Multi-Domain VPN service, a seamless infrastructure for Regional Network, NRENs and GEANT

Similar documents
Multi-Domain Virtual Private Network service - a seamless infrastructure for NRENs, GÉANT and NORDUnet

Community Connection Service for escience. Ronald van der Pol, SURFnet TNC May 2014

MPLS VPN--Inter-AS Option AB

MPLS VPN Inter-AS Option AB

GÉANT L3VPN Service Description. Multi-point, VPN services for NRENs

BGP/MPLS L3VPN s Deployment Scenario s

GÉANT perspective of Virtual Networks and Implementation

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

MPLS VPN Carrier Supporting Carrier

UniNets MPLS LAB MANUAL MPLS. UNiNets Multiprotocol label Switching MPLS LAB MANUAL. UniNets MPLS LAB MANUAL

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

Configuring BGP: RT Constrained Route Distribution

Configuring MPLS L3VPN

InterAS Option B. Information About InterAS. InterAS and ASBR

ibgp Multipath Load Sharing

GÉANT: A Defense in Depth Approach

MPLS design. Massimiliano Sbaraglia

Implementing MPLS VPNs over IP Tunnels

Configuring MPLS L3VPN

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

Network Configuration Example

IST ATRIUM. A testbed of terabit IP routers running MPLS over DWDM. TF-NGN meeting

MPLS network built on ROADM based DWDM system using GMPLS signaling

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

RENATER.

M6Bone. Agenda. M6bone? How to connect to? Applications and services Monitoring IPv6 multicast Contact points. An IPv6 worldwide Multicast testbed

BGP Support for the L2VPN Address Family

MPLS over GRE. Finding Feature Information. Prerequisites for MPLS VPN L3VPN over GRE

Implementing MPLS Layer 3 VPNs

BGP Support for the L2VPN Address Family

BGP mvpn BGP safi IPv4

Alcatel-Lucent 4A Alcatel-Lucent Virtual Private Routed Networks. Download Full version :

FEDERICA Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

MPLS: Layer 3 VPNs: Inter-AS and CSC Configuration Guide, Cisco IOS Release 15SY

Ethernet VPN (EVPN) and Provider Backbone Bridging-EVPN: Next Generation Solutions for MPLS-based Ethernet Services. Introduction and Application Note

BGP-MVPN SAFI 129 IPv6

BGP Next Hop Unchanged

The New Infrastructure Virtualization Paradigm, What Does it Mean for Campus?

GÉANT : e-infrastructure connectivity for the data deluge

Cisco Evolved Programmable Network Implementation Guide for Large Network with End-to-End Segment Routing, Release 5.0

MPLS in the DCN. Introduction CHAPTER

HP A5820X & A5800 Switch Series MPLS. Configuration Guide. Abstract

GÉANT Support for Research Within and Beyond Europe

Service Sharing at NORDUnet

GN3 Plus NA3-T3 Greening of ICT Services. Andrew Mackarel GN3+ NA3 T3 15th September 2014 Workshop Budapest

MPLS VPN C H A P T E R S U P P L E M E N T. BGP Advertising IPv4 Prefixes with a Label

MPLS VPN Multipath Support for Inter-AS VPNs

Egress Protection (draft-shen-mpls-egress-protection-framework) Presented by Krzysztof G. Szarkowicz NANOG71 October 4, 2017

GÉANT Time Compendium Project and Service Updates

Connectivity Services, Autobahn and New Services

HP FlexFabric 5930 Switch Series

Improving Network Agility with Seamless BGP Reconfigurations

WAN Edge MPLSoL2 Service

IPv6 Addressing case studies

Cisco BGP Overview. Finding Feature Information. Prerequisites for Cisco BGP

Implementing Cisco IP Routing (ROUTE)

PREREQUISITES TARGET AUDIENCE. Length Days: 5

1. Introduction. 2. Purpose of this paper and audience. Best Practices 1 for Cloud Provider Connectivity for R&E Users

Advancing European R&E through collaboration

GÉANT: Supporting R&E Collaboration

HP FlexFabric 7900 Switch Series

Cisco Implementing Cisco IP Routing v2.0 (ROUTE)

Introduction to External Connectivity

BGP MPLS VPNs. Introduction

Configuring Multicast VPN Inter-AS Support

Cisco BGP Overview. Finding Feature Information. Prerequisites for Cisco BGP. Last Updated: October 19, 2011

Configuring Scalable Hub-and-Spoke MPLS VPNs

Configuring IPv6 VPN Provider Edge over MPLS (6VPE)

