Mpls vpn

MPLS VPN

Overview

confidentia

l confidentia

l

MPLS VPN Services

MPLS ?

MPLS VPN Operation

RCOM Network overview

Challenges – Data Network

Remote Connect - RA MPLS VPN

Telecommuter

confidentia

l

Shifts in the Application Deployment

The nature of applications has changed From batch-driven applications (i.e. Payroll, inventory control) to highly

interactive applications and business critical applications (ERP, such as SAP, peoplesoft)

New technologies bring new applications Voice and video conferencing

E-learning, e-support, e-collaboration, ... e-everything“

Centralization vs. Decentralization of applications Centrally hosted applications depend on the quality of the network

IP Best Effort can hardly meet today‘s and tomorrow‘s application requirements

confidentia

l

Demands on network deploymentDemands on network deployment

Current Effects on Corporate Networks

NetworkingEvolution

NetworkingEvolution

ChangingBusiness

Environemt

ChangingBusiness

Environemt

Shift inApplicationDeployment

Shift inApplicationDeployment

Flexibility

Scalability

Security

Virtual Private Networks

(M)Any-to-(M)Any

IP Quality of Service

Further technological developmentFurther technological development

confidentia

l

How Can These Demands Be Met ? Different solutions might have to be implemented depending on the demands

of the corporate network A convergence of different technologies might be necessary to build intranet

and extranet solutions

FlexibilityFlexibility

Easily add or moveexisting sites withinthe network

Any-to-AnyAny-to-Any

Adapt to changingneeds of corporate communication

VPNVPN

Privacy equivalent to what private networksoffer today

IP QoSIP QoS

Meet the changing demands of todays and tomorrows IPbased applications

MPLS VPNMPLS VPN

MPLS VPNMPLS VPN

confidentia

l

The Technology Challenge

Technology options are growing at an exponential pace, while the ability of businesses to assimilate these new technologies is growing at a steady pace...

Com

plex

ity

Time

Technology Assimilation GapRate Of New Technology

Introduction

Rate At Which Businesses Assimilate New Technology

DataQuest

confidentia

l

Data Network - ‘Do it all by yourself’

Data Center

Internet

Leased LinesVSATInternetIP-VPN

Call Center

confidentia

l

A Network you can plug into – To bring your biz entities on-line with your IT apps

WiredWireless

Call Center

Own/ 3rd Party Data CenterERPCRME-mailSupply Chain MgtIntranet Portal

Terabit MPLS Network with All

India Reach

confidentia

l

A Virtual Private Network is constructed over shared infrastructure Virtual – Not a separate physical network, but appears to be one Private - Separate addressing and routing Network

A partitioned private network over common shared IP backbone using technologies to ensure privacy of data either self-provided or provided by Service Provider

CorporateHQ

Mobile User

Branch

FactorySupplier

Shared Infrastructure

VPN ?

confidentia

l

VPNREQUIREMENTS

Extend Corporate Network Reduce Hardware costs by decreasing termination ports Prioritization of applications like voice/video Integrate Suppliers and Customers to Corporate Network Remote Access from anywhere, anytime

Scalable and Flexible Predictable performance and pro-active management Highly secure in conformation to world standards Ability to support Private Addressing Ability to support Convergence

Business

Technical

CorporateHQ

Mobile User

Branch

FactorySupplier

Shared Infrastructure

confidentia

l

L2 Vs. L3 VPN

L2 VPN delivers either virtual circuits Customer controls Layer3; SP just provides tunnel Referred as Overlay VPN Typically for Point to Point solutions

L3 VPN requires peering between CE router and PE router Provider maintains routing tables for every VPN customer

site Referred as Peer-to-Peer VPN Typically for Site to Site and Access VPNs

Ethernet

IP IP

Ethernet

Virtual Circuit

Layer3

PeeringLayer3

Peering

Tunnel Terminated on PE

Layer2

Layer3

confidentia

l

CPE based

Network based

• Public

• Do it Yourself

• Best Effort

• IP Sec

• Scalability limited

• Private

• SP provsioned

• Predicatable

• Inherently Secure

• Extremely scalable

Current TechnologiesReliance offering

Site to Site

Internet

MPLS

FR/ATM

Depending on the need Enterprise chooses appropriate technology – No integrated approach.

MPLS gives an Integrated Approach

Remote Access

Reliance offering

confidentia

l

M P L S ?

Multi Protocol Label Switching

confidentia

l

BROADCAST: Go everywhere, stop when you get to B, never ask for directions.

