MPLS VPN
Overview
confidentia
l confidentia
l
MPLS VPN Services
MPLS ?
MPLS VPN Operation
RCOM Network overview
Challenges – Data Network
Remote Connect - RA MPLS VPN
Telecommuter
confidentia
l
Shifts in the Application Deployment
The nature of applications has changed From batch-driven applications (i.e. Payroll, inventory control) to highly
interactive applications and business critical applications (ERP, such as SAP, peoplesoft)
New technologies bring new applications Voice and video conferencing
E-learning, e-support, e-collaboration, ... e-everything“
Centralization vs. Decentralization of applications Centrally hosted applications depend on the quality of the network
IP Best Effort can hardly meet today‘s and tomorrow‘s application requirements
confidentia
l
Demands on network deploymentDemands on network deployment
Current Effects on Corporate Networks
NetworkingEvolution
NetworkingEvolution
ChangingBusiness
Environemt
ChangingBusiness
Environemt
Shift inApplicationDeployment
Shift inApplicationDeployment
Flexibility
Scalability
Security
Virtual Private Networks
(M)Any-to-(M)Any
IP Quality of Service
Further technological developmentFurther technological development
confidentia
l
How Can These Demands Be Met ? Different solutions might have to be implemented depending on the demands
of the corporate network A convergence of different technologies might be necessary to build intranet
and extranet solutions
FlexibilityFlexibility
Easily add or moveexisting sites withinthe network
Any-to-AnyAny-to-Any
Adapt to changingneeds of corporate communication
VPNVPN
Privacy equivalent to what private networksoffer today
IP QoSIP QoS
Meet the changing demands of todays and tomorrows IPbased applications
MPLS VPNMPLS VPN
MPLS VPNMPLS VPN
confidentia
l
The Technology Challenge
Technology options are growing at an exponential pace, while the ability of businesses to assimilate these new technologies is growing at a steady pace...
Com
plex
ity
Time
Technology Assimilation GapRate Of New Technology
Introduction
Rate At Which Businesses Assimilate New Technology
DataQuest
confidentia
l
Data Network - ‘Do it all by yourself’
Data Center
Internet
Leased LinesVSATInternetIP-VPN
Call Center
confidentia
l
A Network you can plug into – To bring your biz entities on-line with your IT apps
WiredWireless
Call Center
Own/ 3rd Party Data CenterERPCRME-mailSupply Chain MgtIntranet Portal
Terabit MPLS Network with All
India Reach
confidentia
l
A Virtual Private Network is constructed over shared infrastructure Virtual – Not a separate physical network, but appears to be one Private - Separate addressing and routing Network
A partitioned private network over common shared IP backbone using technologies to ensure privacy of data either self-provided or provided by Service Provider
CorporateHQ
Mobile User
Branch
FactorySupplier
Shared Infrastructure
VPN ?
confidentia
l
VPNREQUIREMENTS
Extend Corporate Network Reduce Hardware costs by decreasing termination ports Prioritization of applications like voice/video Integrate Suppliers and Customers to Corporate Network Remote Access from anywhere, anytime
Scalable and Flexible Predictable performance and pro-active management Highly secure in conformation to world standards Ability to support Private Addressing Ability to support Convergence
Business
Technical
CorporateHQ
Mobile User
Branch
FactorySupplier
Shared Infrastructure
confidentia
l
L2 Vs. L3 VPN
L2 VPN delivers either virtual circuits Customer controls Layer3; SP just provides tunnel Referred as Overlay VPN Typically for Point to Point solutions
L3 VPN requires peering between CE router and PE router Provider maintains routing tables for every VPN customer
site Referred as Peer-to-Peer VPN Typically for Site to Site and Access VPNs
Ethernet
IP IP
Ethernet
Virtual Circuit
Layer3
PeeringLayer3
Peering
Tunnel Terminated on PE
Layer2
Layer3
confidentia
l
CPE based
Network based
• Public
• Do it Yourself
• Best Effort
• IP Sec
• Scalability limited
• Private
• SP provsioned
• Predicatable
• Inherently Secure
• Extremely scalable
Current TechnologiesReliance offering
Site to Site
Internet
MPLS
FR/ATM
Depending on the need Enterprise chooses appropriate technology – No integrated approach.
MPLS gives an Integrated Approach
Remote Access
Reliance offering
confidentia
l
M P L S ?
Multi Protocol Label Switching
confidentia
l
BROADCAST: Go everywhere, stop when you get to B, never ask for directions.
HOP BY HOP ROUTING: Continually ask who’s closer to B go there, repeat … stop when you get to B.
“Going to B? You’d better go to X, its on the way”.
SOURCE ROUTING: Ask for a list (that you carry with you) of places to go that eventually lead you to B.
“Going to B? Go straight 5 blocks, take the next left, 6 more blocks and take a right at the lights”.
One of the many ways of getting from A to B:
“Label Substitution” what is it?
confidentia
l
Have a friend go to B ahead of you using one of the previous two techniques. At every road they reserve a lane just for you. At ever intersection they post a big sign that says for a given lane which way to turn and what new lane to take.
LANE#1
LANE#2
LANE#1 TURN RIGHT USE LANE#2
Label Substitution
confidentia
l
Hop-by-hop or source routing to establish labels
Uses label native to the media
Multi level label substitution transport
So What is MPLS ?
confidentia
l
MPLS Building Blocks
Customer Edge Router connects Customer Network to MPLS Network.
