Upload
phong-tran
View
217
Download
0
Embed Size (px)
Citation preview
8/11/2019 VPN Overview (1)
1/30
1
Overview of VPN
8/11/2019 VPN Overview (1)
2/30
2
Private Networks
Leased Lines
Organization A
Site 1
Organization A
Site 2
Organization A
Site 3
Organization B
Site 1
Organization B
Site 2
Organization B
Site 3
Organization A
Site 4
8/11/2019 VPN Overview (1)
3/30
3
Private Network
Advantages: Leased lines are secured
Privacy and QoS Guarnteed
Disadvantages Leased lines are very expensive
No of links required grows exponentially if full mesh
connectivity is required and network expands.
More nos of CPE ports are required Network complexity increases as network grows. All existing
sites requires reconfiguration in case of a new site addition.
8/11/2019 VPN Overview (1)
4/30
4
Internet Based Private Network
Organization A
Site 1
Organization A
Site 2
Organization A
Site 3
Organization B
Site 1
Organization B
Site 2
Organization B
Site 3
Organization A
Site 4
InternetShared Infrastructure
8/11/2019 VPN Overview (1)
5/30
5
Internet Based Private Network
Advantages: Single physical connectivity at each site.
No reconfiguration required at existing sites in caseof addition of new site to the network.
Saving on CPE ports
Huge saving in annual connectivity charges.
Disadvantages:
Highly insecure environment
No guarantee of Privacy and QoS
Any unauthorized traffic can enter in private network
8/11/2019 VPN Overview (1)
6/30
6
Virtual Private Network
Different solutions are available to makecommunication over internet safe, secure and it can
also ensure desired grade of quality of service.
These solutions are known as VPN solutions.
Different protocols like L2TP, PPTP, IPSec etc are
available to provide VPN solutions to customers.
These Protocols take care of data authenticity, data
integrity, and if required data confidentiality.
8/11/2019 VPN Overview (1)
7/307
Virtual Private Network
Organization A
Site 1
Organization A
Site 2
Organization A
Site 3
Organization B
Site 1
Organization B
Site 2
Organization B
Site 3
Organization A
Site 4
Internet
Firewalls
8/11/2019 VPN Overview (1)
8/308
Deploying VPNs in the 21st Century
Uses IP Infrastructure
May be shared with Internet services
Increasing importance of IP/MPLS (not ATM/FR)
Subscriber requirements Lower operational expenses
A single network connection for multiple services
Provider requirements
Multiservice infrastructure
Create additional source of revenue
Internet
Remote Access
Intranet
Extranet
Mobile Users andTelecommuters
BranchOffice
CorporateHeadquarters
Suppliers, Partnersand Customers
8/11/2019 VPN Overview (1)
9/309
Virtual Private Network Categories
VPN can be classified in two categories Customer Provisioned
VPN Tunnels originate and terminate at customer premises
Provisioning of equipment and allied activities is the responsibility of
the customer Provider may not be aware of the VPN tunneling through his network
Provider Provisioned
VPN Tunnels originate and terminate at the service providers edge
Responsibilities of creating and maintaining these tunnels lies withthe provider
8/11/2019 VPN Overview (1)
10/3010
Customer Provisioned VPNs
Organization A
Site 1
Organization B
Site 1
Organization B
Site 2
Internet
Organization B
Site 3
Secured
Tunnels
8/11/2019 VPN Overview (1)
11/3011
Provider Provisioned VPNs
Organization A
Site 1
Organization B
Site 1
Organization B
Site 2
Internet
Organization B
Site 3
Secured
Tunnels
8/11/2019 VPN Overview (1)
12/3012
MPLS Based VPNs
MPLS Based Layer 3 VPNs Providers router participates incustomers layer 3 routing
Provider router manages VPN-specific routing tables,
distributes routes to remote sites
CPE routers advertise their routes to the provider
MPLS Based Layer 2 VPNs
Customer maps their layer 3 routing to the circuit mesh
Provider delivers Layer 2 circuits to the customer, one for
each remote site
Customer routes are transparent to provider
8/11/2019 VPN Overview (1)
13/3013
MPLS Based Layer 3 VPN
P
P
P PE 2
VPN ASite 3
VPN ASite 1
VPN BSite2
VPN BSite 1
PE 1
PE 3
VPN ASite2
CEA1
CEB1
CEA3
CEA2
CEB2
P
VPN BSite3
CEB3CEC1VPN C
Site 1 VPN CSite 2
CEC2
A VRF is created
for each VPNconnected to the PE
StaticRoutes
OSPFRouting
E-BGP
http://www.iconbazaar.com/symbols/symbols/home02.gifhttp://www.iconbazaar.com/symbols/symbols/home02.gif8/11/2019 VPN Overview (1)
14/3014
MPLS Based Layer 3 VPNs
Each VRF is populated with:
Routes received from directly connected CErouters associated with the VRF
Routes received from other PE routerswith acceptable BGP attributes
Only the VRF associated with a VPN is usedfor packets from a site of that VPN
Provides isolation between VPNs
8/11/2019 VPN Overview (1)
15/30
15
MPLS Based Layer 3 VPNs
Customers can use overlapping IP addresses Customers are free to use any IP address even
private IP addresses.
Very little manual configuration. Auto discovery of newsites. No reconfiguration of existing sites in case of
new site addition.
Cheaper than leased lines as it works on MPLS based
IP infrastructure which is a shared infrastructure. QoS can be assured as MPLS has the capability to
provide differentiated QoS
8/11/2019 VPN Overview (1)
16/30
16
MPLS Based Layer 3 VPNs
Customers can create intranet as well asextranet with the help of layer 3 VPNs.
Extranet allows the customers to allow business
partners, suppliers to access their network. 100 % secured intranet as well as extranet.
Single physical connectivity at every site
resulting in very simple network topology. Provider participates in customers routing
process.
8/11/2019 VPN Overview (1)
17/30
17
MPLS Based Layer 2 VPNs
Provider edge device delivers Layer 2 circuit IDs(DLCI, VPI/VCI, or VLAN ID) to the customer
Customer sees standard FR or ATM PVCs
From my site, one for each reachable site
Provider edge device maps the circuit ID to an MPLS
LSP to traverse the provider core
Label stacking could be used to improve scalability
Customer maps their own routing architecture to thecircuit mesh
Customer routes are transparent to provider
Separation of administrative responsibility
8/11/2019 VPN Overview (1)
18/30
18
MPLS Based Layer 2 VPNs
P
P
P PE 2
VPN ASite 3
VPN ASite 1
VPN BSite2
VPN BSite 1
PE 1
PE 3
VPN ASite2
CEA1
CEB1
CEA3
CEA2
CEB2
P
A VFT is created
for each CEconnected to the PE
ATM
ATM
ATM
Each VFT is populated with:
The information provisioned for the local CEs
VPN Connection Tables received from other PEs via BGP or LDP
FR
FR
http://www.iconbazaar.com/symbols/symbols/home02.gifhttp://www.iconbazaar.com/symbols/symbols/home02.gif8/11/2019 VPN Overview (1)
19/30
19
MPLS Based Layer 2 VPNs
Layer 2 VPN supported Technologies Frame Relay
ATM
Ethernet Ethernet VLANs
HDLC
PPP
8/11/2019 VPN Overview (1)
20/30
20
MPLS Based Layer 2 VPNs
Separation of customers and providers routingprovides extra confidence to customer about
security of his network.
Customer can choose any layer 2 connectivitywhich is supported by layer 2 VPN.
8/11/2019 VPN Overview (1)
21/30
21
Virtual Private LAN Service VPLS
Different sites of customers network can getconnected to MPLS network on Ethernet just like theyconnect with any LAN switch.
With auto discovery of MAC addressed of devices
each site can learn about the machines connectedwith VPLS service.
To customer it appears very much like a ordinaryEthernet connectivity.
To customer MPLS network appears like a huge LANswitch with which its different site are connected justlike connected with Ethernet LAN switch.
8/11/2019 VPN Overview (1)
22/30
22
P
P
PPE 2
VPN ASite 3
VPN ASite 1 VPN B
Site2
VPN BSite 1
PE 1
VPN ASite2
CEA1
CEB1CEA3
CEA2
CEB2
P
Virtual Private LAN Service
A private Ethernet network constructed over a sharedinfrastructure which may span several metro areas
Multipoint to Multipoint Ethernet connectivity where the SPnetwork looks like an Ethernet broadcast domain
Compliments Layer 3 2547 and Layer 2 VPNs
PE 3
http://www.iconbazaar.com/symbols/symbols/home02.gifhttp://www.iconbazaar.com/symbols/symbols/home02.gif8/11/2019 VPN Overview (1)
23/30
23
What is Quality of Service
DesktopConferencing,
Distance Learning
Mission-Critical
Applications
FTP
8/11/2019 VPN Overview (1)
24/30
Role of QoS
Protect mission-critical applications Voice, ERP, data warehouse,
sales force automation
Prioritize groups of users Finance, sales, suppliers
Enable multimedia applications
Distance learning, desktop video conferencing
8/11/2019 VPN Overview (1)
25/30
25
Quality of Service (QoS)
MPLS has got very powerful tools like trafficprioritization, traffic scheduling, traffic shaping,traffic policing etc to ensure proper grade ofquality of service to customer.
Broadly three grades of services are availableat present in MPLS VPN Service
Gold (Guaranteed bandwidth, delivery, Jitter and
latency) Silver (Guaranteed delivery)
Bronze (Best effort)
8/11/2019 VPN Overview (1)
26/30
26
Three Classes of Service
Three class of serviceaccording to thecustomers requirement (Gold, Silver & Bronze)
If customer requirement is more than 2 Mbps then
tariff will be n x tariff for 2 Mbps.
Sl No.Class
ofService
ComittedBandwidth
(%)
Tariff per Annum (Rs in Lakhs)
64kbps
128kbps
256kbps
512kbps
1 Mbps 2 Mbps
1. Gold 99 0.77 1.38 2.38 3.69 5.84 12.32
2. Silver 50 0.58 1.04 1.79 2.76 4.38 9.24
3. Bronze 25 0.38 0.69 1.19 1.84 2.92 6.16
8/11/2019 VPN Overview (1)
27/30
27
Service Tax & Discount
No of Ports Discount on VPN Port
2 to 5 10 %
6 to 10 12 %
11 to 15 15 %
16 and above 20 %
Service tax @ 10% will be charged w.e.f10/9/2004 and
Education cess @ 2 % of the service tax willalso be levied in addition to service tax
8/11/2019 VPN Overview (1)
28/30
28
Tariff for Leased Line Data Circuits
S.N. Distance(kms)
64 Kbps(Rs.)
2 Mbps(Rs.)
8 Mbps(Rs.)
34 Mbps(Rs.)
140 Mbps(Rs.)
1 50 34,319 3,48,642 13,94,568 55,78,272 2,23,13,088
2 100 40,646 5,38,454 21,53,816 86,15,264 3,44,61,056
3 200 54,412 9,51,431 38,05,724 1,52,22,896 6,08,91,584
4 300 68,178 13,64,407 54,57,628 2,18,30,512 8,73,22,048
5 400 81,944 17,77,384 71,09,536 2,84,38,144 11,37,52,576
6 500 95,710 21,90,360 87,61,440 3,50,45,760 14,01,83,040
7Beyond500
96,000(Fixed)
22,00,000(Fixed)
88,00,000(Fixed)
3,52,00,000(Fixed)
14,08,00,000(Fixed)
8/11/2019 VPN Overview (1)
29/30
29
Tariff for 128 kbps to 960 kbps
Capacity Coefficient
960 kbps 7.6
768 kbps 6.4
512 kbps 4.8
384 kbps 4.0
320 kbps 3.6
256 kbps 3.1
192 kbps 2.5
128 kbps 1.8
The tariffs for 128 kbps to 960 kbps is equal to the tariff for 64 kbps xby the coefficients as below
8/11/2019 VPN Overview (1)
30/30
30
ICICI Bank Case Study
Total nos of Leased Lines of Various capacitiesacross the Country82
Total Annual charges paidRs 142604651/-
75 links were possible to be shifted on VPN
Cost of 75 VPNs of different capacities
Rs- 7,30,00,000/-
Cost of rest 7 leased linesRs-50,00,000/
Total cost7,80,00,000/-