HOP BY HOP ROUTING: Continually ask who’s closer to B go there, repeat … stop when you get to B.

“Going to B? You’d better go to X, its on the way”.

SOURCE ROUTING: Ask for a list (that you carry with you) of places to go that eventually lead you to B.

“Going to B? Go straight 5 blocks, take the next left, 6 more blocks and take a right at the lights”.

One of the many ways of getting from A to B:

“Label Substitution” what is it?

confidentia

l

Have a friend go to B ahead of you using one of the previous two techniques. At every road they reserve a lane just for you. At ever intersection they post a big sign that says for a given lane which way to turn and what new lane to take.

LANE#1

LANE#2

LANE#1 TURN RIGHT USE LANE#2

Label Substitution

confidentia

l

Hop-by-hop or source routing to establish labels

Uses label native to the media

Multi level label substitution transport

So What is MPLS ?

confidentia

l

MPLS Building Blocks

Customer Edge Router connects Customer Network to MPLS Network.

Uses Static Routing or RIP/OSPF to exchange Layer3 information to PE

CE

Layer3Information Exchange

PPE

confidentia

l

PE

Provider Edge Router (Label Edge Router) adds Label specific for a VPN site

Maintains VRF for each of its directly connected sites

P

CE


confidentia

l

Provider Router (Label Switch Router) forwards packets based on Labels P routers are not attached to Customer Networks directly No VPN specific information is stored

P

CE

PE


confidentia

l

VRF VRF

VRF VRF

PE2PE1

VRF

VRF -VPN Routing and Forwarding Routing and Forwarding Table associated with directly connected CEs

CE

P


confidentia

l

CE

PE P

Label Switched Path - Static or can be set up dynamically Uses either LDP or RSVP as protocol Unidirectional – Asymmetric bandwidth!

LDP/RSVP


confidentia

l

192.168.1.0

192.168.2.0 192.168.1.0

192.168.2.0

VRF

Default route as PE addedor RIP/OSPF advertises

1. PE1 adds local route to192.168.2.0 to VRF Green

2. PE1 adds Label and advertises to other PEs using IBGP

VRF

PEs belong to greenVPN installs route for 192.168.2.0

VRF VRF

PE2PE1

PE is configured to associate VRF with Interface or Sub-Interface of CE

Multiple VRFs provide separation Uses LSP to move VPN traffic

MPLS VPN Operation

confidentia

l

192.168.1.0

192.168.2.0 192.168.1.0

192.168.2.0

VRF VRF

PE1 installs (label) - the local route as part of Green VPN PE1 advertises the local route learnt from CE to other PEs along

with RD (Route Distinguisher), RT (Route Target) PE2 that is part of Green VRN adds it to VRF

PE1 PE2PE1PE1PE1

Label for

192.168.1.0Label for

192.168.2.0

LocalLocal

RT, VPN Identifier

RD –VPN site Identifier

MPLS Route Learning

confidentia

l

192.168.1.0

192.168.2.0 192.168.1.0

192.168.2.0

192.168.1.1

Forward based on destination IP

MPLS Packet Forwarding

IP Packet

192.168.1.1

Forward based on Label

192.168.1.1


192.168.1.1


191.168.1.1


192.168.1.1

Add Label and forward based on

Label

PE2PE1

2.0

VPN VPN

Repeat

1.0

Remote Labels learnt through Route learning. Black Label for 192.168.1.0 is stored at PE1

Remote Labels learnt through Route learning. Blue Label for 192.168.2.0 is stored at PE2

confidentia

l

192.168.1.0

192.168.2.0 192.168.1.0

192.168.2.0

192.168.1.1


MPLS Packet Forwarding (Repeat)

IP Packet

192.168.1.1


192.168.1.1


192.168.1.1


191.168.1.1


192.168.1.1

Add Label and forward based on

Label

PE2PE1

VPN VPN

confidentia

l

192.168.1.0

192.168.2.0 192.168.1.0

192.168.2.0

192.168.1.1

Packet Forwarding in MPLS

IP Packet

192.168.1.1

192.168.1.1

192.168.1.1 191.168.1.1192.168.1.1

PE2PE1

IPVPNLSP

Identifies VPN and customer destination address

Used to separate customer VPN

Added when packets enter and removed when packets leave

VPN

LSP

Swapped after every hop

Used for forwarding in MPLS core

Identifies the Label Switched Path

confidentia

l

192.168.1.0

192.168.2.0 192.168.1.0

192.168.2.0

IP Packet


IP Packet


IP Packet

Forward based on destination IPIP Packet

Forward based on Destination IP

Packet Forwarding in IP Network

IP Packet

IP Packet


confidentia

l

MPLS Delivers

As a technology As IP VPN

Network based VPN

CEs need to exchange Layer3 information only with connected PEs; No need to exhanage routing informatioin with other CEs

