View metadata, citation and similar papers at core.ac.uk
brought to you by
CORE
provided by Universiti Teknikal Malaysia Melaka: UTeM Open Journal System
Virtual Routing and Forwarding-lite Traffic
Management over Multi-protocol Layer SwitchingVirtual Private Network
Ruhani Ab Rahman, Nur Asikin Zahari, Murizah Kassim, Mat Ikram Yusof
Faculty of Electrical Engineering, Universiti Teknologi MARA,
UiTM Shah Alam, Selangor, Malaysia.
[email protected]
Abstract— Quality of Services in Multi-protocol layer
switching for Virtual Private Network (MPLS-VPN) is one of
important matter today. These networks experienced an increase
of bandwidth size for enterprises LAN which are faster than the
increased of bandwidth at WAN link. Thus, line speed is
disparity and bottleneck is occurred at the link between WAN
and LAN due to the unparalleled increase of bandwidth between
these links. This paper presents a study of MPLS-VPN
architecture and how to encounter the congestions problem by
simulating traffic management on the path diversity and load
balance using VRF-lite technique at enterprises MPLS-VPN. A
test bed is set up and real enterprise MPLS-VPN network for
traffic management is simulated. VRF-Lite traffic management is
applied at identified two WAN headquarters and three branch
network. WAN and LAN link is identified on primary and
secondary network link. VRF-lite is used to overcome the bottle
neck at the Branch WAN-LAN link and also to fully utilize all
available links at the other sites. Adaptive traffic management is
set where if it is identified that other link is not congested than
traffic will pass through the link. Result presents analyzed of
throughput and bandwidth utilization percentage on all
identified links using ftp and http applications. Successful results
present that all links at HQ and Branch is being utilized and the
congestion at the Branch WAN-LAN link is avoided.
Index Terms— Quality of services; Multi-protocol layer
switching; Virtual private network; Virtual routing.
I.
INTRODUCTION
Multi-protocol layer switching -Virtual Private Network
(MPLS-VPN) are the ideal solution for medium and large
enterprises that currently deploy site-to-site VPN services.
MPLS provides sophisticated traffic engineering capabilities
that, coupled with IP QoS, enable multiple classes of service
so business critical applications are treated with higher priority
than less important applications and best effort services. The
popularity of MPLS VPNs as an alternative to private Wide
Area Network (WAN) introduces a number of considerations
with regard to QoS [1,2]. MPLS VPN also experienced on
QoS issues where all the WAN-LAN links of the multi-homed
sites at any given instant are not being fully utilized [3].
Research presented that one WAN-LAN links will be fully
utilized but one is underutilized. Thus, load balancing is
virtualized as the traffic management that balances the lightly
loaded link to be fully utilized. The result achieved from this
prototype shows the improvements in bandwidth utilization
once the load balancing techniques is applied to the network
[4]. Others study presented traffic diversity is implemented
where traffic from LAN (Local Area Network) to backbone
network are divided through the different disjoint routes [5].
A Virtual Routing and Forwarding (VRF) table is a way to
make multiple routing tables that are completely separate from
each other. VRF-lite is used to isolate each of these networks
from interfering with each other and it also enables the CEs to
have separate VRF tables for each of the networks [6].Using
VRF-lite, the packets of each customer is routed based on their
individual routing table. It also make used of same and
overlapping IP address on the same physical device when the
device is using VRF-lite. The input interfaces of the CE are
used by the VRF-lite to match the routes from the different
VPN. The virtual packet forwarding table is formed based on
the associated layer 3 interfaces which are physical or logical
layers with all VRF. Traffic segregation is using VRF-lite
replacing policy-based routing when it is normally being
opted. It is one of a load balance technique to route traffic to
identified unutilized route for bandwidth utilization.
This research presents a study of MPLS VPN architecture
and simulating traffic management on the path diversity and
load balance using VRF-lite technique at enterprises MPLS
VPN WAN-LAN network. Real enterprise MPLS VPN
network for traffic management is simulated and data
collected from the test bed. VRF Lite traffic management is
applied at two HQ WAN and three branch LAN network.
WAN and LAN link is identified on primary and secondary
network link. VRF-lite is used to overcome the bottle neck at
the Branch WAN-LAN link and also to fully utilize all the
available links at the other sites. Load balance is applied on
identified congested link where traffic is passing through the
uncongested link. Result presents an analyzed of throughput
and bandwidth utilization on all links using ftp and http
applications. Successful results present that all links at HQ and
Branch is being utilized and the congestion at the Branch
WAN-LAN link is avoided.