Uses Static Routing or RIP/OSPF to exchange Layer3 information to PE
CE
Layer3Information Exchange
PPE
confidentia
l
PE
Provider Edge Router (Label Edge Router) adds Label specific for a VPN site
Maintains VRF for each of its directly connected sites
P
CE
MPLS Building Blocks
confidentia
l
Provider Router (Label Switch Router) forwards packets based on Labels P routers are not attached to Customer Networks directly No VPN specific information is stored
P
CE
PE
MPLS Building Blocks
confidentia
l
VRF VRF
VRF VRF
PE2PE1
VRF
VRF -VPN Routing and Forwarding Routing and Forwarding Table associated with directly connected CEs
CE
P
MPLS Building Blocks
confidentia
l
CE
PE P
Label Switched Path - Static or can be set up dynamically Uses either LDP or RSVP as protocol Unidirectional – Asymmetric bandwidth!
LDP/RSVP
MPLS Building Blocks
confidentia
l
192.168.1.0
192.168.2.0 192.168.1.0
192.168.2.0
VRF
Default route as PE addedor RIP/OSPF advertises
1. PE1 adds local route to192.168.2.0 to VRF Green
2. PE1 adds Label and advertises to other PEs using IBGP
VRF
PEs belong to greenVPN installs route for 192.168.2.0
VRF VRF
PE2PE1
PE is configured to associate VRF with Interface or Sub-Interface of CE
Multiple VRFs provide separation Uses LSP to move VPN traffic
MPLS VPN Operation
confidentia
l
192.168.1.0
192.168.2.0 192.168.1.0
192.168.2.0
VRF VRF
PE1 installs (label) - the local route as part of Green VPN PE1 advertises the local route learnt from CE to other PEs along
with RD (Route Distinguisher), RT (Route Target) PE2 that is part of Green VRN adds it to VRF
PE1 PE2PE1PE1PE1
Label for
192.168.1.0Label for
192.168.2.0
LocalLocal
RT, VPN Identifier
RD –VPN site Identifier
MPLS Route Learning
confidentia
l
192.168.1.0
192.168.2.0 192.168.1.0
192.168.2.0
192.168.1.1
Forward based on destination IP
MPLS Packet Forwarding
IP Packet
192.168.1.1
Forward based on Label
192.168.1.1
Forward based on Label
192.168.1.1
Forward based on Label
191.168.1.1
Forward based on Label
192.168.1.1
Add Label and forward based on
Label
PE2PE1
2.0
VPN VPN
Repeat
1.0
Remote Labels learnt through Route learning. Black Label for 192.168.1.0 is stored at PE1
Remote Labels learnt through Route learning. Blue Label for 192.168.2.0 is stored at PE2
confidentia
l
192.168.1.0
192.168.2.0 192.168.1.0
192.168.2.0
192.168.1.1
Forward based on destination IP
MPLS Packet Forwarding (Repeat)
IP Packet
192.168.1.1
Forward based on Label
192.168.1.1
Forward based on Label
192.168.1.1
Forward based on Label
191.168.1.1
Forward based on Label
192.168.1.1
Add Label and forward based on
Label
PE2PE1
VPN VPN
confidentia
l
192.168.1.0
192.168.2.0 192.168.1.0
192.168.2.0
192.168.1.1
Packet Forwarding in MPLS
IP Packet
192.168.1.1
192.168.1.1
192.168.1.1 191.168.1.1192.168.1.1
PE2PE1
IPVPNLSP
Identifies VPN and customer destination address
Used to separate customer VPN
Added when packets enter and removed when packets leave
VPN
LSP
Swapped after every hop
Used for forwarding in MPLS core
Identifies the Label Switched Path
confidentia
l
192.168.1.0
192.168.2.0 192.168.1.0
192.168.2.0
IP Packet
Forward based on destination IP
IP Packet
Forward based on destination IP
IP Packet
Forward based on destination IPIP Packet
Forward based on Destination IP
Packet Forwarding in IP Network
IP Packet
IP Packet
Forward based on destination IP
confidentia
l
MPLS Delivers
As a technology As IP VPN
Network based VPN
CEs need to exchange Layer3 information only with connected PEs; No need to exhanage routing informatioin with other CEs
Overcomes overlapping private IP Address issues
Routing Protocols establish reachability
Routing at Edge and Swicthing at Core
Delivers CoS/QoS
Platform to address convergence
Without IPSec, Security is as good as FR/ATM
Packet switched technology
Supports Layer2 and Layer3 VPNs
Supports Traffic Engineering
confidentia
l
Access Technology Matrix
Port Bandwidth InterfaceAccess
Technology*CPE Provided
64 Kbps to 512 Kbps Ethernet ADSL ADSL Modem
DLC G.703 Modem
LMDS3 LMDS RT
DLC V.35 Converter
LMDS3 LMDS RT
LMDS3 LMDS RT
Metro Ethernet None
>2Mbps to 100 Mbps Ethernet Metro Ethernet None
32 Mbps (E3) / 42 Mbps (DS3)
G.703 SDH TN1C (SDH Mux)
126 Mbps (STM 1)G.703 / optical
SDH TN1X (SDH Mux)
64 Kbps to 2 Mbps
G.703
V.35
Ethernet
*Tulip Wireless Access solution option is also available on a case-to-case basis
confidentia
l
Regional Office
Head Office
XYZ Franchisee
LMDS Hub
Extranet(Dealers / Suppliers)
BN
Reliance CoreNetwork
Reliance MPLS VPN Solution
confidentia
l
Disasters have no preferences 7/26 – Mumbai Floods
The enterprise Biz would however prefer to stay unaffected
Disaster Recovery
confidentia
l
Reliance IDC’s : Integral part of the MPLS Network
4 Level-3 certified IDCs 2 in Mumbai,
2 in Bangalore
A ready-to-move-in DR / Primary site
confidentia
l
State-of-the-art Facility
Redundant network equipment, components, power and network paths
The highest physical and network security
Domain specific technical expertise
Controlled HVAC environment, 24x7 onsite maintenance, monitoring and service support
Automated operations
Connectivity to the outside world and other data centers.
