Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

Hierarchical Navigation

Unified VPN Suite Solution for Service Providers

MPLS AToM Application Brief

Downloads

Application Note

Cisco Any Transport
over MPLS

Objective and Audience

One of the main benefits of Multiprotocol Label Switching (MPLS) is enabling virtual private network (VPN) connectivity over a public packet-switching infrastructure. The first VPN offering with MPLS provided connectivity at Layer 3 and is defined in the Internet Engineering Task Force (IETF) standards, namely with RFC 2547. Service providers need to extend VPN connectivity to Layer 2 to enable new data services offerings, save costs, and integrate multiservice functionality and offer it with Layer 3 VPN on a unified core network. Using Any Transport over MPLS (AToM), service providers can transport Layer 2 data privately over the same MPLS infrastructure.

AToM is based on the IETF draft-martini documents. These documents provides a detailed description of the applications enabled by an AToM solution, as well as the benefits and market opportunities associated with the AToM features supported in Cisco IOS® Software. This application brief is intended for service providers that are planning to offer Layer 2 connectivity services based on MPLS, or for the customers of these service providers for such services.

Any Transport over MPLS Overview

Any Transport over MPLS (AToM) is the Cisco solution for transporting Layer 2 packets over an IP/MPLS backbone. A new application and service enabler in MPLS networks, AToM provides point-to-point connectivity for several media encapsulations, including Ethernet, Frame Relay, and ATM. Its ultimate goal is to enable new services at lower costs and complexity when compared with alternative technologies. AToM is provided as part of the Unified VPN Suite of leading-edge VPN technologies available over the widest breadth of Cisco routers.

AToM Technical Description Summary

AToM uses a directed Label Distribution Protocol (LDP) session between Provider Edge (PE) routers for setting up and maintaining connections. Forwarding is implemented through the use of label switching between the edge routers. Two-level labels are used for better scalability. The external label, called the "tunnel label," is used by the MPLS backbone to forward packets to the egress PE. The label used to determine the egress interface and circuit, referred to as the "virtual-circuit label," binds the Layer 2 egress interface to a virtual circuit (emulated VC). All virtual-circuit label bindings are exchanged over a single LDP session between the two PE routers, and they use the Virtual Circuit Forwarding Equivalence Class (FEC) element type 128 within the LDP label mapping message. The VC label is established dynamically and exchanged between Provider Edge pairs via the LDP "downstream unsolicited mode."

AToM Applications

Overview

The Cisco AToM solution provides network operators and designers a choice of a number of applications based on an MPLS backbone. Furthermore, these applications can be enabled in various combinations, as needed by service providers and enterprise customers alike to achieve the ultimate scalability, flexibility, and performance provided by the Cisco IOS Software. This section discusses the following applications enabled by the Cisco AToM solution:

  • Metropolitan-area network services

  • Layer 2 virtual leased-line services

  • Layer 2 VPN services

Metropolitan-Area Network Services

One of the most important emerging market opportunities for service providers focused on large deployments is the requirement for optical-speed data networks to connect multiple large sites within a specific metropolitan geographical area. This market requirement is frequently referred to as a metropolitan-area network (or "metro").

The following types of customers might require metro services:

  • Service providers upgrading their backbone networks to optical speeds with MPLS can support legacy, revenue-generating WAN technology over a packet backbone, such as Frame Relay or ATM switches. With Cisco AToM solution, service providers can offer WAN transport between points of presence (POPs), as a private connectivity service, or they can transport their own WAN traffic by integrating multiple circuit transport types into one common backbone.

  • With Cisco AToM solution, service providers can provide corporate customers with an optical-speed data network to connect multiple corporate sites within a specific metro region. The corporate customers are connected typically with Ethernet to the desktops, enabling the service providers to aggregate the traffic, privately, over a virtual LAN (VLAN) interface and transport it to other locations across the network. The corporate customers who require these metro services range in size from small and medium commercial businesses located in commercial business parks or building complexes up to the Fortune 500 enterprise customers.

