Network Design with latest VPN Technologies

Similar documents
MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

MPLS VPN--Inter-AS Option AB

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

MPLS VPN Inter-AS Option AB

MPLS VPN. 5 ian 2010

Examining the Practicality of Ethernet for Mobile Backhaul Through Interoperability Testing

Cisco Group Encrypted Transport VPN

MPLS in the DCN. Introduction CHAPTER

MPLS VPN Carrier Supporting Carrier

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Configuring MPLS and EoMPLS

MPLS VPN Carrier Supporting Carrier IPv4 BGP Label Distribution

Implementing MPLS Layer 3 VPNs

MPLS VPN Multipath Support for Inter-AS VPNs

Multi-VRF Support. Finding Feature Information. Prerequisites for Multi-VRF Support

InterAS Option B. Information About InterAS. InterAS and ASBR

BGP MPLS VPNs. Introduction

GLOSSARY. See ACL. access control list.

IPv6 Switching: Provider Edge Router over MPLS

This document is not restricted to specific software and hardware versions.

IBGP internals. BGP Advanced Topics. Agenda. BGP Continuity 1. L49 - BGP Advanced Topics. L49 - BGP Advanced Topics

Multiprotocol BGP 1 MPLS VPN. Agenda. Multiprotocol BGP 2

ibgp Multipath Load Sharing

MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

MPLS Intro. Cosmin Dumitru March 14, University of Amsterdam System and Network Engineering Research Group ...

Alcatel-Lucent 4A Alcatel-Lucent Virtual Private Routed Networks. Download Full version :

Configuring MPLS L3VPN

THE MPLS JOURNEY FROM CONNECTIVITY TO FULL SERVICE NETWORKS. Sangeeta Anand Vice President Product Management Cisco Systems.

Implementing MPLS VPNs over IP Tunnels

MPLS опорни мрежи MPLS core networks

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Configuring MPLS, MPLS VPN, MPLS OAM, and EoMPLS

VPN. Virtual Private Network. Mario Baldi. Synchrodyne Networks, Inc. VPN - 1 M.

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

IPv6 Switching: Provider Edge Router over MPLS

Multi Protocol Label Switching (an introduction) Karst Koymans. Thursday, March 12, 2015

Operation Manual MCE H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Multiprotocol Label Switching (MPLS)

IP & DCN Planning for Microwave Networks

Cisco BGP Overview. Finding Feature Information. Prerequisites for Cisco BGP

DMVPN for R&S CCIE Candidates Johnny Bass CCIE #6458

Cisco Training - HD Telepresence MPLS: Implementing Cisco MPLS V3.0. Upcoming Dates. Course Description. Course Outline

MPLS: Layer 3 VPNs: Inter-AS and CSC Configuration Guide, Cisco IOS Release 15SY

Multiprotocol Label Switching (MPLS) on Cisco Routers

Concepts and Operation of MPLS VPNs. Francisco Bolanos

BGP Event-Based VPN Import

MPLS Layer 3 VPNs Configuration Guide, Cisco IOS Release 12.4T

HP FlexFabric 7900 Switch Series

Configuring MPLS L3VPN


Table of Contents Chapter 1 MPLS L3VPN Configuration

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

HP 5920 & 5900 Switch Series

BW Protection. 2002, Cisco Systems, Inc. All rights reserved.

Multiprotocol Label Switching (MPLS) on Cisco Routers

CCIE R&S Techtorial MPLS


GÉANT L3VPN Service Description. Multi-point, VPN services for NRENs

WAN Edge MPLSoL2 Service

Managing Site-to-Site VPNs: The Basics

Multi-Protocol Label Switching (MPLS) Support

How Cisco IT Simplified Network Growth with EIGRP

4.1.2 NETWORK-BASED IP VIRTUAL PRIVATE NETWORK SERVICES (NBIP-VPNS) (L , C.2.7.3, M.2.1.2)

MPLS VPN Explicit Null Label Support with BGP. BGP IPv4 Label Session

HP FlexFabric 5930 Switch Series

AToM (Any Transport over MPLS)

MPLS VPN Inter-AS IPv4 BGP Label Distribution

BGP-MVPN SAFI 129 IPv6

Configuring Virtual Private LAN Services

Multiprotocol Label Switching Virtual Private Network

Multiprotocol Label Switching (MPLS)

voice-enabling.book Page 72 Friday, August 23, :19 AM

Unifying the Distributed Enterprise with MPLS Mesh

MPLS Virtual Private Networks (VPNs)

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

OSPF Sham-Link Support for MPLS VPN

Operation Manual MPLS VLL. Table of Contents

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Hands-On Metro Ethernet Carrier Class Networks

Trafffic Engineering 2015/16 1

MPLS design. Massimiliano Sbaraglia

Virtual Private Networks (VPNs)

Network Configuration Example

Introduction to Multi-Protocol Label

The safer, easier way to help you pass any IT exams. Exam : 4A Alcatel-Lucent Virtual Private Routed Networks.

