THUT NG VIT TT

Thut ng

Ting Anh

Ting Vit

A
AS Autonomous System H t tr B nh tuyn bin trong h t tr Ch truyn dn khng ng b

ASBR

Autonomous System Boundary Router

ATM

Asynchronous Transfer Mode

B
BGP Border Gateway Protocol Giao thc cng ng bin

C
CAC CoS Connection Admission Control Class of Service iu khin chp nhn kt ni Lp dch v Thit b khch hng u tin Khi x l trung tm

CPE CPU

Customer Premise Equipment Central Processing Unit

D
DDoS Distributed Denial Of Service Tn cng t chi dch v Tiu chun m ha d liu Cc dch v c phn bit Nhn dng kt ni lin

DES

Data Encryption Standard

DiffServ DLCI

Differentiated Service Data Link Connection Identifer

kt d liu DSL Digital Subscriber Line ng dy thu bao s

E
EGP External Gateway Protocol Giao thc cng ngoi

F
FEC FR Fowarding Equivalent Class Frame Relay Lp chuyn tip tng ng Chuyn tip khung

G
GRE Generic Routing Encapsulation Gi nh tuyn chung

I
ICMP Internet Control Message Protocol Giao thc bn tin iu khin Internet Nhm tc v k thut Internet Giao thc cng trong Cc dch v c tch hp Giao thc Internet Giao thc bo mt giao thc Internet Tng i gi lin mng Mng s dch v tch hp H thng trung gian n h thng trung gian Nh cung cp dch v

IETF IGP

Internet Engineering Task Force Interior Gateway Protocol

IntServ IP

Integrated Service Internet Protocol

IPSec IPX ISDN

IP security Internetwork Packet Exchange Intergrated Services Digital Network Intermediate System to Intermedia System Internet Service Provider

IS-IS ISP

L
L2TP LAN LDP Layer 2 Tunneling Protocol Local Area Network Label Distribution Protocol Giao thc ng hm lp 2 Mng cc b Giao thc phn b nhn C s thng tin chuyn tip nhn ng dn chuyn mch nhn B nh tuyn chuyn mch nhn

LFIB

Label Forwarding Information Base

LSP

Label Switched Path

LSR

Label Switch Router

M
MP-iBGP Multi-protocol- iBGP a giao thc iBGP Chuyn mch nhn a giao thc n v truyn dn ti a

MPLS MTU

Multiprotocol Label Switching Maximum Transmission Unit

O
OSPF Open Shortest Path First Giao thc ng i ngn nht u tin

P
PBX POP Private Branch Exchange Present of Point Tng i nhnh ring im hin din Giao thc ng hm im ti im

PPTP

Point-to-Point Tunneling Protocol

Q
QoS Quality of Service Cht lng dch v

R
RD RFC Route Distinguisher Request For Comment Tham s phn bit tuyn Yu cu kin Giao thc dnh trc ti nguyn

RSVP

Resource Resevation Protocol

T
TCP TDP TE TTL Transission Control Protocol Tag Distribution Protocol Traffic Engineering Time To Live Giao thc iu khin truyn dn Giao thc phn phi th K thut lu lng Thi gian sng

V
VCI Virtual Circuit Identifier Nhn dng knh o Tng cng ty BCVT Vit Nam Nhn dng ng o Mng ring o nh tuyn chuyn tip o

VNPT VPI VPN

Vietnam Post & Telecommunications Virtual Path Identifier Virtual Private Network

VRF

Virtual Routing Forwarding

W
WAN Wide Area Network Mng din rng

CNG NGH MPLS-VPN

1.1 Gii thiu chung v VPN
1.1.1 Khi nim VPN

Mng ring o VPN c nh ngha l mt kt ni mng trin khai trn c s h tng mng cng cng (nh mng Internet) vi cc chnh sch qun l v bo mt ging nh mng cc b.

Mng ring (LAN) ng hm

Mng ring (LAN)

Router Router

Router

Internet

Router

Router Router

Hnh 1.1 M hnh VPN Cc thut ng dng trong VPN nh sau: Virtual- ngha l kt ni l ng, khng c gn cng v tn ti nh mt kt ni khi lu lng mng chuyn qua. Kt ni ny c th thay i v thch ng vi nhiu mi trng khc nhau v c kh nng chu ng nhng khuyt im ca mng Internet. Khi c yu cu kt ni th n c thit lp v duy tr bt chp c s h tng mng gia nhng im u cui. Private- ngha l d liu truyn lun lun c gi b mt v ch c th b truy cp bi nhng ngui s dng c trao quyn. iu ny rt quan trng bi v giao

thc Internet ban u TCP/IP- khng c thit k cung cp cc mc bo mt. Do , bo mt s c cung cp bng cch thm phn mm hay phn cng VPN. Network- l thc th h tng mng gia nhng ngi s dng u cui, nhng trm hay nhng node mang d liu. S dng tnh ring t, cng cng, dy dn, v tuyn, Internet hay bt kz ti nguyn mng dnh ring khc sn c to nn mng. Khi nim mng ring o VPN khng phi l khi nim mi, chng tng c s dng trong cc mng in thoi trc y nhng do mt s hn ch m cng ngh VPN cha c c sc mnh v kh nng cnh tranh ln. Trong thi gian gn y, do s pht trin ca mng thng minh, c s h tng mng IP lm cho VPN thc s c tnh mi m. VPN cho php thit lp cc kt ni ring vi nhng ngi dng xa, cc vn phng chi nhnh ca cng ty v i tc ca cng ty ang s dng chung mt mng cng cng.
1.1.2 Chc nng v u im ca VPN 1.1.2.1 Chc nng

VPN cung cp ba chc nng chnh l: tnh xc thc (Authentication), tnh ton vn (Integrity) v tnh bo mt (Confidentiality). Tnh xc thc : thit lp mt kt ni VPN th trc ht c hai pha phi xc thc ln nhau khng nh rng mnh ang trao i thng tin vi ngi mnh mong mun ch khng phi l mt ngi khc. Tnh ton vn : m bo d liu khng b thay i hay m bo khng c bt kz s xo trn no trong qu trnh truyn dn. Tnh bo mt : Ngi gi c th m ho cc gi d liu trc khi truyn qua mng cng cng v d liu s c gii m pha thu. Bng cch lm nh vy, khng mt ai c th truy nhp thng tin m khng c php. Thm ch nu c ly c th cng khng c c.

