Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Telecommunications, Portorož, 04.10.2008 1NLB d.d.
* MPLS – Multi Protocol Label Switching ** NLBd.d. – Nova Ljubljanska banka d.d.
Janko Jager
Telecommunications, Portorož, 04.10.2008 NLB d.d. 2
Foreword
This presentation is about NLB d.d. experience in upgrading network communications infrastructure –why, what, how, pros., cons., lessons learned – and not about technology and configurations.
Some statements in this presentation could be author’s personal opinion and not official opinion of NLB d.d.
Telecommunications, Portorož, 04.10.2008 NLB d.d. 3
Agenda
About NLB d.d.WHY...WHAT...HOW...ConclusionsQ&A
Telecommunications, Portorož, 04.10.2008 4NLB d.d.
About NLB d.d.
NLB GroupNLB in Slovenia
Telecommunications, Portorož, 04.10.2008 NLB d.d. 5
NLB d.d. - NLB Group
58 members in 17 countries
banks: 13 (including NLB d.d.)
leasing: 11
trade finance: 11
insurance: 5
asset mgmt: 1
non financial: 17
Telecommunications, Portorož, 04.10.2008 NLB d.d. 6
NLB d.d. - Sloveniaaround 150 branches; more than 700 ATMs (SNA)
Telecommunications, Portorož, 04.10.2008 7NLB d.d.
WHY to upgrade network
CapacityTechnologyNew servicesCosts
Telecommunications, Portorož, 04.10.2008 NLB d.d. 8
WAN topology (present)leased lines from 512kbps to 2Mbps; ISDN backups
Telecommunications, Portorož, 04.10.2008 NLB d.d. 9
WAN utilization (present)100% increase of network traffic in less than one yearISDN backups no longer sufficient
Telecommunications, Portorož, 04.10.2008 NLB d.d. 10
Goals
To provide sufficient capacity, quality, availability, security - to migrate corporate network from switching and routing to service oriented network platform.
To provide network support for several emerging technologies and network services – IP ATMs, IP telephony, IP video surveillance...
To lower communications costs (enhance price –performance) and achieve independence from only one telecom provider.
Telecommunications, Portorož, 04.10.2008 11NLB d.d.
WHAT is obvious technical solution
MPLS VPNGRE/IPsecMPLS VPN over GRE/IPsec
Telecommunications, Portorož, 04.10.2008 NLB d.d. 12
MPLS VPN (maybe right solution for “non-corporate” networks)
Provided/implemented by telecom provider
+Customer’s virtual private “communication
cloud” within provider’s networkMedia independent (Ethernet, xDSL, leased lines,
Frame Relay, FO...)Network devices managed by provider
-Customer depends on provider (costs, QoS...)Different customers “communication clouds” are
separated but not safe
Telecommunications, Portorož, 04.10.2008 NLB d.d. 13
GRE/IPsecImplemented by customer
+GRE/IPsec tunnels provide data securityTunnels connect customer’s private networks
(branches – datacenters)Network devices managed by customer
-Additional network equipment (costs, management,
processor power)Additional configuration (routing)
Telecommunications, Portorož, 04.10.2008 NLB d.d. 14
MPLS VPN over GRE/IPsecImplemented by customer
+Customer defined MPLS VPN network(s) over
GRE/IPsecProvider independent (better monitoring and service
management, easy to introduce new network services, customer defines virtual networks within his network)
More than one provider (costs, price-performance, QoS, redundancy...)
Network devices managed by customer
-Additional configuration
Telecommunications, Portorož, 04.10.2008 NLB d.d. 15
Comparison...MPLS VPN over GRE/IPsec
MPLS VPN GRE/IPsec
Provider independency No Yes Yes
Authentication No Yes Yes
Encryption No Yes Yes
Media independency Yes Yes Yes
Trafic separation Yes No Yes
Implemented/provided by Provider Customer Customer
Telecommunications, Portorož, 04.10.2008 NLB d.d. 16
MPLS VPN over GRE/IPsec
Customer’snetwork
Customer’snetwork
MPLS VPNMPLS VPN
Provider #1
Provider #2
Provider #3
GRE/IPsecGRE/IPsec
VPN AVPN A
VPN BVPN BBranch 2
VPN AVPN A
VPN BVPN BBranch 1
VPN AVPN A
VPN BVPN BBranch 3
VPN AVPN A
VPN BVPN BBranch 4
VPN AVPN A
VPN BVPN B
Primary
MP-BGP
Simplifyed logical scheme
datacentresecondary
&
Telecommunications, Portorož, 04.10.2008 17NLB d.d.
HOW to do it
... (project)RequirementsPilot testingTelecom Slovenia... (implementation)
Telecommunications, Portorož, 04.10.2008 NLB d.d. 18
Requirements, decisions...Selecting telecom provider(s): primary and secondary connections
by Telecom Slovenia (all connections MPLS VPN; defined QoS, reporting, on-line monitoring, problem solving...)
Selecting system integrator(s): NIL d.o.o., NLB Propria
Datacenter:1Gbps, FO, EthernetCisco routers ASR 1002
Branch office:Primary connection: 10Mbps, FO, Ethernet,
RJ45 (to the micro location)Secondary connection: xDSL Cisco routers 28xx, 38xx
Telecommunications, Portorož, 04.10.2008 NLB d.d. 19
QoS requirementsParameters Required Acceptable offsetBandwidth 10Mbps up to 20%Availability – monthly average >= 99,9%
Delay – hourly average <= 100 ms up to 3 times/month
Delay – daily average <= 70 ms up to 1 time/month
Delay – monthly average <= 60 ms
Jitter – hourly average <= 15 ms up to 3 times/monthJitter – daily average <= 10 ms up to 1 time/month
Jitter – monthly average <= 5 msPacket loss – hourly average <= 0.8% up to 3 times/monthPacket loss – daily average <= 0.3% up to 1 time/monthPacket loss – monthly average <= 0.2%
Should be confirmed by provider (and put in a contract)Measurement and reporting should also be defined
Telecommunications, Portorož, 04.10.2008 NLB d.d. 20
Pilot implementation
Telecom Slovenia Datacentre
Branch office
Secondary MPLS
New (MPLS) routers
Existing routers ISDNEthernet Leased line
Primary MPLS
Leased line
ISDN IPsec GRE tunnel
HSRP
Simplified logical scheme
Telecommunications, Portorož, 04.10.2008 NLB d.d. 21
Telecom Slovenia 1/3
MPLS@NLB add on from TS
VPN business
services
Carrier Class equipmentCarrier Grade network infrastructure with DWDM protection mechanismsMPLS Based Core network with protection of all linksMetroethernet based Access Network with protection of business customersUsage of different kind of first‐mile technologies as ADSL2+, VDSLx, FTTx, SHDSL, EFM, Wimax and Mobile networkOver 100 cities covered with business network for VPN servicesE2E QoS assuranceSLA monitoring/reporting and advanced SLA monitoring/reporting (with applications)24/7 Network operations center Dedicated contact channel and technical team for business customers
* Signed
contract
with
mobile
operater Mobitel (on trial)
Telecommunications, Portorož, 04.10.2008 NLB d.d. 22
Telecom Slovenia 2/3
MPLS@NLB add on from TS
Services on MPLS networkL3 VPN
VoIP for SB, SMB and large enterprise networks (IP centrex and IP PBX support)
Advanced IP TV services, standard and high definition
VoIP for residental segment and for SOHO
FMC services
Hotels multimedia services and advanced hotels multimedia services
SLA monitoring and advanced SLA monitoring (with applications)
Combination of P2P and mash VPN network
L2 VPN*
IMS (IP multimedia subsystem)*
IPS service (Intrusion Prevention System)*
Redundancy location of DRC**
Surveillance service (commercial name INFRANET)*
VPN service for IP/POS terminals and ATM’s*
* on trial
Telecommunications, Portorož, 04.10.2008 NLB d.d. 23
Telecom Slovenia 3/3
MPLS@NLB add on from TS
Telekom Slovenia topology
Carrier Class equipment MPLS Based Core network with protection of all links (10G)Metroethernet based Access Network with protection of business customersOver 100 cities covered with business network for VPN servicesSeparate business and residental netwotk on physical layer Dual WAN connectivity
Telecommunications, Portorož, 04.10.2008 24NLB d.d.
Conclusions
Lessons learnedResultsTO DO...
Telecommunications, Portorož, 04.10.2008 NLB d.d. 25
Lessons learnedImportan NLB d.d. experience
Project Involve internal users/customers; gain management support; prepare business case...
Plan, plan, plan More than one year of planning, meetings, educations.Larger network, more services – more planning required.Think about big picture – don’t forget about other network segments (network core, monitoring and management) and new services (IP telephony, IP ATMs...)Significant architecture change – server centralization.
Equipment Be careful when buying new network equipment: capacity, end of sale, end of support, SW versions for required functionalities...Support costs for new equipment might be lower; part of business case.
Testing, pilot branch office implementation Proved to be very useful; some configurations were changed.Internal users/customers confirmation.
Telecom providers Take time for negotiations. Think about contract: obligations and penals – costs, response times, QoS parameters, measurements, reporting... Not all telecom providers are capable of connecting all NLB d.d. branch offices.Different providers – very different prices.
Cable installations (within buildings) Might be a problem: protected buildings, permits, cabling documentation, extra costs, extra time...Who is responsible for cabling...
Telecommunications, Portorož, 04.10.2008 NLB d.d. 26
ResultsGoals NLB d.d. conclusions
Sufficient capacity 10Mbps for each branch office, can be upgraded.QoS Telecom providers put QoS parameters and measurement
methods into contracts. Unfortunately they do not offer QoS as required.
Availability High availability is technically supported by using primary and secondary connections. Unfortunately both are still from the same provider.
Security Enabled by using MPLS VPN over GRE/IPsec.Ability to easily support new network services (IP ATMs, IP telephony...)
Enabled by using MPLS VPN over GRE/IPsec. Independent from telecom provider. Consideration could be sufficient QoS.
Lower communications costs Much better price-performance. Lower network equipment maintenance costs. Server centralization/consolidation.
Independence from only one telecom provider
Independence is technically supported. Not all telecom providers are capable of connecting all NLB d.d. branch offices.
Telecommunications, Portorož, 04.10.2008 NLB d.d. 27
TO DO...
Sign the contract with providerEstablish connectivity with all branchesFinish implementation (only datacenters and one branch implemented)
Introduce network support for new services (IP ATMs)Start redesigning network core...
Telecommunications, Portorož, 04.10.2008 NLB d.d. 28
Q&AOne question at a time, please...
Telecommunications, Portorož, 04.10.2008 29NLB d.d.
Thank you.
Janko Jager, B.Sc.ManagerNLB d.d., IT Processing and Infrastructure, NetworkŠmartinska 132, SI-1520 Ljubljana, SloveniaT:+386 1 476 46 98, F:+386 1 476 41 25, [email protected], www.nlb.si