Cisco MPLS portfolio napredne generacije u SBB mreži
Dragoljub Spasojevid
Leading Network Engineer
Department of IP operations
Serbia BroadBand
Cisco ISP & Cable konferencija
Beograd, 16.06.2011
AGENDA
Osnovne informacije o kompaniji
Osnovne informacije o IP/MPLS mreži i INTERNET topologija
 ASR9K u lab okruženju
 Instalacija ASR-a u Bosni (Telemach BH)
 ASR9k u SBB mreži (Interxion Beč) – IGW & MPLS PE
 ASR9k u SBB mreži – MPLS PE
 ME6524 i ME-3600X u SBB mreži – MPLS PE
KO SMO MI ?
 Vodedi kablovski operater u regionu
 Jedan od najznačajnijih ISP i servis provajdera u Srbiji
 Nacionalna pokrivenost
 Ponuda širokog spektra servisa za rezidencijalne i poslovne korisnike
 Regionalno (IP) prisustvo: Slovenija (Telemach Si), BiH (Telemach BH),
Hrvatska
 Brendovi: D3, Total TV, SPORT Klub, Video Zona, SBB HotSpot
KO SMO MI ?
 >2500 km FO (HFC, wireless mreže)
 28 gradova u Srbiji
 Regionalno: Srbija, Slovenija,
Bosna, Hrvatska, Crna Gora,
Makedonija ...
KO SMO MI ?
Osnovan 2002 godine.
Vlasnik akcija: Investicioni fond “Mid Europa partners” od juna 2007
Osnovna HFC mreža kapaciteta: 750.000 Home passed
Servisi:
- Cable TV (preko 70 TV programa u osnovnom paketu)
- Digital TV (“D3” brand sa preko 100 TV programa + 50 radio programa) servis
- VOD (“Video Zona”) servis – video na zahtev
- DTH (“Total TV” brand) servis prisutan u Srbiji, Crnoj Gori, Sloveniji, Bosni i Hercegovini i Hrvatskoj,
a prodaje se preko partnera u Austriji i Makedoniji.
- Internet (Cable, ADSL, Ethernet leased line)
- VPNs (MPLS/VPNs, IPSec VPN)
Preko 95% kablovskih korisnika je spremno za Internet servis (dvosmerna HFC mreža)
Cable Internet: >130.000 korisnika
•Flat i tarifni paketi,
•Prepaid i Postpaid tipa pladanja
•Rezidencijalni i Biznis profil paketa
Preko 250 Biznis korisnika sa Ethernet pristupom preko optičkog ili UTP kabla ima iznajmljenu fiksnu
Internet konekciju.
HotSpot u Srbiji - “SBB CaffeNetwork” sa preko 100 HotSpot lokacija sa besplatnim pristupom.
Ukupni protok broadband saobradaja u SBB pristupnoj mreži dostiže 12/3 Gb/s Beograd, 6/2 Gb/s Srbija i
7/2 Gb/s Vojvodina.
Uspostavljen je Peering sa najrelvantnijim domadim ISP-ovima (Eunet, BeotelNET, Orion, YUBC, B92Net,
Neobee, Akademska mreža, Telenor, Verat).
GRUPE SERVISA
U osnovi svih SBB servisa se nalazi HFC (Hibryd Fiber-Coax) mreža na fizičkom nivou. Za razliku
od IP servisa koja za deo svoje mreže koristi i iznajmljene kapacitete Telekoma, za transportne
servise se koristi isključivo sopstvena optička mreža kablova i transportna oprema bazirana na
DWDM platformi. Na ovoj platformi se grade grupe servisa:
UMUX mreža i TDM servisi:
leased line digitalni vodovi tipa tačka-tačka
kapaciteta E1, NxE1, E3, STM1, STM4, STM16 i STM64
SBB pristupne tačke u Beogradu,Novom Sadu, Nišu,Kragujevcu ...
Nezavisni međunarodni iznajmljeni vodovi u Evropi
FC mreža i Disaster recovery servisi:
FiberChannel (FC) leased line preko DWDM mreže kapaciteta 1Gb, 2Gb i 4Gb
sa (ring topologija) ili bez zaštitne putanje
Telehouse/Co-Location servisi
MPLS mreža i IP servisi:
Internet
VPNs
IPSec VPN over Internet
Managed servisi
Multicast video distribucija
Video distribucija preko satelita
IP MPLS MREŽA
MPLS mreža je multiservisna platforma koja podržava sve IP bazirane servise u SBB-u.
Nova MPLS platforma je u funkciji sa prvim korisnikom od novembra 2006.