1.1.2.2 u im

VPN mang li li ch thc s v tc thi cho cc cng ty. C th dng VPN khng ch n gin ho vic thng tin gia cc nhn vin lm vic xa, ngi dng lu ng, m rng Intranet n tng vn phng, chi nhnh, thm ch trin khai Extranet n tn khch hng v cc i tc ch cht m cn lm gim chi ph cho cng vic trn thp hn nhiu so vi vic mua thit b v ng dy cho mng WAN ring. Nhng li ch ny d trc tip hay gin tip u bao gm: Tit kim chi ph (cost saving), tnh mm do (flexibility), kh nng m rng (scalability) v mt s u im khc. Tit kim chi ph Vic s dng mt VPN s gip cc cng ty gim c chi ph u t v chi ph thng xuyn. Tng gi thnh ca vic s hu mt mng VPN s c thu nh, do ch phi tr t hn cho vic thu bng thng ng truyn, cc thit b mng ng trc v duy tr hot ng ca h thng. Gi thnh cho vic kt ni LAN-to-LAN gim t 20% ti 30% so vi vic s dng ng thu ring truyn thng. Cn i vi vic truy cp t xa gim t 60% ti 80%. Tnh linh hot Tnh linh hot y khng ch l linh hot trong qu trnh vn hnh v khai thc m n cn thc s mm do i vi yu cu s dng. Khch hng c th s dng kt ni T1, T3 gia cc vn phng v nhiu kiu kt ni khc cng c th c s dng kt ni cc vn phng nh, cc i tng di ng. Nh cung cp dch v VPN c th cung cp nhiu la chn cho khch hng, c th l kt ni modem 56 kbit/s, ISDN 128 kbit/s, xDSL, T1, T3 Kh nng m rng Do VPN c xy dng da trn c s h tng mng cng cng (Internet), bt c ni no c mng cng cng l u c th trin khai VPN. M mng cng cng c mt khp

mi ni nn kh nng m rng ca VPN l rt linh ng. Mt c quan xa c th kt ni mt cch d dng n mng ca cng ty bng cch s dng ng dy in thoi hay DSLV mng VPN d dng g b khi c nhu cu. Kh nng m rng bng thng l khi mt vn phng, chi nhnh yu cu bng thng ln hn th n c th c nng cp d dng. Gim thiu cc h tr k thut Vic chun ho trn mt kiu kt ni t i tng di ng n mt POP ca ISP v vic chun ho cc yu cu v bo mt lm gim thiu nhu cu v ngun h tr k thut cho mng VPN. V ngy nay, khi m cc nh cung cp dch v m nhim cc nhim v h tr mng nhiu hn th nhng yu cu h tr k thut i vi ngi s dng ngy cng gim. Gim thiu cc yu cu v thit b Bng vic cung cp mt gii php n cho cc x nghip truy cp bng quay s truy cp Internet, VPN yu cu v thit b t hn, n gin hn nhiu so vi vic bo tr cc modem ring bit, cc card tng thch (adapter) cho cc thit b u cui v cc my ch truy cp t xa. Mt doanh nghip c th thit lp cc thit b khch hng cho mt mi trng n, nh mi trng T1, vi phn cn li ca kt ni c thc hin bi ISP. B phn T1 c th lm vic thit lp kt ni WAN v duy tr bng cch thay i di modem v cc mch nhn ca Frame Relay bng mt kt ni din rng n c th p ng nhu cu lu lng ca cc ngi dng t xa, kt ni LAN-LAN v lu lng Internet cng mt lc. p ng cc nhu cu thng mi Cc sn phm dch v VPN tun theo chun chung hin nay, mt phn m bo kh nng lm vic ca sn phm nhng c l quan trng hn l sn phm ca nhiu nh cung cp khc nhau c th lm vic vi nhau.

i vi cc thit b v Cng ngh Vin thng mi th vn cn quan tm l chun ho, kh nng qun tr, kh nng m rng, kh nng tch hp mng, tnh k tha, tin cy v hiu sut hot ng, c bit l kh nng thng mi ca sn phm.
1.1.3 Phn loi VPN

Mc tiu t ra i vi cng ngh mng VPN l tho mn ba yu cu c bn sau: Ti mi thi im, cc nhn vin ca cng ty c th truy nhp t xa hoc di ng vo mng ni b ca cng ty. Ni lin cc chi nhnh, vn phng di ng. Kh nng iu khin c quyn truy nhp ca khch hng, cc nh cung cp dch v hoc cc i tng bn ngoi khc. Da vo nhng yu cu c bn trn, mng ring o VPN c phn lm ba loi: Mng VPN truy nhp t xa (Remote Access VPN) Mng VPN cc b (Intranet VPN) Mng VPN m rng (Extranet VPN)
1.1.3.1 Mng VPN truy nhp t xa

Cc VPN truy nhp t xa cung cp kh nng truy nhp t xa. Ti mi thi im, cc nhn vin, chi nhnh vn phng di ng c kh nng trao i, truy nhp vo mng ca cng ty. Kiu VPN truy nhp t xa l kiu VPN in hnh nht. Bi v, nhng VPN ny c th thit lp bt k thi im no, t bt c ni no c mng Internet. VPN truy nhp t xa m rng mng cng ty ti nhng ngi s dng thng qua c s h tng chia s chung, trong khi nhng chnh sch mng cng ty vn duy tr. Chng c th dng cung cp truy nhp an ton t nhng thit b di ng, nhng ngi s dng di ng, nhng chi nhnh v nhng bn hng ca cng ty. Nhng kiu VPN ny c thc hin thng qua c s h tng cng cng bng cch s dng cng ngh ISDN, quay s, IP

di ng, DSL v cng ngh cp, v thng yu cu mt vi kiu phn mm client chy trn my tnh ca ngi s dng.