confidentia
l
Primary Data
center
DR-site ready MPLS Network
Reliance IDC as DR site
Terabit MPLSNetwork
confidentia
l
Applications
Storage Systems
Data
Storage Systems
Data
Applications
Primary Site Near DR Site
Storage Systems
Data
Applications
Far DR Site
50-100 Km
Near Real time synchronous data mirroringDifferent Seismic Zone
Synchronous data mirroring
Near DR / Far DR solution
confidentia
l
Reliance Network Overview
confidentia
l
OSS/BSS/NOC
Services / Applications
QoS aware MPLS Core
High Capacity Optical Core FTTB Access
Ne
two
rk M
an
age
me
nt
End-End Integrated network – Mobile and BB
Leadership at every layer of architecture
Metro Core Ethernet / TDM
POTS, nx64K,
BRI, x-DSL
DLC with DSLAM
DWDM
Managed Lambda
LMDS, UBR, WiMAX
Ethernet, Fast E
GbE
MEN
E1, DS3 STM-1/4/16
PRIADM
Intranet
Extranet
Web
HostedSolutions
L2/L3 VPN’s
BC/DR Solutions
PSTN
Wireless Voice & Data
DWDM
confidentia
l
Backbone Reliance owned IP/MPLS network
Only Optical Fibre backbone network completely based on ring architecture
21 Core & and 172 Collector locations.
7 Primary Core locations
Core, Distribution and Aggregation routers
14 Secondary Core locations
Distribution and Aggregation routers
Dual homed to Primary Core locations
172 Collector locations
Aggregation routers
Dual homed to Core locations
Reliance Data Network (RDN)
confidentia
l
7 Primary Locations
Heavily Physically Meshed
STM 16 (64) connectivity between primary core locations
14 Secondary Locations
Fully Logically Meshed
STM 4 connectivity to two or more primary locations
172 Collector Locations
Connected to a core location
STM 1 / n * E1 to core locations
Reliance Data Network (RDN)
Largest MPLS enabled Core Data Network already
confidentia
l
Access Methodology: Wireline FTTB
End-to-end optical fiber based self healing topology
Connects major nodes within a city (Metro) – act as aggregation points for customer traffic within city
Interconnects to all telecom service providers
End-to-end (customer premise to core) self healing ring topology
Optical Fiber based network to support high bandwidths
Cable based on ITU G.652 standard
MCN- Media Convergence NodeMAN- Media Access NodeBAN- Building Access NodeBA- Building Access RingBOI- Building Of InterestBN- Building Node
BA Ring
Core Backbone
Main Access Ring
MCN
MANBAN
MCNMCN
12-fiber direct building cable
MCN
BAN
BOI (BN location)
confidentia
l
Reliance
NetworkMain Access Ring
MCN : Media Convergence Node
MAR : Main Access Ring
BN : Building Node
BAN : Building Aggregation Node
BAN
Building AccessRing (BA Ring)
BAN
Building AccessRing (BA Ring)
MCN
BN
BN
Copper
Copper
BN
BN
Ethernet
G.703 /
Ethernet G.703 /
Network Provisioning – Fiber-to-the-Building (FTTB)
confidentia
l
Reliance
Network Main Access Ring(MA Ring)
MCN : Media Convergence Node
MAN : Media Access Node
BN : Building Node
MAN
SDH-ADM
BNBN BN
BN
BNBN BN
BN
Copper / Fiber Connectivity
Copper/Fiber Connectivity
MCN
Multi-Point Distribution System (LMDS)
confidentia
l
SLA Parameters
SLA Parameter Standard Premium
SLA Measurement period Annually Annually
Port Uptime Assurance Percentage
Up to 98.5% Up to 99.5%
MTTR * Up to 10 hours Up to 6 hours
Network Latency (PE to PE)# <= 80 msec <= 80 msec
Packet Loss (PE to PE) <= 0.5% <= 0.5%
Usage Credit against SLA default
100% 300%
confidentia
l
We monitor your connections 24 x 365
Single point visibility and analysis
Lowest Time-to-Restore network performance
Enabling you to provide SLAs to your biz
National NOC USP
confidentia
l
Challenges – Data Network
confidentia
l
Challenges – Data Network Slow Applications due to congestion Video broadcast or conferencing may have bad picture quality or appear jerky Voice sessions may have bad voice quality or periods of silence Critical transactions may take too long (too many seconds) Bulk transfers take too long (too many hours) Poor performance of real time applications which are sensitive to delay, jitter and
packet loss. Customer using voice, video, and data application traffic demand varying service
requirements. Business Critical Data and Non Business Data treated with same priority at
service provider network. No priority for Voice or video traffic.
