Search Our Site

Our Newsletter

Our Ramblings

An MPLS primer.

MPLS is used for a variety of purposes; two of the most common are Layer 3 VPNs and Layer 2 VPNs. But why MPLS? What are the business drivers for MPLS? One of the first use cases was SP/carrier networks, where they needed to consolidate networks, provide multiple L2/L3 services, support increasingly stringent SLAs, and handle the increasing scale and complexity of IP-based networks. From the enterprise space, the trend picked up later and was driven by multi-site configurations and the need for network segmentation. MPLS originated in the mid-1990s and evolved until approximately 2004 when MPLS OAM became available.

MPLS is built on labels. Every packet is stamped with a label and MPLS will switch that packet through the network based on the label. There is an MPLS forwarding plane (where labeled packets are switched instead of routed) and an MPLS control/signaling plane (where MPLS utilises existing IP-based control protocols and extensions).

Within the enterprise space, there are two general types of MPLS deployments:

  • The enterprise is subscribed to an MPLS-based network from a provider
  • The enterprise has deployed MPLS in it’s own network

Continuing with the enterprise space, there are three major reasons for deploying/using MPLS:

  1. Network segmentation (network virtualization, distribution application virtualization)
  2. Network realignment/migration (consolidation of multiple networks)
  3. Network optimization (full-mesh and hub-and-spoke deployments, Traffic Engineering [TE] for bandwidth protection)

Moving on to to the technology components of MPLS, the core of MPLS is the MPLS signaling and forwarding components. Within the MPLS network, there is a Label Switched Path (LSP) from one end to the other end based on a label. There are a number of different terms applied in an MPLS network:

  • PE (Provider Edge): This is an edge router that adds labels (on ingress) or removes lables (on egress).
  • P (Provider) router: This is a label-switching router or a core router.
  • CE (Customer Edge)

The MPLS label itself is a 32-bit structure. The first part of the label is the actual MPLS label, which occupies 20 bits. Then you have the EXP/COS bits for QoS handling, and then you have the S bit; the S bit represents the bottom of the stack. (The S bit facilitates multiple layers of MPLS labels.) The label wraps up with an 8 bit TTL. The MPLS label is usually placed just after the transport header (for example, just after the MAC header for Ethernet).

Some additional terms to understand:

  • Label imposition: Occurs at the PE at ingress; classify and label packets
  • Label swapping or switching: Occurs at the P router; forwards packets based on label and indicates service class and destination
  • Label disposition: Occurs at a PE on egress; remove label and forward packets

The Forwarding Equivalence Class (FEC) is the mechanism to map Layer 2/3 packets onto an LSP by the ingress PE router. There are a variety of FEC mappings possible. Label Distribution Protocol (LDP) handles exchanging label information between and among MPLS nodes. There is a push operation (used on the ingress PE node to know which label to use for a given FEC), swap operation (occurs on the core P node), pop operation (occurs at egress PE node to inform node about FEC mapping). LDP is a superset of Cisco-specific TDP, and you can also use BGP with some extensions as well. As an MPLS control plane protocol, it is L3 based (runs over IP) and uses a specific set of TCP ports and protocols to communicate MPLS label information.

Looking also at the general steps involved in MPLS forwarding, MPLS supports various IGPs: EIGRP, IS-IS, OSPF on core facing and core links. RSVP and LDP are supported on core and/or core-facing links. MP-iBGP runs on edge routers.

The S bit (Bottom of Stack) bit which was mentioned earlier; is one of the real superpowers of MPLS is label stacking. This allows organizations to stack labels for QoS, security, traffic engineering, segmentation, etc.

One of the key drivers for MPLS is VPN: both Layer 3 and Layer 2 VPNs. The connection to the MPLS network is handled by the PE-CE link; this is the connection between the PE (for ingress/egress) and the CE. Once the traffic enters the MPLS network, then all the advantages of MPLS (via labels and label stacking) become available.

