488 00:23:20,011 --> 00:23:22,926 overlapping subnets of the MPLS VPN, 489 00:23:22,926 --> 00:23:26,946 this combination of BGP and labeling and VRFs. 490 00:23:26,946 --> 00:23:28,853 The combination of all this stuff working together 491 00:23:28,853 --> 00:23:32,107 helps these overlapping subnets stay separate. 492 00:23:32,107 --> 00:23:33,863 In other words the service provider can know 493 00:23:33,863 --> 00:23:38,495 okay, this 10.10 network down here belongs to Customer B, 494 00:23:38,495 --> 00:23:41,612 there's some coupling that takes place with MPLS labels, 495 00:23:41,612 --> 00:23:44,275 this label along with this network 496 00:23:44,275 --> 00:23:46,926 means this belongs to Customer B. 497 00:23:46,926 --> 00:23:49,730 This other label, completely different number, 498 00:23:49,730 --> 00:23:53,039 with the same network, belongs to Customer A. 499 00:23:53,039 --> 00:23:56,652 And that's how an MPLS VPN is pieced together 500 00:23:56,652 --> 00:23:59,694 and provides this security. 501 00:23:59,694 --> 00:24:01,869 And one last thing I want to mention before I leave this. 502 00:24:01,869 --> 00:24:04,507 A lot of times when people think of virtual private networks 503 00:24:04,507 --> 00:24:06,444 the first thing that comes to their minds is, 504 00:24:06,444 --> 00:24:09,712 oh, we're talking encryption, we're talking security. 505 00:24:09,712 --> 00:24:12,252 MPLS VPNs, by themselves, 506 00:24:12,252 --> 00:24:15,204 have nothing to do with encryption. 507 00:24:15,204 --> 00:24:19,164 The privacy in an MPLS VPN is just the fact that 508 00:24:19,164 --> 00:24:21,784 you know that your traffic, Customer A, 509 00:24:21,784 --> 00:24:25,214 is only going to stay between your Customer A sites. 510 00:24:25,214 --> 00:24:27,011 You don't have to worry about your traffic 511 00:24:27,011 --> 00:24:29,441 ever going to another customer's sites. 512 00:24:29,441 --> 00:24:31,820 That's where you get the privacy. 513 00:24:31,820 --> 00:24:34,155 Now you certainly can run some sort of encryption 514 00:24:34,155 --> 00:24:38,322 on top of MPLS VPNs to add an even, added layer of security 515 00:24:39,388 --> 00:24:40,608 to encrypt your traffic. 516 00:24:40,608 --> 00:24:43,642 But an MPLS VPN just by itself and how it works 517 00:24:43,642 --> 00:24:45,384 has nothing to do with encryption, 518 00:24:45,384 --> 00:24:47,551 it will not do encryption. 519 00:24:48,655 --> 00:24:52,822 So that concludes this section on an overview of MPLS.