Application Note
This application note provides Multiprotocol Label Switching (MPLS) VPN positioning information for the Cisco® Integrated Services Routers family of access routers. It outlines the high-level positioning of the products for various MPLS roles and provides performance and scalability information and an overview of MPLS feature support.
POSITIONING SUMMARY
Cisco Integrated Services Routers serve in various roles depending on whether they are part of a service-provider-managed MPLS network or a self-deployed (private) MPLS network.
• Service-provider-managed MPLS network-This type of network is typically used by enterprises that want to outsource their network core using an MPLS-based service offering from a service provider.
• Self-deployed (private) MPLS network-This type of network is typically used by larger enterprises that are willing to make a significant investment in network equipment and that employ IT staff comfortable with a high degree of technical complexity. In this case, the enterprise wants to fully control its own MPLS metropolitan-area network (MAN) or WAN and network segmentation across departments, business functions, and user groups without the need for service provider intervention.
In a service-provider-managed MPLS network, Cisco Integrated Services Routers could serve as the following:
• Customer edge
• Multi-Virtual Route Forwarding (VRF) customer edge
• Carrier supporting carrier (CSC) customer edge
In a self-deployed (private) MPLS network, Cisco Integrated Services Routers could serve as the following:
• Customer edge
• Multi-VRF customer edge
• Label edge router (LER)
• Label switch router (LSR)
Table 1 summarizes the supported roles in a MPLS network by platform family.
Table 1. Access Router MPLS Positioning
All access routers-including the Cisco 3800, 2800, 1800, and 870 Series Integrated Services Routers; Cisco 3700 Series Multiservice Access Routers; Cisco 2600 Series Multiservice Platforms; and Cisco 1700 Series Modular Access Routers-provide traditional customer edge support. Routers in this role are not involved in any tagging or label distribution; they function simply as regular routers.
The Cisco 3800, 2800, 1800, 870, 3700, 2600, and 1700 Series provide Multi-VRF customer edge support. No tagging or label distribution is involved, but the physical router supports multiple VRFs. Recommended positioning limits for throughput and the number of VRFs scale from 2 Mbps and 2 VRFs on the Cisco 870 Series, and up to 45 Mbps and 25 VRFs on the Cisco 3845 Integrated Services Router.
The Cisco 3800, 2800, and 3700 Series; Cisco 2691 Multiservice Platform; and Cisco 1841 Integrated Service Router provide LER, LSR, and CSC customer edge Layer 3 IP VPN (L3VPN) support. The support is specific to low-end configurations, with positioning limits ranging from 4 Mbps, 10 VRFs, and 10 MPLS traffic engineering (TE) tunnel headends for the Cisco 2691, and up to 45 Mbps, 25 VRFs, and 25 MPLS traffic engineering tunnel headends for the Cisco 3845. The LER and LSR configurations are useful for self-deployed MPLS networks for the given limits, and the CSC customer edge configurations are useful for service-provider-managed MPLS networks.
Although the recommended limits in this document can be exceeded in scenarios in which no other features are running concurrently, Cisco Systems® has certified and established these design recommendations to help ensure that real-world design and use meet customer expectations. For applications requiring higher or more specific performance characteristics than those described in this document, please evaluate the Cisco 7200 and 7300 Series Routers. These platforms are designed and tested for provider edge and provider roles.
ACCESS ROUTER SUPPORT FOR MPLS ROLES
Traditional Customer Edge
All access routers are fully supported as customer edge devices (Figure 1). The original MPLS architecture does not extend the label cloud past the provider edge and hence does not impose particular requirements at the customer edge. The feature coverage, scalability, and performance characteristics are analogous to those when the platform is deployed as regular customer premises equipment (CPE) using, for instance, Frame Relay or ATM for uplink transport.