II.
MPLS VPN LOAD BALANCE
MPLS VPN network which consist of many HQ and client
routers experienced with congestions traffic that focus to one
ISSN: 2180 – 1843 e-ISSN: 2289-8131 Vol. 8 No. 3
107
Journal of Telecommunication, Electronic and Computer Engineering
route especially if it not monitored for QoS. Thus, a diverse
path method for the core link might be achieved by using
Multi-Topology Routing (MTR) topologies or VRF lite
technology to overcome congestion link problem. This gives
diverse path within the core for IP transport [7]. Figure 1
shows how MPLS VPN architecture works [8]. The MPLS
VPN consists of three important components which are
customer edge (CE), provider edge (PE) and provider router
(P) [9]. Each of the customer’s remote sites in the MPLS VPN
is connected to the CE and it is connecting the backbone sites
via PE router. The routers used in the MPLS VPN are the P
router that responsible only for high speed forwarding and it is
operating using Multi-Protocol Label Switching (MPLS) [10].
Bandwidth size for enterprises VPN WAN-LAN is increasing
rapidly. MPS experience with increased of bandwidth at the
WAN link is slower than the LAN link. A study on
implementation of dynamically auto configured multiservice
multipoint VPN has been done. The study implemented VRFLite approach to isolate client traffic at levels 2 and 3 using
isolated routing tables and ARP without virtualizing the
network stack. Different VPN services use virtual interfaces to
route the VPN client traffic. Redirecting traffic to different
VRFs allows to isolates traffic within the same server but
different VPN protocols. At the CPE side, separated routing
instances, named Virtual Routing Function (VRF) Lite which
is a logical way of segregating network traffic handle voice
and data traffic and also QoS is applied accordingly [11, 12].
Figure 2: Diagram of the test bed setup
Figure 3: Actual test bed setup
Figure 1: MPLS VPN architectural model
III.
METHODOLOGY
This study comprise of three phase which are firstly is test
bed simulation, monitoring setup and last phase is data
collection and analyzed.
A. Test Bed Setup
Figure 2 and Figure 3 shows the diagram and actual test bed
setup of the project. Four routers are being used to construct
the WAN network and one router with the Ethernet cards are
being used as the switch at the Branch site. Three computers
are being used as FTP server, HTTP server and Client in the
test bed setup. Five sites are set up which are HQ WAN, HQ
LAN, Primary Branch, Secondary Branch and Branch Switch.
All sites used Cisco 2811, Cisco 1841 model and C2800NMadventerprisek9-M and C1841-adventerprisek9-M OIS image.
The bandwidth for each of the links is configured as HQ
Primary and Secondary WAN link for 20 Mb, Branch Primary
and Secondary WAN link with 1 Mb and Branch LAN link for
100 Mb.
108
Systems are operated with Microsoft Windows XP, 8 and 7
Professional Operating Software for each Client and FTP
server. Type of applications use are Torch Web browser,
FileZilla Client 3.8.0, FileZilla Server version 0.9.40 Beta in
transferring the file across the network. The experiment has
tested setup two different scenarios which are the network
setup without applying VRF-lite at the HQ and the scenario
where VRF-lite is being applied to the HQ.
B. Bandwidth Monitoring Setup
Specification and requirement in setting up bandwidth
monitoring tool of the simulated network is important.
Bandwidths of all links are monitored using the Solar wind
Bandwidth real-time monitoring software. SNMP v2 is used
by the monitoring software to monitor the desired links [13].
The Solar Wind real-time monitoring software is able to
monitor the entire 5 different link simultaneously during the
file transfer [14]. The Client PC which is located at the Branch
is being used at the SNMP-server. All routers such as HQ
WAN, HQ LAN, Primary Branch WAN and Secondary
Branch WAN are configured with the SNMP community
string cisco and the SNMP server IP address which is the
Client PC IP address 10.3.3.10.
i. Traffic Management (VRF-lite) Setup
Figure 4 shows process flow of the packets from Client to
Application Server without VRF-lite. Traffic flows of packets
from Branch to HQ when Client at Branch starts downloading
100 Mb files via FTP and HTTP. TCP connection between
Client PC and the application server at the HQ is established at
this moment. All packets travel from Client PC to the Branch
ISSN: 2180 – 1843 e-ISSN: 2289-8131 Vol. 8 No. 3
Virtual Routing and Forwarding-lite Traffic Management over Multi-protocol Layer Switching-Virtual Private Network
WAN router. If the Primary Branch WAN router is up, the
packet flows to the Primary Branch WAN router to the
Primary Branch WAN link. From the Primary Branch WAN
link the packets is routed to the Primary HQ WAN link to the
HQ WAN router, HQ LAN router and finally arriving at the
application server. During the outage of the Primary Branch
WAN router, the Secondary Branch WAN router is routed the
packets to the Secondary Branch WAN link. The packets then
is routed to the Secondary HQ WAN link, HQ WAN router,
HQ LAN router and finally to the application server.
Figure 5 shows the flows of the packets routed from the
application server at the HQ to the client at the Branch. The
packets are routed from the application server to the HQ LAN
router and to the HQ WAN router. The return traffic from the
HQ WAN router to the Branch router followed the same links
where the packets arrived. If the packets from Branch arrived
at HQ router from the Primary HQ WAN link, the return
traffic from the HQ to the Branch flows through the Primary
HQ WAN link to the Primary Branch WAN link and finally
arriving to the client at the Branch.
Figure 5: App. Server to the Client W-VRF-lite
Figure 4: Client to App. Server W-VRF-lite
Figure 6: Client to App. Server VRF-lite
ISSN: 2180 – 1843 e-ISSN: 2289-8131 Vol. 8 No. 3
109
Journal of Telecommunication, Electronic and Computer Engineering
WAN link or through the Secondary Branch WAN link, the
VRF-lite is playing the most vital role in segregating the
traffic. Hence, both primary and secondary link of the HQ and
Branch is being utilized when applying the VRF-lite traffic
segregation method at the HQ router.
C. Data collection
File transfer via FTP and HTTP is used in the test bed setup
to generate the traffic. Two different type of the protocol is
used to imitate the traffic in the enterprise network that are
consists of different type of traffic which are FTP and HTTP.
FTP is defined as the critical traffic while HTTP is defined as
the non-critical traffic. The traffic flows from HQ to branch
and user at branch downloaded data from HQ.
IV.
RESULT AND ANALYSIS
Table 1 shows the listed the measured throughput and
bandwidth utilization of all five monitored links during the file
transfer via FTP and HTTP. There are two types of the
scenario which is without traffic management and with traffic
management with VRF-lite technique is collected.
Figure 7: App. Server to Client VRF-lite
ii. Traffic Management and Segregation Process VRF-lite
Figure 6 shows process of packet transfer from Client to
Application Server with VRF-lite. Packets flow from Client at
Branch to the application server at the HQ. Once the client
initiates the connection to the application server, the packets
flow from the Client PC to the Primary Branch WAN router.
The Primary Branch WAN router makes decision whether the
packets are to be routed via Primary Branch WAN link or
Secondary Branch WAN link. In this setup, traffic with the
destination IP address of the critical application at the HQ is
routed via Primary Branch WAN link while the traffic with
the destination IP address of the non-critical application is
routed via Secondary Branch WAN link. All packets are
routed to the HQ WAN router and to the HQ LAN router.
Then, HQ LAN routed the packets to the application servers
located at the HQ. Figure 7 show process of traffic flow from
Application Server to Client with VRF-lite. Applications at the
HQ are defined in two categories which are critical application
and non-critical application. Here, FTP application is defined
as the critical application while the HTTP application is
defined as the non-critical application. The VRF-lite method
enabled HQ router to have two different routing table
simultaneously in the router. The first routing table is to
maintain the forwarding and receiving traffic of the IP address
for the critical application (FTP) while the other routing table
is to forwarding and receiving traffic of the IP address for the
non-critical application (HTTP). When HQ router received the
packets from branch, the HQ will forward the traffic to its
LAN which contained FTP and HTTP server. To make sure
the return traffic from the HQ to the Branch flows in the right
direction which are whether through the Primary Branch
110
A. Without Traffic Management VRF-lite
Branch is utilized the Primary Branch WAN link. At this
time, the client at the branch is downloading 100 MB file at
the HQ server via HTTP and FTP simultaneously and the
Primary Branch router is handling all the traffics. Graph
shows that the bandwidth utilization of the Primary Branch
WAN link is very high which is utilized approximately 100%
of the link. The red light in the graph at the Primary Branch
WAN link graph indicated that the link is under critical
condition and the congestion is occurred. Figure 9 shows that
the bandwidth utilization at the Secondary Branch WAN link
is low. During this time, the secondary branch is in the
standby mode. No data traffic is flowing through the
secondary Branch WAN link Graph presented that there is
some bandwidth utilization at the link which is around 0.05%
on the average. The bandwidth of the link is utilized by the
routing protocol BGP and EIGRP in sending hello, keep alive
message and updates to the neighboring routers in order to
converge, maintain and updating routing table.