Struktura:
•Sopstvena optička i DWDM platforma (17 gradova).
•Iznajmljeni Telekom kapaciteti (9 gradova) u Srbiji.
•Zakup internacionalnih kapaciteta
• MPLS mreža u Beču (SBB) i Sarajevu (Telemach BA)
• VPN prisustvo u Ljubljani/Mariboru (Telemach), Zagrebu (partner).
Performanse:
MPLS mreža: 45 POP-ova u 28 gradova u Srbiji. Međunarodno prisustvo u 4 države.
Core capacitet: 10Gig i NxGigabit Ethernet (na DWDM i/ili pure optical platformi)
Access:
•Cable: Svi CMTS-ovi u MPLS gradovima su uključeni kao PE ili VRF lite ruteri
•Ethernet: više desetina L2 metro svičeva u distribuiranoj arhitekturi
•ADSL: ADSL ruter PPPoE terminacija u korisnikov VRF (VPN)
•Dedicated Wireless: WiFi 5,4MHz (AbsolutOK partner) bridge na VRF (VPN)
Tier 1 Internet upstream na 4 x 10GE (4 fizički različite putanje), regionalni peering, Google
Global Cache
INTERNET TRENUTNO STANJE
• Tri dobavljača (upstream – “Tier 1” ISP) u četiri pravca
kapaciteta 4xSTM64: 2xTelia, Global Crossing i Tinet.
• U toku realizacija nxSTM64 upstream kapaciteta.
• Prisustvo u VIX-u. DE-CIX u planu.
• Veleprodaja (downstream ISP) dostigla 4Gb/s i 31 “Tier 3” IP
tranzitnih korisnika.
• Peering razmena u Srbiji prelazi 700Mbps, ukupna razmena
>1.5Gbps.
• Veliki rast prosečnog protoka po broadband korisniku.
IOS XR PLATFORME
CRS
GSR
ASR
IOS XR (neke) razlike u odnosu na IOS
- Ne postoji User EXEC i Privileged EXEC mod.
- Nakon logovanja ulazi se u privilegovani EXEC mod. Dostupne komande zavise od
privilegija korisnika.
- Umesto privilege level 1-15 kod IOSa, postoji fleksibilniji sistem privilegija.
- Taskovi su grupisani u task grupe.
- Korisnici pripadaju grupama korisnika. Određenim grupama korisnika je dodeljeno pravo
izvršavanja taskova iz pripadajucih task grupa.
- Komandom "configure" (parametar "terminal" nije neophodan) se ulazi u global
configuration mod. Iz global configuration moda mogu da se izvrsavaju ”show” komande.
- Svaka izmena konfiguracije mora da se potvrdi sa "commit“.
- Mogude je poništiti neku raniju izmenu (rollback).
- Servisi kao sto su CDP, Telnet su po defaultu isključeni.
- Interfejsi sa default konfiguracijom se ne vide u ispisu "show running-config“.
- eBGP ne razmenjuje podatke o rutama dok se ne primeni polisa (makar bilo samo "pass")
- Umesto route-map koristi se RPL.
- Konfiguracija ruting protokola vezana za interfejs nalazi se pod router xxx, ne pod interface xxx.
ASR9K LAB TEST
•
•
•
•
ASR kao P/PE u MPLS mreži
ASR kao IGW (IPv4 i IPv6)
Multicast rutiranje
Funkcionalnosti L2VPN, L3VPN, VPLS, OAM, BFD
• L2 f-je : QinQ, port mirroring, port bundling
• Ruting protokoli : OSPF, BGP, IS-IS
• Mcast: PIM, IGMPv2/3, SSM ( static and dynamic mapping ),
IGMP snooping
• QOS: Classification, Marking, Congestion Management
Tools i Policing and Shaping.