TELCO GROUP NETWORK. Rafał Jan Szarecki 23/10/2011

Interdomain VPLS and deployment experiences

TERENA, the NRENs, GÉANT & promoting Campus Best Practice

BGP/MPLS VPN Technical White Paper

Lab 1: Static MPLS LSP-RTX4-RTX1 LSP-RTX1-RTX4 LSP-RTX3-RTX2 LSP-RTX2-RTX3

IBGP internals. BGP Advanced Topics. Agenda. BGP Continuity 1. L49 - BGP Advanced Topics. L49 - BGP Advanced Topics

IPv6 Deployment in European National Research and Education Networks (NRENs)

Deliverable D8.4 Certificate Transparency Log v2.0 Production Service

The 6NET project. An IPv6 testbed for the European Research Community

Update on IP VPN work in ITU-T

Federated E-infrastructure Dedicated to European Researchers Innovating in Computing network Architectures

Multiprotocol BGP 1 MPLS VPN. Agenda. Multiprotocol BGP 2

MPLS VPN Explicit Null Label Support with BGP. BGP IPv4 Label Session

Innovation and the Internet

Multi-Protocol Label Switching (MPLS) Support

Introduction to Multi-Protocol Label

IOS Implementation of the ibgp PE CE Feature

Multi Domain Service Architecture for Heterogonous Networks A view from GÉANT 3 - SA2: Task 1

Implementing MPLS Layer 3 VPNs

Deliverable DS2.1.1: Multi-Domain Service Architecture

Operation Manual MCE H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Network Operators (ISPs) Perspectives (Challenges and Progresses). = IPv6 at Sonatel M. Sall

Update on Hong Kong Open exchange (HKOX) APAN Mar 2018

Configuring MPLS L2VPN

This document is not restricted to specific software and hardware versions.

Configuring multicast VPN

Deploying Next-Generation Multicast VPN. Emil Gągała PLNOG, Warsaw,

Cisco Training - HD Telepresence MPLS: Implementing Cisco MPLS V3.0. Upcoming Dates. Course Description. Course Outline

MPLS Layer 3 VPNs Configuration Guide, Cisco IOS Release 12.4T

Design, Deployment and Troubleshooting Scalable MPLS Architecture (Platform : IOS-XR, IOS-XE)

Transcription:

Multi-Domain VPN service, a seamless infrastructure for Regional Network, NRENs and GEANT JRES 2013 (Montpellier) Thursday, 12 december 2013 Xavier Jeannin - RENATER, GN3plus, SA3T3 Task Leader Alain Bidaud - Responsable Technique du CRIHAN Sebastien Boggia Université de Strasbourg réseau OSIRIS Jean Benoit Université de Strasbourg réseau OSIRIS Benjamin Collet Université de Strasbourg réseau OSIRIS Christophe Palanché Université de Strasbourg réseau OSIRIS

Agenda Scientist DMZ and VPN MDVPN a seamless infrastructure for delivering VPN services to end users Technical aspect MDVPN deployment roadmap and footprint MDVPN in France MDVPN operation and security Conclusion 2

MP-VPN GN3+ project GN3+ start the 1 st, april 2013 duration 2 years SA3T3 MP-VPN piloted by RENATER Objectives First objective: Multi-domain Multi-Point L3VPN service for GEANT Finally: Add Multi-Domain VPN (L3VPN, P2P LVPN) to GEANT portfolio and possibly Multi-Point L2VPN 19 NRENs involved 3

Scientist DMZ and VPN Scientist project are founded thanks to international collaboration that require exchange of data, job, living VM and a security level Scientist DMZ VPN allows to connect at L2 or L3 level several networks as they were in the same physical location VPN is a network tool for education and research VPN can provide Scientist DMZ Better network performance (no Firewall deep inspection ) reduce security cost on site Facilitate distributed collaboration (data exchange, job, living WM) Allow project to build a virtual resource that they can share between project s users (Clusters, Grid, Cloud, HPC centers) 4

MDVPN service overview Deliver multi-domain VPN as easily and as quickly as you do in your own domain Hierarchical Multi-domain infrastructure GEANT - Carrier of Carriers NRENs Carriers Ready to cooperate with non-mpls domains and regional/metro networks Bandwidth management Independent traffic engineering in each domain BGP based path selection VPN provider (NRENs) VPN transport provider (GEANT) 5

Multi-domain VPN (MDVPN) A joint service provided by GEANT, NRENs and Regional Networks Baseline transport infrastructure for many data transmission services Umbrella for VPNs L3 or L2 VPNs spanned over several domains only by configuring the edge routers Point-to-point and multipoint topologies High scalability Total number of provisioned VPNs has very limited impact on GEANT, NREN and Regional Network core Based on MPLS and BGP protocols RFC 4364 (BGP/MPLS IP VPNs) RFC 3107 (BGP Labeled Unicast) Well known and proven technology Available in almost all box and right now No material investment only configuration 6

