The MPLS-OPS Archive

[Roger Clark Williams <rogerw@nordlink.com>]

Sylvia, I trust those who work for telcos will correct me where I am
wrong, but I would say a resounding "no", the telcos do not use
private addressing within their nets. They need to be carrying internet
routing, and therefore are working in the public address space for the
most part. And it will be public addressing right up to the customer's
outward-facing interface.

The "huge installed base" of ATM has to do with the ATTs,
Worldcom, Sprint (just to mention a few from the US; translate worldwide)
of this world. Many, if not most, telcos are running ATM in their core
networks. Now, are they interfacing with the end user off the ATM?
Perhaps not with ATM to a great degree, but certainly with other Layer 2
methods such as Frame Relay. Same issues vis a vis MPLS: How do you
integrate this newer technology on top of an "unaware"
technology.

This, I believe, is the reason that the newer MPLS has been designed to
work with the existing infrastructure, so MPLS can be run right over
non-MPLS aware ATM switches or take advantage of ATM-aware switches. And
it also answers why (to get back to the original question) there are
multiple labels. The outer one is used simply to allow the packet to be
switched from hop to hop; the inner one is there to represent Rob and
Ralph's traffic to the egress PE. Rob and Ralph can then use private
addresses, keep themselves "private" (as opposed to encrypted)
and in general have to make no changes to their networks while gaining
the benefits of VPNs.

Roger Williams

At 02:37 PM 5/13/03, Spice Sylvia wrote:

Hello Roger/Hi All,
 
I would like to ask,
 
1. Do Service providers not use 192.168.x.x space internally for their local links?
 
2. Is there a reason these cant be used as interface IP addresses within an AS for interfaces and links? It may not be on BGP peering points but this is a possibility too is some cases.
 
3. Does this require NAT?
 
4. Please tell me more about this  "huge" installed base of ATM switches which are catering to *end* IP users/customers?
 
-S.F.

Roger Clark Williams <rogerw@nordlink.com> wrote:

Sylvia, re: your first scenario. You cannot have private address networks addressing a public address. Consider what the return address would be. No public net will pass the return mail as it will have a 192.168 address, and no private addressing will be carried across a public net.

Using NAT this can happen. Then the return address is in the public net address space. The NAT router handles the public/private address exchange. So using NAT you could have this scenario. However, if you want the 2 private nets to not share routing information, now you have to apply ACLs, all of which takes a lot of hands-on management. This is not scalable.

AS for asking the ATM Forum to just change their specs....easy to say, but there is a huge installed base, and we will not be seeing a wholesale replacement of ATM switches. So MPLS can work with that, with some reservations ie. the way label space is handled.

Roger Williams

At 08:57 AM 5/13/03, you wrote:

Hello Roger,
 
When the postal offices follow different "addressing schemes" and cater to different customers, why should the post offices addresses be unique?
 
The 2 postal offices follow a different map.
 
Lets get "real",
 
Lets assume there were "2 independent networks" without MPLS
 
And there are some unique end points (public IP addresses)
 
Can network-1 catering to these end points have unique addresses within themselves? (a 192.168.x.x series) for each networking device?
 
Similarly can network-2 catering to these end points have the same 192.168.x.x addressing among themselves? for each networking device?
 
Is there anything wrong with it?
 
The only thing which is unique among them is the "end point".
 
There are also customers who connect to the same network-1 and can be given addresses in the 192.168.x.x range of network 1 but will never talk to network 2? is that not possible?
 
I am sure the same has been implemented in major BGP networks already.
 
This is the bases of my model 2.
 
About the ATM situtation , one needs to come up with a 1 to 1 mapping with Labels and PVCs/VPI-VCIs.However, may I know why we should even bother about ATM? If you want ATM, and you have a Layer-2 address size limitation, then you do. Get the ATM forum to change the size. Else treat ATM as any other L2 Point to Point circuit.
 
Amazingly, the thing we are doing in IPv4 is increasing the address size and proposing IPv6.
 
We are doing similar things by using Route Distinguisher in the MPLS core. (adding a prefix to a v4 route to make it unique to the core).
 
But if you look at model 2 above, is there any concept of uniqueness in the "cores". The concept of uniqueness is only in "end point" identifiers?
 