• Management : ACL access, SNMP, SYSLOG and AAA
• Video monitoring : VIDMON (posebna licenca, CBR)
ASR KAO IGW & MPLS P/PE TAČKA
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
ASR KAO IGW & MPLS P/PE TAČKA
ASR KAO IGW & MPLS P/PE TAČKA
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
- 1 x A9K-4T-L
ASR KAO IGW & MPLS P/PE TAČKA
BOSNA conf t
RP/0/RSP0/CPU0:sa-he-m-1#sh run int bundle-ether 2.2
interface Bundle-Ether2.2 l2transport
description bh-mgt
encapsulation dot1q 2
RP/0/RSP0/CPU0:sa-he-m-1#sh run int bundle-ether 3.2
interface Bundle-Ether3.2
description bh-mgt
vrf bh-mgt
ipv4 address 192.168.176.1 255.255.255.0
encapsulation dot1q 2
RP/0/RSP0/CPU0:sa-he-m-1#sh run int Gi0/0/0/5
interface GigabitEthernet0/0/0/5
description LINK sa-he-s-1
cdp
RP/0/RSP0/CPU0:sa-he-m-1#sh run int Gi0/0/0/5.2
interface GigabitEthernet0/0/0/5.2 l2transport
description bh-mgt
encapsulation dot1q 2
BOSNA conf t
RP/0/RSP0/CPU0:sa-he-m-1#show running-config l2vpn
l2vpn
bridge group telemach
bridge-domain 2
interface Bundle-Ether2.2
interface GigabitEthernet0/0/0/5.2
bridge-domain 70
igmp snooping profile snoop
interface Bundle-Ether2.70
interface GigabitEthernet0/0/0/5.70
conf t
RP/0/RSP0/CPU0:sa-he-m-1(config)#igmp snooping profile snoop
access-group
Configure group membership filter
group
Configure group membership limits
minimum-version
Configure minimum IGMP version (default 2)
querier
Configure IGMPv2 Querier information
static
Configure static group membership on a port
BOSNA conf t
control-plane
management-plane
inband
interface Bundle-Ether1
allow all peer
address ipv4 77.77.196.0/23
address ipv4 77.78.192.0/24
address ipv4 89.216.0.0/21
!
policy-map 50mbps
class class-default
shape average 50 mbps
end-policy-map
interface GigabitEthernet0/0/0/17.300
encapsulation dot1q 300
service-policy output 50mbps
service-policy input 50mbps
BOSNA conf t
route-policy UPSTREAM-OUT
if destination in pl-upstream-blackhole then
set community upstream-blackhole
elseif destination in pl-upstream-out and as-path is-local then
if destination in pl-upstream-prepend-out then
prepend as-path 42560 1
endif
pass
else
drop
endif
end-policy
BOSNA conf t
ipv4 access-list SSM
10 permit ipv4 224.0.0.0/4 any
!
ipv4 access-list wisi2
10 permit ipv4 host 239.255.2.2 any
!
multicast-routing
address-family ipv4
interface Bundle-Ether3.70
enable
interface Bundle-Ether3.71
enable
!
log-traps
ssm range SSM
!
router igmp
ssm map static 77.77.198.2 wisi2
version 3
router pim
address-family ipv4
old-register-checksum
interface GigabitEthernet0/0/0/37
enable
!
interface GigabitEthernet0/1/0/37
enable
!
interface GigabitEthernet0/0/0/38.850
enable
!
interface GigabitEthernet0/0/0/38.851
enable
!
!
!
end
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
- 1 x A9K-4T-L
INTERNET TOPOLOGIJA BASR.
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
Funkcionalnosti ASR 9K u “Interxion Wien”
•
•
•
•
•
•
IGW – agregacija nx10Ge WAN linkova
MPLS P/PE – nx10Ge linkova ka koru
MCAST – rutiranje mcast saobradaja za BH,SLO,HR
L2VPN – transport do krajnjih tačaka u Srbiji
L3VPN – transport do krajnjih tačaka u Srbiji
(M)BGP – BGP sesije sa UPSTREAM provajderima (IPv4 i IPv6),
IGW u BG i (m)BGP RR u BG, peering BGP sesije
• OSPF – IPv4 i IPv6
INTERNET TOPOLOGIJA
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
router static
address-family ipv4 unicast
89.216.7.99/32 Null0
ipv4 prefix-list blackhole
10 permit 0.0.0.0/0 eq 32
community-set cm_delete
ios-regex '.*31042:1...._.*$'
end-set
community-set blackhole
31042:999
end-set
route-policy COMUTEL-IN
if community matches-any cm_delete then
delete community in cm_delete
elseif destination in bogons then
drop
elseif destination in pl-comutel-in and as-path in comutel then
set community customers additive
set local-preference 300
pass
elseif community matches-any blackhole and as-path in comutel then
set community blackhole
set next-hop 89.216.7.99
pass
endif
end-policy
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
community-set blackhole-tinet
3257:2666
end-set
prefix-set pl-upstream-sbb-out
# SBB
82.117.192.0/19,
87.116.128.0/18,
89.216.0.0/16,
94.189.128.0/17,
178.148.0.0/15,
188.2.0.0/16
end-set
prefix-set pl-tinet-prepend-out
178.148.0.0/15,
188.2.0.0/16
end-set
route-policy TINET-OUT
if destination in pl-upstream-sbb-out then
if destination in pl-tinet-prepend-out then
prepend as-path 31042 2
set community (3257:2991) additive
endif
if community matches-any blackhole then
set community blackhole-tinet
endif
pass
elseif destination in pl-upstream-out and community matches-any customers then
pass
endif
end-policy
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
route-policy TELIA-OUT
if destination in pl-upstream-sbb-out then
set med 0
if destination in pl-telia-prepend-out then
set med 100
endif
if community matches-any blackhole then
set community blackhole-telia
endif
pass
elseif destination in pl-upstream-out and community matches-any customers then
delete community in cm_delete
pass
endif
end-policy
ASR KAO IGW & MPLS PE TAČKA U SBB MREŽI
prefix-set OSPF-1-U-2
89.216.3.0/24 le 32,
89.216.5.232/30,
89.216.7.0/24 le 32,
89.216.12.0/24 le 32,
89.216.14.0/23 le 32
end-set
!