Figure 1. Traditional Customer Edge Role
Multi-VRF Customer Edge
All Cisco 3800, 2800, 1800, and 870 Series Integrated Services Routers; Cisco 3700 Series Multiservice Access Routers; Cisco 2600 Series Multiservice Platforms; and Cisco 1700 Series Modular Access Routers are supported as Multi-VRF customer edge devices (Figure 2). A Multi-VRF customer edge router facilitates allocation of logical and physical interfaces to different routing tables, forming a VLAN-like configuration on the customer side and mapping to different logical or physical VPN WAN connections. The customer edge device uses only VRF interfaces and VRF routing tables-there is no label imposition or Label Distribution Protocol (LDP) adjacency. Packets are sent to the provider edge (or the WAN in general) as IP packets. Details about the Multi-VRF customer edge concept and performance guidelines are provided in Product Bulletin 1575.
The section "Performance and Scalability" later in this document lists the recommended maximum configurations in terms of aggregate throughput (across all VRFs) and number of VRFs in a LAN-to-WAN environment. The recommendations are based on actual test results and predicted needs in a customer premises environment. They leave adequate router capacity for Multilink Point-to-Point Protocol (MLPPP), quality of service (QoS), encryption, and other features commonly deployed on access platforms. Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is significantly faster, and you can comfortably exceed the aggregate throughput recommendations, but performance will vary depending on the router configuration.
Figure 2. Multi-VRF Customer Edge Role
Label Edge Router (LER)
The Cisco 3800, 2800, and 3700 Series and Cisco 1841 Routers and the Cisco 2691 Multiservice Platform are supported as LER devices (Figure 3). In this role, the router performs the same functions as a traditional premises equipment router and this includes pushing a label in front of the relevant header. One set of interfaces is in the label domain, and another set is outside it, and the router handles traffic between multiple VPNs. The difference is in performance and scalability. A CPE router typically connects a few departmental VPNs or a small number of co-located customer VPNs. Consider these routers for customer-premises-based applications where the network has known and moderate requirements for throughput and number of VPNs.
The section "Performance and Scalability" later in this document lists the recommended maximum configurations in terms of aggregate throughput (across all VRFs) and number of VRFs in a LAN-to-WAN environment. The recommendations are based on actual test results and predicted needs in a customer premises environment. They leave adequate router capacity for MLPPP, QoS, encryption, and other features commonly deployed on access platforms. Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is significantly faster, and you can comfortably exceed the aggregate throughput recommendations, but performance will vary depending on the router configuration.
Figure 3. LER Customer Edge Role
CSC Customer Edge
The Cisco 3800, 2800, and 3700 Series and Cisco 1841 Routers and the Cisco 2691 Platform are supported as low-end CSC customer edge devices (Figure 4). This support is relevant only for a service-provider-managed MPLS network. Like routers used in the LER customer edge role, the low-end platforms are recommended only for applications that are less demanding in terms of performance and scalability. Consider them for low-end CSC applications where the tunneled MPLS networks belong to a single customer and have known and moderate requirements in terms of throughput and number of VPNs.
The section "Performance and Scalability" later in this document lists the recommended maximum configurations in terms of aggregate throughput (across all VRFs) and number of VRFs in a LAN-to-WAN environment. The recommendations are based on actual test results and predicted needs in a customer premises environment. They leave adequate router capacity for MLPPP, QoS, encryption, and other features commonly deployed on access platforms. Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is significantly faster, and you can comfortably exceed the aggregate throughput recommendations, but performance will vary depending on the router configuration.
Figure 4. CSC Customer Edge Role
Label Switch Router (LSR)
In a self-deployed MPLS network, the Cisco 3800, 2800, and 3700 Series and Cisco 1841 Routers and the Cisco 2691 Platform are supported as LSR devices (Figure 5). This support is relevant only for a self-deployed MPLS network. In this role, the router performs the same functions as a traditional provider router. The difference is in performance and scalability. The router in this role typically switches MPLS traffic and this includes label swapping. Consider these routers for networks with known and moderate requirements in terms of throughput and number of VPNs.
In a service-provider-managed MPLS network, the Cisco 7200 is fully supported as a provider device. Although similar in feature content and operation to a router in the provider role, access routers are not supported in provider roles. For provider roles, please evaluate the Cisco 7200 or 7300 Series or higher platforms. These platforms are specifically designed and tested for provider core roles. For more information, refer to the MPLS technology pages.