Options for MPLS VPNs include:

  • Layer 2 VPNs (point-to-point and multi-point): Routing is always CE-CE; no SP involvement
  • Layer 3 VPNs

Focusing a bit more on L3 VPNs. In this case, the CE has a peering link with the PE and there is IP routing/forwarding across the PE-CE link. In this case, the MPLS VPN is part of the customer’s IP routing domain. MPLS VPNs enable full-mesh, hub-and-spoke, and hybrid connectivity among connected CE sites.

Components of an L3 MPLS VPN:

  • PE-CE link
  • MPLS L3 VPN control plane
  • MPLS L3 VPN forwarding plane

VRFs (Virtual Routing and Forwarding instances) are created for each customer VPN on the PE router. Each VRF is associated with one or more customer interfaces, has its own routing table (RIB) and forwarding table (CEF) and has its own instance for PE-CE configured routing protocols.

MP-iBGP is Multi-Protocol BGP extensions; this is for supporting non-IP protocols over BGP. Typically BGP RR (Route Reflector) to improve scalability.

MPLS uses a Route Distinguisher (RD) along with a VPNv4 address to help ensure that all customer routes are unique across the MPLS network.

Guide to Rural Scottish Broadband Rollout

The availability of easily affordable high speed broadband in Scotland has become widespread in recent years, much as it has across the rest of the UK. However, with around 99 per cent of Scotland’s population connected, it was discovered that there was a problem regarding the reach of broadband in Scotland.

Scotland’s broadband reach problem means that for the one per cent of people without a broadband connection in Scotland, there is difficulty accessing the internet as a result of the distance between their house and the nearest broadband-enabled telephone exchange.

Fairly recently, it seemed this remaining one per cent of the Scottish population had no realistic chance of connecting to broadband in the foreseeable future, but a government initiative has changed that dim outlook and the future of broadband in Scotland suddenly looks brighter.

We’ve tried to explain just what’s happening regarding the roll-out of broadband services to rural Scotland and answer any questions you may have regarding the Scottish Broadband Reach Project.

What is the Scottish broadband reach problem?

A reach problem or reach issue occurs when a house, office or business premises is situated too far away from the nearest broadband or ADSL-enabled telephone exchange. Over long distances the telephone signal has degraded so much that it reaches a level where it cannot provide a broadband service.

The length of the line is the major factor in this problem. So numerous hills or valleys, or even the presence of water, can increase the distance the cable has to cover, and as such, lead to lack of broadband connection.

How far away is too far?

There is no hard and fast rule. But an estimated 5km radius (around 8km of line length) from the broadband-enabled telephone exchange could be enough to mean that your house or business cannot receive broadband.

Solving the reach problem for broadband in Scotland

The Scottish Government started an initiative called the Broadband Reach Programme. This saw the award of a grant to a company called Avanti Communications to bring broadband to the areas of Scotland currently unable to gain access to a broadband connection.

Bringing broadband to everyone

In October 2007, the Scottish Government asked any homes and business unable to get broadband in Scotland to register with them. The government began to compile a list of all the Scottish broadband black spots so that it could start addressing the problems of reach and make broadband in Scotland available to everyone.

By June 2008, the Scottish government signed a £3.3m contract to deliver an affordable broadband service to all the households and business that had registered to say they could not get broadband services in Scotland.

A company called Avanti Communications won the contract to help provide people who are currently without any broadband access in Scotland, with affordable broadband connections.

Stuck in the middle?

There is a far greater problem than this however for an even larger percentage of Scottish businesses than the 1% who cannot access the Internet at all . An estimated 10% of Scottish businesses most of whom rely on their connection to the internet just to do business are stuck in the middle? These businesses fall within an area where they do have access to ADSL connectivity and are thus ineligible to benefit from the Scottish Governments scheme, but can achieve connection speeds of 1.5Mbps or less.

For these businesses, the picture is far bleaker. Their options are usually to either:

  1. Pay for a leased line which can result in prohibitive costs of 10-20 thousand pounds per year.
  2. Sign up to more than one DSL connection and connect these to a load sharing router which offers a limited answer to the problem.
  3. Sign up to a broadband bonding service where their multiple DSL connections are diverted away from their local exchange and passed to a remote service location where the traffic is modified to include control information which creates the illusion that the site has one single faster connection.
  4. ………………………….. or ………………………

  5. Grin and bear it. Struggle on with a sub par connection which impedes the ability of their business to make use of the Internet and downright prevents them from being able to do certain things which other businesses take for granted such as video or voice services.