prefix-set OSPF-2-U-1
77.77.193.0/24 le 32,
77.77.196.0/24 le 32,
77.77.198.0/23 le 32,
10.184.0.0/13 le 24
end-set
route-policy OSPF-1-U-2
if destination in OSPF-1-U-2 then
pass
else
drop
endif
end-policy
!
route-policy OSPF-2-U-1
if destination in OSPF-2-U-1 then
pass
else
drop
endif
end-policy
router ospf 1
log adjacency changes detail
router-id 89.216.7.244
default-information originate always metric 10
redistribute connected
redistribute static
redistribute ospf 2 route-policy OSPF-2-U-1
area 0
interface TenGigE0/0/0/1
network broadcast
!
interface TenGigE0/1/0/1
network broadcast
!
!
!
router ospf 2
log adjacency changes detail
router-id 89.216.7.244
distribute-list OSPF-2-U-1 in
redistribute connected route-policy OSPF-1-U-2
redistribute ospf 1 route-policy OSPF-1-U-2
area 0
interface GigabitEthernet0/1/0/0.850
network point-to-point
!
!
!
ASR KAO MPLS PE TAČKA U SBB MREŽI
HW CONFIG
- 2 x A9K-RSP-4G
- 2 x A9K-2T20GE-L
ASR KAO MPLS PE TAČKA U SBB MREŽI
ASR KAO MPLS PE TAČKA U SBB MREŽI
interface Bundle-Ether11
description ggc 1
l2transport
interface GigabitEthernet0/0/0/2
description ggc1 #1
bundle id 11 mode active
interface GigabitEthernet0/0/0/3
description ggc1 #2
bundle id 11 mode active
interface BVI1
description ggc
ipv4 address 89.216.2.193 255.255.255.192
l2vpn
bridge group ggc
bridge-domain ggc
interface Bundle-Ether11
!
interface Bundle-EtherXX
!
routed interface BVI1
!
!
!
ASR (IOS XR) vs 760X (IOS) – L2VPN config
interface Bundle-Ether2.3 l2transport
encapsulation dot1q 3
rewrite ingress tag pop 1 symmetric
l2vpn
xconnect group cisco
p2p testasr
interface Bundle-Ether2.3
neighbor 89.216.7.22 pw-id 992
interface GigabitEthernet4/0/0.701
description test asr - l2vpn
encapsulation dot1Q 701
xconnect 89.216.7.90 992 encapsulation mpls
End
bg-du-m-1#show mpls l2transport vc 992
Local intf Local circuit
Dest address VC ID Status
------------- -------------------------- --------------- ---------- ---------Gi4/0/0.701 Eth VLAN 701
89.216.7.90 992
UP
RP/0/RSP0/CPU0:ASR9000#show l2vpn xconnect interface bundle-ether 2.3
Tue Oct 26 10:50:48.782 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
LU = Local Up, RU = Remote Up, CO = Connected, SB = Standby
XConnect
Segment 1
Segment 2
Group Name
ST Description
ST Description
ST
------------------------ ------------------------- ------------------------cisco testasr UP BE2.3
UP 89.216.7.22 992 UP
ASR (IOS XR) vs 760X (IOS) – L3VPN config
interface Bundle-Ether2.2
vrf sbb-mgt
ipv4 address 192.168.136.225 255.255.255.240
encapsulation dot1q 2
router bgp 31042
address-family vpnv4 unicast
neighbor 89.216.7.1
remote-as 31042
password encrypted 06120A32584F1A0B
update-source Loopback0
address-family vpnv4 unicast
vrf sbb-mgt
rd 31042:2
address-family ipv4 unicast
redistribute connected
interface GigabitEthernet4/0/0.700
description test asr - sbb-mgt
encapsulation dot1Q 700
ip vrf forwarding sbb-mgt
ip address 192.168.136.241 255.255.255.240
router bgp 31042
bgp log-neighbor-changes
neighbor 89.216.7.1 remote-as 31042