  • Customers may want to extend the routing domain for Layer 3 services. Internet private peering is an example. Private peering is the act of multiple Internet service providers (ISPs) establishing dedicated connections at a network access point (NAP) to their respective networks. These connections are used to exchange traffic that is destined for each ISP's network. However, because of the geographical distribution of the ISPs, there is a limit on who can participate in the peering arrangement. Using Cisco AToM solution, ISPs can create a Layer 2 virtual connection over the MPLS infrastructure to create a distributed NAP. The virtual connection serves as an interconnection among the ISPs and allows for a private peering arrangement across to other providers, without the requirement of direct connections among them.

Figure 1 shows a typical metro topology with Ethernet, ATM, and Frame Relay transport over a MPLS backbone.

The common characteristic of virtually all these customers is their need to establish private connectivity among multiple locations in a specific metro service region or across multiple regions.

Large businesses that are looking for metro services have two basic requirements:

  • Transparent WAN services or transparent LAN services (TLS) among various facilities within the metro service region

  • IP services for general-purpose, high-speed access to the Internet or to other corporate facilities located beyond the metro service region


Figure 1
Metropolitan-Area Network Services

As service providers attempt to meet these emerging requirements, they must evaluate new networking technologies and architectures at both the data link and physical layers, as well as at the network layer. Obviously, these new technologies must accommodate the service requirements of the metro customer.

One of the most promising areas of networking technology to address these requirements is MPLS, in general, and AToM in particular. MPLS offers an excellent foundation for providing private network services across a wide range of data link and physical network technologies throughout the service provider's network domain, whether that domain is in a single metro service area or is an international network spanning many metro service areas.

Cisco AToM solution takes advantage of an existing MPLS backbone network to deliver TLS based on any type of media, including Ethernet, ATM, and Frame Relay connectivity to the customer site. The concept of transparent metro services is straightforward: it is the ability to connect two geographically separate network segments, with the two network segments appearing as a single logical connection or multiple network segments. The introduction of such transport capability of network segments will allow service providers to deliver a service that allows virtual networking in different locations within a metro service area to be cost-effectively connected at transmission speeds equivalent to optical, Fast Ethernet, or Gigabit Ethernet.

Although Ethernet over MPLS (EoMPLS) is capable of delivering TLS functionality, it should not be confused with traditional LAN bridging. Unlike traditional LAN bridging, EoMPLS does not perform any Layer 2 lookup to determine if the destination Media Access Control (MAC) address resides on the local or remote segment, and does not perform any Layer 2 address learning, as traditional LAN bridging does. Instead, EoMPLS is more analogous to the transport of Layer 2 Frame Relay packets through an ATM backbone (which, in the future, could also be migrated to an MPLS backbone). Forwarding of layer 2 frames based on MAC addresses will be added as a future IOS enhancement.

When Cisco AToM solution is deployed in conjunction with MPLS VPN, the service provider can provide tremendous flexibility in the variety of both Layer 2 and Layer 3 network services that can be provisioned for its metro customers, and can do so over a single, simplified, integrated MPLS backbone network.

Layer 2 Virtual Leased-Line Services

Cisco Any Transport over MPLS allows ISPs to support several new services with transporting Layer 2 frames. One attractive service is the ability to provide point-to-point "leased line"-like services over a circuit or packet infrastructure to carry bandwidth-guaranteed applications such as voice, video, and online transaction processing. With Cisco AToM solution, service providers can offer Layer 2 virtual leased-line services for Frame Relay, ATM, PPP, HDLC, or Ethernet networks over a packet-based infrastructure. Furthermore, by using Cisco MPLS AToM combined with Cisco MPLS traffic-engineering features and Cisco differentiated services/traffic engineering (DS-TE) capabilities, service providers can provide differentiated services with customized bandwidth guarantees, quality of service (QoS), and availability.

Today's enterprise customers are responding to voice and data convergence by actively seeking solutions that are both robust and inexpensive. These customers are increasingly using data networks to trunk voice traffic between sites for intra-company communications over VPNs. Another requirement of enterprise customers is transportation of large volumes of data periodically between primary and disaster recovery sites.