Services delivered by GEANT, NRENs and Regional Network VPN provider VPN provider and VPN transit provider VPN transit provider VPN transport provider SSP = Connect Service Communicate Stitching Collaborate Point SDP = Service Demarcation Point 7

MDVPN an efficient solution A set of services useful for end users Cover a wide scope of user needs: from the long-term infrastructure with intensive network usage to quick point-to-point for a conference demonstration Scientist DMZ concept Cost Reduction for international collaboration at site level VPN is deployed much more faster Based on MPLS and BGP standard Easy to configure It's flexible and quick to deploy No investment, no Cost in terms of CAX OX cost reduction for Regional Network, NREN and DANTE A service that you can not find in commercial ISP offer/portfolio because multi-domain 8

MDVPN technical principle overview Underlying principle behind this Multi-Domain VPN technology MPLS transmission path from a up to the remote in another domain MDVPN design supports non-mpls domains as well Signaling is split in 2 parts Transmission path between routers BGP (labelled unicast SAFI) Labels for VPN prefixes exchange between routers BGP or LDP VPN1 SDP Multi-hop VPNv4 e-bgp RR RR VPN1 SDP NREN A ABR BGP Labelled unicast SSP VPN proxy SSP BGP Labelled unicast ABR NREN B GEANT Label exchange for L3VPN and L2VPN (Kompella) 9

MDVPN technical principle overview P2P L2VPN using LDP (Martini) 10

MDVPN technical principle overview VPN Route Reflector (VR) Extended scalability and flexibility Easy implementation VPN1 SDP SDP VPN1 RR RR NREN A Multi-hop VPNv4 e-bgp Multi-hop VPNv4 e-bgp SSP ABR SSP BGP Labelled unicast VR VPN proxy BGP Labelled unicast ABR NREN B GEANT Route number reduction thanks to VPN Route Reflector 11

MDVPN technical principle overview VPN Proxy Interoperability with non-mpls domains (NRENs) non-mpls VPN proxy 12

MDVPN traffic flow Transparent transport technology MDVPN End User VPN Provider VPN transport service provider VPN Provider End User VPN1 VPN1 NREN A (MPLS domain) NREN B (MPLS domain) Data Label Label Data GEANT (Carrier of Carriers) Label Label Label Data Label Label Data Data 13

MDVPN Service Operation and Security Service description: http://www.geant.net/resources/deliverables/documents/d7.1_ds%203%203%201-mdvpnservice-architecture.pdf. Operation is a key point for the deployment of MDVPN Lack of coordination could endanger the rolling-out process of MDVPN Crucial points Dissemination toward NREN and Regional Network s NOC (NOC training) Coordination between DANTE, NRENs, Regional Network (communication channel) SLA between Domain Provisioning process Security No encryption Multi-Domain causes one domain cannot give its guarantee that a VPN is impregnable but a user cannot enter into the VPN Label spoofing (low level of danger) 14

SA3T3: MDVPN work status Proof of concept demonstrated on SAT3 testbed Pioneer, DFN, NORDunet, RENATER, AMRES, LITnet, FCCN, FUnet NREN involved into MDVPN Project Current state Deployment phase 1. Multi-domain operation validation (4th quarter 2013 end of 1st quarter 2014) 2. Technical Pilot Phase a. Setting-up GEANT pilot (1st quarter 2014) b. Pilot generalization phase (2nd and 3rd quarter 2014) 3. MDVPN service officially added to GEANT portfolio 15

MDVPN in France End-to-End service Regional Network in MDVPN service Multi-Domain VPNs deliver by regional network to end-user MDVPN between regional network VR-GEANT Partners: OSIRIS et SYRHANO VR-RENATER Peering Multi-hop E-BGP VPNv4 SYRHANO RR-SYRHANO - RENATER RENATER ASBR-2-RENATER SA3T3 International testbed ASBR-SYRHANO P-RENATER -SYRHANO ASBR-OSIRIS RR-OSIRIS C-SYRHANO -OSIRIS OSIRIS VRF CoC-GEANT VRF ASTRO RT:22:30 VRF BIO - RT:22:32 DFN L2Circuit international C-OSIRIS L2Circuit France RENATER backbone deployment status: ASBR RENATER connected to GEANT in Paris First (Lannion) implemented 16

Conclusions MDVPN is an innovative network service that can improve our user efficiency Network administrators have a key role by advertising end-user of the benefit of this new service Rolling-out a multi-domain service require the coordinate effort Scientist projects ask for MDVPN, RENATER and DFN already MDVPN between Lannion and Berlin as a PoC for XiFi project A French working group for the deployment of MDVPN in France XIFI is a project of the European Public- Private-Partnership on Future Internet 17

Contact Projet : Xavier Jeannin www.geant.net www.twitter.com/geantnews www.facebook.com/geantnetwork www.youtube.com/geanttv 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback