Skip to main content

MPLS Deployment reasons

1) Faster convergence, in the old days that was a valid reason due to the relatively complex forwarding task that required more resources then Label forwarding. Today non relevant

2) RFC 1483 the newer 2684 AAL5 ATM Adaptation Layer 5 the implementation of IP over ATM

3) BGP Core Free on the SP network, as with MPLS lookup is done based on Labels and not destination address there is no need to have the BGP table in the Core for external prefixes lookup's. this is a massive change from the requirement that Every router in the core must have BGP enabled (cpu and memory intensive load) to only the edge router have BGP enabled mean higher performance and capability.

Note: edge routers still need to have the BGP routing tables, edge routers are translating between ip routing decision to label based decisions.

4) Deployment scalability, when we face with large scale client to deploy (client that connect with 50 - 300 sites and more) we need to have under the consideration the deployment scalability and management, with that in mind 2 models of deployment are optional:

a) VPN Overlay - creating a point to point connection over the SP network, can be achieved in layer 1, 2 or 3.

Layer 1 TDM E1 T1... Layer 2 ATM FR... Layer 3 GRE, IPIP...

b) Peer to Peer - creating a connection between sites trough the ISP and with him, what I mean is that the SP need to join the client network and to achieve client privacy the SP need to manage acl's and routing updates, not very scalable and a lot of overhead. notice that in addition to the disadvantage for the SP on the additional management overhead and complexity there is the client control (doesn't have any) of his layer 3 network trough the SP.

With MPLS the VPN allow the Peer to Peer bad model to have advantage over the Overlay model where in the MPLS we use VRF Virtual Routing Forwarding separators between each network and the configuration is done only on each new site. meaning that if I am an SP and I have 3 client (Cisco, Microsoft, Verizon) each vrf will have a unique color vrf Cisco, vrf Microsoft and vrf Verizon, and to join a new branch is only to color this branch traffic accordingly, so the main work is done in the initial design and implementation and any new addition is actually very simple to add.

5) TE - traffic engineering is a small phrase for a very big spectrum of options, normally traffic routing is decided at each point separately and usually the best route is chosen according to the shortest path to destination, using TE we can make the routing decision based on multiple criteria options. allowing the traffic to fully utilize network capability.

FRR - Fast ReRouting is a very good feature that allow you to detect and reroute based on router availability in less than 50ms Very important in high sensitive traffic like VoIP.

2 comments

Popular posts from this blog

Step By Step MPLS – Basic MPLS Setup

Initial configuration , very basic with no MPLS, connectivity only to directly connected interfaces.R1R2R3R4!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.31.1 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 10.0.42.2 255.255.255.0
duplex auto
speed auto
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.31.3 255.255.255.0
duplex auto
speed auto
  no clns route-cache
!
interface Serial1/0
ip address 10.0.43.3 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip address 10.0.42.4 255.255.255.0
duplex auto
speed auto
!
interface Serial1/0
ip address 10.0.43.4 255.255.255.0
  serial restart-delay 0
no clns route-cache
!
adding to the following configuration MPLS labels we will start wi…

What is about to change in CISSP from Apr 2018

Change have arrived and like with other professional certification there is almost a standard time before certification gets its update, with most anywhere it is between 3 - 4 years, CISSP is no different and since last update was on 2015 the change is arriving here as well.

For the people that wish to see the official existing and new outline

I have decided to write this post as the new out line is more of a list of Domain and Sections within the domain without hint or indication to what was modified actually and I could not find anyone else that done that comparison, I had to take the task and do the comparison, please be advised that I have done it for my own "pleasure" so apologies if I missed something :-)
Lets start with the obvious change:
CISSP - Before Apr 2018CISSP - from Apr 20181. Security and Risk Management16%15%2. Asset Security10%10%3. Security Engineering12%13%4. Communications and Network Security12%14%5. Identity and Access Management13%13%6. …

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…