Topics. Transport of Voice over ATM with Adaptation Layer 2 ATM User Conference, Stuttgart ! Introduction EANTC

Cisco Implementing Cisco IP Routing v2.0 (ROUTE)

Multi Protocol Label Switching Current State of Interoperability and Performance Testing. CeBIT, Network Information Center 2002

Secure Extension of L3 VPN s over IP-Based Wide Area Networks

Update on IP VPN work in ITU-T

Cisco 5921 Embedded Services Router

Cisco BGP Overview. Finding Feature Information. Prerequisites for Cisco BGP. Last Updated: October 19, 2011

Implementing MPLS Layer 3 VPNs

MPLS VPN Challenge. Ron Jubainville Director Sprint International Products. Copyright Sprint All rights reserved.

BGP Cost Community. Prerequisites for the BGP Cost Community Feature

Core of Multicast VPNs: Rationale for Using mldp in the MVPN Core

ibgp Multipath Load Sharing

Transcription:

Network Design with latest VPN Technologies Carsten Rossenhövel Managing Director

Which VPN type fits the purpose? SOHO Teleworkers Internet Branch Office Questions to identify: What are the business goals? Which applications will use the VPN? Central Office Mobile Workers What are the technical and security requirements? => Check list is required to select the best kind of VPN best fitting the requirements and purpose

VPN Business Goals Identify the primary business goals before selecting a VPN implementation! Reduce the budget for network connections? Enhance network security? Outsource IT infrastructure?

VPN Application Areas Important question: What will be the primary use of the VPN? MAN/WAN Intranet (Branch office connectivity) Extranet (SOHO / Business partner access) Remote Access (Teleworkers, SOHOs)

VPN Operations Who is going to operate the VPN network? Enterprise IT Department Service Provider (outsourced) Who owns the equipment? Provider Edge (PE) Different technology options: ÿ SPs usually work with MPS or layer 2 technologies ÿ Enterprises usually use IPsec Enterprise Office Customer Edge (CE) Service Provider Network

Applications used in the VPN IPDataonly? Voice over IP? ayer 2 data (Ethernet Non-IP protocols, Frame Relay, ATM)? ÿdifferent applications with different QoS requirements: Guaranteed bandwidth, latency, jitter

Applications used in the VPN (2) Source: Cisco Systems

Section II Introduction to VPNs with Multi Protocol abel Switching

VPN Wish ist Different sites of multiple enterprises are connected through a common provider backbone Use layer 3 backbone Overlapping address spaces Using private and public addresses VPN isolation Simple management Scalability Quality of Service Site 1 of enterprise 1 Site 1 of enterprise 2 Provider Network Site 2 of enterprise 2 Site 2 of enterprise 1

VPN Models ayer 2 VPN model ( overlay ) Well-known from ATM, Frame Relay carrier networks Customer interface at data link layer (ATM, Frame Relay, Ethernet) Private layer 2 trunks tunneled through MPS network ayer 3 VPN model ( peer ) Customer interface at IP layer VPN isolation by tunneling through backbone Backbone does not have information about customer IP networks

ayer 2 VPN Benefits ooks like legacy ATM, Frame Relay,... service to customers Transparent service for upper layers and private addresses ayer 3 multi-protocol support based on layer 2 service Overlay model isolates core from VPN routing No need to replace existing customer premises equipment (ATM, Frame Relay,...) ayer 2 over MPS / IP may use extended backbone facilities (fast reroute etc.), compared to pure layer 2 VPN services provided with ATM and Frame Relay

ayer 3 VPN Benefits Scalability for any-to-any connectivity Support for private address space Provides a fully routed IP network solution, while the VPN routes are separated from core backbone routing Meshing in the core network is the responsibility of the service provider (customer not involved) May use MPS / IP backbone facilities (fast reroute etc.)