Figure 5. LSR Customer Edge Role
PERFORMANCE AND SCALABILITY
Table 2 lists the recommended maximum configurations in terms of aggregate throughput (across all VRFs) and number of VRFs in a LAN-to-WAN environment. The recommendations are based on predicted needs in a customer premises environment. They leave router capacity for MLPPP, QoS, encryption, and other features commonly deployed on access platforms.
Multi-VRF deployed strictly to service VLANs (Ethernet to Ethernet) is supported at Fast Ethernet speeds, but performance will vary depending on the router configuration.
Note: For all applications requiring higher or more specific performance characteristics than those discussed in this document, please evaluate the Cisco 7200 and 7300 Series platforms. These routers are specifically designed for provider edge roles in aggregated environments.
Table 2. Recommended Maximum Configurations-Multi-VRF Customer Edge, LER, CSC Customer Edge, and LSR
MPLS VPN TECHNOLOGY OVERVIEW
Cisco MPLS combines the intelligence of routing with the performance of switching and provides significant benefits to networks with a pure IP architecture as well as those with IP and ATM or a mix of other Layer 2 technologies. MPLS technology is crucial to scalable VPNs and end-to-end QoS, facilitating efficient use of existing networks to accommodate future growth and provide rapid fault correction of link and node failure. The technology also helps deliver highly scalable, differentiated end-to-end IP services with simpler configuration, management, and provisioning for both Internet providers and subscribers.
MPLS integrates the best of Layer 2 and Layer 3 technologies. MPLS provides IP services such as IP-based QoS, VPN, and traffic engineering across a network that can be based on any Layer 2 technology or a mix of different Layer 2 technologies. IP is the common protocol; Layer 2 protocols vary depending on required speed, services, and geographic location.
Customer Edge, Provider Edge, and Provider Roles
Figure 6 shows a typical MPLS VPN topology, where customer edge (CE) devices are connected to the MPLS core by means of provider edge (PE) devices. The provider (P) devices perform pure label switching and do not have to handle the complexity that the provider edge devices need to handle, such as longest-match routing decisions based on IP addresses. The customer edge routers are unaware of MPLS in a traditional MPLS architecture. The LER in a customer edge role adjusts the traditional architecture by extending the label domain to the customer premise.
Figure 6. MPLS Topology
Labels are used to indicate both routes and service attributes. At the ingress provider edge, incoming packets are processed, and labels are selected and applied. The core merely reads labels, applies appropriate services, and forwards packets based on the label. Processor-intensive analysis, classification, and filtering happen only once, at the ingress provider edge. At the egress edge, labels are stripped, and packets are forwarded to their final destination.
MPLS gives providers the ability to offer highly scalable, differentiated business IP services end to end, with simpler configuration and management for both providers and subscribers. Using MPLS, service providers can deliver the IP VPN services that businesses demand across either switched or routed networks.
CSC Customer Edge and CSC Provider Edge Roles
CSC is a topology in which one service provider allows another service provider to use a segment of its backbone network (Figure 7). The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier.
The CSC solution reduces the number of VRFs and VPN routes that a particular provider edge device needs to maintain. To achieve this reduction, the CSC customer edge device labels the traffic it sends upstream to the CSC provider edge. Hence, CSC requires MPLS to be active on the interface between the CSC customer edge and the CSC provider edge.
CSC functions can be achieved either by deploying Border Gateway Protocol (BGP) IP Version 4 and labels (RFC 3107), or by deploying the Interior Gateway Protocol (IGP) and the LDP). The choice is determined by the routing protocol selection.
Figure 7. CSC Topology
CISCO IOS SOFTWARE FEATURE SET REQUIREMENTS
In the old software packaging model (up to and including Cisco IOS Software Releases 12.3 Mainline), VRF and Multi-VRF support required a Plus feature set. MPLS label-swapping features required an Enterprise feature set.
In the new cross-platform packages available in Cisco IOS Software Releases 12.3 Mainline and 12.3 T and later, the feature sets listed in Table 3 are required.
Table 3. Minimum Required Cisco IOS Feature Set
For detailed feature support information, please refer to the Cisco Feature Navigator.