How to meet these Challenges ??
confidentia
l
Traffic Class of Service (TCoS) Class of Service (CoS) capabilities enable customer to assign different
priority levels to specific applications
Class of Service includes features for traffic prioritization and bandwidth management to minimize network delay using Class of Service classification, marking, scheduling and policing.
To differentiate between priority enterprise applications like voice, video, ERP, CRM, SCM from non-mission critical applications like e-mail, FTP and web browsing.
CoS can reduce the Total Cost of ownership (TCO) of the Network far lower than comparable networks.
In an over-provisioned network there may be minimal congestion but the cost to performance ratio is not maximized. With CoS, application performance can be precisely optimized from end-to-end in all kinds of situations
confidentia
l
30%30%
20%20%
10M
bps
8 M
bps
30%30%
Voi
ceE
RP
Mai
lW
eb
20%20%
Platinum
Gold
Silver
Bronze
COS based SLA
Traffic Class of Service (TCoS)
confidentia
l
Available Queues
Platinum
Class is suited for latency sensitive applications. Provides guaranteed bandwidth based on customer’s bandwidth allocation. E.g. Voice.
Gold
Class is for critical data applications. E.g. Video, Mission critical data
Silver
Class is for Other data applications. E.g. Business data, Network management data.
Bronze
Class is for all non prioritized traffic. E.g. Web browsing.
Traffic Class of Service (TCoS)
confidentia
l
Queue Behaviour Platinum
The packets will be dropped if the traffic exceeds the bandwidth defined for the platinum queue
Gold, Silver, Bronze
If traffic exceeds the defined bandwidth, traffic will use remaining bandwidth of other queues, if available.
The drop probability will be used for selective dropping during sudden congestion or imminentcongestion
Gold, Silver
For Gold and Silver the exceeded traffic will be marked with higher drop probability.
If there is a congestion in Reliance Network, gold and silver packets with low drop probability will pass, packets marked with high drop probability will be dropped.
Bronze
High and low drop probability is irrelevant.
Traffic Class of Service (TCoS)
confidentia
l
SLAs for CoS Queues
Queues Packet Loss Latency* Jitter
Platinum < 0.1% 60ms 10
Gold < 0.5% 70ms NC
Silver < 0.75% 70ms NC
Bronze <1.0% 80 ms NC
Traffic Class of Service (TCoS) - SLA
Financial penalties for non-conformance of SLA
SLAs will be valid between PE to PE.
confidentia
l
Business Rules
Customer can choose only one CoS profile for a site with BW >512 Kbps.
Customer will be responsible for marking the packets and Reliance will be using those marking for QoS decision as per the CoS Flavour.
CoS request will be accepted at least for two or more than two sites.
SLA for CoS will be offered only between the CoS enabled sites.
SLAs are offered between Reliance’s PE where as for the customers with managed CPE SLAs are offered from CPE to CPE.
Customer can view CoS based reports on the CNM portal. Available reports are Service Availability, Packet Loss, Latency, Jitter, BW utilization.
Customer will be responsible for marking the packets.
Billing is as per the CoS tariff.
Traffic Class of Service (TCoS)
confidentia
l
I need to send the same data to multiple sites but I need to send
one-by-one to every site, wasting time and bandwidth resources.
I have a stock ticker to be send to all my clients. My
application can send the ticker simultaneously to all clients.
Will the network support this feature?
Our CEO wants to address all the employees of the regional
offices. Can the audio stream be sent to all the offices
without sacrificing the bandwidth?
Challenges – Data Network
How to meet these Challenges ??
confidentia
l
Unicast is one to one delivery of information, which requires more then one time transmission of similar data from the source device, if receivers are more then one.
Broadcast is transmission of information to all sites of VPN irrespective of their need.
Multicast allows the efficient distribution of information within one VPN, from one site (as a Source) to other sites (multiple receivers). For this it allows one time transformation of information from the source device regardless of the number of receivers.
Multicasting reduces the flooding and gives the information to specific sites only and thus overcomes the disadvantage of Broadcast.
Multicast
confidentia
l
Multicasting is the useful feature for the customer who transmits data/audio/video information’s within their VPN to the selected sites.
Multicasting feature is a tradeoff between Unicast and Broadcast.
As in Multicasting all the respective sites of VPN are connected, source can transmit the information to receivers in one time transmission, which not only reduces the transmission effort but also reduces the chargeable bandwidth and thus overcomes the disadvantage of Unicast.
Applications:
Stock tickers
Financial information
Audio streams
Video streams
Multicast
confidentia
l
Limitations
Number of RDN PEs involved in the customer VPN should be < or = 35. Case1: If customer has 60 sites in his VPN, 10 at each of the location Mumbai, Delhi, Chennai,
Bangalore, Pune and Calcutta and wants the multicasting service then customer is eligible for the service as in Reliance network each of the above location constitute a single PE which means customer is asking for the service between 6 PE which is allowed.