neighbor 89.216.7.1 update-source Loopback0
address-family vpnv4
neighbor 89.216.7.1 activate
neighbor 89.216.7.1 send-community extended
address-family ipv4 vrf sbb-mgt
no synchronization
redistribute static
redistribute connected
ASR (IOS XR) vs 760X (IOS) – BFD config
router ospf 1
interface TenGigE0/0/0/0
bfd minimum-interval 50
bfd fast-detect
bfd multiplier 3
network point-to-point
RP/0/RSP0/CPU0:ASR9000#show bfd session
Interface
Dest Addr
Local det time(int*mult) State
Echo
Async
-------------------- --------------- ---------------- ---------------- --------Te0/0/0/0
89.216.8.202 150ms(50ms*3) 6s(2s*3) UP
bg-du-m-1# sh run in te8/2
interface TenGigabitEthernet8/2
description ASR9000 test
mtu 1550
ip address 89.216.8.202 255.255.255.252
ip pim sparse-mode
ip ospf network point-to-point
ip ospf bfd
mpls ip
bfd interval 50 min_rx 50 multiplier 3
bg-du-m-1#show bfd neighbors
NeighAddr
89.216.8.201
bg-du-m-1#
LD/RD RH/RS
1/589826 Up
Razlike u odnosu na standardne ruting mehanizme (hello paketi, tajmeri...):
- L2 protokol za detekciju dvosmerne komunikacije između susednih rutera;
- BFD paketi su veličine 24 bajta, plus UDP i IP header;
- Ne optereduje control-plane (na distribuiranim arhitekturama rutera);
- Omogudava brže vreme konvergencije.
State
Up
Int
Te8/2
IOS XR 4.0.1 vs IOS v15.1.1S1 – CPU USAGE
ME 6524 u SBB mreži
U SBB IP/MPLS infrastrukturi se
koristi kao PE za “manje” HUB-ove.
Koristi se za terminaciju L2VPN i
L3VPN korisnika kao i INTERNET korisnika.
Tehnologije
L2 : IEEE 802.1Q, IEEE 802.3ad (PAgP),
IEEE 802.1Q Tunneling, VTP
IPv4 routing : Static Routing, OSPF (graceful restart),
mBGPv4, BFD
Multicast : IGMP (v2, v3), IGMP Snooping,
PIM, PIM-SM, PIM-SSM,PIM Snooping
IPv6 routing : Native IPv6, OSPFv3, ICMPv6
ME 3600X u SBB mreži
Tehnologije
L2 : IEEE 802.1Q, IEEE 802.3ad (PAgP),
IEEE 802.1Q Tunneling, VTP
IPv4 routing : OSPF (graceful restart),
mBGPv4, BFD
Multicast : IGMP (v2, v3), IGMP Snooping,
PIM, PIM-SM, PIM-SSM,PIM Snooping
NO IPv6 support (septembar 2011)
Novo u odnosu na ME6524:
Ethernet Virtual Connections (EVCs)
Hierarchical VPLS (H-VPLS)
Napredniji QOS i OAM
ME 3600X u SBB mreži
Metro IP Access
Advanced Metro IP Access
Layer 2 (EVC, 802.1Q)
All features in METROIPACCESS plus:
IP Routing (RIP, OSPF, EIGRP, IS-IS, BGP) and
BFD
MPLS
PIM (SM, DM, SSM), SSM mapping
MPLS traffic engineering (TE) and Fast
Reroute (FRR)
Ethernet OAM (802.1ag, 802.3ah, E-LMI)
MPLS OAM
MST, REP, Flexlink
MPLS VPN
Synchronous Ethernet
Ethernet Over MPLS (EoMPLS)
Multi-VRF CE (VRF-lite) with service
awareness (ARP, ping, SNMP, syslog,
traceroute, FTP, TFTP)
Pseudowire redundancy
ME 3600X u SBB mreži
bg-vi-m-1#show license
Index 1 Feature: AdvancedMetroIP
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
Index 2 Feature: MetroIPAccess
Period left: 0 minute 0 second
Index 3 Feature: 10GEUpgrade
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
ZAKLJUČAK
?
HVALA NA PAŽNJI
Download

Cisco MPLS portfolio napredne generacije u SBB mreži, Dragoljub