Infact a brilliant model most service providers follow is:
 
"Pay us more if you want a globally unique address (non 192.168.x.x)"
 
Now,
 
In the core, labels can identify the "Destination VRF" on the immediate next-hop router? This means we need a VRF to label mapping in the next-hop router? You agree we do this on the PE router. Why can't we do the same on the P router?
 
Your comments?
 
-S.F.
 
                                    
Roger Clark Williams <rogerw@nordlink.com> wrote:

Sylvia, if I understand how you are using "color", you would want a label on the packets that are the right color for Rob, and if labeling for Rob, why bother with two colors, why not just one color for Rob? Or in MPLS terms, why not assign a single label that is for a given VPN, and use that label alone to get the packet across the public MPLS cloud and into Rob's network.

I think the answer is that VPNs are built on top of a pre-existing, and separate, label switching mechanism. The labels in MPLS are simply to mark flows (aggregated groups of packets all going to the same place with a similar QoS need). That "same place" is not all the way across a network, but in the next hop. So a path to a destination is built by the public net routing protocol and labels are passed  between routers to enable a packet to find its way across the MPLS cloud. Nothing in that description has! anything to do with VPNs, just normal MPLS.

Add on top of this a need to get specific traffic from one private network to another and here is the problem: First, in the MPLS cloud the routing, and therefore labels, are based on the addressing within the cloud. A VPN's routing needs to be kept completely separate from the routing in the MPLS cloud, both for security and for the reason that follows. Secondly, privacy assumes that I can use any IP address in my net to reach Ralph, and you can use any IP address in your network with Rob, both can enter at PE1 and leave at PE6 - and never collide or get mixed. Any address can mean private addresses such as 10.x.x.x, and these can't "enter" the routing within the MPLS cloud. Herein is the reason for the second label. The second label is only used by the PEs to differentiate between traffic going to Ralph and that going to Rob.

By example, let's say both you and I, attached to PE1, are using 10.x.x.x addressing with! in our own nets. We both want to send traffic to our respective nets attached to PE6. First, we can't have that traffic over an IP net and we can't add it to a pre-existing MPLS net for the same reasons: Public IP nets don't do private addressing. So we have to mark those two flows with two different labels at the ingress.  Now we could, security issues aside, in theory put them on the MPLS network. But what happens when you want to create a larger flow between two P routers? After all, these two flows are going to the same egress PE, so we should be able to do that with one label. But we can't, as Rob's and Ralph's packets need to be kept separate. No problem you say, use more labels. We do have 20^2 different labels we can choose from after all. But no, in an ATM situation you may not have that many labels, you may have only 4000 to choose from.

So, using a label stack, we can use one label   to differentiate Rob and Ralph's traffic fr! om each other at the ingress and egress PEs, and a separate one (and it may be just one per hop) to get both those two streams across the MPLS net.

Hello Roger,
 
Thank you for your reply.
 
I will define Rob's local post office as destination VRF.
 
City and town and all those fields identify the VRF.
There is no CE device to worry about in this example. This is specifically for the MPLS network.
 
now each post office has a different door from where letters from post office A come in and those from post office B come in.
 
if one can  identify the "end point/rob's local post office", and one has to know the "identifier" to the end point (rob's house) to send him a letter, why not simply use a color on the envelop so that every postal office knows it is meant for Rob?
 
if you say we run out of colors, we can give a list to all intermediate postal offices saying that "make red envelopes coming from me to blue and send to post-2, post 2 makes all blue to yellow and sends to 3..." and so on...but the envlop w! ill have only 1 color.
 
Why does one need to keep putting 2 colors??
 
The other possibility is that one doesnt know "Rob's house"..or knows the "last color" to "Rob's local post office"....
 
but since all the intermediate nodes know by the list I gave them, the last node will simply apply "last color" and it will go to Rob's postal office automatically... Will it not?
 
Now, either one can give me the "last color" to Rob's house or one can give me "street number blah blah + postal code"
 
hence either i need to know street number and all that..or i need to know "last color"..........So its nice to know "last color" too? but no, i also need to know last color maps to so and so street number. so knowing last color is of no use...
 
so I have 2^20 colors, I can have only 2^20 possible addresses in a post office per door.
 
However, I look at things such that the last post office based on incoming co! lor knows the destination address (green means this goes to rob's house).......
 
 
My model 2 was different:
I was hoping that since these 3 postal services are different, one could
actually even make "post office addresses" unique... its like 3 different worlds....same globe, different naming convention for everything..including district and town postal offices on the way.
 
What you call nevada postal office and town postal office , i would call utah postal office and town postal office..it wouldnt matter as long as I put the letter in the right postal box.
 
if i put letter in box A, im in the addressing realm of world 1 (where each big and small postal office has a specific naming convention)
 
How does it sound? can this be done?
 
-S.F.

Roger Clark Williams <rogerw@nordlink.com> wrote:

Sylvia, your name, house number, town analogy is more like an IP header, TCP header with port number, so no, not like labels.

The label thing is more like this: If I wanted to write someone who was away on military service, I would write to that person, care of an address in New York City. That's my label. When the letter gets to that address, they put another address on it; that's their label. Their system understands the top label, the one they put on.

Your analogy of putting the letter in the right postal box is what a CE will do. Since the VRF is tied to an interface on the PE, the traffic on that interface is considered to be a part of a single VPN. The CE sends traffic to the "post box" ie. the interface on the PE it is attached to, and the PE handles the traffic from there on. And yes, in that sense each PE interface is catering to a different client and each client c! an have exactly the same final address within ! his/her system since the traffic is being handled by separate services.

I hope this helps

Roger Williams

X-MindSpring-Loop: rogerw@nordlink.com
Resent-Date: Thu, 8 May 2003 11:05:24 -0400
X-Authentication-Warning: host.secure4-hosting.net: mplsrc12 set sender to mpls-ops-request@mplsrc.com using -f
Date: Thu, 8 May 2003 15:51:38 +0100 (BST)
From: Spice Sylvia <falsesylvia@yahoo.co.uk>
To: mpls-ops@mplsrc.com
Subject: [MPLS-OPS]: ...........
Resent-From: mpls-ops@mplsrc.com
X-Mailing-List: <mpls-ops@mplsrc.com> archive/latest/5747
X-Loop: mpls-ops@mplsrc.com
Resent-Sender: mpls-ops-request@mplsrc.com
Resent-Bcc:

 
Hi all,
 
Something is confusing me today.
 
The postman got a letter which had the format:
 
name
house number.
street number-1
street number-2
postal code.
 
the postal code was all it took to get to my local post office.
there can be several house numbers of the same number
several street numbers.......
! ! 
And so on and so forth.
 
Essentially since the postmaster knows the rest.
 
All it needed was the postal code.
 
I would like to know that based on this logic,
 
1. would I be right in saying that [name, house number....] is "level 1 label" and [postal code] is level 2 label? or would i say that [whole address] = label?
 
2. I have 3 different postal services globally of selected customers.
they cater to 3 different sets of friends.
each of them has their own postal office numbering and postal code.
all I have to ensure is the postal-box that the letter is put into is correct.
so in this case, while posting the letter, I have to be sure that I put it in the right postal box.
In this I also have 1 big global postal service that these 3 cater too. But the address of each friend other than global friend in this global service is "unique to all 3 postal service".So those letters for those friends! c! an be put anywhere.However, here I have the advantage that other than this global postal address, every other address can overlap. So I can go into postal service-1 post office, call me friend Rob, by his postal code, and maybe get the letter there. Each of these 3 postal services are catering to different people with different names.
 
3. there is another global postal service.
the postal service is different. They like to "bulk everything". So they send everything in black boxes for country 1, blue for country 2, and green for country 3. then in the country 1 splits into maroon for city 1 and so on... this works fine for the postal department but does it work for labels?
 
 
 
where should I post the letter?
 
-S.F.
 
 
 
 
 
 

------- The MPLS-OPS Mailing List Subscribe/Unsubscribe: http://www.mplsrc.com/mplsops.shtml Ar! chive:

-------
The MPLS-OPS Mailing List
Subscribe/Unsubscribe:  http://www.mplsrc.com/mplsops.shtml
Archive: http://www.mplsrc.com/mpls-ops_archive.shtml