DOTE

Chain And Rate

Sunday, November 9, 2014

MPLS-Based VPN Service

With MPLS, ISPs offer a new and different type of wide area service in their networks. These services are designed to address the performance and security requirements of enterprise customers, particularly VoIP users. Unlike traditional best effort Internet service, MPLS provides a structure whereby an ISP can provide a packet service with performance guarantees for jitter, delay, and packet loss.

MPLS adds two important elements to traditional IP:

1. Virtual Circuit/Label Switched Path (LSP) : Unlike traditional IP that is connectionless, in MPLS all of the packets for a particular session will be routed over a virtual circuit. The MPLS specifications do not call it a virtual circuit (that would make things too obvious), it is called a Label Switched Path (LSP). That LSP provides two basic advantages over traditional IP:
  • Security: Transmissions cannot jump between virtual circuits within the network. As a result, the user should not need to encrypt transmissions. Users with particularly sensitive transmissions like financial information may still choose to encrypt MPLS traffic, though the security features offered in MPLS should be adequate for most enterprise customers.
  • Ordered Delivery: A virtual circuit also ensures that all parts of the message arrive in order. As higher-level protocols (e.g., TCP, RTP) can reorder mis-sequenced packets, this feature has less user impact.
2. Capacity Reservation/QoS : Before MPLS will allow an LSP to be established over a link, it ensures there is sufficient capacity available to meet the requirements of the connection. A carrier cannot ensure performance by simply assigning priorities; all a priority system does is treat some transmissions better than others. Priority does not mean the system treats anyone very well! Ensuring performance requires a capacity reservation mechanism that is one of the key features of MPLS, and it supports multiple service classes and defines different delay and loss parameters for each.

mpls_network_configuration
MPLS Network Configuration
The other basic attribute of MPLS-VPN services is that they provide full mesh connectivity. Unlike earlier frame relay services that require a virtual circuit between any pair of points that will communicate directly, in an MPLS network, any end point can communicate with any other. When the user’s network is initiated, a full mesh of LSPs is created among all end points. The user pays for access at each network location, not for virtual circuits, so a mesh network and a hub-and-spoke configuration have the same cost. Finally, as the MPLS capability is provided within the carrier’s network, it is essentially transparent to the user’s router configuration. All the user does is set the DiffServ Control Points in each packet that will assign each packet to a particular service class (e.g., voice, video, data).