Slashdot Mirror

← Back to Stories (view on slashdot.org)

IETF Debates On: MPLS Is Bad

Posted by ryuzaki0 on from the future-of-the-internet dept.

A reader writes "MPLS, or Multi-protocol Label Switching, seems to be a popular choice for router vendors nowadays until two AT&T researchers argue it differently. They "say MPLS create serious network management challenges for Internet backbone providers." "Even more dire are their warnings about potential security and privacy problems for companies that deploy MPLS-based VPNs." This issue will be discussed on an IETF meeting held this week in London. More details here ." Related to the IETF [?] , this submission came in: The Internet Engineering Task Force (IETF) is now meeting in London for IETF-51. You can watch multicast sessions. "

6 of 94 comments (clear)

  1. Well... It doesn't suck but... by BigScoob · · Score: 4, Interesting

    MPLS was great before we had ASIC's that were doing full next hop lookups at OC-48 and OC-192 speeds... Now with routers actually forwarding at those line rates, the need for MPLS has dwindled... But... I believe that the ability to provide the amount of traffic engineering and VPN's afforded with MPLS is a viable solution that is here to stay for a good while. Back when I was working on a 38 POP network with multiple private peering points MPLS was going to provide a lot of the benefits of ATM on our POS network with out the fscking cell tax... These days things are a little different in the office, but I still am waiting for a good excuse to fire the MPLS up on the damn M-40's and have a good time...

  2. Re:Umm.. by livitup · · Score: 5, Informative
    MPLS in a nutshell: Humans set up a Label Switched Path (LSP) beteween several routers. Say from California to New York with routers in Kansas City, Chicago, and Washington DC in the middle. When a packet arrives at a MPLS router (head end router) in New York the router encapsulates it with a fixed length header identifying the packet as traffic that should take that particular path. The MPLS enabled routers in the middle (Kansas City, Chicago, and Washington DC) don't need to do IP address lookups, they just know that a particular LSP always comes in one interface and out another. Finally the router at the end of the LSP (in New York in our example) removes the MPLS encapsulation and forwards it via normal IP routing.

    This is a "Good Thing" for several reasons. For one thing, it's quicker, as IP addresses are variable length, whereas MPLS labels are fixed. It also allows a lot more granular traffic control and shaping. Also, you can encapsulate just about anything inside MPLS, not just IP. And you can do QoS, CoS, VPN and lots of other stuff.

    This is a VERY simplified version of what MPLS is and does. For more information try the following:

  3. MPLS is a useful tool by Cato · · Score: 4, Informative

    MPLS is not for everyone, and is mainly for private IP networks at present - however, it is very useful in specific applications:

    1. To provide VPNs (with the same security as the vast number of Frame Relay and ATM networks out there) - the key difference from IPSec is that (a) they run over an IP network owned by a single provider and (b) constrained routing updates are used to limit the visibility of a VPN site. You can't even DoS an MPLS VPN site unless you are in the VPN, whereas IPSec's IKE has some well-known issues with IKE being DoSable. Anyone who is spending large amounts of money on a VPN between sites is best advised to run it on a private network - MPLS VPNs (RFC 2547) are much more scalable than FR/ATM, and the Layer 2 MPLS VPNs have their own limitations (although they are easier to set up for the enterprise). IPSec is much less scalable than the non-encryption VPNs, since gateways have limits on number of IPSec tunnels and on throughput. Whether you use IPSec, FR, ATM or MPLS L3 or L2 VPNs, there is a *lot* of configuration to be done - that's why any large provider is using a provisioning tool such as Orchestream (www.orchestream.com, my employer - yes, I am probably biased :) ).

    2. Traffic engineering - this means balancing traffic across the various paths in your network - e.g. if you have a northern US and southern US path, and the latter is longer, IP routing will always go via the north, even if the southern US path is underloaded. MPLS TE allows providers to balance some of the traffic onto the southern path, providing better performance and delaying network upgrades. TE can also be used to lay down bandwidth-reserved pipes. However, it's important to note that TE is only one application of MPLS, and other applications do NOT require these 'pipes' (LSPs, label switched paths) - e.g. MPLS VPNs work quite happily without LSPs.

    3. Easy upgrade to IPv6 - just migrate your core routers' control software (routing protocols etc) to IPv6, and make them act as MPLS label switches. Only edge switches need IPv6 hardware. However, within a few years most routers will have good IPv6 hardware (Cisco will do hardware acceleration for IPv6 by end of next year).

    4. Provisioning of optical light paths - there is a lot of work on GMPLS (Generic MPLS), which will allow SONET cross-connect switches and optical-layer switches to be provisioned with a light path in the same way as MPLS Traffic Engineering.

    There is a faction within the IETF that is against anything that adds easier centralised provisioning to IP networks - this is understandable, but IP network providers want to deliver higher-value services today, such as VPNs, and to get more utilisation out of their networks using MPLS Traffic Engineering. There are a lot of these providers at the IETF, but many others are busy running their networks.

    IPSec and MPLS both have their place, and can be combined (IPSec over MPLS end to end, or just for the last mile connection).

    Finally, for the 'this will destroy the Internet' crowd - having well-managed IP networks using MPLS only serves to make the providers more profitable. Many MPLS networks carry both Internet and private IP traffic, meaning that the everyday traffic can be subsidised by business traffic, just like the way the airlines use business class and flexible ticket pricing to subsidise non-business travellers.

  4. Re:The IETF loves saying things are bad... by Swaffs · · Score: 4, Funny
    IKE, for instance (the key exchange mechanism used by the IPsec security protocol) has also been pronounced "bad" and is going to be replaced or modified.

    That's an odd pronunciation...

    --

    --
    "Karma can only be portioned out by the cosmos." - Homer Simpson [1F10]

  5. The IETF loves saying things are bad... by hardaker · · Score: 4, Informative

    IKE, for instance (the key exchange mechanism used by the IPsec security protocol) has also been pronounced "bad" and is going to be replaced or modified.

    I gaurantee when you get 2300 people (the current conference attendance) together, they'll disagree on many a topic. The good news is that the (frequenly lively) debates are certainly fun to participate in, hence the reason I came.

    --
    The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
  6. Re:MPLS sucks by Florian+Otel · · Score: 5, Informative

    MPLS totally sucks. It's the X.25 of the new millenia, just as ATM was the X.25 of the 90's. Why? It's a CIRCUIT SWITCH methodology on top of a PACKET SWITCHING network. Dumb! It's another thing to manage and break from a network engineering point of view. That, and most vendors implementations don't work worth a damn today.
    [snip]

    This would be enough for a person with an average education in MPLS to judge how much you (don't) know about MPLS. I am doing MPLS-oriented research for the last 1.5 years so let me try clearing some of the "bad air" around the issue:

    1) MPLS is NOT circuit switching ON TOP of packet switching. If you would care to do some minimal reading before you flame a subject, you would find out that MPLS is not ISO layer >= 3 but it is a "layer 2.5" technology. In other words IP datagrams are carried on top of MPLS frames pretty much the way ATM worked.

    2) The reasons behind MPLS are too complex to describe here (for the intrested reader, take a look at RFC3031). But basically it was acknowledged that despite ATM being "evil" circuit switched technology does offer some advantages. That's why you can (_very_ roughly) characterize MPLS as an "IP friendly ATM", minus some of ATM's design shortcomings (that were present there due to the technology limitations at that time and ATM's intended use).
    But to rebute your misconception, MPLS is NOT about "routing IP datagrams fast", nor "replacing CIDR". Again, if you care to skim the mentioned RFC it is acknowledged that this _were_ some advantages few MPLS proponents claimed but this is simply not true, as you correctly state: Efficient algorithms for IP address lookup and routing are implemented in hardware by several vendors (incl. cisco, btw...) so MPLS doesn't have any edge there.

    3) About "Traffic Engineering being a load of crap" I would say that few of the top 10 largest carriers in US might disagree a bit. Get a hold of an educated MCI network operations engineering (say MCI/UUNET) and ask how much improvement (and revenue) TE gives them. And yes, the reaction is "WOW".

    And QoS... Same deal- load of crap.
    4) Well, QoS is too broad a topic to disuss in any relevance here. But in saying that you automatically excluded _all_ mechanisms for traffic differentiation in a network. Enough said.

    Also, to end this, MPLS is _not_ only about TE/QoS/IP fast switching. It is used for fast network restoration, it is extended for supporting WDM in a similar manner (see "Generalized"MPLS), etc. People w/ some network education might care to take a look here for a overall view on the MPLS-related topics.

    All in all I would dare to say that your posting is the worst kind of mis-information:It contains a grain of truth and mixes completely different and unrelated subjects as "comparisons" (OPenGL w/ CIDR)

    For the rest of the readers, the necessary grain of salt when reading the linked article: In IETF there is a lot of politics around MPLS (disguised in "technical debates") -- surprise,surprise. For example if someone cares to browse the MPLS mailing list archives Mr. Randy Bush long opposed BGP/MPLS VPNs (described initially in RFC2547.IIRC there is also draft updating it). Which happen to be a technology cisco pushes very hard and which Mr. Bush opposes violently.
    What particular agenda Mr. Bellovin has escapes me. But I assume (again, this is _speculation_) since AT&T made a _huge_ investment in ATM in the past do not see MPLS (which is simply a better competening technology) so favorably.

    All in all, remember that the most competent answer is "I don't know.It depends".


    My $0.02
    Florian-Daniel Otel
    http://www.ce.chalmers.se/staff/otel