Case 2 : If customer has 60 sites in his VPN, each involving a different PE, we will not be able to offer this feature.
Multicast stream size support per customer is up to 256 Kbps.
Customer can’t have more then one source for each VPN. It should be permanent source so that source location remains same within customer VPN. In case, the source needs to be changed a MACD needs to be initiated accordingly
Transmission of multicasting information between two VPN (whether of same customer or different customer) is NOT allowed.
Sites connecting through RAMPLS VPN (ISDN access) CANNOT be a part of multicast session
Multicast
confidentia
l
We are a BPO organization and our actual usage of bandwidth
happens at night. Can I have the bandwidth automatically upgraded
in the night.
Can we periodically upgrade the bandwidth for a specific
time interval
Can I have a differential bandwidth allocated based on time
Challenges – Data Network
How to meet these Challenges ??
confidentia
l
Requirement
Customer requires higher bandwidth at a particular site and during particular time of the day, everyday
For that particular time bandwidth should be upgraded automatically.
After the particular time, the bandwidth available should be same as that of contracted one.
CIR
Time
Time of the Day (ToD) bandwidth USP
confidentia
l
Time of Day (ToD) is a feature where in customer can choose to allocate a higher bandwidth at a particular Time of Day on a periodic basis
Customer can upgrade the bandwidth in the off-peak hours of Reliance (22:00 hrs. to 08:00 hrs.)
Customers who have peak usage during the Reliance off-peak hours can drive down their internetworking costs
The bandwidth offered at the off-peak hours would be double the bandwidth subscribed for
Any new / existing customer can subscribe to ToD Feature.
Time of the Day (ToD) bandwidth
confidentia
l
Business Rules
Time of Day (ToD) feature will be offered only to the sites with Metro Ethernet as the last mile
ToD feature will be offered to customers subscribing for at least 1 Mbps bandwidth
Customer can upgrade only to twice the subscribed CIR bandwidth for the off-peak time
Flat Annual Charges will be charged for ToD Feature based on the subscribed CIR
Time of the Day (ToD) bandwidth
confidentia
l
Value Proposition
Customers having maximum bandwidth utilization at night time can reduce the bandwidth costs significantly
In absence of ToD feature customer would have subscribed for a higher CIR bandwidth which would be hardly utilized in the day time
It’s a one time activity for provisioning higher bandwidth at the night time. No need to request for the same every day.
Customer can upgrade to twice the subscribed CIR bandwidth for his peak utilization time
This feature can be subscribed by any one or few sites of the VPN based on the requirement.
It is perfectly suitable for those customers having a periodic pattern of need of higher bandwidth at night time
Time of the Day (ToD) bandwidth
confidentia
l
Reliance MPLS VPN Solution
Regional Office
Head Office
XYZ Franchisee
LMDS Hub
Extranet(Dealers / Suppliers)
Reliance CoreNetwork
MobileWorker
?
Remote Office
confidentia
l
Remote ConnectRA MPLS VPN
confidentia
l
Private IP
Internet
Access from Anywhere
TelecommuterSolution
Remote Dial-up
Remote Connect : Full portfolio
PSTN / ISDN
CDMA Wireless
Remote Users
7500+ Towns in
India
Head Office
confidentia
l
Remote Connect : PSTN / ISDN
Provides a secure, high availability, dial-up solution that connects employees, customers, and business partners to corporate intranets, extranets, and the Internet.
Scalable to support organizations of all sizes, RA MPLS VPN offers PSTN / ISDN access from 22 locations in India
The service offers corporate customers the facility to allow their employees and staff to access their Intranet and central resources securely.
Other companies such as partners, supplies, major customers or consultants (Extranet) also can have limited access to this organization’s Intranet.
To gain Remote Access, customer dials in to a network access server at the nearest Reliance POP, which enables the dial traffic to be placed into the customer’s VPN
confidentia
l
Mode of Access
The customer can get a dial up access to his IP VPN through any PSTN / ISDN line from any BSO.
Though the customer can dial into the VPN from any PSTN / ISDN line, the data access rate to the VPN will depend on the customer’s local loop as well as the public infrastructure over which the call will travel to the VPN service.
The customer will be provided with a unique login id ([email protected]) that will identify the particular user.
The ‘User Name’ will be system auto-generated and alias can be created by the customer at the CNM portal
In case of PSTN dial-up, multiple users of the same organization can also be allowed to use the same login id
Remote Connect : PSTN / ISDN
confidentia
l
PC / Laptop based remote access
Individual Login ID for Single User Login
Unique Login ID for each individual user. This Login IDs will allow only one user to Login.
Common Login ID with Multiple Login Users (Applicable for PSTN remote access only)
Multiple Users can use same Login ID for Remote Access. The number of simultaneous users using the same Login ID has to be specified by the customer as “No. of Login Users”
Remote Connect : PSTN / ISDN
confidentia
l
LAN based remote access
Unique Login ID for each LAN based access.
The customer may specify a Static IP to be provided for a particular user from the defined WAN IP Pool. If not specified, the IP will be dynamically allocated from the WAN IP Address Pool
The customer must specify the LAN IP Address to enable the PCs on the LAN to access the VPN. The customer may specify more than one LAN IP Address.
The Router used by the customer must be capable for dial-up access and should allow configuring the Login ID on the router.