MPS VPNs Standards status of Multi Protocol abel Switching: ayer 3 VPN RFC2547 (March 1999) widely used Informational RFC provided by Cisco Systems; NOT an IETF standard ayer 2 VPN : several competing IETF drafts; beta status; first implementations seen in interop tests Not ready for customer network implementation yet

Introduction to RFC2547 CE, PE and P devices Administrative policy is used for VPN construction Provider (P) device Provider Edge (PE) Site 1 of enterprise 1 Customer Edge (CE) Common Network Site 2 of enterprise 2 Site 2 of enterprise 1 Site 1 of enterprise 2 Site 3 of enterprise 1

Roles MPS Edge Router (PE device) Filters incoming user traffic, assigns to VPNs Collects and populates private network forwarding tables Establishes MPS paths across the core for each VPN edge-to-edge connectivity Establishes logically single-hop VPN connections between the VPN edges MPS Core Router (P device) Does not implement VPN routing; just switches packet streams according to their MPS labels enough information to transport data through the core

Per-site Forwarding Tables How to manage large amounts of customer IP addresses, potentially overlapping? CE1 Per-SiteForwardingTables: Provider Edge routers have multiple routing tables, one for each customer site Propagated by BGP routing inside the core VPNs are isolated from each other PE CE2 CE3 PE Routing tables CE1 CE2 CE3

VPN Route Distribution via BGP Problem: A BGP speaker can only install and distribute one route to a given address prefix. In MPS, there are different VPNs with overlapping address spaces Solution: Create a new address family, adding a route distinguisher to the IP address 0 4 8 12 bytes Type Route Distinguisher (RD) Administrator Assigned Number IPv4 Address

The Target VPN Attribute Is it sufficient to keep routes inside a single VPN? Basically: Yes. In certain applications, routes need to be installed in selected foreign VPNs. Solution: Per-site forwarding tables are associated with one or more "Target VPN" attributes Allows selective route installation in appropriate PE forwarding tables only Target VPN attribute is carried in BGP

Target VPN Example Task: Distribute Site 1 route to Extranet VPN1 (sites 1, 4, 5) and to company-internal VPN2 (sites 2, 3) but not to VPN3 VPN 1 Site 1 IPv4 Route converts IPv4 Route into VPN-IPv4, adds Target VPN1 and Target VPN2 attributes Provider Network converts VPN-IPv4 into IPv4 route and distribute to Sites 3,4,5 because of Target attributes VPN 2 Site 3 VPN 3 Site 6 VPN 1 Site 4 distribute to Site 2 because of VPN2 Target attribute VPN 2 Site 2 VPN 3 Site 7 VPN 1 Site 5

VPN Route Distribution with BGP Provider Edge router are attached to a common AS (Autonomous System), running ibgp-mp Backbone routers (P devices) do not participate in BGP! Private Network AS Private Network MP-iBGP routing: exchanges 64 bit route distinguisher Private Network PE learns VPN routes and converts to VPN-IP address ibgp-mp = interior Border Gateway Protocol / Multi-Protocol Extensions

VPN Example abelling IP IP CE 1 PE1 IP IP IP P1 IP IP P2 IP IP IP PE2 CE 2 CE 3 IP MPS Network IP CE4 IP IP abel VPN A abel VPN B abel between PE1 and PE2

MPS ayer 2 VPNs Provide point-to-point connections through an MPS backbone ATM Customer Edge (CE) Provider Edge (PE) Site 1 of enterprise 1 Ethernet Customer Edge (CE) Common Network Site 2 of enterprise 2 Ethernet Customer Edge (CE) Site 1 of enterprise 2 ATM Customer Edge (CE) Site 3 of enterprise 1

MPS ayer 2 VPNs (continued) Encoding already defined: How to map ATM cells and Ethernet frames into IP packets Signalling not defined yet how to manage tunnels dynamically Point-to-multipoint / full mesh service not defined yet how to switch ATM or Ethernet packets inside the MPS network

Main VPN Features Checklist ayer 2 (ATM / FR) IPsec MPS ayer 2 VPNs MPS ayer 3 VPNs Provides security (VPN isolation) Interoperable with 3 rd party products ÿ ÿ Scale for many end points (meshed) ÿ ÿ Forwarding performance ÿ Available from many carriers ÿ Provides Quality of Service /ÿ arge-scale manageability ÿ ÿ Service + Equipment pricing ÿ Best suited for IP traffic ÿ ÿ Suited for non-ip traffic ÿ ÿ

Section III Service evels First step: Define Service evels ÿ Get in touch with company product managers to learn about their application requirements ÿ Inspect applications running in the network, derive typical requirements ÿ Verify budgets for network quality versus budgets for application enhancements (maybe it s cheaper to exchange the application than enhance the network)

Applications used in VPNs (revisited) Source: Cisco Systems

How to define Service evels Negotiate Classes of Service (CoS, DiffServ): V VoIP

Verify Service evel Agreements SAs should be monitored and verified regularly: Has the network been reliable? Has network usage / application behavior changed? Monitoring usually done by service provider in addition, monitoring by customer useful for proactive management PE Define SAs Verify SAs CE

Conclusion Different types of VPNs available on the market today Choose depending on application requirements Keep features and limitations of different alternatives in mind!

Thank you! Für mehr Informationen steht unser Webserver zur Verfügung: http://www.eantc.de/

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback