mpls based virtual private networks
play

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced - PowerPoint PPT Presentation

Apr 03, 2024 •242 likes •854 views

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation , Cisco Press B. Davie and Y. Rekhter, MPLS Technology and Applications , Morgan Kaufmann MPLS VPN Agenda Introduction to VPNs Where do Layer

  1. MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation , Cisco Press B. Davie and Y. Rekhter, MPLS Technology and Applications , Morgan Kaufmann

  2. MPLS VPN Agenda • Introduction to VPNs • Where do Layer 2 and 3 VPNs fit? • Layer 3 MPLS VPNs  VR and BGP Review  BGP/MPLS VPN Architecture Overview  VPN Routing and Forwarding (VRF) Tables  Overlapping VPNs  VPN Route Distribution  VPN Packet Forwarding Slide 2

  3. MPLS VPN Agenda...  Layer 2 MPLS VPN  Pseudo Wire Emulation Edge to Edge - PWE3  Martini Draft Encapsulation  Point to Point services  Encapsulation modes  Provider Provisioned VPN - PPVPN Slide 3

  4. VPNs The market forces... • “VPNs are popular for enterprises and revenue-generating businesses for ISPs • “If global telcos are to prosper in an increasingly difficult economic environment, they will need to build a convincing case for IP VPNs,…..”  Yankee Group Slide 4

  5. VPNs The market forces ... Most successful application of MPLS (from the business perspective) Service Providers • Worldwide VPN product and service expenditures will grow 275%, from $12.8 billion to $48.0 billion between 2001 and 2005 ( Source: Infonetics) Network Equipment Manufacturers • Service provider expenditures for metro network equipment will grow 175%, from $6.3 billion to $17.2 billion between 2000 and 2003 (and VPNs are a key requirement for this equipment) ( Source: Infonetics) Slide 5

  6. mplsrc.com – Examples of MPLS VPN deployments • • Access:Seven Japan Telecom • • Aleron Level 3 • • AT&T Masergy Communications • • Ardent Communications NetStream • • Aventel Nextra AS • • Bell Canada NTT • • Beyond the Net OneSstar • • British Telecom Song Networks • • Cable & Wireless Swisscom • • China Unicom Telia Iberia • • Cistron Telecom Austria • • Deutsche Telekom Telecom Italia • • Energis UK Teleglobe • • Equant Time Warner Telecom • • Global Crossing Tiscali • • Infonet UUNET/Worldcom • • Iteroute Williams And many more. Also go to: http://www.cellstream.com/MPLS_List.htm Slide 6

  7. VPNs – Main Concerns • Private networks: Security and privacy  How to transmit private data in a secure manner?  Main challenge? • Virtual private networks: Security, privacy, scalability and cost  How to transmit private data in a secure manner using public networks?  How to keep the cost down and how can it support a larger number of customers?  What technologies should be used? Slide 7

  8. VPNs What Are They ? L2TP Point to multipoint VLL Kompella IP VPNs Lasserre Layer 2 Vkompella VPLS Martini Tunneling IPsec Point to point BGP / MPLS VPNs Layer 3 TLS RFC 2547 Slide 8

  9. VPNs What Are They ? VPN Type Layer Implementation 1 Leased Line TDM/SDH/SONET 2 Frame Relay DLCI 2 ATM VC 3 GRE/UTI/L2TPv3 IP Tunnel 2 Ethernet VLAN/Martini/H-VPLS 3 IP MP-BGP/RFC2547/VR 3 IP IPSec Slide 9

  10. VPNs How do they compare? FR or IPSec L3 L2 Which one to choose? ATM MPLS MPLS √ √   Point-to-multipoint √ √ √  Multi-protocol √ √ √  QoS and CoS √ √ √  Low latency √ √ √ √ Security √ √ √  SLAs √ √ √  Low cost (computation cost high) Slide 10

  11. VPNs A pplications LOCATION APPLICATION CONNECTION Remote site Telecommuter Point to point connectivity Single branch office Regional site Distributed campuses Point to point connectivity Enterprise Intranets Point to multipoint Customer Extranets Regional data centers Storage, backup, and recovery National site Regional access to Corp HQ Point to point connectivity Regional HQ to regional HQ Point to multipoint Data center to data center Slide 11

  12. VPNs What Enterprises Want Virtual private 58% networks 44% Broadband 50% connections 39% 48% Legacy connections 39% 35% VLANs 26% Enterprises want 28% Services Value Added Managed security 23% Services Web and application 28% hosting 23% 26% Packetized voice 20% Network design and 23% integration 15% 19% Storage 2004 8% 8% 2002 None 26% 0% 20% 40% 60% Percent of Respondents with New Metro Access Connections Infonetics, February 2002 Slide 12

  13. What are Layer 2 and Layer 3 VPNs • VPNs based on a layer 2 (Data Link Layer) technology and managed at that layer are defined as layer 2 VPNs  ATM, Frame Relay, Ethernet, PPP, etc • VPNs based on tunneling at layer 3 (Network or IP Layer) are Layer 3 VPNs  IPSec, VR, MPLS RFC 2547 bis IP VPNs Slide 13

  14. Where Do VPNs fit ? IETF Areas Application General Internet IETF Op and Man MPLS Routing ISOC IAB Security PPVPN Sub-IP IANA Transport PWE3 User Services Slide 14

  15. Where Do VPNs fit ? • Layer 3 VPNs • Layer 2 VPLS • Logical PE PPVPN Sub-IP • Pt-to-Pt circuits Transport PWE3 • Martini ATM  FR  Ethernet  PPP  VPLS: Virtual Private LAN Services PPVPN: Provider Provisioned VPNs PWE3: Pseudo Wire Emulation Edge to Edge Slide 15

  16. What is a Virtual Private Network? • VPN (Virtual Private Network) is simply a way of using a public network for private communications , among a set of users and/or sites • Remote Access: Most common form of VPN is dial-up remote access to corporate database - for example, road warriors connecting from laptops • Site-to-Site: Connecting two local networks (may be with authentication and encryption) - for example, a Service Provider connecting two sites of the same company over its shared network Slide 16

  17. What are Layer 2, Layer 3 & IP VPNs? • VPNs based on a layer 2 (Data Link Layer) technology and managed at that layer are defined as layer 2 VPNs (MPLS, ATM, Frame Relay) - ref. OSI Layer model • VPNs based on tunneling above layer 3 (Transport Layer) are Layer 3 VPNs, (L2TP, IPSec, BGP/MPLS) • IP-VPNs are a type of layer 3 VPNs, which are managed purely as an IP network (L2TP, IPSec) Slide 17

  18. Main VPN Models • Overlay model  Each site has a router that is connected via point-to-point links to routers in other sites. • Peer model  Layer 3 VPNs built around key technologies:  User’s concerns: security and privacy (also private IP addresses)  Constrained distribution of routing information  Separation of multiple forwarding tables  Service Provider’s concerns: scalability  Simple configuration, including addition or removal of sites  Use of a new type of addresses, VPN-IP addresses  Tunneling: MPLS or even IP Slide 18

  19. Overlay Model Separate Layer2 link VPN A Security and privacy R-A2 10.2/16 VPN B 10.1/16 VPN B R-B1-1 10.2/16 R-B2 R-B1-2 Service Provider Overlapping of Network address R-A1 R-A3 VPN A VPN A 10.3/16 10.1/16 R-B3 VPN B 2 models: hub/spoke and mesh 10.4/16 Strengths? Problems? Slide 19

  20. Peer (PE & CE) Model - Layer 2 VPN CE Device 3 Layer2 link CE VPN B PE Device 1 VPN A CE PE CE Device 1 P Device PE Device 1 & P Service Provider PE Device 2 Network support VPN PE Device 2 PE VPN Tunneling Protocols CE Device 2 LDP PE BGP PE Device 3 CE SP Tunnels VPN Tunnels CE Device 4 VPN A (inside SP CE Tunnels) VPN A VPN B VPN B Header 1 Header 2 Data Packet Slide 20

  21. Peer (PE& CE) Model - Layer 3 VPN CE Device 4 PE Device 1 CE VPN A VPN B CE PE P / PE Device 4 PE CE Device 1 PE Device 1 & In a Layer 3 P P Device Service Provider PE Device 2 VPN, Network are BGP peers, CE Device and PE Device 2 and support PE Device are VPN PE IGP peers VPN Tunneling Protocols P / L2TP PE IPSec CE PE Device 3 MP-iBGP CE Device 3 CE Device 2 VPN VPN A CE Tunnels VPN A VPN B VPN B Header 1 Header 2 Data Packet Slide 21

  22. Overlay Model vs. Peer Model • Overlay Model  Secure and isolate among customers  Scalability and cost  Using virtual routers can help, but still … • Peer Model  Simple and support large-scale VPN services  How to bring the benefits of the overlay model?  Built around key technologies:  Constrained distribution of routing info: what and how?  Multiple separate routing/forwarding tables  Use of a new type of addresses, VPN-IP addresses  MPLS (or IP) tunneling Slide 22

  23. VPNs - The Basics • Components:  A core network  VPN peers (typically at the edge of the core network) • Steps for VPN set up:  Peer discovery mechanism  Control protocol exchange (VPN specific)  Data transport mechanism  necessary encapsulation  encapsulation and “de-encapsulation” capability Slide 23

  24. VPN - The Basics... • As an example, for a Layer 3 BGP/MPLS VPN (over an MPLS network)  Peer discovery mechanism = iBGP, LDP  Control protocol exchange (VPN specific) = iBGP, LDP  Data transport mechanism  necessary encapsulation = Data+BGP label+MPLS label  encapsulation and “de-encapsulation” capability  Necessary protocol exchange for the core network = OSPF/ISIS & RSVP-TE/LDP Slide 24

  25. MPLS VPN Agenda • Introduction to VPNs • Where do Layer 2 and 3 VPNs fit? • Layer 3 MPLS VPN  VR and BGP Review  Provider Provisioned VPN - PPVPN  RFC 2547bis Key Characteristics  BGP/MPLS VPN Architecture Overview  VPN Routing and Forwarding (VRF) Tables  Overlapping VPNs  VPN Route Distribution  VPN Packet Forwarding Slide 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation ,

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation ,

MPLS based Virtual Private Networks Sources: V. Alwayn, Advanced MPLS Design and Implementation , Cisco Press B. Davie and Y. Rekhter, MPLS Technology and Applications , Morgan Kaufmann MPLS VPN Agenda... Layer 2 MPLS VPN Pseudo Wire

435 views • 29 slides
Provider based Virtual Private Networks An introduction and an MPLS case Lecture slides for

Provider based Virtual Private Networks An introduction and an MPLS case Lecture slides for

HELSINKI UNIVERSITY OF TECHNOLOGY Provider based Virtual Private Networks An introduction and an MPLS case Lecture slides for S-38.192 3.3.2005 Mika Ilvesmki Networking laboratory HELSINKI UNIVERSITY OF TECHNOLOGY Mika Ilvesmki, Lic.Sc.

362 views • 15 slides
Outline Introduction Applications of MPLS Fundamental concepts Constraint-based

Outline Introduction Applications of MPLS Fundamental concepts Constraint-based

Outline Introduction Applications of MPLS Fundamental concepts Constraint-based MPLS Multiprotocol Label Switching Routing Predecessor switching Virtual Private techniques Networks (VPN) IP switching

356 views • 13 slides
I Pv6 over I Pv4/ MPLS Networks: I Pv6 over I Pv4/ MPLS Networks: The 6PE approach The 6PE

I Pv6 over I Pv4/ MPLS Networks: I Pv6 over I Pv4/ MPLS Networks: The 6PE approach The 6PE

I Pv6 over I Pv4/ MPLS Networks: I Pv6 over I Pv4/ MPLS Networks: The 6PE approach The 6PE approach Athanassios Liakopoulos Network Operation & Support Manager (aliako@grnet.gr) Greek Research & Technology Network (GRNET) I I I

389 views • 13 slides
Virtual Private Networks with tjnc 1 Motjvatjon VPN, Virtual Private Network Extend

Virtual Private Networks with tjnc 1 Motjvatjon VPN, Virtual Private Network Extend

create your own exercise Hugues Fafard, Markus Mller Virtual Private Networks with tjnc 1 Motjvatjon VPN, Virtual Private Network Extend private network over public ones Useful for companies Remote access Network bridging

256 views • 9 slides
Outline Circuit switching refresher Virtual Circuits 15-441/641: Computer Networks Why

Outline Circuit switching refresher Virtual Circuits 15-441/641: Computer Networks Why

11/23/2019 Outline Circuit switching refresher Virtual Circuits 15-441/641: Computer Networks Why virtual circuits? Virtual Circuits, MPLS,VLAN How do they work? Todays virtual circuits: MPLS 15-441 Fall 2019 Profs

556 views • 9 slides
Virtual Private Networks Distributed Systems Paul Krzyzanowski Private networks Problem You

Virtual Private Networks Distributed Systems Paul Krzyzanowski Private networks Problem You

4/25/08 Virtual Private Networks Distributed Systems Paul Krzyzanowski Private networks Problem You have several geographically separated local area networks that you would like to have connected securely Solution Set up a private

425 views • 7 slides
Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public

Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public

Virtual Private Networks -Prekshu Ajmera Virtual Private Network Internet runs on public lines that are insecure Need to communicate securely Private lines : costly option VPN Secure private communications over public

671 views • 27 slides
Tunnels and VPN * s s November 6, 2020 *virtual private networks *virtual private networks

Tunnels and VPN * s s November 6, 2020 *virtual private networks *virtual private networks

Tunnels and VPN * Tunnels and VPN * s s November 6, 2020 *virtual private networks *virtual private networks Administrative Administrative submittal instructions submittal instructions answer the lab assignments questions in

547 views • 36 slides
MPLS Multiprotocol Label Switching Overview The slides are based on: A set of slides

MPLS Multiprotocol Label Switching Overview The slides are based on: A set of slides

MPLS Multiprotocol Label Switching Overview The slides are based on: A set of slides developed by MPLS Forum. MPLS Technology and Applications , B. Davie and Y. Rekhter, Morgan Kaufman, 2001. Traffic Engineering with MPLS by E.