Traditionally this was the stark choice faced by businesses caught in the middle. That is however, until now.

At Rustyice Solutions we have entered into a close relationship with Mushroom Networks Inc of San Diego, California to bring their innovative and award winning products to the UK.

Already, we are providing businesses throughout the UK the cost effective solution to this problem with a range of products designed to provide a truly high speed broadband experience. Our solutions provide speeds up to 50Mbps in locations where this type of connection would typically cost ten times more every year than the one off cost of the Mushroom Networks equipment.

So, if you are left in the doldrums and part of this “squeezed middle” congratulations! You have just found the answer. Give us a call today and one of our technical representatives will call you back at a time of your convenience for a no obligation chat. We look forward to hearing from you.

Alternatives to WAN performance optimisation

Here are some alternatives to WAN performance optimisation that should always be considered:

  • Application redesign or reselection: In some cases, it’s better to replace a few poorly-designed applications instead of trying to alter the WAN characteristics. Backup and file transfer or distribution applications that don’t remove long duplicate data strings (“deduplication”) or that handle transmission errors or congestion inefficiently are prime examples.
  • Application remoting: Often called “terminal server” or “Citrix,” this solution is best for applications that are tightly-intertwined with some remote service; for example, an application in a remote office that makes frequent calls on a database in the enterprise’s central server location. Application remoting can also save money on licensing fees and has other advantages. Application Remoting data flows will probably require network QoS.
  • System tuning: In some cases (e.g., inability to use all of the bandwidth in a high-latency path), simply tuning existing software or upgrading to more recent version (e.g., shifting to Microsoft Windows Vista from Windows/XP) can produce massive results at minimal cost.
  • WAN service modification: For some situations, the need for more bandwidth or better network delay or error characteristics is unavoidable or is the most cost-effective solution. In some cases, technology changes (e.g., to satellite from terrestrial links) are also involved. Renegotiation of carrier contracts and changing carriers are also options.

Nine Tips and Technologies for Network WAN Optimisation

Although there is no way to actually make your true WAN speed faster, here are some tips for  corporate IT professionals that can make better use of the bandwidth you already have, thus providing the illusion of a faster pipe.

1) Caching — How  does it work and is it a good idea?

Caching servers have built-in intelligence to store the most recently and most frequently requested information, thus preventing future requests from traversing a WAN/Internet link unnecessarily.

Caching servers keep a time stamp of their last update to data. If the page time stamp has not changed since the last time a user has accessed the page, the caching server will present a local stored copy of the Web page, saving the time it would take to load the page from across the Internet.

Caching on your WAN link in some instances can reduce traffic by 50 percent or more. For example, if your employees are making a run on the latest PDF explaining their benefits, without caching each access would traverse the WAN link to a central server duplicating the data across the link many times over. With caching, they will receive a local copy from the caching server.

What is the downside of caching?

There are two main issues that can arise with caching:

a) Keeping the cache current –If you access a cache page that is not current you are at risk of getting old and incorrect information. Some things you may never want to be cached. For example, the results of a transactional database query. It’s not that these problems are insurmountable, but there is always the risk the data in cache will not be synchronized with changes. I personally have been misled by old data from my cache on several occasions.

b) Volume – There are some 300 million websites on the Internet. Each site contains upwards of several megabytes of public information. The amount of data is staggering and even the smartest caching scheme cannot account for the variation in usage patterns among users and the likelihood they will hit an uncached page.

We recommend Squid as a proxy solution however there are more elaborate and ultimately more capable solutions such as those at Ipanema Technologies.

2) Protocol Spoofing

Historically, there have been client server applications developed for an internal LAN. Many of these applications are considered chatty. For example, to complete a transaction between a client and server, tens of messages may be transmitted when perhaps one or two would suffice. Everything was fine until companies, for logistical and other reasons, extended their LANs across the globe using WAN links to tie different locations together.

