GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NRENs NOC 9 - - PowerPoint PPT Presentation

gn3 sa3t3 multi domain vpn service collaboration of nren
SMART_READER_LITE
LIVE PREVIEW

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NRENs NOC 9 - - PowerPoint PPT Presentation

Jan 30, 2024 41 likes •174 views

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NRENs NOC 9 th TF NOC meeting (Prague) Thursday, 14 November 2013 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan Jakovljevic / AMRES Agenda MDVPN a

slide-1
SLIDE 1

GN3+ SA3T3 / Multi-Domain-VPN service: Collaboration of NREN’s NOC

9th TF NOC meeting (Prague) – Thursday, 14 November 2013 Xavier Jeannin / RENATER, SA3T3 Task Leader Miguel Angel Sotos / RedIRIS Bojan Jakovljevic / AMRES

slide-2
SLIDE 2

2

Connect | Communicate | Collaborate

Agenda

MDVPN a seamless infrastructure for delivering VPN services to end users Role of the NOCs MDVPN service operation monitoring MDVPN deployment roadmap and footprint Conclusions on MDVPN operation

slide-3
SLIDE 3

3

Connect | Communicate | Collaborate

MDVPN: seamless infrastructure for delivering VPN services to end users

VPN provider VPN transport provider VPN provider and VPN transit provider VPN transit provider

MDVPN objective Deliver multi-domain VPN as easily and as quickly as you do in your own domain SSP = Service Stitching Point SDP = Service Demarcation Point

slide-4
SLIDE 4

4

Connect | Communicate | Collaborate

MDVPN: seamless infrastructure for delivering VPN services to end users

VPN provider VPN transport provider VPN provider and VPN transit provider VPN transit provider

  • A joint service delivered by GEANT-NRENs
  • GEANT provides VPN transport service
  • NRENs subscribe once to the VPN transport service then get as

many as you want VPNs.  Only configuration at edge is required

RR RR ABR PE ABR ABR ABR PE PE PE GEANT RENATER DFN SSP SSP SSP SSP PE Other Partners VPN

proxy

SSP PE PE PE PE ImaginLab L3VPN ImaginLab L3VPN PE PE ImaginLab P2P L2VPN ImaginLab P2P L2VPN ImaginLab P2P L2VPN

SDP SDP SDP SDP SDP

PE ImaginLab L3VPN RR ABR Regional Network PE PE

SDP

ImaginLab L3VPN PE PE PE NORDUnet SSP VPN

proxy

PE VPN

proxy

RR ABR FUnet PE PE ImaginLab P2P L2VPN

SDP SDP

SSP

  • MDVPN service is an ’umbrella’:

 L3VPN, P2P-L2VPN , MP-L2VPN (VPLS)

slide-5
SLIDE 5

5

Connect | Communicate | Collaborate

One Use case: XiFi project

https://www.fi-xifi.eu/about-xifi/what-is-xifi.html

XIFI is a project of the European Public-Private-Partnership on Future Internet

slide-6
SLIDE 6

6

Connect | Communicate | Collaborate

MDVPN a efficient solution …

A set of services useful for end users Cover a wide scope of user needs: from the long-term infrastructure with intensive network usage to quick point-to-point for a conference demonstration Scientist DMZ concept

Cost Reduction for international collaboration at site level VPN is deployed much more faster Based on MPLS and BGP standard Easy to configure It's flexible and quick to deploy No investment, no Cost in terms of CAPEX CAPEX saving thanks VPN multiplexing (no dedicate interface, ….) OPEX cost reduction for NREN and DANTE A service that you can not find in commercial ISP offer/portfolio because multi-domain

slide-7
SLIDE 7

7

Connect | Communicate | Collaborate

Role of the NOCs

Provision the VPN on end-user requests Support end-users Communication with partners DANTE, NRENs, Regional Net… Provide efficient communication channel VPN-ASTRO-providers@ … VPN-ASTRO-operation@ … Ensure the day-to-day working monitor the service Troubleshooting Provide statistics monitoring to end-users and to partners Ensure OLA commitment are achieved

Provisioning process

slide-8
SLIDE 8

8

Connect | Communicate | Collaborate

What to monitor

Underlying principle behind this Multi-Domain VPN technology The LSP is extended from a PE up to the remote PE in another domain

Peerings to be monitored

Monitoring is decentralized: monitor SDPs and SSPs state Labeled unicast BGP peering Multi-hop BGP VPNv4 peering

slide-9
SLIDE 9

9

Connect | Communicate | Collaborate

Day-to-day monitoring

Objective: detect problems that may affect the service level specification.

  • 1. Availability of each PE

A specific L3 VPN instance (‘ping_VPN’ instance) will be setup on all PEs for diagnostic purposes A central tool (kind of smokeping) to check the availability of the PE through the ‘ping_VPN’.

  • 2. A Looking Glass service for the VPN Reflector will help to troubleshoot the

VPNs signalling (route announcement and reception).

RR RR RR RR ABR PE ABR ABR ABR PE ABR PE PE ABR ABR GEANT NREN A NREN B NREN C Regional Network SSP SSP SSP SSP SSP PE NREN E (non MPLS) VPN

proxy

SSP PE PE PE PE PE PE PE PE VPN1 VPN1 VPN1 PE PE VPN1 VPN2 VPN2 VPN2 VPN2 VPN2 VPN3 VPN3 VPN3

SDP SDP SDP SDP SDP SDP SDP SDP SDP SDP

slide-10
SLIDE 10

10

Connect | Communicate | Collaborate

Statistics Monitoring

The VPN transport provider (GÉANT) is not able to distinguish the different VPNs. At GÉANT level, only SSP availability and usage (throughput statistics) will be provided. The traffic carried by a particular VPN instance can be monitored, at least at interface (SDP) level. It is up to the NREN to provide statistics on their SDP NRENs and GÉANT cannot provide a general view of VPN usage, so it will be on the responsibility of end users to manage this. The list of the different statistics that should be collected at SSP level and at SDP level is not totally specified.

slide-11
SLIDE 11

11

Connect | Communicate | Collaborate

Prove of concept demonstrated on SAT3 testbed

Pioneer, DFN, NORDunet, RENATER, AMRES, LITnet, FCCN, FUnet…

SA3T3: MDVPN work status

NREN involved into MDVPN Project

Current state Deployment phase

1.

Multi-domain operation validation (4th quarter 2013 – end of 1st quarter 2014)

2.

Technical Pilot Phase

  • a. Setting-up GEANT pilot

(1st quarter 2014)

  • b. Pilot generalization phase

(2nd and 3rd quarter 2014) 3.

MDVPN service officially added to GEANT portfolio

slide-12
SLIDE 12

12

Connect | Communicate | Collaborate

Conclusions on MDVPN operation

Service description: https://intranet.geant.net/SA3/Shared%20Documents/Deliverables/D7.1_DS%203%2 03%201-MDVPN-service-architecture.pdf Operation is a key point for the deployment of MDVPN Lake of coordination could endanger the rolling-out process of MDVPN Crucial points Dissemination toward NREN’s NOC Coordination between DANTE, NRENs, Regional Network (communication channel) NOC training

Technical cookbook / configuration for different stuff vendors

Operational cookbook Would it be possible to collaborate on this MDVPN operation topic? Improve and implement an innovative operational model

Reuse but new points (incorporation of regional network ….) Dissemination toward NREN’s NOC

slide-13
SLIDE 13

13

Connect | Communicate | Collaborate

www.geant.net

www.twitter.com/GEANTnews | www.facebook.com/GEANTnetwork | www.youtube.com/GEANTtv

Connect | Communicate | Collaborate