DSL cable

POP

or

Internet
Router POP

or

Mobile Extranet

kh chhngti cngty
Hnh 1.2 M hnh mng VPN truy nhp t xa Cc u im ca mng VPN truy nhp t xa so vi cc phng php truy nhp t xa truyn thng nh: Mng VPN truy nhp t xa khng cn s h tr ca nhn vin mng bi v

qu trnh kt ni t xa c cc ISP thc hin. Gim c cc chi ph cho kt ni t khong cch xa bi v cc kt ni

khong cch xa c thay th bi cc kt ni cc b thng qua mng Internet. Cung cp dch v kt ni gi r cho nhng ngi s dng xa. Bi v cc kt ni truy nhp l ni b nn cc Modem kt ni hot ng

tc cao hn so vi cc truy nhp khong cch xa. VPN cung cp kh nng truy nhp tt hn n cc site ca cng ty bi v

chng h tr mc thp nht ca dch v kt ni. Mc d c nhiu u im nhng mng VPN truy nhp t xa vn cn nhng nhc im c hu i cng nh: Mng VPN truy nhp t xa khng h tr cc dch v m bo QoS.

Nguy c b mt d liu cao. Hn na, nguy c cc gi c th b phn pht

khng n ni hoc mt gi. ng k.

1.1.3.2 Mng VPN cc b

Bi v thut ton m ho phc tp, nn tiu giao thc tng mt cch

Cc VPN cc b c s dng bo mt cc kt ni gia cc a im khc nhau ca mt cng ty. Mng VPN lin kt tr s chnh, cc vn phng, chi nhnh trn mt c s h tng chung s dng cc kt ni lun c m ho bo mt. iu ny cho php tt c cc a im c th truy nhp an ton cc ngun d liu c php trong ton b mng ca cng ty. Nhng VPN ny vn cung cp nhng c tnh ca mng WAN nh kh nng m rng, tnh tin cy v h tr cho nhiu kiu giao thc khc nhau vi chi ph thp nhng vn m bo tnh mm do. Kiu VPN ny thng c cu hnh nh l mt VPN Site- toSite.

Remote site
POP

Central site

Internet
Router

or

PIX Firewall Vn phng trung tm

v n ph ng xa

Hnh 1.3 M hnh mng VPN cc b Nhng u im chnh ca mng cc b da trn gii php VPN bao gm: Cc mng li cc b hay ton b c th c thit lp (vi iu kin mng thng qua mt hay nhiu nh cung cp dch v).

 Gim c s nhn vin k thut h tr trn mng i vi nhng ni xa. Bi v nhng kt ni trung gian c thc hin thng qua mng Internet, nn n c th d dng thit lp thm mt lin kt ngang cp mi. Tit kim chi ph thu c t nhng li ch t c bng cch s dng ng ngm VPN thng qua Internet kt hp vi cng ngh chuyn mch tc cao. V d nh cng ngh Frame Relay, ATM. Tuy nhin mng cc b da trn gii php VPN cng c nhng nhc im i cng nh: Bi v d liu c truyn ngm qua mng cng cng mng Internet cho nn vn cn nhng mi e da v mc bo mt d liu v mc cht lng dch v (QoS). Kh nng cc gi d liu b mt trong khi truyn dn vn cn kh cao. Trng hp truyn dn khi lng ln d liu, nh l a phng tin, vi yu cu truyn dn tc cao v m bo thi gian thc l thch thc ln trong mi trng Internet.
1.1.3.3 Mng VPN m rng

Khng ging nh mng VPN cc b v mng VPN truy nhp t xa, mng VPN m rng khng b c lp vi th gii bn ngoi. Thc t mng VPN m rng cung cp kh nng iu khin truy nhp ti nhng ngun ti nguyn mng cn thit m rng nhng i tng kinh doanh nh l cc i tc, khch hng, v cc nh cung cp

Remote site
DSL
DSL cable

Central site

POP

Internet
Router

or

PIX Firewall
Extranet

Vn phng Intranet xa

Business-to-business

Vn phng trung tm

Hnh 1.4 M hnh mng VPN m rng Cc VPN m rng cung cp mt ng hm bo mt gia cc khch hng, cc nh cung cp v cc i tc qua mt c s h tng cng cng. Kiu VPN ny s dng cc kt ni lun lun c bo mt v c cu hnh nh mt VPN SitetoSite. S khc nhau gia mt VPN cc b v mt VPN m rng l s truy cp mng c cng nhn mt trong hai u cui ca VPN. Nhng u im chnh ca mng VPN m rng: Chi ph cho mng VPN m rng thp hn rt nhiu so vi mng truyn thng. D dng thit lp, bo tr v d dng thay i i vi mng ang hot ng. V mng VPN m rng c xy dng da trn mng Internet nn c nhiu c hi trong vic cung cp dch v v chn la gii php ph hp vi cc nhu cu ca mi cng ty hn. Bi v cc kt ni Internet c nh cung cp dch v Internet bo tr, nn gim c s lng nhn vin k thut h tr mng, do vy gim c chi ph vn hnh ca ton mng. Bn cnh nhng u im trn gii php mng VPN m rng cng cn nhng nhc im i cng nh:

Kh nng bo mt thng tin, mt d liu trong khi truyn qua mng cng

cng vn tn ti. Truyn dn khi lng ln d liu, nh l a phng tin, vi yu cu

truyn dn tc cao v m bo thi gian thc, l thch thc ln trong mi trng Internet. Lm tng kh nng ri ro i vi cc mng cc b ca cng ty.

1.1.3.4 Ti sao s dng cng ngh MPLS- VPN?

Xu hng ton cu ha buc cc doanh nghip, cc t chc ngy cng phi hiu qu ha h thng thng tin ca chnh mnh. Cc Cng ty ln, cc tp on xuyn quc gia hin nay thng c h thng tr s, chi nhnh ri rng trn khp th gii. Mt s ngnh c th nh vin thng, ngn hng, ti chnhnhu cu kt ni, giao dch thng tin gia cc chi nhnh, gia Cng ty v cc i tc l rt ln. Do vic phi s dng mt mng kt ni - trao i thng tin ring (WAN) trong ni b Cng ty c nhiu chi nhnh l v cng quan trng. Vic kt ni cc Cng ty, t chc vi nhau bng phng thc bo mt, tin cy cng c ngha quan trng v cc thng tin trao i c nhiu thng tin nhy cm nh chin lc kinh doanh, k hoch ti chnh, m bo cc thng tin truyn i gia cc khu vc a l khc nhau c bo mt, iu kin tin quyt cn phi c mng ng trc p ng c cc yu cu v bo mt, v d liu khi c lu chuyn trn mng din rng d b l nht. Do vic xy dng mng ng trc c n nh v an ton cao lun l yu t quan trng vi cc nh cung cp dch v Internet. Vi cc cng ngh mng trc y nh Leased Line hoc Frame Relay hoc VPN, kt ni gia cc chi nhnh vi Vn phng, doanh nghip s phi u t chi ph rt ln v c thit b mng cng nh chi ph s dng. Tuy nhin, do hn ch v cng ngh, cng ngh mng truyn thng ny rt phc tp, kh qun tr, v kh nng m rng mng kh khn.

Gii php MPLS-VPN c ng dng trin khai vi mc tiu to ra mt gii php mng an ton bo mt ti u, tr thp, v tch hp vi mi ng dng d liu nh Data, Voice, Video

Hnh 1.5 M hnh cung cp dch v VPN trn nn MPLS Khc vi cc cng ngh VPN trn Internet (PPTP, L2TP, VPN IPsec), c ch ng hm c thit lp hon ton trong MPLS core ca nh cung cp dch v. Mi kt ni VPN s thit lp mt ng hm ring bit bng c ch gn nhn v chuyn tip gi IP. Mi kt ni VPN ch nhn mt gi tr nhn duy nht do thit b nh tuyn MPLS trong mng cung cp, do vy, mi ng hm trong MPLS core l ring bit hon ton. Vi kh nng che giu a ch mng li (MPLS core), mi tn cng mng (Hacker) nh DDoS, IP snoofing, Label snoofing... s c gim thiu ti a. Cc u im ni bt ca cng ngh MPLS-VPN trong mng ng trc: p ng m hnh im a im: Cho php kt ni mng ring vi ch 1

ng knh vt l duy nht. Bo mt an ton: Bo mt tuyt i trn mng MPLS core.

Kh nng m rng n gin: Mi cu hnh kt ni u thc hin ti mng

MPLS core, thnh vin mng khng cn bt k mt cu hnh no. Tc cao, a ng dng v cam kt QoS: MPLS-VPN cho php chuyn

ti d liu ln ti tc Gbps qua h thng truyn dn cp quang. Khng ch l Data, MPLS-VPN c th trin khai y cc ng dng v thi gian thc nh VoIP, Video Conferencing vi tr thp nht. Cung cp cc kh nng cam kt tc v bng thng ti thiu ( QoS). Cng ngh MPLS c th s dng kt hp vi nhiu cng ngh khc nh IP, ATM, tuy nhin ng dng ng ch { nht hin nay l s dng MPLS trong mng IP xy dng mng ring o phc v cho nhu cu kt ni ca cc t chc v doanh nghip. Vi kh nng qun l v m rng d dng v da trn c s hng tng Internet hin c, ng dng ny ang c pht trin rt mnh m ti nhiu khi ngnh: cc doanh nghip, cc t chc ti chnh, ngn hngc bit l cc t chc yu cu tin cy v bo mt d liu mc cao. y chnh l cc c s thc t n chn nghin cu gii php trin khai MPLS-VPN. 1.2 Gii thiu chung v MPLS Chuyn tip gi IP truyn thng phn tch a ch IP ch cha trong tiu ca lp mng mi gi. Mi b nh tuyn phn tch a ch ch c lp mi chng trong mng. Giao thc nh tuyn ng hay tnh khi xy dng c s d liu cn phi phn tch a ch IP ch to ra bng nh tuyn. Qu trnh ny gi l nh tuyn unicast tng chng da trn ch n ca cc gi tin. Vic nh tuyn bng cc giao thc phi kt ni p ng c nhu cu n gin ca khch hng. Khi mng Internet pht trin v m rng, lu lng Internet trn mng bng n, phng thc chuyn tip gi hin ti t ra khng hiu qu, mt tnh linh hot. Do cn mt k thut mi gn a ch v m rng cc chc nng ca cu trc mng da trn IP.

MPLS l kt qu ca qu trnh pht trin nhiu gii php chuyn mch IP vi nhng c gng kt hp cc u im ca c hai cng ngh IP v ATM.
1.2.1 M hnh nh tuyn lp mng

Trong mi trng phi kt ni truyn thng khng phi s dng cc bn tin bo hiu thit lp kt ni, phng thc chuyn tin l chuyn tng chng mt. Tt c cc gi tin c chuyn i da trn cc giao thc nh tuyn lp mng (nh giao thc tm ng ngn nht [OSPF] hay giao thc cng bin *BGP+), hay nh tuyn tnh. Cc router x l tt c cc gi tin nh nhau v c quyn hu b cc gi tin m khng cn bt k thng bo no cho c bn gi v bn nhn. Chnh v vy, IP ch cung cp cc dch v c bit vi n lc ti a ch khng thch hp cho cc dch v c yu cu nghim ngt v QoS. C ch phi kt ni gy kh khn trong vic iu khin lung v phn b lu lng mng lm tc nghn ti cc nt mng. Cc nh cung cp dch v Internet (ISP) x l bng cch tng dung lng cc kt ni v nng cp router nhng hin tng nghn mch vn xy ra. L do l cc giao thc nh tuyn Internet thng hng lu lng vo cng mt s cc kt ni nht nh dn ti cc kt ni ny b qu ti trong khi mt s khu vc khc ti nguyn khng c s dng. y l tnh trng phn b ti khng ng u v s dng lng ph ti nguyn mng. Tuy nhin, bn cnh hn ch nh vy, m hnh phi kt ni cng c nhng u im, l: kh nng nh tuyn gi tin mt cch c lp v c cu nh tuyn, chuyn tin n gin, hiu qu, nn m hnh phi kt ni rt ph hp vi cc lung c thi gian kt ni chm.
1.2.2 Cng ngh ATM v m hnh hng kt ni

ATM l cng ngh chuyn mch hng kt ni, tc l kt ni t im u n im cui phi c thit lp trc khi thng tin c gi i. Vic to kt ni mch o c th t hiu qu trong mng nh, nhng i vi mng ln th nhng vn c th xy ra: Mi khi mt router mi a vo mng li WAN th mch o phi c thit lp gia router ny vi cc router cn li m bo vic nh tuyn ti u. iu ny lm lu lng

nh tuyn trong mng tng. Thng thng vic thit lp kt ni ny c thc hin bi giao thc bo hiu. Giao thc ny cung cp cc thng tin trng thi lin quan n kt ni cho cc chuyn mch nm trn ng nh tuyn. Chc nng iu khin chp nhn kt ni CAC m bo rng cc ti nguyn lin quan n kt ni hin ti s khng c a vo s dng cho cc kt ni mi. iu ny buc mng phi duy tr trng thi ca tng kt ni (bao gm thng tin v s tn ti ca kt ni v ti nguyn m kt ni s dng) ti cc node c d liu i qua. Vic la chn tuyn c thc hin da trn cc yu cu v QoS i vi kt ni v da trn kh nng ca thut ton nh tuyn trong vic tnh ton cc tuyn c kh nng p ng cc yu cu QoS . Do kh nng nhn dng mng, kh nng c lp tng kt ni vi cc ti nguyn lin quan n kt ni trong sut thi gian tn ti ca kt ni m mi trng hng kt ni c th m bo cht lng cho tng lung thng tin. Mng s gim st tng kt ni, thc hin nh tuyn li trong trng hp c s c v vic thc hin nh tuyn li ny cng phi thng qua bo hiu. T c ch truyn tin ta thy mng hng kt ni thch hp vi cc ng dng yu cu phi m bo QoS mt cch nghim ngt v cc ng dng c thi gian kt ni ln. i vi cc ng dng c thi gian kt ni ngn th mi trng hng kt ni dng nh khng thch hp do thi gian thit lp kt ni cng nh t l phn thng tin header ln. Vi cc loi lu lng nh vy th mi trng phi kt ni vi phng thc nh tuyn n gin, trnh phi s dng cc giao thc bo hiu phc tp s ph hp hn. Nh vy cn c mt phng thc chuyn mch c th phi hp u im ca IP (nh c cu nh tuyn) v ca ATM (nh phng thc chuyn mch). thc s ph hp vi mng a dch v th c hai cng ngh ATM v IP u phi c nhng thay i, c th l a thm kh nng phi kt ni vo cng ngh ATM, v kh nng hng kt ni vo cng ngh IP.

1.3 Cc thnh phn v hot ng ca MPLS Phng php chuyn mch nhn gip cc b nh tuyn ra quyt nh theo ni dung nhn tt hn vic nh tuyn phc tp theo a ch IP ch. MPLS l mt cng ngh kt hp c im tt nht gia nh tuyn lp ba v chuyn mch lp hai cho php chuyn ti gi tin rt nhanh trong mng li (core) v nh tuyn tt mng bin (edge) bng cch da vo nhn. MPLS l mt phng php ci tin vic chuyn tip gi tin trn mng bng cc nhn c gn vi mi gi IP, t bo ATM, hoc frame lp hai. MPLS cho php cc ISP cung cp nhiu dch v khc nhau m khng cn phi b i nn tng c s h tng sn c. Cu trc MPLS c tnh mm do trong s phi hp vi cc cng ngh hin ang s dng. MPLS h tr mi giao thc lp 2 v trin khai hiu qu cc dch v IP trn mt mng chuyn mch IP. MPLS h tr vic to ra cc tuyn khc nhau gia ngun v ch trn mt ng trc Internet, bng vic tch hp MPLS vo kin trc mng. Cc ISP c th gim chi ph v tng li nhun, cung cp nhiu dch v khc nhau v t c hiu qu cnh tranh cao. c im ca mng s dng cng ngh MPLS l: MPLS ch nm trn cc b nh tuyn. Khng c thnh phn giao thc pha khch hng. MPLS l mt giao thc c lp c th hot ng cng vi cc giao thc khc IP, IPX, ATM, Frame Relay MPLS lm n gin ha qu trnh nh tuyn v lm tng tnh linh ng ca tng trung gian. im khc bit quan trng gia MPLS v k thut WAN truyn thng l cch gn nhn v kh nng gn mt chng nhn (stack of label) vo gi tin. Khi nim chng nhn m ra nhng ng dng mi, nh qun l{ lu lng, mng ring o.
1.3.1 Nhn

Nhn l mt thc th c di ngn v khng c cu trc bn trong. Nhn khng trc tip m ho thng tin ca mo u lp mng nh a ch lp mng. Nhn c gn vo

mt gi tin c th s i din cho FEC (Forwarding Equivalence Class- lp chuyn tip tng ng) m gi tin c n nh. Dng ca nhn ph thuc vo phng thc truyn gi tin ca lp 2. V d cc t bo ATM s dng gi tr VPI/VCI nh nhn, Frame Relay s dng DLCI lm nhn. i vi cc phng tin gc khng c cu trc nhn, mt trng m c chm thm vo s dng lm nhn. Khun dng trng m 4 byte c cu trc nh sau:
Label 20 3
EXP

TTL

Hnh 1.6 nh dng nhn ngha ca cc trng nh sau: Label: c di 20 bit, cha gi tr nhn MPLS. EXP: c di 3 bit, biu th nhm dch v, tc ng n thut ton xp hng i v loi b vi gi tin. S : c di 1 bit. MPLS cung cp kh nng s dng ngn xp nhn, c ngha l nhiu nhn c gn vo mt gi tin. Khi mt nhn cha bit S c gi tr 1 th n l nhn cui cng, nm y ca ngn xp nhn (tnh theo chiu t mo u lp 2 n mo u lp 3). Thao tc nh tuyn c thc hin da trn thng tin ca nhn nm trn nh ngn xp. TTL: c di 8 bit, c chc nng ging trng TTL trong mo u gi IP, n quyt nh s nt trn mng m gi tin c th i qua trc khi b loi b nhm trnh s quay vng ca gi tin trn mng. i vi cc khung PPP hay Ethernet gi tr nhn dng giao thc c chn thm vo u mo khung tng ng thng bo khung l MPLS unicast hay multicast.

Nhn c gn thm vo gi tin IP khi gi i vo mng MPLS. Nhn c tch ra khi gi ra khi mng MPLS. Nhn c chn vo gia tip u lp ba v tip u lp 2. S dng nhn trong qu trnh gi gi sau khi thit lp ng i. MPLS tp trung vo qu trnh hon i nhn. Mt trong nhng th mnh ca MPLS l t nh ngha chng nhn. Chuyn tip gi tin trong MPLS hon ton tng phn vi mi trng mng v hng ngy nay, ni m cc gi tin c phn tch theo tng chng (hop-by-hop), tip u lp 3 c kim tra, v mt quyt nh chuyn tip c lp c to ra da trn thng tin c trch ra t gii thut nh tuyn lp mng.
1.3.2 Mt phng d liu v iu khin IP

Trong mi trng mng IP, mt phng iu khin l tp hp phn mm v hoc phn cng trong cc b nh tuyn, v thng c dng iu khin cc hot ng ca mng nh nh tuyn, khi phc khi c li... Cng vic ca mt phng iu khin l cung cp cc dch v cho mt phng d liu. y l mt phng chu trch nhim truyn d liu qua b nh tuyn.
ROUTER
OSPF, IS-IS, BGP OSPF, IS-IS, BGP

Mt phng iu khin (Lp nh tuyn)

Bng nh tuyn

Gi d liu IP

Mt phng d liu (Lp chuyn tip)

Gi d liu IP

Hnh 1.7 Mt phng iu khin v mt phng d liu IP Trn cc giao thc Internet, cc mt phng iu khin chnh l cc giao thc nh tuyn (OSPF, IS-IS, BGP,...) cho php IP (trong mt phng d liu) c th c chuyn tip ng. Cc bn tin iu khin c thay i gia cc router thc hin mt lot cc cng vic khc nhau, bao gm: Trao i cc bn tin gia cc nt thit lp mt s nht tr v cc tham

s nh tuyn (bao gm c s ng v bo mt). Trao i cc bn tin mt cch tun hon bit chc l nt lng ging

ang hot ng hay khng. Trao i cc bn tin qung b a ch v nh tuyn xy dng cc bng

nh tuyn s dng cho mc ch chuyn tip IP. Trong hnh 1.7 mi tn ch t mt phng iu khin n bng nh tuyn c ngha rng con ng nh tuyn c tm ra bi cc giao thc nh tuyn c lu tr trong bng nh tuyn. Mi tn hai chiu gia bng nh tuyn v mt phng d liu c ngha IP qun l bng nh tuyn thc hin hot ng chuyn tip ca n.
1.3.3 Mt phng iu khin v mt phng d liu MPLS

Cu trc c chia ra thnh hai thnh phn ring bit: thnh phn chuyn tip forwarding (hay cn gi l mt phng d liu - data plane), v thnh phn iu khin control (hay cn gi l mt phng iu khin - control plane). Thnh phn chuyn tip s dng c s d liu chuyn tip nhn (c duy tr bi mt switch nhn) thc hin chuyn tip cc gi d liu da vo vic gn nhn cc gi tin. Thnh phn iu khin chu trch nhim v vic to v duy tr thng tin chuyn tip nhn gia mt nhm cc switch nhn lin kt vi nhau.

Hnh 1.8 Mt phng iu khin v d liu MPLS Hnh 1.8 biu din cu trc v chc nng c bn ca mt node MPLS thc hin nh tuyn IP. Mt phng iu khin: ti y cc giao thc nh tuyn lp 3 thit lp cc

ng i c s dng cho vic chuyn tip gi tin. Mt phng iu khin p ng cho vic to ra v duy tr thng tin chuyn tip nhn gia cc router chy MPLS (cn gi l binding ). Mt phng d liu: s dng c s d liu chuyn tip nhn c duy tr

bi cc router chy MPLS thc hin vic chuyn tip cc gi tin da trn thng tin nhn. Mi MPLS node chy mt hoc nhiu giao thc nh tuyn IP (hoc c th s dng nh tuyn tnh) trao i thng tin nh tuyn vi MPLS node khc trong mng. Trong

MPLS, bng nh tuyn IP c s dng quyt nh vic trao i nhn, ti cc node MPLS cn k trao i nhn vi nhau theo tng subnet ring bit c trong bng nh tuyn. Vic trao i nhn ny c thc hin bng hai giao thc l TDP v LDP. TDP l sn phm ca Cisco, LDP l phin bn ca TDP nhng do IETF to nn. Tin trnh iu khin nh tuyn IP MPLS s dng vic trao i nhn vi cc node MPLS xy dng thnh bng chuyn tip nhn, bng ny l c s d liu ca mt phng d liu c s dng chuyn tip cc gi tin c gn nhn qua mng MPLS. Nh vy cng vic chnh ca mt phng iu khin l qung b nhn, a ch v gn chng li vi nhau -c ngha l kt mt nhn n mt a ch. B nh tuyn chuyn mch nhn (LSR) l mt router c cu hnh h tr MPLS. LSR s dng thng tin trong bng chuyn tip nhn c bn (LFIB) x l mt gi MPLS n, nh xc nh nt k tip m s nhn gi ny. LFIB i vi MPLS nh mt bng nh tuyn i vi IP. Nhiu giao thc c th hot ng trn mt phng iu khin ca MPLS, RSVP c m rng cho php s dng giao thc ny qung b, phn phi, v kt nhn cho a ch IP. S m rng giao thc ny gi l RSVP-TE. Mt giao thc c tn l giao thc phn phi nhn (LDP) l mt tuz chn khc cho vic thc thi trn mt phng MPLS. Chng ta c th m rng cc giao thc khc nh OSPF v BGP, chng cng hot ng trn mt phng iu khin l cc giao thc OSPF-E, BGP-E. Cc bn tin iu khin c trao i gia cc LSR thc hin mt lot cc hot ng, bao gm: Trao i cc bn tin gia cc nt thit lp mi quan h (bao gm c bo mt). Sau khi hot ng ny hon thnh, nt c gi l cc LSR ngang cp (LSR peer). Trao i cc bn tin mt cch tun hon (gi l bt tay) chc chn nt lng ging c hot ng hay khng.

 Trao i cc bn tin v nhn v a ch kt a ch vi nhn v xy dng bng chuyn tip (LFIB), m c s dng bi mt phng d liu MPLS chuyn tip cc lung lu lng. Sau khi cc nt MPLS trao i cc nhn v a ch IP cho nhau, chng s kt cc nhn v a ch vi nhau. Sau , mt phng d liu ca MPLS s chuyn tt c d liu nhn c bng vic xem xt nhn c gn trong tiu ca gi. a ch IP khng c xem xt cho n khi gi i ra khi mng, nhn sau b loi b, v a ch IP li c s dng li trong mt phng d liu IP ti cc nt khng c ci t hot ng MPLS n ngi dng cui cng. Mi nt MPLS phi chy mt hay nhiu giao thc nh tuyn IP (hoc da vo nh tuyn tnh) trao i thng tin nh tuyn IP vi cc node MPLS khc trong mng. Trong trng hp ny, mi nt MPLS l mt router IP trn mt phng iu khin. Trong mt nt MPLS, bng nh tuyn IP c s dng xc nh nhn bt buc trao i, ni m nt MPLS gn k trao i nhn cho tng subnet nm trong bng nh tuyn IP. Nhn bt buc trao i cho vic nh tuyn IP da trn ch n xc nh c thc hin s dng giao thc c quyn ca Cisco phn phi nhn (Tag Distribution Protocol TDP) hoc chun IETF l giao thc phn phi nhn (Label Distribution Protocol - LDP). Qu trnh iu khin nh tuyn IP MPLS s dng cc nhn trao i vi cc node gn k xy dng bng chuyn tip nhn (Label Forwarding Table - LFT), l c s d liu mt phng chuyn tip c s dng chuyn tip cc gi tin c gn nhn thng qua mng MPLS. 1.4 Cng ngh MPLS-VPN C hai m hnh VPN chnh l: VPN xp chng (overlay) VPN ngang hng (peer-to-peer).

M hnh VPN overlay, c s dng ph bin nht trong mng ca nh cung cp dch v, thit k v cung cp cc knh o phc v cho bt kz lung lu lng no thng qua mng xng sng. Trong trng hp ca mt mng IP, iu ny c ngha l nu cng ngh c s l kt ni v hng (connectionless), n cng gn nh yu cu mt dch v kt ni c hng (connection-oriented). Nhn t pha nh cung cp dch v, tnh linh hot ca m hnh VPN overlay s b gim i ng k khi phi qun l v cung cp mt s lng ln cc knh/ng hm gia cc thit b ca khch hng. Nhn t pha khch hng, vic thit k giao thc cng vo pha trong (Interior Gateway Protocol) l phc tp v cng rt kh qun l. M hnh VPN peer-to-peer thiu s c lp gia cc khch hng v s cn thit v khng gian a ch IP lin kt gia cc thit b ca h. Vi vic a ra giao thc chuyn mch nhn a giao thc MPLS, c s kt hp ca chuyn mch lp 2 vi nh tuyn v chuyn mch lp 3, n to ra kh nng xy dng mt k thut kt hp nhng u im ca VPN overlay (nh l tnh bo mt v s bit lp gia cc khch hng) v nhng u im nh tuyn n gin khi thc hin m hnh VPN peer-to-peer em n. K thut mi c gi l MPLS-VPN, lm cho vic nh tuyn ca khch hng n gin hn v kh nng cung cp ca nh cung cp dch v cng n gin hn. MPLS cng b sung mt s nhng u im mi ca mt kt ni gn nh c hng vo mu nh tuyn IP, thng qua vic thit lp cc ng chuyn mch nhn (LSP-Label Switched Path). Cu trc MPLS-VPN cung cp kh nng to ra mt mng ring thng qua mt c s h tng chung. Tuy nhin cc phng php c dng cung cp dch v li khc nhau.
1.4.1 Cc thnh phn trong mng MPLS-VPN

V c bn cu trc t chc ca mt mng d liu ng dng cng ngh chuyn mch nhn IP/MPLS c m t nh trong hnh 1.9.

CE router

PE router

PE router

CE router

MPLS Domain

E-LSR

LSR

LSR

P router 1

P router 2

LDP

C Network (Customer Control)

P Network (Provider control)

C Network (Customer Control)

Hnh 1.9 Cc thnh phn trong mng MPLS-VPN

C nhiu thnh phn c nh ngha trong cu trc MPLS-VPN. Cc thnh phn ny thc hin nhng chc nng khc nhau nhng kt hp vi nhau cu thnh mng MPLS-VPN, bao gm: Provider network (P-network): Mng nh cung cp, mng li MPLS/IP c qun tr bi nh cung cp dch v. Provider router (P-router): L router chy trong mng li ca nh cung cp, cung cp vic vn chuyn dc mng backbone v khng mang cc route ca khch hng. Provider edge router (PE-router): Router bin ca mng backbone, n cung cp phn phi cc route ca khch hng v thc hin p ng cc dch v cho khch hng t pha nh cung cp.

 Autonomous system boundary router (ASBR-router) : Router bin trong mt AS no , n thc hin vai tr kt ni vi mt AS khc. AS ny c th c cng hoc khc nh iu hnh. Customer network (C-network): y l phn c khch hng iu khin. Customer edge router (CE-router): Router khch hng ng vai tr nh l gateway gia mng C v mng P. Router CE c qun tr bi khch hng hoc c th c nh cung cp dch v qun l. Cc phn lin tc ca mng C c gi l site v c ni vi mng P thng qua router CE.
1.4.2 M hnh nh tuyn MPLS-VPN

MPLS-VPN ging nh m hnh mng ngang cp vi router dnh ring. T mt router CE, ch cp nht IPv4, d liu c chuyn tip n router PE. CE khng cn bt kz mt cu hnh ring bit no cho php n tham gia vo min MPLS-VPN. Yu cu duy nht trn CE l mt giao thc nh tuyn (hay tuyn tnh(static)/tuyn ngm nh (default)) cho php n trao i thng tin nh tuyn IPv4 vi cc router PE. Trong m hnh MPLS-VPN, router PE thc hin rt nhiu chc nng. Trc tin n phi phn tch lu lng khch hng nu c nhiu hn mt khch hng kt ni ti n.
Customer A Site1 Customer A IPv4 routes Router CE Global Routing Table Global Routing Table Customer A IPv4 routes Router CE Customer A Site2

Vitual Routing Table Customer A Vitual Routing Table Customer B Customer B Site1 Router PE Customer B IPv4 routes

Router P

Router P

Vitual Routing Table Customer A Vitual Routing Table Customer B Customer B Site2 Router PE Customer B IPv4 routes

Router P

Router P

Router CE

Router CE

Hnh 1.10 Chc nng router PE Mi khch hng c gn vi mt bng nh tuyn c lp. nh tuyn qua backbone thc hin bng mt tin trnh nh tuyn trong bng nh tuyn ton cc. Router P cung cp chuyn mch nhn gia cc router bin ca nh cung cp v khng bit n cc tuyn VPN. Cc router CE trong mng khch hng khng nhn bit c cc router P v do cu trc mng ni b ca mng nh cung cp trong sut i vi khch hng.
1.4.3 Bng nh tuyn v chuyn tip o

Mi VPN c kt hp vi mt bng nh tuyn - chuyn tip o (VRF- Virtual Routing and Forwarding tables) ring bit. VRF cung cp cc thng tin v mi quan h trong VPN ca mt site khch hng khi c ni vi PE router. Bng VRF bao gm thng tin bng nh tuyn IP (IP routing table), bng CEF (Cisco Express Forwarding), cc giao din ca forwarding table; cc quy tc, cc tham s ca giao thc nh tuyn... Mi site ch c th kt hp vi mt v ch mt VRF. Cc VRF ca site khch hng mang ton b thng tin v cc tuyn c sn t site ti VPN m n l thnh vin. i vi mi VRF, thng tin s dng chuyn tip cc gi tin c lu trong cc IP routing table v CEF table. Cc bng ny c duy tr ring r cho tng VRF nn n ngn chn c hin tng thng tin b chuyn tip ra ngoi mng VPN cng nh ngn chn cc gi tin bn ngoi mng VPN chuyn tip vo cc router bn trong mng VPN. VRF cha mt bng nh tuyn IP tng ng vi bng nh tuyn IP ton cc, mt bng CEF, lit k cc giao tip tham gia vo VRF, v mt tp hp cc nguyn tc xc nh giao thc nh tuyn trao i vi cc router CE. VRF cn cha cc nh danh VPN (VPN identifier) nh thng tin thnh vin VPN. 1.5 Kt lun chng Trong nhng nm gn y, cng ngh MPLS- VPN ginh c rt nhiu s quan tm ca cc nh khai thc cng ngh mng nhm hng ti mt mng tc cao v bo mt. Thng thng, mi cng ngh u c nhng u nhc im ring. Cng ngh

MPLS- VPN ra i l s kt hp cc c im ca VPN v MPLS. VPN c nh ngha nh l mng kt ni cc site khch hng m bo an ninh trn c s h tng mng chung cng vi cc chnh sch iu khin truy nhp v bo mt nh mt mng ring. Tuy c xy dng trn c s h tng sn c ca mng cng cng nhng VPN li c c cc tnh cht ca mt mng cc b nh khi s dng cc ng thu ring. N cho php ni lin cc chi nhnh ca mt cng ty cng nh l vi cc i tc, cung cp kh nng iu khin quyn truy nhp ca khch hng, cc nh cung cp dch v hoc cc i tng bn ngoi khc. Do vy, kh nng ng dng ca VPN l rt ln.