To get a better visual on what goes on in a chatty application perhaps an analogy will help. It’s like  sending family members your summer vacation pictures, and, for some insane reason, putting each picture in a separate envelope and mailing them individually on the same mail run. Obviously, this would be extremely inefficient, just as chatty applications can be.

What protocol spoofing accomplishes is to “fake out” the client or server side of the transaction and then send a more compact version of the transaction over the Internet (i.e., put all the pictures in one envelope and send it on your behalf, thus saving you postage).

For more information, visit the Protocol Spoofing page at Ipanema Technologies.

3) Compression

At first glance, the term compression seems intuitively obvious. Most people have at one time or another extracted a compressed Windows ZIP file. If you examine the file sizes pre- and post-extraction, it reveals there is more data on the hard drive after the extraction. Well, WAN compression products use some of the same principles, only they compress the data on the WAN link and decompress it automatically once delivered, thus saving space on the link, making the network more efficient. Even though you likely understand compression on a Windows file conceptually, it would be wise to understand what is really going on under the hood during compression before making an investment to reduce network costs. Here are two questions to consider.

a) How Does it Work? — A good and easy way to visualize data compression is comparing it to the use of short hand when taking dictation. By using a single symbol for common words a scribe can take written dictation much faster than if he were to spell out each word. The basic principle behind compression techniques is to use shortcuts to represent common data.

Commercial compression algorithms, although similar in principle, can vary widely in practice. Each company offering a solution typically has its own trade secrets that they closely guard for a competitive advantage. However, there are a few general rules common to all strategies. One technique is to encode a repeated character within a data file. For a simple example, let’s suppose we were compressing this very document and as a format separator we had a row with a solid dash.

The data for this solid dash line is comprised of approximately 160 times the ASCII character “-?. When transporting the document across a WAN link without compression, this line of document would require 80 bytes of data, but with clever compression, we can encode this using a special notation “-? X 160.

The compression device at the front end would read the 160 character line and realize,”Duh, this is stupid. Why send the same character 160 times in a row?” So, it would incorporate a special code to depict the data more efficiently.

Perhaps that was obvious, but it is important know a little bit about compression techniques to understand the limits of their effectiveness. There are many types of data that cannot be efficiently compressed.

For example, many image and voice recordings are already optimized and there is very little improvement in data size that can be accomplished with compression techniques. The companies that sell compression based solutions should be able to provide you with profiles on what to expect based on the type of data sent on your WAN link.

b) What are the downsides? — Compression always requires equipment at both ends of the link and results can be sporadic depending on the traffic type.

If you’re looking for compression vendors, we recommend FatPipe, Juniper Networks or of course Ipanema Technologies.

4) Requesting Text Only from Browsers on Remote Links

Editors note: Although this may seem a bit archaic and backwoods, it can be effective in a pinch to keep a remote office up and running.

If you are stuck with a dial-up or slower WAN connection, have your users set their browsers to text-only mode. However, while this will speed up general browsing and e-mail, it will do nothing to speed up more bandwidth intensive activities like video conferencing. The reason why text only can be effective is that  most Web pages are loaded with graphics which take up the bulk of the load time. If you’re desperate, switching to text-only will eliminate the graphics and save you quite a bit of time.

5) Application Shaping on Your WAN Link

Editor’s Note: Application shaping is appropriate for corporate IT administrators and is generally not a practical solution for a home user. Makers of application shapers include Packeteer and Allot and are typically out of the price range for many smaller networks and home users.

One of the most popular and intuitive forms of optimizing bandwidth is a method called “application shaping,” with aliases of “traffic shaping,” “bandwidth control,” and perhaps a few others thrown in for good measure. For the IT manager that is held accountable for everything that can and will go wrong on a network, or the CIO that needs to manage network usage policies, this is a dream come true. If you can divvy up portions of your WAN/Internet link to various applications, then you can take control of your network and ensure that important traffic has sufficient bandwidth.

At the center of application shaping is the ability to identify traffic by type.  For example, identifying between Citrix traffic, streaming audio, Kazaa peer-to-peer, or something else. However, this approach is not without its drawbacks.