Figure 8: Primary Branch WANw-VRF-lite
ISSN: 2180 – 1843 e-ISSN: 2289-8131 Vol. 8 No. 3
Virtual Routing and Forwarding-lite Traffic Management over Multi-protocol Layer Switching-Virtual Private Network
Figure 9: Secondary Branch WAN w-VRF-lite
Figure 10 shows the bandwidth utilization at the LAN link
of the branch which is 1.38 % of the links. Unparalleled
growth in bandwidth of the WAN-LAN link can cause
congestion at the WAN link as in this graph. LAN link shows
bandwidth is utilized only 1.38 % with the amount of 1.38
Mbps which is from the LAN point of view is very low. There
is around 98.62% is not being utilized yet by the user.
However, at the WAN link in Figure 11, the bandwidth of the
link has been utilized 100% with the amount of 1 Mbps. From
the throughput of the data transferred itself that we can see
that there is 0.38 Mbps of the packets was dropped during the
transfer. At the HQ link, Primary HQ WAN link is being used
to transfer the data from the HQ to the branch. Figure 12
shows that 7.5% of the link bandwidth is being utilized in
order to transfer the 100 Mb file via FTP and HTTP
simultaneously. Since the Secondary Branch WAN link is not
being utilized, the Secondary HQ WAN link is also not being
used in data transfer because it is directly connected to the
Secondary Branch link which the situation is as similar as
Secondary Branch WAN link.
Figure 10: Branch LAN w-VRF-lite
Figure 11: Primary HQ WAN w-VRF-lite
Figure 12: Secondary HQ WAN link w-VRF-lite
B. Traffic Segregation VRF-lite applied at HQ
Figure 13 and 14 respectively shows the bandwidth
utilization of the Primary Branch WAN link is 58% while the
bandwidth utilization for the Secondary Branch WAN link is
85%. The Primary Branch WAN link is utilized to request and
receive the FTP data while the Secondary Branch WAN link is
utilized to request and receive the HTTP data during the
simultaneous file transfer from HQ to Branch via HTTP and
FTP. Graph shows that during simultaneous file transfer, the
Primary Branch WAN link is not congested with the high
traffic and the Secondary Branch WAN link also being
utilized. The load balance and utilization of both links at one
time is achieved. Path diversity and partial loss of information
is also applied in this situation. If the Primary Branch WAN
link is disconnected or down, only the FTP file transfer is
interrupted while the HTTP file transfer is not interrupted.
Hence, only partial data is lost which are data transferred via
FTP. This situation is also applied on the other way around.
During the outage for one of the links, only some application
is affected and the Branch will not be experiencing total loss
of connection to the HQ.
Figure 15 shows file transfer and Branch LAN link
utilization is 1.38% with the amount of 1.38 Mbps. The
Branch LAN do not experienced with packet loss since there
is no congestion occur the LAN-WAN link. The total WAN
utilization is 1.48 Mbps with 590 Kbps and 890 Kbps for
Primary Branch WAN link and Secondary Branch WAN link
respectively. The total outgoing traffic at both WAN links is
higher than the outgoing traffic from the LAN. The Primary
HQ WAN link is used to transfer FTP data from FTP server to
the FTP client at the Branch while the Secondary HQ WAN
link is used to transfer HTTP data from the HTTP server at
HQ to the HTTP client located at the Branch. Figure 16 and 17
ISSN: 2180 – 1843 e-ISSN: 2289-8131 Vol. 8 No. 3
111
Journal of Telecommunication, Electronic and Computer Engineering
present and indicated that during the simultaneous file
transfer, utilization of the Primary HQ WAN link is 2.9% of
the link with the amount of 590 Kbps while the Secondary HQ
link is being utilized at 4.5% of the link with the amount of
890 Kbps.
Figure 17: Secondary HQ WAN link VRF-lite
V.
Figure 13: Primary Branch WAN link VRF-lite
CONCLUSION
This research concludes that all objective are achieved
where traffic management with VRF-lite on MPLS VPN are
analyzed. QoS on bandwidth utilization of the stimulated
enterprises network are implementation with simulation test
bed as real MPLS VPN network. Result proven that by
applying VRF-lite method at the HQ router, the congestion at
the Branch WAN link can be avoided. In addition, VRF-lite
are enabled both of the links whether at the HQ or the Branch
is utilized and hence the load balanced and path diversity can
be applied at the network. Overall performances of the
network are increased.
REFERENCES
N Chaitou M, “On the calculation of inter-domains point to multipoint
paths in MPLS networks,” International Journal of Network Science,
vol. 1, no.1, pp. 80-100, 2016.
[2] El Hachimi, M., Breton M. A. and Bennani. M., “Efficient QoS
implementation for MPLS VPN,” 22nd IEEE International Conference
on Advanced Information Networking and Applications-Workshops,
2008.
[3] Ab Rahman R, Alias FA, Kassim M, Yusof MI, Hashim H.,
“Implementation of high availability concept based on traffic
segregation over MPLS-TE,” ARPN Journal of Engineering and Applied
Sciences, vol. 10, no. 3, pp. 295-301, 2015.
[4] Sairam, A.S. and Barua. G., “Effective bandwidth utilisation in
multihoming networks,” IEEE First International Conference on
Communication System Software and Middleware (Comsware), 2006.
[5] Kyandoghere, K., “A customized service availability concept based on
traffic segregation, path diversity and hierarchical restoration,”
Proceedings of the Third IEEE International Conference on public
telecommunication transport networks in Electronics, Circuits, and
Systems) ICECS'96, 1996.
[6] Cisco. Cisco IOS IP Switching Command Reference: Configuring VRFlite patent Software Configuration Guide - Release 12.2(31)SG. (2011).
[7] Gobena Y, Durai A, Birkner M, Pothamsetty V, Varakantam V,
“Practical architecture considerations for Smart Grid WAN network,”
IEEE Power Systems Conference and Exposition (PSCE), IEEE/PES
2011.
[8] Cisco. Layer 3 MPLS VPN Enterprise Consumer Guide Version 2. ug 8
2008.
Available
from:
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN
and_MAN/L3VPNCon.html. Accessed 1st Feb 2016, 2016.
[9] Parra, I.M.O.J.S., D.G.L. Rubio, and I.M.L., Castellanos.
MPLS/VPN/BGP Networks Evaluation Techniques, 2012.
[10] Zhao, Y. and Z. Deng, “A Design of WAN Architecture for Large
Enterprise Group Based on MPLS VPN,” International Conference on
Computing, Measurement, Control and Sensor Network., 2012.
[11] Polezhaev, P., A. Shukhman, and Y. Ushakov, “Implementation of
dynamically autoconfigured multiservice multipoint VPN,” 9th IEEE
International Conference on Application of Information and
Communication Technologies (AICT), 2015.
[1]
Figure 14: Secondary Branch WAN link VRF-lite
Figure 15: Branch LAN link VRF-lite
Figure 16: Primary HQ WAN link VRF
112
ISSN: 2180 – 1843 e-ISSN: 2289-8131 Vol. 8 No. 3
Virtual Routing and Forwarding-lite Traffic Management over Multi-protocol Layer Switching-Virtual Private Network
[12] Theodoro L. C, Leite PM, de Freitas HP, Passos ACS, de Souza Pereira
JH, de Oliveira Silva F., “Revisiting Virtual Private Network Service at
Carrier Networks: Taking Advantage of Software Defined Networking
and Network Function Virtualization,” The Fourteenth International
Conference on Networks, 2015.
[13] Raspall, F., “Building Nemo, a System to Monitor IP Routing and
Traffic Paths in Real Time,” Computer Networks, 2016.
[14] Nagaraja, M.G., R.R. Chittal, and K. Kumar, “Study of network
performance monitoring tools-SNMP,” International Journal of
Computer Science and Network Security, vol. 7 no. 7, pp. 310, 2007.
Table 1
Bandwidth Utilization of the link
Throughput and Percentage Bandwidth Utilization on the link
HQ Primary
WAN
(BW =20MB)
HQ Secondary
WAN
(BW=20MB)
Branch Primary
WAN
(BW=1MB)
Branch Secondary
WAN
(BW=1MB)
Branch LAN (BW=100
MB)
Without Traffic Management
1.42 Mbps,
7.5%
1 Kbps, 0.07%
1 Mbps, 100%
2.5 Kbps, 0.08%
1.38 Mbps, 1.38%
Using Traffic Segregation, VRF-lite
applied at HQ
590 Kb, 2.9%
890 Kb, 4.5%
590 Kb, 58%
890 Kb, 85%
1.38 Mbps, 1.38%
Scenario
ISSN: 2180 – 1843 e-ISSN: 2289-8131 Vol. 8 No. 3
113