With increasing adoption of voice over IP (VoIP), the landscape for deployment is rapidly changing. Service providers are often driven by the need to provide customers a high grade of service to carry voice traffic across a network. However, today's multiservice packet networks rely on IP-based packet switching. In addition, IP by itself is simply best-effort service that is not sufficient to provide the strict delay, jitter, and bandwidth guarantees required for VoIP and other real-time traffic. Cisco IOS QoS features are ideal for this situation. Using the IETF differentiated services (DiffServ) model for QoS, VoIP traffic can be treated appropriately.

With this in mind, a service provider must have the ability to:

  • Determine the path that IP routing takes for a particular customer's traffic

  • Provision each router along the path for DiffServ

  • Manually assure that not too many customers pass over that path, to avoid demand in excess of available bandwidth (the "oversubscription" scenario)

Although this scenario is feasible in a small network, a more scalable way to manage bandwidth is necessary to provide a point-to-point guarantee to the customer. The Cisco DS-TE solution is ideal for this situation. By automatically choosing a routing path that satisfies the bandwidth constraint for each service class defined (such as premium, gold, silver, or bronze), DS-TE relieves the service provider from having to compute the appropriate path for each customer, and each service class per customer. Cisco IOS Software enables service providers to implement the QoS capabilities they need to provide virtual leased-line services on a data network.

The Layer 2 virtual leased-line services focus on transporting Layer 2 protocols such as Ethernet, Frame Relay, PPP, HDLC and ATM in a point-to-point fashion across MPLS networks. Layer 2 transport across an MPLS network may be required either to extend existing services or to provide simple, easy-to-provision services that are attractive to enterprise customers. For example, one service gaining popularity with providers is Ethernet over MPLS. Customers can trunk non-IP protocols such as AppleTalk and Internetwork Packet Exchange (IPX) across the provider cloud, or extend VLAN domains by transporting raw Ethernet frames. Service providers can use this service to create remote peering points that appear as single hubs by extending the broadcast domains and trunking Ethernet. Another example is to offer services to multidwelling units by providing Ethernet connection and then trunking the Ethernet to the POP without adding any routing or content services at the customer location. Figure 2 shows a diagram of a Layer 2 virtual leased line with Cisco ATM.

Similarly, virtual leased-line service can be used to provide Frame Relay transport. Service providers can continue to sell Frame Relay services to end users by using Cisco DS-TE QoS techniques and Cisco IOS MPLS label stacking with Cisco AToM capability. They can provide committed information rate (CIR) guarantees for Frame Relay end to end. Likewise, combining the above methodology with ATM over MPLS can provide ATM variable bit rate (VBR) guarantees.


Figure2
Layer 2 Virtual Leased Line with Cisco AToM Solution

With Cisco AToM solution, service providers can build virtual leased-line services and provide connectivity regardless of physical connections at each site. For example, a customer can connect with Frame Relay on one site and connect with Ethernet on the other. If this customer also wants to trunk their Interior Gateway Protocol (IGP) across the provider cloud, the provider can trunk the traffic and provide bandwidth guarantees by using a common encapsulation such as Point-to-Point Protocol (PPP) at both ends. By using PPP over MPLS in the provider network, the provider can easily connect two disparate media and bind them using a common layer 2 mechanism. Cisco IOS MPLS provides the ability to perform traffic engineering on the label switched paths (LSPs) and combine them with QoS to provide services beyond the offering of traditional packet networks.

Layer 2 VPN Services

Another important emerging market opportunity for service providers focused on corporate customers derives from the requirement for Ethernet to migrate from local-area networks (LANs) to metropolitan-area networks (MANs) because of its simplicity, flexibility, low cost, and quick time to service. However, Ethernet lacks several key service-level agreement (SLA) capabilities such as QoS, traffic engineering, reliability, and scalability. This scenario  prevents pure Ethernet-based metropolitan service providers (MSPs) from providing premium traditional value-added services such as Layer 2 VPN to their end users and achieving competitive advantages. MPLS adds connection-oriented, path-switching capabilities and provides premium service-level capabilities such as scalability, reliability, QoS, and traffic engineering.