532 views • 51 slides
Distributed Systems Virtual Private Networks Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Virtual Private Networks Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Virtual Private Networks Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Private networks Problem You

386 views • 14 slides
Understanding MPLS OAM capabilities to troubleshoot MPLS Networks Mukhtiar A. Shaikh

Understanding MPLS OAM capabilities to troubleshoot MPLS Networks Mukhtiar A. Shaikh

Understanding MPLS OAM capabilities to troubleshoot MPLS Networks Mukhtiar A. Shaikh (mshaikh@cisco.com) Moiz Moizuddin (mmoizudd@cisco.com) 1 Agenda MPLS Overview Existing Ping/Trace Capabilities LSP Ping/Trace Theory of

402 views • 37 slides
MPLS network built on ROADM based DWDM system using GMPLS signaling PIONIER experiences in GMPLS

MPLS network built on ROADM based DWDM system using GMPLS signaling PIONIER experiences in GMPLS

MPLS network built on ROADM based DWDM system using GMPLS signaling PIONIER experiences in GMPLS based next generation optical network and strategy for integration of MPLS based metropolitan academic networks Tomasz Szewczyk (PSNC) Agenda

395 views • 21 slides
Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations

Virtual Private Networking Outline Introduction Virtual Private Networks Types of VPNs Tunneling Security Cmput 410 Presentations Encryption November 25 - 2004 Future of VPNs VPN - Definition a way to provide

595 views • 11 slides
4/22/2009 Private networks Problem You have several geographically separated Distributed

4/22/2009 Private networks Problem You have several geographically separated Distributed

4/22/2009 Private networks Problem You have several geographically separated Distributed Systems local area networks that you would like to have connected securely Virtual Private Networks Solution Set up a private network line

221 views • 3 slides
Virtual Private Networks (VPN) 12: VPN, IPV6, NAT, MobileIP Last Modified: 4/9/2003 1:14:36 PM

Virtual Private Networks (VPN) 12: VPN, IPV6, NAT, MobileIP Last Modified: 4/9/2003 1:14:36 PM

Virtual Private Networks (VPN) 12: VPN, IPV6, NAT, MobileIP Last Modified: 4/9/2003 1:14:36 PM Adapted from Gordon Chaffees slides http://bmrc.berkeley.edu/people/chaffee/advnet98/ 4: Network Layer 4: Network Layer 4a-1 4a-2 Virtual

201 views • 9 slides
acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration

IPQ806x Hardware acceleration Proceedings of netdev 0.1, Feb 14-17, 2015, Ottawa, On, Canada NSS acceleration model Features Designed for Home Gateways (CPE) Flow detection based All -or- nothing offload Acceleration

248 views • 8 slides
Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT

Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT

Simple, Secure and Flexible VPN solution for home and business me Romain Bourgue IT Security and open source fan Works for the french Civil Service since 2003 romain.bourgue@gmail.com Summary VPN solutions : multiple choices

576 views • 38 slides
CS519: Computer Networks Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking Remember

CS519: Computer Networks Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking Remember

CS519: Computer Networks Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking Remember this picture? CS519 How did the switch know to forward some packets to B and some to D? From the address in the packet header CS519 A

602 views • 36 slides
Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology

ITS335 Internet Security Internet Security Secure Email Internet Security Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l10,

450 views • 25 slides
Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework

Requirements for IPsec Negotiation in the SIP Framework draft-saito-mmusic-ipsec-negotiation-req-00.txt August 1, 2005 Makoto Saito (ma.saito@ntt.com) Shingo Fujimoto (shingo_fujimoto@jp.fujitsu.com) 1 Motivation To secure communication

83 views • 6 slides
Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst

Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst

Vehicle Communication Experiment Environment With MANET And NEMO Manabu Tsukada Thierry Ernst 2007/01/15 Introduction Vehicle communication Intelligent Transportation System (ITS) Solution for traffic control Car position

421 views • 14 slides
Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be

Hozzfrsi hlzatok gyakorlat Moldovn Istvn Forrs: Peter.Vetter@alcatel.be Francois.Fredricx@alcatel.be MUSE Winter School Network architecture Definitions (2): Nodes RGW BRAS Terminals Ethernet aggregation network

297 views • 16 slides
IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why?

IPv6 Introduction by Harald Welte <laforge@rfc2460.org> IPv6 Introduction What? Why? What is IPv6? Successor of currently used IP Version 4 Specified 1995 in RFC 2460 Why? Address space in IPv4 too small Routing tables too large

476 views • 19 slides

More recommend