Logical Router Capability

Unanswered Question
Jun 27th, 2007
User Badges:

Hi,

I understand that juniper router has the logical router capability. I would to verify if Cisco router provide the same feature. If yes, could you let me know the router model.


refer attachment for more detailed of the feature.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mheusing Wed, 06/27/2007 - 02:13
User Badges:
  • Cisco Employee,

Hi,


IOS XR does support SDRs (Secure Domain Routers). They are configurable and hardware based, i.e. you combine one or more RPs with one or more Line Cards to a SDR. They will operate as separate routers in the same chassis.


Currently GSR and CRS-1 support them. For further information have a look at

"Secure Domain Router Commands on Cisco IOS XR Software"

http://www.cisco.com/en/US/partner/products/ps5845/products_command_reference_chapter09186a008076b0eb.html

and at "Configuring Secure Domain Routers on Cisco IOS XR Software"

http://www.cisco.com/en/US/partner/products/ps5845/products_configuration_guide_chapter09186a0080747dae.html


[Edit] I should add that the SDR concept has some differences and advantages compared to Logical Routers. Contact me or your Cisco representative for further discussion.


Hope this helps!


Regards, Martin


paolo bevilacqua Wed, 06/27/2007 - 02:17
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    Founding Member

Without even going over the juniper document, I can tell you in addition to mheusing's good info, that the version of the feature that os available on all IOS routers is called VRF and VRF-lite. The first works in conjunction with MPLS, the second does not need MPLS and works with regular ipv4 and ipv6 routing.

mheusing Wed, 06/27/2007 - 02:25
User Badges:
  • Cisco Employee,

Hi,


there are saddle differences between SDRs and VRFs.

One simple example: a SDR has a separate AAA database, i.e. a separate login and its own user database. It also has dedicated hardware and can have its own IOS XR modules.

The VRFs only provide control plane and data plane separation. The rest is shared (memory, CPU , CLI, etc.).


With SDRs you can even "rent off" parts of your hardware (i.e. cards combined into a SDR) to another provider.


Really important differences.


Regards, Martin

yeowks Wed, 06/27/2007 - 02:22
User Badges:

>>> this is the content of the attachment. It divided into 4 parts. To download the attachment you will need the cco password.



>>> Part 1 <<<<<

Juniper Logical Router

User Guide


1) Application Scenario of Juniper Logical Router

2) Notes for the QoS Deployment of Juniper Logical Router

3) Notes for the Reliability Deployment of Juniper Logical Router

4) Notes for the shared MPU and FIB of Juniper Logical Router

5) Other Notes for Juniper Logical Router

6) Risk for the Deployment of Logical Router


1) Application Scenario of Juniper Logical Router

Juniper LR solution can be used to simulate many logical routers within a physical router. The typical application scenarios contain:

1) One MSE simulates 1 aggregation router and many access routers for different customers;

2) One MSE simulated 2 access routers for the redundancy of key services.


yeowks Wed, 06/27/2007 - 02:24
User Badges:

>>> Part 2 <<<<


2) Notes for the QoS Deployment of Juniper Logical Router

The dedicated tunnel service cards can be deployed to provide the inner interconnection among different logical routers, which can save the investment of interconnecting line cards. The standard solution needs extra line cards for interconnection among different logical routers, more CapEx.

There are two ways to deploy the dedicated tunnel service cards for the interconnection among different logical routers.


(1) One tunnel service card for all the connections among all LRs in a router

(Notes: the Bottleneck of Reliability and Forwarding)

When a tunnel service card is configured, a LT interface emerges, such as ?lt-6/0/0?. We can also create many sub interfaces within it. All the logical routers in a router can share a LT interface and its sub interfaces for interconnection.

One Tunnel Service Card for three connections

LR1 ---- lt-6/0/0.1 -------------------- lt-6/0/0.11 ---- LR2

LR1 ---- lt-6/0/0.2 -------------------- lt-6/0/0.12 ---- LR3

LR1 ---- lt-6/0/0.3 -------------------- lt-6/0/0.13 ---- LR4

Notes: Up to now, because the tunnel service card can?t support HQoS, the QoS policy (DiffServ/MPLS DS-TE) can?t be deployed on the mode of LT sub interface. All the interconnecting interfaces of logical routers, such as lt-6/0/0.1, lt-6/0/0.11,lt-6/0/0.2,lt-6/0/0.12,lt-6/0/0.3,lt-6/0/0.13, can?t support the basic QoS ? DiffServ / MPLS DS-TE.


(2) One tunnel service card for a connection between two LRs in a router

(Notes: Need more Investment and Equipment Slot)

The QoS Policy can only be deployed at the mode of LT (such as lt-6/0/0).

If QoS/DiffServ is necessary, one tunnel service card can only serve as an interconnection between two logical routers. Many tunnel service cards in a router are needed for the real application, which needs more investment and equipment slot.

Three Tunnel Service Cards for three connections

LR1 ---- lt-6/0/0.1 -------------------- lt-6/0/0.11 ---- LR2

LR1 ---- lt-5/0/0.1 -------------------- lt-5/0/0.11 ---- LR3

LR1 ---- lt-4/0/0.1 -------------------- lt-4/0/0.11 ---- LR4

Notes: For this solution, there are still some problems on QoS. We can configure the basic QoS policy (For example: EF, 100Mbps; AF, 200Mbps, no direction parameters) on the LT main interface ? lt-6/0/0. The QoS policy of main interface is shared by its sub interface ? lt-6/0/0.1 and lt-6.0/0.11.


The QoS policy of lt-6/0/0 is ?EF, 100Mbps; AF, 200Mbps?

LR1 ---- lt-6/0/0.1 -------------------- lt-6/0/0.11 ---- LR2


It means:

1) EF traffic from LR1 to LR2 + EF traffic from LR2 to LR1 <= 100Mbps

2) AF traffic from LR1 to LR2 + AF traffic from LR2 to LR1 <= 200Mbps

Such a QoS ability can?t be used for the real network. Actually, the QoS policy on LT main interface only defines the QoS policy between Switching Fabric Unit and Tunnel Service Card.

Up to now, Juniper LR solution is only suitable for the application with low QoS, such as Internet. If the QoS is important and necessary, the extra line cards are suggested for the interconnection among different logical routers, replacing the tunnel service cards(bad QoS ability). Although it may need more CapEx, but it can guarantee QoS.


yeowks Wed, 06/27/2007 - 02:27
User Badges:

>>> Part 3 <<<


3) Notes for the Reliability Deployment of Juniper Logical Router

In some cases, there are some serious conflicts between Juniper LR solution and the NSF/GR solution. It is the problem from standard IP technologies, not from Juniper. Not all the solutions can work together, there is no the perfect solution.

For the scenario below ? one router simulating two logical routers, the logical router 1 and logical router 2 would fail to support OSPF GR/IS-IS GR/BGP GR/VPN GR/RSVP GR, etc. If the MPU of MSE switches over, the average time of service interruption is more than 30s for LR1 and LR2 by the real test.



Juniper thinks that there is little chance for two routers to break down at the same time on the real network. So the NSF/GR solution of Juniper doesn?t consider the situation that the restarter and its helpers of NSF/GR break down at the same time. To the restarter, if it finds the helpers are also failed and switched over, for the implementation of Juniper NSF/GR, the restarter would delete all the dynamic routing items at once, stop forwarding and wait the routing convergence. Fortunately, such a situation seldom happens.

But when the LR solution is deployed, if the MPU of physical router switches over, all the LRs? logical MPU would fail and switch over at the same time, all the restarter and the helpers would fail and switch over at the same time, the NSF/GR can?t work and the services would interrupt. Unfortunately, this situation is sure to happen after the LR solution is deployed.

In the future, Juniper would support the process-level switch-over instead of the MPU-level switch-over, at that time the NSF/GR and Juniper Logical Router would work together.

Up to now, Juniper LR solution is only suitable for the application with low reliability, such as Internet. If the reliability is important and necessary, the one PoP site with two routers is suggested, replacing the one PoP site with two logical routers in a router.



yeowks Wed, 06/27/2007 - 02:28
User Badges:

>>> Part 4 <<<


4) Notes for the shared MPU and FIB of Juniper Logical Router

By Juniper LR solution, although each logical router has own interfaces, but all the logical routers share the same MPU (CPU&MEM) and FIB of line card. This is the typical software-based LR solution. Up to now, only Cisco CRS-1 can provide the hardware-based LR solution, each LR has its own MPU and FIB of line card.


By Juniper LR solution, although all the logical routers share the same MPU, and we can?t allocate the CPU & MEM of MPU and the FIB of line card for each LR (no resource separation for each logical router), but we can provide a relatively fair schedule on CPU&MEN&FIB for different logical routers.

But if a logical router overuses the resource of CPU & MEM & FIB, other LR can?t get the enough resource which would bring the uncontrollable problem on control and forwarding. And the resource on CPU&MEM of MPU and FIB of line card is very limited to support multi-logical routers and multi-networks.


For one physical router ? T320 with two logical routers, injecting 300,000 BGP routing items to each LR, please see the system information:



Juniper Router only has 5 key processes on MPU: USER, Background, Kernel, Interrupt and Idle. In fact, many protocol modules and many logical routers share the same process in the MPU of Juniper Router. The restart or failure of one process would affect many protocol modules or logical routers.

For example, all the routing protocol modules ? OSPF/IS-IS/BGP/LDP/RSVP etc, they share the same process. If we want to upgrade OSPF with ISSU, all the routing protocol would restart ? a coarse granularity of ISSU.


5) Other Notes for Juniper Logical Router

Juniper Logical Router can?t support VPLS, MPLS Ping/Trace and Multicast RP, etc, although Juniper Physical Router can support these features.


If you configure logical routers in your routing platform, you can configure virtual private LAN service (VPLS) only in the main router at the [edit routing-instances instance-name protocols vpls] hierarchy level.

---- comes from ?Juniper swconfig82-vpns.pdf? and ?Juniper logical-router-overview.pdf?

Juniper Router can?t support L2 forwarding, which is very important for the access of NGN and Mobile. By Juniper Router, the extra L2 switches must be deployed to provide the broadcast domain for VRRP between TSR and System Layer Equipment (AG, TW, Soft Switch), which causes the low reliability and high CapEx.


Because of this reason, although Juniper is getting rapid progress in the Internet market, but for the market of IP Bearer Network carrying NGN/Mobile, few operators selects Juniper Router as the edge router ? SingTel, Etisalat, Vodafone, Megafone, CMCC, CNC, CTC, etc.


6) Risk for the Deployment of Logical Router



For each PoP site, if we deploy only one router with two logical routers, if something is wrong with the software or hardware, the PoP site would become an service island and we need to transport another router to restore services. Big Risk !!!


mheusing Wed, 06/27/2007 - 03:58
User Badges:
  • Cisco Employee,

Hi,


to comment all your limitation lists and risk analysis:

A SDR is separate hardware in the same chassis. So most, if not all of the limitations mentioned do not apply.


Regards, Martin

Actions

This Discussion