Here are a few common questions potential users of application shaping generally ask.

a) Can you control applications with just a firewall or do you need a special product? — Many applications are expected to use Internet ports when communicating across the Web. An Internet port is part of an Internet address, and many firewall products can easily identify ports and block or limit them. For example, the “FTP” application commonly used for downloading files uses the well known “port 21.”

The fallacy with this scheme, as many operators soon find out, is that there are many applications that do not consistently use a fixed port for communication. Many application writers have no desire to be easily classified. In fact, they don’t want IT personnel to block them at all, so they deliberately design applications to not conform to any formal port assignment scheme. For this reason, any product that aims to block or alter application flows by port should be avoided if your primary mission is to control applications by type.

b) So, if standard firewalls are inadequate at blocking applications by port, what can help?

As you are likely aware, all traffic on the Internet travels around in what is called an IP packet. An IP packet can very simply be thought of as a string of characters moving from Computer A to Computer B. The string of characters is called the “payload,” much like the freight inside a shipping container. On the outside of this payload, or data, is the address where it is being sent. These two elements, the address and the payload, comprise the complete IP packet.

In the case of different applications on the Internet, we would expect to see different kinds of payloads. For example, let’s take the example of a skyscraper being transported from New York to Los Angeles. How could this be done using a freight train? Common sense suggests that one would disassemble the office tower, stuff it into as many freight cars as it takes to transport it, and then when the train arrived in Los Angeles hopefully the workers on the other end would have the instructions on how to reassemble the tower.

Well, this analogy works with almost anything that is sent across the Internet, only the payload is some form of data, not a physical hunk of bricks, metal and wires. If we were sending a Word document as an e-mail attachment, guess what, the contents of the document would be disassembled into a bunch of IP packets and sent to the receiving e-mail client where it would be re-assembled. If I looked at the payload of each Internet packet in transit, I could actually see snippets of the document in each packet and could quite easily read the words as they went by.

At the heart of all current application shaping products is special software that examines the content of Internet packets, and through various pattern matching techniques, determines what type of application a particular flow is. Once a flow is determined, then the application shaping tool can enforce the operators policies on that flow. Some examples of policy are:

  • Limit Citrix traffic to 100kbs
  • Reserve 500kbs for Shoretel voice traffic

The list of rules you can apply to traffic types and flow is unlimited. However, there is a  downside to application shaping of which you should be aware. Here are a few:

  • The number of applications on the Internet is a moving target. The best application shaping tools do a very good job of identifying several thousand of them, and yet there will always be some traffic that is unknown (estimated at 10 percent by experts from the leading manufacturers). The unknown traffic is lumped into the unknown classification and an operator must make a blanket decision on how to shape this class. Is it important? Is it not? Suppose the important traffic was streaming audio for a Web cast and is not classified. Well, you get the picture. Although theory behind application shaping by type is a noble one, the cost for a company to stay up to date is large and there are cracks.
  • Even if the application spectrum could be completely classified, the spectrum of applications constantly changes. You must keep licenses current to ensure you have the latest in detection capabilities. And even then it can be quite a task to constantly analyze and change the mix of policies on your network. As bandwidth costs lessen, how much human time should be spent divvying up and creating ever more complex policies to optimize your WAN traffic?

6) Test Your WAN-Link Speed

A common issues with slow WAN link service is that your provider is not giving you what they have advertised.

7) Make Sure There Is No Interference on Your Wireless Point-to-Point WAN Link

If the signal between locations served by a point to point link are weak, the wireless equipment will automatically downgrade its service to a slower speed. We have seen this many times where a customer believes they have perhaps a 40-megabit backhaul link and perhaps are only realizing five megabits.

As we have stated above, Ipanema Technologies represents what is in our opinion the best all round solution for these types of situation. With bandwidth costs  consuming a major slice of the network related opex of any distributed organisation it becomes ever more obvious that the right solution is to keep these costs to a minimum whilst ensuring the experience for the end user is as good as it should be. Call us at Rustyice Solutions to discuss WAN optimisation and how it can help to make and save you money.