Technicoloured MPLS

MPLS networks are ideal for converged network services, offering different classes of service over a network hosted IP VPN. But the technology has limitations when it comes to true traffic management, explains Antoine Guy, marketing director, EMEA, Allot Communications.

MPLS (Multi Protocol Label Switching) as a transport technology has revolutionized the way IP is conveyed by ATM and Frame Relay networks. This is particularly true for enterprises migrating to IP-based virtual private network (VPN) and WAN services to converge voice, data, and video over a single infrastructure.

Without MPLS, an IP VPN uses the internet backbone and requires customer premises equipment (CPE), such as a VPN gateway and router, located at each site to ensure that traffic is tunneled.

However, placing this equipment at each location can be expensive, unmanageable and unscalable plus it requires the business to rely upon the public superhighway for connectivity.

In contrast, MPLS can offer a dedicated IP VPN which can be purchased as a service from a carrier or ISP.

It eliminates the need for CPE as this function is carried out by the carrier's MPLS routers and, unlike frame relay, traffic can be fast routed along preset MPLS LSPs (Label Switched Path).

In addition, MPLS takes advantage of a mesh topology as opposed to the hub and spoke configuration of a traditional network.

Aside from its physical characteristics, the main advantages to MPLS are its ability to provide some traffic management and quality of service (QoS). MPLS operators generally offer between three and eight hues of service, enabling the enterprise to group key applications into bands of high, medium and low delivery classes.

The primary method of delivering QoS from provider edge (PE) router to PE router is across the carrier's MPLS WAN backbone.

The first LER (Labeled Edge Router) interprets type-of-service (ToS) priority markings in the first three bits of the 8-bit Differentiated Services Code Point (DSCP) in an IP packet and maps these markings into the 3-bit experimental (EXP) field in MPLS's so-called shim header.

Marking directs high-priority traffic classes into separate, high-priority forwarding queues. In order for this communication to take place between enterprise LAN and carrier MPLS-enabled backbone, the enterprise access router must mark its outgoing packets accordingly.

Yet while MPLS offers significant advantages over the 'dumb pipe' approach of IP, and over ATM or frame relay, it still falls short of achieving real 'network intelligence'.

This is the ability of the network to differentiate between traffic flows intelligently and to determine which applications need prioritization or demotion, routing them as effectively as possible, plus the ability to update and respond to changing application or users demands.

Primarily, MPLS lacks the ability to adequately map applications into the MPLS service levels. The number of business applications that need to be prioritized could easily exceed the number of MPLS service classes.

Indeed, on a converged network there is often the need to map perhaps tens or hundreds of applications into just a few service classes.

For this reason, a dedicated traffic management device capable of performing deep packet inspection (DPI) at the layer seven network level is virtually a prerequisite.

Located at the access point to the MPLS network, it can identify the application and map it not only to the classes of traffic already prescribed by the operator but even shape and prioritize it into sub-classes specified by the IT manager.

From its position in the network, the traffic manager assigns each packet a Type of Service (ToS) marking, which is readable by the service provider's MPLS-capable LER router.

The ToS marking assignment uses the enterprise-defined traffic policies, based on classification criterias such as source and destination addresses, protocols, application data, VLAN ID, server names, file extensions, and time of day.

The service provider's PE router reads the ToS marking and maps it into MPLS's EXP field, where it is forwarded, interpreted, and enforced, hop by hop, across the MPLS backbone.

Should congestion occur at any hop, the enterprise customer's priorities for traffic treatment are known by that router (LSR) and can be enforced.

If you have bought a premium MPLS service class for voice traffic, for example, your service provider will recognise voice packets as premium traffic because of their ToS marking as mapped into the EXP bit and route them into the top-priority real-time LSP.

Other limitations include the end-point tagging, which can be imprecise. The router may permit a fake HTTP port to operate on a high priority setting when it should have demoted or declined it, for example. What is needed is the ability to verify this tagging.

Performing marking using a system situated in the network not only removes this function from the terminus but also offloads the CPE router; a major advantage, particularly in traffic-heavy data centre locations where many organizations prefer using the full power of their routers for routing packets and the full performance of a traffic-management appliance for QoS and DPI analysis.

One of the main advantages of MPLS can also be its undoing. The mesh topology allows traffic to travel along numerous paths, making it difficult to monitor traffic activity using a centralised network device. Without this visibility, monitoring the level of service the network is delivering to each application and correcting it becomes problematic.

To fully gain the benefit of MPLS, it needs to be combined with other tools capable of performing both application-specific QoS and reporting. The service operator has several options here.

It is, for instance, possible to use CPE routers to control bandwidth and carry out reporting. These can collect usage data based on class of service and silo this for later analysis. Yet this type of reporting prevents responsive network management and the router is unable to allocate bandwidth per application or perform static traffic shaping.

Unlike routers, DPI traffic management appliances are designed to specifically identify traffic and dynamically allocate bandwidth according to the needs of the enterprise, the capacity available and the levels of service offered by the MPLS network.

In effect, it can expand the enterprise's end-to-end policy options from just a few classes of service offered by the carrier to the ability to specify exact bandwidth allocation, priority, admission control, and number of concurrent connections for each traffic flows.

This creates a bespoke network for the organization. Plus, if combined with a centralized traffic management platform, it is possible to monitor all activity on the network and carry out detailed reporting.

A centralized traffic and policy management console does this by collating information from all of the DPI traffic management devices in the network both instantly, for troubleshooting, and over time, to ensure bandwidth is being used effectively.

It's only by combining an MPLS service with a DPI enabled traffic management device that service providers will be able to offer enterprises the spectrum required for managing their converged networks.

Lumping VoIP into a high class of service, for instance, will not ensure its priority over other high bandwidth services nor can its delivery be monitored without the granularity of a traffic management system.

In effect, MPLS without traffic management is like offering a limited pallet of colours when what you could have is the full kaleidoscope.