Remote Connect : PSTN / ISDN
confidentia
l
Reliance PSTN Network
A A ARegional Office
Head Office
Extranet(Dealers / Suppliers)
ISDN
Reliance CoreNetwork
Remote Users
Reliance Remote Connect SolutionPSTN / ISDN
Other BSOs PSTN Network
R
A
S
PSTN
confidentia
l
Private IP
Internet
Access from Anywhere
TelecommuterSolution
Remote Dial-up
Remote Connect : Full portfolio
PSTN / ISDN
CDMA Wireless
Remote Users
7500+ Towns in
India
Head Office
confidentia
l
Nationwide availability of the Reliance CDMA wireless data services Pan India coverage (over 7500 towns and 30,000 villages)
Fast & Secure CDMA 2000 1X Technology.
No exposure to Internet
Scalable & redundancy of the network
Fundamental bandwidth of 9.6 Kbps burstable to 144 Kbps
Fast Deployment
No WPC/SACFA approvals required
Low upfront cost of CDMA terminal
Add endpoints / applications on the same back end network at no extra cost
24 X 7 support and central monitoring from NNOC
Remote Connect : Wireless CDMA Wireless Data VPN (WDVPN)
USP
confidentia
l
Key Features
Security
CDMA technology ensures security over the air
Isolation of customer traffic after the radio network up to customer server over VPN
Option to choose Data Only or Data + Voice service profile
Option to choose WDVPN service only or a combination of WDVPN & Net-Connect service on the same device
Option to choose Static or Dynamic IP addressing
Common dial access no #777 for data-calls across India
Speed up to 144 Kbps / Latency 200 ms ~ 400 ms
Per BTS 3 sectors - 90 concurrent data connections
Dormancy after 10 sec. of inactivity for optimizing the RF network resources without dropping the session.
Remote Connect : Wireless CDMA USP
confidentia
l
Supported Devices
Mobile Phone with Data Cable
FWT with Data Cable
FWP with Data Cable
CDMA Wireless PCMCIA Data Card (for laptop users)
CDMA USB Modem
Remote Connect : Wireless CDMA
confidentia
l
Your CXO’s and other senior executives Stay connected to your
office network while traveling
One hop secure connection to your company’s e-mail / ERP / Intranet while u travel across the country
Remote Connect : Wireless CDMA
confidentia
l
Remote Connect : Wireless CDMA
PDSN
AAA
Reliance MPLS Network
PE
PE
PE
Switch
10/100
Secure L2TP TunnelPer PC
LNS
Firewall
LNS
Firewall
LNS
Firewall
LNS
PE
PE
PE
P
P
P
PE
P
P
PE
Ethernet
PE
Reliance’s IDC,DAKC,Navi Mumbai
PE
PE
PC
PEPE
Reliance CDMA Mobile
FWT PC
Reliance CDMA Network
Reliance MPLS Network
Firewall
Acc
ess
Rin
g
confidentia
l
WDVPN – Other Applications
Online Gaming Solution
Over 70% market share
ATM solution used by about 15 Banks & Euronet
Over 600 ATMs connected till date
POS solutions used by 4 Banks and Venture Infotek
Over 10,000 POS Terminals deployed by the banks
Automatic Meter Reading
To be deployed very soon
confidentia
l
Private IP
Internet
Access from Anywhere
TelecommuterSolution
Remote Dial-up
Remote Connect : Full portfolio
PSTN / ISDN
CDMA Wireless
Remote Users
7500+ Towns in
India
Head Office
confidentia
l
Let your employees transform their Home into a workplace
Instead of going to work, let the work come to employees
Telecommuting apart from freeing up office space is also a good option to foster employee retention, boost worker productivity, and slash real estate costs.
Welcome to the Age of Portable job !!
confidentia
l
Telecommuter Solution –Work from Home !
USP
confidentia
l
Telecommuter ?
Who is a Telecommuter ?
Empowered by ubiquitous broadband availability and increased wireless options, telecommuters just aren't what they used to be
No longer are work-from-home (WFM) arrangements limited to new mothers or other employees who have extenuating circumstances and need to rotate between the office and home, depending on the day of week --
Telecommuters have become Tele-workers - Employees across professions and market sectors who Work full time From Home
confidentia
l
Telecommuter Requirements
Always ON network
Same solution ubiquitously available across the country
Secure Access to the VPN with NO exposure to public Internet
Uniform Tariff across country
confidentia
l
Telecommuter Solution
Based on WiMAX Technology
Non-Line of Sight (NLOS)
Always ON network
Ubiquitously available across the cities covered for WiMAX (Top 10 cities in Phase 1)
Ideal solution for Telecommuter - Work from Home (WFH) Concept
Secure Access to the VPN
Bandwidth up to 256 Kbps
Same infrastructure could be used for personal Internet Access
confidentia
l
What is Wi-MAX ?
Worldwide Interoperability for Microwave Access (WiMax)IEEE name 802.16.
It works in point to multi point, non-line of site (NLOS) mode.
It is capable of delivering broadband Internet and extending services like VPN.
WiMax offers a fast, affordable, and convenient solution to widespread access needs.
confidentia
l
WiMAX Specifications Range – 2.5 Km radius from base station
Speed – Up to 24 Mbps per Base Station
Non-Line Of Sight (NLOS) :
Line-of-sight not needed between user and base station
Frequency bands – 3.3 GHz
Licensed band dedicated to Reliance Communications
NO Interference
Subscriber Station
This consists of an ODU typically mounted on the building rooftop / Window seal
CAT5 cable laid till customer end equipment.
The CAT5 cable also carries the power (POE) to the ODU.
Subscriber Station
confidentia
l
Telecommuter Network
WiMAX Network
Reliance Core Network
Ubiquitous Coverage Quick Deployment Always ON Highly Secure
Head Office Firewall
ERP Server
Messaging Server
ApplicationServer
confidentia
l
Telecommuter Network
WiMAX NetworkReliance Core Network
Extension of LAN
CXO Home
Head Office Firewall
ERP Server
Messaging Server
ApplicationServer
confidentia
l
Telecommuter Network
What I need at Home ?
PC
How do I connect ?
Just Connect the Ethernet Cable from the RRU to your PCs NIC
Work as you work at Office !!
Back
confidentia
l
Is WiMAX Secure ??
confidentia
l
Security in Wi-MAX
Security is achieved in three stages between Subscriber Station and Base Station
Authentication
Data key exchange
Encryption (Data Transfer)
Security is implemented at MAC layer.
confidentia
l
Security Information
Information available in SS (Subscriber Station) X.509 Certificate
Public key
MAC address
Unique number of CA Digital signature of CA Private Key Encryption capability (SHA-1 Algorithm)
Information available in BS (Base Station) Information for all the SS (Subscriber Station) in the data base The public key of Certificate Authority (CA) which helps in accessing the
data base
confidentia
l
Telecommuter Self Service Portal (TCSS)http://cnm.reliancecommunications.co.in
confidentia
l
Telecommuter Self Service Portal
Customer Network Management (CNM)
Web-based online Telecommuter Self Service Portal (TCSS Portal) available on CNM, allows to add Telecommuter sites of the subscribed Profile. The Portal provides both single site addition as well as bulk request option for every subscribed profile.
At TCSS portal customer administrator will also have the following administrative privileges Deletion of Telecommuter site Contact Detail Change Installation Address Change Service Migration (within the existing profile)
In event of any problem with the service, customer can raise a Trouble Ticket (TT) online.
Based on the selected period, Active users, Added users & TT reports will be available on the portal.
confidentia
l
Telecommuter Self Service Portal
CNM Portal
Enter Login ID
Enter Password
CAN Number
Select to enter in your account
confidentia
l
Telecommuter Self Service Portal
Service Summary Page
Customer Logo
confidentia
l
Telecommuter Self Service Portal
List of VPNs & Telecommuter profiles
Link for Hub site Selection shows the
site detail as in case of VPN.
“TC links” indicating different profiles added through CAF. Selection
gives the list of sites (TCUIDs) having same
profiles.
confidentia
l
Telecommuter Self Service Portal
User Addition for existing profile & city - ADD
ADD button
Submit
confidentia
l
Telecommuter Self Service Portal
User Addition for existing profile & city – Bulk Upload
Bulk Upload Button
Download the given file
NOTE : • Attachment of file will add the records with “WIP” status similar to ADD.
confidentia
l
Telecommuter Service ManagementSr. No. Feature Description Mode
1 Delete TCUID Customer wants to delete one of the “Active” site TCSS Portal
2Contact detail change
Customer wants to change the contact person’s details (Name, Contact No. E-Mail ID etc.)
TCSS Portal
3Installation Address change
Customer wants to change the Installation address for the same profile & city.
TCSS Portal
4 Migrate TCUIDCustomer wants to Migrate the TCUID between the existing profiles for the same city.
TCSS Portal
5 Migration of TCUID Customer wants to Migrate the TCUID from one city to other existing city which has the required profile.
TCSS Portal (Delete from one city and
create the same in another city)
6 Migration of TCUID
Customer wants to migrate the TCUID from existing to
- New profile & New city
- New profile & existing city
- Existing profile & new city
New CAF
confidentia
l
Telecommuter Self Service Portal
Change requests - Delete
Delete
- Change Contact Detail
Change Contact Detail
- Installation Address Change
Change Address
- Migration of service in same city in existing profile
Migrate TCUID
Select
confidentia
l
Telecommuter Self Service Portal
In case of any problem the customer administrator can raise the Trouble Ticket (TT) online on the Portal against each Telecommuter site (TCUID)
The TT Reports are also available at the TCSS portal for customer reference
Alternatively, customer can call the RCOM call centre and mention the Subscriber ID (of the profile to which the effected site belongs) and the TCUID of the Telecommuter site to log a Trouble Ticket
Service Assurance
confidentia
l
Create Trouble Ticket
Telecommuter Self Service Portal
Trouble Ticket
Select any of the problem
for which you want to create
TT
Reports
confidentia
l
Private IP
Internet
Access from Anywhere
TelecommuterSolution
Remote Dial-up
Remote Connect : Full portfolio
PSTN / ISDN
CDMA Wireless
Remote Users
7500+ Towns in
India
Head Office
confidentia
l
Private WEB access
Private access for a designated C/S application
Full network access for a designated workstation
Customizable Application AccessMultiple Modes of Operation
confidentia
l
Customizable Application AccessMultiple Modes of Operation
Clientless Mode Access to web-based applications and Citrix
No software to be downloaded
Best option for limited web application access and unmanaged desktops
Applicable for Uncontrolled environment
Unknown security posture & system privileges
Limited application access
Posture assessment, post-session clean-up required
confidentia
l
Customizable Application AccessMultiple Modes of Operation
Thin Client Mode Access to web, email, calendar, IM and many other TCP applications Small client dynamically loaded (No need to have the client on the PC !!)