The Layer 2 media support and MPLS capabilities combined with the Cisco AToM solution improve economics for Layer 2-based large service deployment and provide an optimal Layer 2 VPN solution in the metropolitan area.

MPLS-based Layer 2 VPNs provide a flexible, high-speed service that removes the complexity associated with the wide-area network (WAN) from the end users. With Layer 2 VPN, a service provider interconnects an enterprise LAN, regardless of its physical location, in such a way that the WAN services supporting the network are not apparent to the customer.

One of the primary ways the Cisco AToM solution provides Layer 2 VPN is by using EoMPLS as the LAN transport technology. EoMPLS takes advantage of an existing MPLS backbone network to deliver Layer 2 VPN connectivity to two or more customer sites. For instance, in the EoMPLS-based Layer 2 VPN implementation, each customer's traffic from a given site is mapped onto an MPLS LSP that extends across the MAN or WAN.

These LSPs are point to point in nature, and must be established between sites that have Layer 2 traffic transport needs. Each LSP can enjoy reserved bandwidth across the MPLS cloud, as well as other QoS guarantees. This MPLS implementation allows the service provider to provide service-level guarantees critical to offering premium SLAs.

This implementation also provides the ability to scale the customer VLANs, because an incoming customer's VLAN traffic on the ingress Cisco provider-edge device can be configured to map onto either the same or a different VLAN at the egress Cisco provider-edge device.

The Cisco AToM implementation is compliant with and supports the following two IETF drafts:

  • Transport of Layer 2 Frames over MPLS (draft-martini-l2circuit-trans-mpls-07.txt)

  • Encapsulation Methods for Transport of Layer 2 Frames over MPLS (draft-martini-l2circuit-encap-mpls-03.txt)

Ethernet ports or IEEE VLANs are dedicated to customers on PE routers acting as label edge routers (LERs). Customer traffic is mapped to a specific MPLS Layer 2 VPN by configuring Layer 2 FECs based upon the input port or VLAN. Further, Cisco AToM solution utilizes LDP sessions between two Layer 2 PEs, as well as two-level labeling, and a virtual circuit (VC), as described in the IETF drafts mentioned above. In addition, Cisco AToM implementation relies on industry-standard implementation of LDP as specified by RFC 3036.

Figure 3 shows a typical AToM topology with Cisco PE (shown as PE1 and PE2) as LERs. It also shows a typical frame as it traverses from customer edge 1 (CE1) through the MPLS backbone to CE2.


Figure 3
AToM Logical Topology and Packet Frame

Cisco AToM solution and Quality of Service

To differentiate their offerings and attract more customers, service providers must provide tiered services. Cisco AToM solution enables ISPs and MSPs to differentiate service tiers with the ability to support end-to-end QoS.

Cisco AToM solution maps Layer 2 class marking bits to the MPLS experimental bits (EXP) at the entry point, the ingress of the network. The EXP is a 3-bit field as part of the MPLS header, which was created by the IETF on an experimental basis, but later became part of the standard MPLS header. The EXP bits in the MPLS header carry the packet priority. Each label switch router along the path honors the packet priority by queuing the packet into the proper queue and servicing the packet accordingly. Therefore, service providers can deliver the IP services that businesses demand, across either switched or routed networks.

Figure 4 shows an example of how the end-to-end VLAN 802.1P priority classification is retained and supported by the Cisco AToM-based network. At the ingress PE, the class marking bits at Layer 2 are copied into the EXP bits in the MPLS header. At the egress PE, the same is remapped back into 802.1P Layer 2 bits.


Figure 4
Cisco AToM QoS to MPLS Mapping

Reference Documents

[1] draft-martini-l2circuit-trans-mpls-07.txt

[2] draft-martini-l2circuit-encap-mpls-03.txt

[3] RFC 3031, Multiprotocol Label Switching Architecture

[4] RFC 3036, LDP Specification