Future Layer 3 Services


The idea of a single forwarding plane and different control planes is powerful. Exploiting this idea, newer control planes can be invented to provide newer services. Following are a few ideas on where we see MPLS technology adopted to build new services.

Label-Switched Multicast

One such idea being discussed in the IETF at press time is the ability to set up point-to-multipoint label-switched paths to carry multicast traffic. By providing bandwidth guarantees to label-switched multicast traffic using appropriate signaling extensions, multicast services for video, TV, and other applications can be easily built. Current IP multicast and multicast VPN do not use MPLS LSPs. Hence, for multicast you cannot use the excellent capabilities of MPLS, such as fast reroute for link protection, node protection, and bandwidth protection. However, if multicast traffic is also carried across MPLS LSPs, MPLS traffic engineering and fast reroute can also be used to protect unicast and multicast traffic simultaneously.

An increasing number of providers are standardizing on MPLS and GMPLS for their next-generation networks. They have a requirement to carry all trafficunicast and multicastacross label-switched paths. By having a common data plane, you get an operational savings and increase in network efficiency in terms of bandwidth and resource utilization. Extending either the multicast routing protocol or the MPLS TE signaling to perform label distribution, to build point-to-multipoint trees for efficient multicast transmission across the network, can lead to several new services for customers.

Dynamic Encrypted VPNs

As seen in previous chapters MPLS VPNs provide excellent full-mesh connectivity to build IP VPNs. We have also seen that MPLS VPNs provide a separation of traffic from customer A to customer B. However, we have also seen that MPLS VPNs do not encrypt traffic. For some banking applications or when traffic is transited over a public network, encryption is desired for VPN traffic. One way to add encryption to MPLS networks is to overlay a mesh of IPSec tunnels between CEs. This overlay, however, is not efficient and defeats the purpose of MPLS VPNs: Single-peer connectivity from the CE to PE.

Dynamic encrypted VPNs provide the ability to encrypt any traffic between CEs without running a tunnel overlay. The security information is either statically provisioned or exchanged within BGP via some new extensions to BGP. After the security adjacency is learned, the encryption is set up for traffic flowing only to that prefix. This creates a flexible method of dealing with encryption requirements in an MPLS VPN network.

Content-Based Services

Other types of VPN services include content-based services and broadband services integrated with the MPLS-based VPNs. In a content-based case, each VPN can represent a content service and subscribers subscribe to this service or VPN. The subscriber traffic is intelligently mapped to a content VPN without compromising the connectivity between the content VPNs themselves. The key here is the ability to map customers to VPNs. Appropriate policy routing with label distribution can help accomplish this capability.

Adaptive Networks for Integration of Voice and Video

MPLS TE allows the creation of TE tunnels with bandwidth. RSVP is also an excellent protocol for admission control and per-flow QoS. For VoIP and video, RSVP can be used to provide per-flow admission control for each voice call or video session. When these RSVP reservations arrive at the MPLS network, the admission control is performed on a bandwidth pool that is manually adjusted by the operator. One future enhancement is to perform admission control on the TE tunnel interface so that the correct number of calls is admitted on the TE tunnel.

In addition, the TE tunnels themselves could be resized when the VoIP calls or video sessions increase either automatically (with some intelligence in the PEs) or manually at the instructions of the operator. This form of aggregation of RSVP reservations onto a TE tunnel is referred to as tunnel-based admission control (TBAC). Adding a call control function to TBAC to allow the automation of tunnel setup and resizing and reoptimization of tunnels can help build a network that dynamically "tunes" itself to incoming voice or video calls.

Security Enhancements

With Layer 3 services, in the future you can expect to see the following examples of security enhancements: more robust handling of labels; the detection of, response to, and prevention of denial-of-service attacks; the authentication of sessions and peers; and the prevention of misforwarding that is caused by state changes. Security is the single most important aspect of building a reliable VPN service. Handling all possible security situations, such as denial-of-service attacks, is a must when it comes to operating an IP-based service.

Another form of Layer 3 service that is catching attention these days is using IP NGN for video distribution. Using efficient multicast techniques and marrying IP multicast with label switching allows the building of efficient Point to Multi-Point (P-MP) LSPs that use newly developed techniques, such as Multicast Label Distribution Protocol (MLDP) or RSVP-TE.




MPLS and Next-Generation Networks(c) Foundations for NGN and Enterprise Virtualization
MPLS and Next-Generation Networks: Foundations for NGN and Enterprise Virtualization
ISBN: 1587201208
EAN: 2147483647
Year: 2006
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net