VPN Overview (1)

8/11/2019 VPN Overview (1)

1/30

1

Overview of VPN


2/30

2

Private Networks

Leased Lines

Organization A

Site 1

Organization A

Site 2

Organization A

Site 3

Organization B

Site 1

Organization B

Site 2

Organization B

Site 3

Organization A

Site 4


3/30

3

Private Network

Advantages: Leased lines are secured

Privacy and QoS Guarnteed

Disadvantages Leased lines are very expensive

No of links required grows exponentially if full mesh

connectivity is required and network expands.

More nos of CPE ports are required Network complexity increases as network grows. All existing

sites requires reconfiguration in case of a new site addition.


4/30

4

Internet Based Private Network

Organization A

Site 1

Organization A

Site 2

Organization A

Site 3

Organization B

Site 1

Organization B

Site 2

Organization B

Site 3

Organization A

Site 4

InternetShared Infrastructure


5/30

5

Internet Based Private Network

Advantages: Single physical connectivity at each site.

No reconfiguration required at existing sites in caseof addition of new site to the network.

Saving on CPE ports

Huge saving in annual connectivity charges.

Disadvantages:

Highly insecure environment

No guarantee of Privacy and QoS

Any unauthorized traffic can enter in private network


6/30

6

Virtual Private Network

Different solutions are available to makecommunication over internet safe, secure and it can

also ensure desired grade of quality of service.

These solutions are known as VPN solutions.

Different protocols like L2TP, PPTP, IPSec etc are

available to provide VPN solutions to customers.

These Protocols take care of data authenticity, data

integrity, and if required data confidentiality.


7/307

Virtual Private Network

Organization A

Site 1

Organization A

Site 2

Organization A

Site 3

Organization B

Site 1

Organization B

Site 2

Organization B

Site 3

Organization A

Site 4

Internet

Firewalls


8/308

Deploying VPNs in the 21st Century

Uses IP Infrastructure

May be shared with Internet services

Increasing importance of IP/MPLS (not ATM/FR)

Subscriber requirements Lower operational expenses

A single network connection for multiple services

Provider requirements

Multiservice infrastructure

Create additional source of revenue

Internet

Remote Access

Intranet

Extranet

Mobile Users andTelecommuters

BranchOffice

CorporateHeadquarters

Suppliers, Partnersand Customers


9/309

Virtual Private Network Categories

VPN can be classified in two categories Customer Provisioned

VPN Tunnels originate and terminate at customer premises

Provisioning of equipment and allied activities is the responsibility of

the customer Provider may not be aware of the VPN tunneling through his network

Provider Provisioned

VPN Tunnels originate and terminate at the service providers edge

Responsibilities of creating and maintaining these tunnels lies withthe provider


10/3010

Customer Provisioned VPNs

Organization A

Site 1

Organization B

Site 1

Organization B

Site 2

Internet

Organization B

Site 3

Secured

Tunnels


11/3011

Provider Provisioned VPNs

Organization A

Site 1

Organization B

Site 1

Organization B

Site 2

Internet

Organization B

Site 3

Secured

Tunnels


12/3012

MPLS Based VPNs

MPLS Based Layer 3 VPNs Providers router participates incustomers layer 3 routing

Provider router manages VPN-specific routing tables,

distributes routes to remote sites

CPE routers advertise their routes to the provider

MPLS Based Layer 2 VPNs

Customer maps their layer 3 routing to the circuit mesh

Provider delivers Layer 2 circuits to the customer, one for

each remote site

Customer routes are transparent to provider


13/3013

MPLS Based Layer 3 VPN

P

P

P PE 2

VPN ASite 3

VPN ASite 1

VPN BSite2

VPN BSite 1

PE 1

PE 3

VPN ASite2

CEA1

CEB1

CEA3

CEA2

CEB2

P

VPN BSite3

CEB3CEC1VPN C

Site 1 VPN CSite 2

CEC2

A VRF is created

for each VPNconnected to the PE

StaticRoutes

OSPFRouting

E-BGP
http://www.iconbazaar.com/symbols/symbols/home02.gifhttp://www.iconbazaar.com/symbols/symbols/home02.gif


14/3014


Each VRF is populated with:

Routes received from directly connected CErouters associated with the VRF

Routes received from other PE routerswith acceptable BGP attributes

Only the VRF associated with a VPN is usedfor packets from a site of that VPN

Provides isolation between VPNs


15/30

15


Customers can use overlapping IP addresses Customers are free to use any IP address even

private IP addresses.

Very little manual configuration. Auto discovery of newsites. No reconfiguration of existing sites in case of

new site addition.

Cheaper than leased lines as it works on MPLS based

IP infrastructure which is a shared infrastructure. QoS can be assured as MPLS has the capability to

provide differentiated QoS


16/30

16


Customers can create intranet as well asextranet with the help of layer 3 VPNs.

Extranet allows the customers to allow business

partners, suppliers to access their network. 100 % secured intranet as well as extranet.

Single physical connectivity at every site

resulting in very simple network topology. Provider participates in customers routing

process.


17/30

17


Provider edge device delivers Layer 2 circuit IDs(DLCI, VPI/VCI, or VLAN ID) to the customer

Customer sees standard FR or ATM PVCs

From my site, one for each reachable site

Provider edge device maps the circuit ID to an MPLS

LSP to traverse the provider core

Label stacking could be used to improve scalability

Customer maps their own routing architecture to thecircuit mesh

Customer routes are transparent to provider

Separation of administrative responsibility


18/30

18


P

P

P PE 2

VPN ASite 3

VPN ASite 1

VPN BSite2

VPN BSite 1

PE 1

PE 3

VPN ASite2

CEA1

CEB1

CEA3

CEA2

CEB2

P

A VFT is created

for each CEconnected to the PE

ATM

ATM

ATM

Each VFT is populated with:

The information provisioned for the local CEs

VPN Connection Tables received from other PEs via BGP or LDP

FR

FR


19/30

19


Layer 2 VPN supported Technologies Frame Relay

ATM

Ethernet Ethernet VLANs

HDLC

PPP


20/30

20


Separation of customers and providers routingprovides extra confidence to customer about

security of his network.

Customer can choose any layer 2 connectivitywhich is supported by layer 2 VPN.


21/30

21

Virtual Private LAN Service VPLS

Different sites of customers network can getconnected to MPLS network on Ethernet just like theyconnect with any LAN switch.

With auto discovery of MAC addressed of devices

each site can learn about the machines connectedwith VPLS service.

To customer it appears very much like a ordinaryEthernet connectivity.

To customer MPLS network appears like a huge LANswitch with which its different site are connected justlike connected with Ethernet LAN switch.


22/30

22

P

P

PPE 2

VPN ASite 3

VPN ASite 1 VPN B

Site2

VPN BSite 1

PE 1

VPN ASite2

CEA1

CEB1CEA3

CEA2

CEB2

P

Virtual Private LAN Service

A private Ethernet network constructed over a sharedinfrastructure which may span several metro areas

Multipoint to Multipoint Ethernet connectivity where the SPnetwork looks like an Ethernet broadcast domain

Compliments Layer 3 2547 and Layer 2 VPNs

PE 3


23/30

23

What is Quality of Service

DesktopConferencing,

Distance Learning

Mission-Critical

Applications

FTP

E-Mail


24/30

Role of QoS

Protect mission-critical applications Voice, ERP, data warehouse,

sales force automation

Prioritize groups of users Finance, sales, suppliers

Enable multimedia applications

Distance learning, desktop video conferencing


25/30

25

Quality of Service (QoS)

MPLS has got very powerful tools like trafficprioritization, traffic scheduling, traffic shaping,traffic policing etc to ensure proper grade ofquality of service to customer.

Broadly three grades of services are availableat present in MPLS VPN Service

Gold (Guaranteed bandwidth, delivery, Jitter and

latency) Silver (Guaranteed delivery)

Bronze (Best effort)


26/30

26

Three Classes of Service

Three class of serviceaccording to thecustomers requirement (Gold, Silver & Bronze)

If customer requirement is more than 2 Mbps then

tariff will be n x tariff for 2 Mbps.

Sl No.Class

ofService

ComittedBandwidth

(%)

Tariff per Annum (Rs in Lakhs)

64kbps

128kbps

256kbps

512kbps

1 Mbps 2 Mbps

1. Gold 99 0.77 1.38 2.38 3.69 5.84 12.32

2. Silver 50 0.58 1.04 1.79 2.76 4.38 9.24

3. Bronze 25 0.38 0.69 1.19 1.84 2.92 6.16


27/30

27

Service Tax & Discount

No of Ports Discount on VPN Port

2 to 5 10 %

6 to 10 12 %

11 to 15 15 %

16 and above 20 %

Service tax @ 10% will be charged w.e.f10/9/2004 and

Education cess @ 2 % of the service tax willalso be levied in addition to service tax


28/30

28

Tariff for Leased Line Data Circuits

S.N. Distance(kms)

64 Kbps(Rs.)

2 Mbps(Rs.)

8 Mbps(Rs.)

34 Mbps(Rs.)

140 Mbps(Rs.)

1 50 34,319 3,48,642 13,94,568 55,78,272 2,23,13,088

2 100 40,646 5,38,454 21,53,816 86,15,264 3,44,61,056

3 200 54,412 9,51,431 38,05,724 1,52,22,896 6,08,91,584

4 300 68,178 13,64,407 54,57,628 2,18,30,512 8,73,22,048

5 400 81,944 17,77,384 71,09,536 2,84,38,144 11,37,52,576

6 500 95,710 21,90,360 87,61,440 3,50,45,760 14,01,83,040

7Beyond500

96,000(Fixed)

22,00,000(Fixed)

88,00,000(Fixed)

3,52,00,000(Fixed)

14,08,00,000(Fixed)


29/30

29

Tariff for 128 kbps to 960 kbps

Capacity Coefficient

960 kbps 7.6

768 kbps 6.4

512 kbps 4.8

384 kbps 4.0

320 kbps 3.6

256 kbps 3.1

192 kbps 2.5

128 kbps 1.8

The tariffs for 128 kbps to 960 kbps is equal to the tariff for 64 kbps xby the coefficients as below


30/30

30

ICICI Bank Case Study

Total nos of Leased Lines of Various capacitiesacross the Country82

Total Annual charges paidRs 142604651/-

75 links were possible to be shifted on VPN

Cost of 75 VPNs of different capacities

Rs- 7,30,00,000/-

Cost of rest 7 leased linesRs-50,00,000/

Total cost7,80,00,000/-

Documents

VPN Overview (1)