Best option for limited web and client/server applications and unmanaged desktops
Applicable for Uncontrolled environment Unknown security posture & system privileges Very granular access controls Posture assessment, post-session clean-up required Customized access portal often desirable
confidentia
l
Customizable Application AccessMultiple Modes of Operation
LAN-Like Mode Persistent, “LAN-like” networked connectivity Access to virtually any application Utilizes small, dynamically loaded client (Can be stored, if required)
Best option for broad application access
Applicable for Controlled software environment Known security posture & system privileges Diverse application requirements Post-session clean-up optional “LAN-like” remote connectivity desired
confidentia
l
Remote User
Employee at Home
Supply Partner
During SSL VPN Session Is session data protected? Are typed passwords
protected? Has malware launched?
Post SSL VPN Session Browser cached intranet web
pages? Browser stored passwords? Downloaded files left behind?
Before SSL VPN Session Who owns the endpoint? Endpoint security posture: AV,
personal firewall? Is malware running?
Extranet Machine
Unmanaged Machine
Customer Managed Machine
Security ChallengesSSL VPN Brings New Points of Attack
confidentia
l
Security Measures Transmission privacy
Payload encryption to avoid information sniff, as Internet is a shared network. Corporate Network protection
Host checking (based on login, policy and antivirus signature)
Automatic installation of thin / thick client on host based on access mode.
Detection and filtering of files having viruses attached.
Avoid split tunneling – Protection of VPN tunnel against Internet based attackers .
Granular and session specific application access control.
Session duration control for each end-user.
Granular access policy setting for each end-user restricts end-users access to finely defined network resources and not to a network of resources.
End point security and information protection
Session remnant purging (Removes session specific data from the end device)
Virtual desktop (A area stores all session data and removes at the end of session)
File download control (Policy setting for file downloading)
Virtual keyboard (obfuscation technique for password entry)
confidentia
l
Internet
Reliance Wireless Network
BNRegional Office
Head Office
XYZ Franchisee
LMDS Hub
PSTN Network
Reliance CoreNetwork
Remote Users
RAS
ISDN
PS
TN
Wireless Users
MobileWorker
Unmanaged PC Cyber cafe
Home Internet
Kiosk
WiMAXMEN
RCOM MPLS VPN Solution
confidentia
l
View Network PerformanceImplementation StatusRaise Trouble Tickets
Bill ViewView/Download SLA Reports
Get Alerts on Planned Events/FailuresContacts of your Account & Program Managers
Some of the above functionalities are on roadmap
CNM Portal
confidentia
l
CNM Portal
Customer Network Management [CNM] Portal
High-level capacity planning and advanced trend analysis have never been easier, with web-based online CNM Portal providing detailed information on the bandwidth you are using.
At the CNM Portal customer can also monitor all the SLA parameters - Service Availability, Network Latency and Network Packet Loss.
In the event of any problem with the network, customer can raise a trouble ticket (TT) online
The monthly SLA Reports would also be available at the portal
confidentia
l
CNM Portal
confidentia
l
CNM Portal
confidentia
l
CNM Portal
confidentia
l
CNM Portal
confidentia
l
CNM Portal
Summary Report
confidentia
l
CNM Portal
Summary Report
confidentia
l
Bandwidth Utilization (IN)
CNM Portal
confidentia
l
Bandwidth Utilization (OUT)
CNM Portal
confidentia
l
Latency
CNM Portal
confidentia
l
Packet Loss
CNM Portal
confidentia
l
VPN_Ntwrk-Srvcs_Connectivity
Packet Loss
Trouble Ticket Module
CNM Portal
confidentia
l
CNM Portal – RA MPLS VPN
confidentia
l
The system will generate unique Usernames & a default Password per user name and provide it to the customer
The customer will have a CAN, which would be used to access CNM portal.
In case of RAMPLS VPN CAF entered in the system, the CNM portal of that customer would have a link at the portal to get into RAMPLS VPN Service page.
At the RAMPLS VPN Service page the administrator of the customer would have the List of configured Unique Usernames & default Passwords with corresponding attributes viz. No. of Users, Access Technology, LAN IP address (if applicable), Static WAN IP address (if applicable)
The administrator should be able to create aliases of each User Name which he could enter against each User Name and also to change the respective default password
The aliases & passwords will be updated at the CNM portal and the customer will be able to login with the aliases
The administrator at any time can change either the aliases or passwords or both, at the CNM portal.
CNM Portal
confidentia
l
CNM Portal
confidentia
l
CNM Portal
confidentia
l
CNM Portal
confidentia
l
CNM : Helping you to analyze performance of your IT applications
+Convenience of
Ordering – MACD – TT – Bill View – SLA reportsONLINE
confidentia
l
Call Center
We will be glad to keep your Biz UP andconnected
We will be glad to keep your Biz
UP andconnected