Environments with the MPLS protocol.
The previously presented network layer protocols can be called "classical" in terms of functioning at the network level of the hierarchical OSI model. The MPLS protocol (multiprotocol label switching) interacts at two levels of the model at once: the label is added between the frame header (the second OSI level) and the packet header (the third OSI model level).
This label is assigned to each IP packet. Routers decide whether to send a packet to the next device based on the label value.
MPLS switching is an advanced method of transmitting traffic over a network using information contained in tags that are attached to IP packets. In the case of layer 2 technologies based on frame transfer, labels are embedded between the headers of the 3rd and 2nd levels.
It is worth paying attention to the roles performed by routers in MPLS networks. Let's give an example of a typical MPLS network. Here, the label for all incoming packets is assigned by the edge input router that performs label switching (Label-SwitchedRouter – LSR). Next, the packets travel along a Label-Switched Path (LSP) route. Each LSR router makes a decision about sending, which is based only on the content of the label. At each transition, the LSR device removes the existing label and inserts a new one, which sets the direction of the next transition to send the packet. On the egressEdge LSR output edge device, the label is removed and the packet is routed to its destination.
Tag switching.
Tag-switching devices assign short labels of fixed length to packets or cells. To determine the direction of further data movement, such devices look through the corresponding tables based on these labels. The label contains the most important information about the destination of the package or cell. The necessary information includes the destination, priority, membership in a private virtual network, information about the quality of service and the route of traffic redistribution for this package.
In the case of tag switching, the full analysis of the third–level header is performed only once - at the entrance to the network. At this point, the third-level header is converted to a fixed-length label. When a packet passes through a tag-switching device or through a router to send a cell or packet further on the network, only the label of the cell or packet is examined.
At the exit from such a network, a router or device that performs tag switching replaces the tag with the corresponding third-level header associated with the tag.
The structure of the MPLS node.
MPLS nodes have two structural planes: the forwarding plane and the control plane. In addition to switching labeled packets, MPLS nodes can perform layer 3 routing or layer 2 switching.
The packet forwarding plane of MPLS technology is responsible for redirecting packets according to the values contained in the attached labels. The packet forwarding plane uses the Label Forwarding Information Base (LFIB), maintained by the MPLS node, for further transmission of labeled packets.
The MPLS technology management plane is responsible for the formation and maintenance of the LFIB database. All nodes in the MPLS environment must use the IP routing protocol to exchange relevant routing information with other nodes in the MPLS network. In this case, link-state routing protocols such as OSPF and IS-IS can be used, since they provide the MPLS node with the topology of the entire network. Information about tag binding can be distributed using the Label Distribution Protocol (LDP), as well as by transmitting information about tag binding in modified high–level routing protocols. However, extensions of the BGP routing protocols can be used to achieve this goal. They allow you to coordinate the distribution of tag binding information with the distribution of routing data and avoid a situation where an MPLS node has accepted tag information without having the appropriate routing information.
How MPLS VPN works.
Tag-based forwarding over the provider's backbone when using MPLS VPN is based either on dynamic tag switching technology or on flow reallocation routes. When crossing the highway, the user data packet contains two levels of labels, the first label directs the packet to the required router of the next transit crossing, and the second indicates the VRF complex logically connected to the output interface of the destination router. Such a two-level mechanism is usually called hierarchical tagging, or tag switching.
Having received an IP packet from the CE router through some interface, the RE-router logically associates it with the VRF complex, as a result of which a bottom label is created, logically connected to the output RE-router (which identifies the VRF complex of the route destination and the output interface of the output RE-router). From the global forwarding table, the RE-router also receives another label, called the top label, which indicates the RE-router of the next transit; after that, the RE-router places both labels on the MPLS label stack. This tag stack is attached to the VPN package and routed to the next transit point. The RE-routers in the MPLS network analyze the top label and route the packet over the network to the desired node. On the output RE-router, the upper label is removed and the lower label is examined, indicating the VRF complex of the route destination and the output interface. After that, the lower label is also removed, and the IP packet is sent to the required CE router.
Oleg Petukhov, lawyer in the field of international law and personal data protection, information security specialist security, protection of information and personal data.
Telegram channel: https://t.me/protectioninformation
Telegram Group: https://t.me/informationprotection1
Website: https://legascom.ru
Email: online@legascom.ru
#informationprotection #informationsecurity
