39
RTTC Pune presents MPLS based Virtual Private Network

MPLS-VPN

Tags:

Embed Size (px)

Citation preview

  • RTTC Pune presentsMPLS based Virtual Private Network

  • Private NetworkLeased LinesInfosysMumbaiInfosysBangaloreInfosysHyderabadWiproMumbaiWiproChennaiWiproBangaloreInfosys Pune e.g. Leased Lines

  • Private NetworkAdvantages :Security.Privacy and Guaranteed QoS.

    Disadvantages :Leased lines are very expensive.No. of links grows exponentially if full mesh connectivity is required and network expands.Network complexity increases as network grows. For a new site addition all existing sites requires reconfiguration.

  • Public Network Connectionless network :Each IP packet is routed independently.Delay : Multiple packets originated from the same source for the single destination may follow different paths.Loss of Information : Some of the packets may also fail to reach the destination.Out of Sequence : bad for VoIP and Video.

    Hence Quality of Service can not be assured by the internet network.e.g. Internet

  • Internet : WeaknessesAn open and shared network. Any person from anywhere can access any part of network. It is not controlled by any single agency.No security mechanism, it is left to the customer who adopts different means for data protection depending upon how important the data is? L3-Routing protocols are used. Forwarding is based on the destination address only.Destination based Routing lookups are performed on every hop.

  • Internet Devices

    Firewalls To avoid unauthorized intrusions

    Switches To connect LANs

    Routers To route the traffic from Source to Destination

  • Customer ExpectationsThe customer today wants :QoSSecuritySpeed or CIR / BODSLACost effectivenessManageability.

  • VPN : Virtual Private NetworkIt is a technique of utilizing Public Network for Private (i.e. Secured) Communication.VPN simulates the operation of private WAN over the Public network.A private network constructed over a shared infrastructure like Internet.Virtual - not a separate physical network.Private - separate addressing and routing policies.Network - a collection of devices that communicate.VPNs reduce the cost of private networking.

  • Virtual Private NetworkWhat is VPN?Applying some policies to the traffic flowing in the shared network (BSNL) so that traffic of one customer (Wipro) will not mix-up with other customer (Infosys). VPN create the feeling in customer about security and safety of their valuable data on the shared network .Different solutions are available to make communication over internet safe, secure and it can also ensure desired grade of quality of service. These solutions are known as VPN solutions.Earlier different protocols like L2TP, PPTP, IPSec etc are used to provide VPN solutions to customers. These Protocols take care of data authenticity, data integrity, and if required data confidentiality.

  • VPN technologies : IPSec, GRE, Socks, PPTP, L2TP and now MPLS.MPLS emerged from IETFs effort to standardise set of proprietary multi layer switching solutions without compromising on Security .MPLS nicely integrates the control of IP routing with a simplicity of L2 switching.MPLS reduces the complexity of N/w operation and does Resource allocation to assure CIR.VPN

  • VPN (FR/ATM)PVCsPermanent Virtual Circuits

  • Each office is connected to the network with a single physical lineNumber of physical lines to connect n sites = nEach office is connected with other offices by Virtual circuits, pre established by network administratorNumber of VCs to connect n sites = n(n-1)/2Provide moderate amount of security and QoS.L2 devices have no knowledge of L3 routing information.Network administrator has to configure PVCs manually at every node involved in the networkDifficult to implement if number of sites are more.VPN (FR/ATM)

  • To add a new office site, network administrator has to configure new virtual circuits at each every concerned node.Frame Relay & ATM technologies are very complex, expensive and so not deployed everywhere particularly in third world countries.VPN (FR/ATM)

  • Internet Based VPNWiproPuneInternetShared InfrastructureInfosys PuneInfosysHyderabadInfosysMumbaiWiproChennaiInfosysBangaloreWiproBangalore

  • Advantages:Single physical connectivity at each site. No reconfiguration required at existing sites in case of addition of new site to the network.Huge saving in annual connectivity charges.Disadvantages:Highly insecure environment.No guarantee of Privacy and QoS.Any unauthorized traffic can enter in private network.Internet Based VPN

  • VPN TunnelsTunneling is the mechanism to encapsulate IP datagrams inside another packet so that original datagram is not visible to network. Every packet is authenticated to ensure that it is coming from right source and optionally packets can be encrypted also for data confidentiality if required FirewallFirewallInternet

  • Virtual Private NetworkInternetFirewallsWiproMumbaiInfosys PuneInfosysHyderabadWiproBangaloreInfosysBangaloreInfosysMumbaiWiproChennai

  • VPN Tunnel-AnalogyOriginal PacketEncapsulating ProtocolCarrier Protocol

  • VPN TunnelEncrypted DataAuthentication InformationCarrier ProtocolVPN Tunnel

  • Advantages of VPN - Data SecurityAuthenticityEnsures the identity of all communicating partiesEach data packet was originated by the claimed senderData IntegrityEnsures that information being transmitted over the link is not altered in any way during transitData ConfidentialityProtects the privacy of information being exchanged between communicating parties

  • BSNLS MPLS Network

  • Strength of BSNLs MPLS :Widest presence : Over 300 cities covering terrestrial area at the most affordable price.Technology : Installed high end 12400 GSR Cisco and M40e-Juniper routers capable of handling very high traffic which offers QoS , application wise BW allocation and many other VA features.Dedicated Network : BSNL MPLS N/w exclusively carries only MPLS traffic. All major nodes are Mesh connected on STM-16 ( 2.5 Gbps) pipe so no congestion.Complete MPLS Backbone is built on SDH platform

  • Strength of BSNLs MPLS :MPLS is a new forwarding mechanism where packets are forwarded based on Label.Committed Bandwidth : BSNL offers 3 COS- Gold, Silver and Bronze offering 99.9%, 50% and 25% of committed bandwidth with inherent resource allocation feature. So customers will never get less than the committed BW.Bandwidth offered : From 16 Kbps to STM1.NOC : Complete MPLS N/w is monitored 24X7 from NOC at Bengalore.Cost effective solution for Corporate CUG.

  • MPLS Based VPNsWhat is the need for new technology like MPLS?In normal IP based network routing decisions are done on hop-by-hop basis (i.e. at every node/router).Leased Line based network is highly expensive and do not provide mesh connectivity among the sites by default. Hence a need of a ultra fast forwarding technology.MPLS changes the hop-by-hop paradigm by enabling devices (routers) to specify paths for a specific type of traffic to follow in the network based upon QoS and bandwidth needs of the applications.

  • MPLS : Multi Protocol Label SwitchingA technology for speeding up data communication over combined IP (or ATM) networks. MPLS improves the speed of packet processing and enhances performance of the network. MPLS provide a connection-oriented service for transporting data across computer networks.Ability to use any physical transmission media allows higher backbone and interface capacity.Ultra Fast Forwarding Technology.

  • Complexity of Network with Leased Lines PuneAhmedabadMumbaiLucknowKolkottaDelhiChennaiBangaloreErnakulamHyderabadLeased lines from BSNL

  • The MPLS environment LinksRouterPuneAhmedabadMumbaiLucknowKolkottaDelhiChennaiBangaloreErnakulamHyderabadBSNLs MPLS VPN Network

  • How does MPLS work ?Only Edge routers perform Layer 3 header analysis/routing lookup (i.e. looking at Source and Destination IP Address). It is done just once when the packet enters the MPLS domain. MPLS Edge router attaches a label to Packet when it enters the MPLS domain.Core routers switch packets based on simple label lookups and swap labels. L2 devices run a L3 routing protocol and establish Vitual Circuits dynamically based on L3 information. No need to manually establish Virtual Circuits.

  • Advantages of MPLS MPLS Labels usually corresponds to IP destination networks (equal to traditional IP forwarding)Labels can also correspond to other parameters such as QoS, FEC, Source address.Traffic can be forwarded based on these other parameters. Load sharing across unequal paths can be achieved.MPLS is designed to support forwarding of other protocols as well.MPLS gives network operators (BSNL) a great deal of flexibility to divert and route traffic around link failures, congestion, and bottlenecks.

  • Terminology used in MPLSLabel Switched Path (LSP) :The network path created by the MPLS protocol.LSP is an unidirectional entity

    Label Switching Routers (LSR) :The routers which support the MPLS protocol.Types of LSRs : ingress, transit, penultimate, and egress.

  • MPLS Routers

    Ingress Router :The Entry point for user data traffic into MPLS. It is a start point of LSP. Egress Router :The Exit point for user data traffic from MPLS domain. It is a End point of LSP. Transit Router :The routers located along the LSP to swap the MPLS labels. Penultimate Router :One of the transit routers in an LSP which has a special function called Penultimate Hop Popping to perform.

  • MPLS : TerminologyLabel : Header created by the edge LSR and used by the LSRs to forward packets. Identifies the path a packet should traverse.Forwarding Equivalence Class (FEC) A group of IP packets which are forwarded in the same manner, over the same path, and with the same forwarding treatment. An FEC might correspond to a destination IP subnet. For example, all traffic with a certain value of IP precedence might constitute a FEC.

  • MPLS Network

  • MPLS ArchitectureMPLS Architecture is divided into two planes:1. Control Plane : Create Labels and LSPs2. Data Plane : Forwarding Labeled Packets

    MPLS takes help of many Protocols:1. Routing Protocols2. Signaling Protocols LDP or RSVP

  • MPLS Architecture

    MPLS was created to combine the benefits of connectionless L3 routing and forwarding with connection-oriented L2 forwarding.

    MPLS clearly separates the control plane, where L3 routing protocols establish the paths used for packet forwarding

    And the data plane, where L2 label switched paths forward data packets across the MPLS infrastructure.

    MPLS also simplifies per-hop data forwarding, where it replaces the L3 lookup function performed in traditional routers with simpler label swapping.

  • MPLS Label FormatFields20 bit Label.3 bit Experimental field (CoS-Class of Service)1 bit Bottom of the Stack bit.8 bit TTL field (Time to live)IP packet is encapsulated by ingress LSRIP packet is de-encapsulated by egress LSRTTLLabel (20-bits)CoSSIP Packet32-bitsL2 HeaderMPLS Header

  • Label ProcessingPushAdds a new label to the top of the packet (Ingress)PopRemoves the label & IP packet is forwarded as a native IP packet (Egress or Penultimate Hop Router)SwapReplaces the label at the top of the label stack with a new label (Transit)Swap & PushSwaps the label and pushes one more label (tunnel in a tunnel) (Transit)Multiple PushPushes upto 3 labels at Ingress router (Tunnel in tunnel starts at Ingress router itself) (Ingress)

  • How MPLS works?

  • What is Quality of ServiceDesktop Conferencing,Distance LearningMission-Critical ApplicationsFTPE-Mail

  • Role of QoSProtect mission-critical applicationsVoice, ERP, data warehouse, sales force automationPrioritize groups of usersFinance, sales, suppliersEnable multimedia applicationsDistance learning, desktop video conferencing

  • Quality of Service (QoS)MPLS has got very powerful tools like traffic prioritization, traffic scheduling, traffic shaping, traffic policing etc to ensure proper grade of quality of service to customer.Broadly three grades of services are available at present in MPLS VPN ServiceGold (Guaranteed bandwidth, delivery, Jitter and latency)Silver (Guaranteed delivery)Bronze (Best effort)

  • QoS has been a critical requirement for the wide-area network for years. Bandwidth, delay, and delay variation requirements are at a premium in the wide-area. The importance of end-to-end QoS is increasing due to the rapid growth of intranets and extranet applications that have placed increased demands on the entire network. QoS plays a number of important roles: Protect mission-critical applicationsQoS can protect mission critical applications, such as mission critical enterprise applications or sales automation systems, from bandwidth hungry applications such as multimedia, web-casting, and real-time video applications.Prioritize groups of usersQoS can also be used to prioritize traffic based on user or user group classification such as sales and engineering groups.Enable multimedia applicationsQoS is required to enable many new multimedia applications such distance learning or desktop video conferencing. QoS policies can also restrict the use of network resources by these bandwidth-hungry applications.


MPLS-VPN Services

MPLS-VPN Services

Documents
Multiprotocol BGP MPLS VPN - cisco.com...Multiprotocol BGP MPLS VPN AMultiprotocolLabelSwitching(MPLS)virtualprivatenetwork(VPN)consistsofasetofsitesthatare interconnectedbymeansofanMPLSprovidercorenetwork

Multiprotocol BGP MPLS VPN - cisco.com...Multiprotocol BGP MPLS VPN AMultiprotocolLabelSwitching(MPLS)virtualprivatenetwork(VPN)consistsofasetofsitesthatare interconnectedbymeansofanMPLSprovidercorenetwork

Documents
MPLS VPN Service - PCCW Globalmediafiles.pccwglobal.com/images/downloads/SP_MPLS_VPN_20131029...MPLS VPN Service PCCW Global’s MPLS ... Customer Portal Database Customer Service

MPLS VPN Service - PCCW Globalmediafiles.pccwglobal.com/images/downloads/SP_MPLS_VPN_20131029...MPLS VPN Service PCCW Global’s MPLS ... Customer Portal Database Customer Service

Documents
MPLS VPN - Product Presentation

MPLS VPN - Product Presentation

Documents
Technickézajímavosti z implementace MPLS VPN s multicast VPN

Technickézajímavosti z implementace MPLS VPN s multicast VPN

Documents
MPLS VPN--MIB Support - CiscoMPLS VPN--MIB Support ThisdocumentdescribestheSimpleNetworkManagementProtocol(SNMP)agentsupportinCiscosoftware forMultiprotocolLabelSwitching(MPLS

MPLS VPN--MIB Support - CiscoMPLS VPN--MIB Support ThisdocumentdescribestheSimpleNetworkManagementProtocol(SNMP)agentsupportinCiscosoftware forMultiprotocolLabelSwitching(MPLS

Documents
Mpls l2 VPN Tmpll2v001

Mpls l2 VPN Tmpll2v001

Documents
MPLS VPN - ctamericas.com · MPLS VPN China Telecom’s MPLS VPN services are the ultimate cost-effective solutions for business communication needs, offering the security, reliability,

MPLS VPN - ctamericas.com · MPLS VPN China Telecom’s MPLS VPN services are the ultimate cost-effective solutions for business communication needs, offering the security, reliability,

Documents
Mpls l3 VPN Principle

Mpls l3 VPN Principle

Documents
MPLS VPN - Theseus

MPLS VPN - Theseus

Documents
Interas Mpls VPN

Interas Mpls VPN

Documents
Doc6 mpls vpn-ppt

Doc6 mpls vpn-ppt

Documents
Cisco Mpls VPN

Cisco Mpls VPN

Documents
Mpls vpn toi

Mpls vpn toi

Engineering
MPLS VPN Technology

MPLS VPN Technology

Documents
MPLS VPN MPLS VPN - · PDF fileMPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across a private network to lt th VPN f it V PN emulate the VPN function

MPLS VPN MPLS VPN - · PDF fileMPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across a private network to lt th VPN f it V PN emulate the VPN function

Documents
MPLS VPN Tutorial Dang

MPLS VPN Tutorial Dang

Documents
GRE VPN Mpls

GRE VPN Mpls

Documents
IPClear MPLS VPN Whitepaper

IPClear MPLS VPN Whitepaper

Documents
MPLS/WAN/VPN Bandwidth Services at NNPC Nodal … MPLS Based Bandwidth... · MPLS/WAN/VPN Bandwidth Services at NNPC Nodal Hubs ... Service (MPLS) and Virtual Private Network (VPN)

MPLS/WAN/VPN Bandwidth Services at NNPC Nodal … MPLS Based Bandwidth... · MPLS/WAN/VPN Bandwidth Services at NNPC Nodal Hubs ... Service (MPLS) and Virtual Private Network (VPN)

Documents
Mpls l3 VPN Tmpll3v001

Mpls l3 VPN Tmpll3v001

Documents
Mpls10s07-Mpls VPN Technology

Mpls10s07-Mpls VPN Technology

Documents
MPLS VPN - utcluj.roftp.utcluj.ro/pub/users/dadarlat/retele_master/mpls-vpn/MPLS_VPN/... · MPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across

MPLS VPN - utcluj.roftp.utcluj.ro/pub/users/dadarlat/retele_master/mpls-vpn/MPLS_VPN/... · MPLS VPN • MPLS VPNs are enhancement to MPLS • MPLS uses a virtual circuit (VC) across

Documents
Kamal-mpls Based VPN

Kamal-mpls Based VPN

Documents
VPN Mpls Ipsec Tls

VPN Mpls Ipsec Tls

Documents
MPLS VPN - HH

MPLS VPN - HH

Documents
Sigcom Mpls VPN

Sigcom Mpls VPN

Documents
Juniper L2 MPLS VPN

Juniper L2 MPLS VPN

Technology
MPLS VPN. MPLS/BGP VPNs Goals MPLS/BGP VPN Features Implementation Conclusions

MPLS VPN. MPLS/BGP VPNs Goals MPLS/BGP VPN Features Implementation Conclusions

Documents
Layer 3 MPLS VPN Enterprise Consumer Guide€¦ · 3 Layer 3 MPLS VPN Enterprise Consumer Guide OL-8851-01 MPLS VPN Primer MPLS VPN Primer VPN service offers a cost-effective way

Layer 3 MPLS VPN Enterprise Consumer Guide€¦ · 3 Layer 3 MPLS VPN Enterprise Consumer Guide OL-8851-01 MPLS VPN Primer MPLS VPN Primer VPN service offers a cost-effective way

Documents