Overcomes overlapping private IP Address issues

Routing Protocols establish reachability

Routing at Edge and Swicthing at Core

Delivers CoS/QoS

Platform to address convergence

Without IPSec, Security is as good as FR/ATM

Packet switched technology

Supports Layer2 and Layer3 VPNs

Supports Traffic Engineering

confidentia

l

Access Technology Matrix

Port Bandwidth InterfaceAccess

Technology*CPE Provided

64 Kbps to 512 Kbps Ethernet ADSL ADSL Modem

DLC G.703 Modem

LMDS3 LMDS RT

DLC V.35 Converter

LMDS3 LMDS RT

LMDS3 LMDS RT

Metro Ethernet None

>2Mbps to 100 Mbps Ethernet Metro Ethernet None

32 Mbps (E3) / 42 Mbps (DS3)

G.703 SDH TN1C (SDH Mux)

126 Mbps (STM 1)G.703 / optical

SDH TN1X (SDH Mux)

64 Kbps to 2 Mbps

G.703

V.35

Ethernet

*Tulip Wireless Access solution option is also available on a case-to-case basis

confidentia

l

Regional Office

Head Office

XYZ Franchisee

LMDS Hub

Extranet(Dealers / Suppliers)

BN

Reliance CoreNetwork

Reliance MPLS VPN Solution

confidentia

l

Disasters have no preferences 7/26 – Mumbai Floods

The enterprise Biz would however prefer to stay unaffected

Disaster Recovery

confidentia

l

Reliance IDC’s : Integral part of the MPLS Network

4 Level-3 certified IDCs 2 in Mumbai,

2 in Bangalore

A ready-to-move-in DR / Primary site

confidentia

l

State-of-the-art Facility

Redundant network equipment, components, power and network paths

The highest physical and network security

Domain specific technical expertise

Controlled HVAC environment, 24x7 onsite maintenance, monitoring and service support

Automated operations

Connectivity to the outside world and other data centers.

confidentia

l

Primary Data

center

DR-site ready MPLS Network

Reliance IDC as DR site

Terabit MPLSNetwork

confidentia

l

Applications

Storage Systems

Data

Storage Systems

Data

Applications

Primary Site Near DR Site

Storage Systems

Data

Applications

Far DR Site

50-100 Km

Near Real time synchronous data mirroringDifferent Seismic Zone

Synchronous data mirroring

Near DR / Far DR solution

confidentia

l

Reliance Network Overview

confidentia

l

OSS/BSS/NOC

Services / Applications

QoS aware MPLS Core

High Capacity Optical Core FTTB Access

Ne

two

rk M

an

age

me

nt

End-End Integrated network – Mobile and BB

Leadership at every layer of architecture

Metro Core Ethernet / TDM

POTS, nx64K,

BRI, x-DSL

DLC with DSLAM

DWDM

Managed Lambda

LMDS, UBR, WiMAX

Ethernet, Fast E

GbE

MEN

E1, DS3 STM-1/4/16

PRIADM

Intranet

Extranet

Web

HostedSolutions

L2/L3 VPN’s

BC/DR Solutions

PSTN

Wireless Voice & Data

DWDM

confidentia

l

Backbone Reliance owned IP/MPLS network

Only Optical Fibre backbone network completely based on ring architecture

21 Core & and 172 Collector locations.

7 Primary Core locations

Core, Distribution and Aggregation routers

14 Secondary Core locations

Distribution and Aggregation routers

Dual homed to Primary Core locations

172 Collector locations

Aggregation routers

Dual homed to Core locations

Reliance Data Network (RDN)

confidentia

l

7 Primary Locations

Heavily Physically Meshed

STM 16 (64) connectivity between primary core locations

14 Secondary Locations

Fully Logically Meshed

STM 4 connectivity to two or more primary locations

172 Collector Locations

Connected to a core location

STM 1 / n * E1 to core locations

Reliance Data Network (RDN)

Largest MPLS enabled Core Data Network already

confidentia

l

Access Methodology: Wireline FTTB

End-to-end optical fiber based self healing topology

Connects major nodes within a city (Metro) – act as aggregation points for customer traffic within city

Interconnects to all telecom service providers

End-to-end (customer premise to core) self healing ring topology

Optical Fiber based network to support high bandwidths

Cable based on ITU G.652 standard

MCN- Media Convergence NodeMAN- Media Access NodeBAN- Building Access NodeBA- Building Access RingBOI- Building Of InterestBN- Building Node

BA Ring

Core Backbone

Main Access Ring

MCN

MANBAN

MCNMCN

12-fiber direct building cable

MCN

BAN

BOI (BN location)

confidentia

l

Reliance

NetworkMain Access Ring

MCN : Media Convergence Node

MAR : Main Access Ring

BN : Building Node

BAN : Building Aggregation Node

BAN

Building AccessRing (BA Ring)

BAN

Building AccessRing (BA Ring)

MCN

BN

BN

Copper

Copper

BN

BN

Ethernet

G.703 /

Ethernet G.703 /

Network Provisioning – Fiber-to-the-Building (FTTB)

confidentia

l

Reliance

Network Main Access Ring(MA Ring)

MCN : Media Convergence Node

MAN : Media Access Node

BN : Building Node

MAN

SDH-ADM

BNBN BN

BN

BNBN BN

BN

Copper / Fiber Connectivity

Copper/Fiber Connectivity

MCN

Multi-Point Distribution System (LMDS)

confidentia

l

SLA Parameters

SLA Parameter Standard Premium

SLA Measurement period Annually Annually

Port Uptime Assurance Percentage

Up to 98.5% Up to 99.5%

MTTR * Up to 10 hours Up to 6 hours

Network Latency (PE to PE)# <= 80 msec <= 80 msec

Packet Loss (PE to PE) <= 0.5% <= 0.5%

Usage Credit against SLA default

100% 300%

confidentia

l

We monitor your connections 24 x 365

Single point visibility and analysis

Lowest Time-to-Restore network performance

Enabling you to provide SLAs to your biz

National NOC USP

confidentia

l


confidentia

l

Challenges – Data Network Slow Applications due to congestion Video broadcast or conferencing may have bad picture quality or appear jerky Voice sessions may have bad voice quality or periods of silence Critical transactions may take too long (too many seconds) Bulk transfers take too long (too many hours) Poor performance of real time applications which are sensitive to delay, jitter and

packet loss. Customer using voice, video, and data application traffic demand varying service

requirements. Business Critical Data and Non Business Data treated with same priority at

service provider network. No priority for Voice or video traffic.

How to meet these Challenges ??

confidentia

l

Traffic Class of Service (TCoS) Class of Service (CoS) capabilities enable customer to assign different

priority levels to specific applications

Class of Service includes features for traffic prioritization and bandwidth management to minimize network delay using Class of Service classification, marking, scheduling and policing.

To differentiate between priority enterprise applications like voice, video, ERP, CRM, SCM from non-mission critical applications like e-mail, FTP and web browsing.

CoS can reduce the Total Cost of ownership (TCO) of the Network far lower than comparable networks.

In an over-provisioned network there may be minimal congestion but the cost to performance ratio is not maximized. With CoS, application performance can be precisely optimized from end-to-end in all kinds of situations

confidentia

l

30%30%

20%20%

10M

bps

8 M

bps

30%30%

Voi

ceE

RP

Mai

lW

eb

20%20%

Platinum

Gold

Silver

Bronze

COS based SLA

Traffic Class of Service (TCoS)

confidentia

l

Available Queues

Platinum

Class is suited for latency sensitive applications. Provides guaranteed bandwidth based on customer’s bandwidth allocation. E.g. Voice.

Gold

Class is for critical data applications. E.g. Video, Mission critical data

Silver

Class is for Other data applications. E.g. Business data, Network management data.

Bronze

Class is for all non prioritized traffic. E.g. Web browsing.


confidentia

l

Queue Behaviour Platinum

The packets will be dropped if the traffic exceeds the bandwidth defined for the platinum queue

Gold, Silver, Bronze

If traffic exceeds the defined bandwidth, traffic will use remaining bandwidth of other queues, if available.

The drop probability will be used for selective dropping during sudden congestion or imminentcongestion

Gold, Silver

For Gold and Silver the exceeded traffic will be marked with higher drop probability.

If there is a congestion in Reliance Network, gold and silver packets with low drop probability will pass, packets marked with high drop probability will be dropped.

Bronze

High and low drop probability is irrelevant.


confidentia

l

SLAs for CoS Queues

Queues Packet Loss Latency* Jitter

Platinum < 0.1% 60ms 10

Gold < 0.5% 70ms NC

Silver < 0.75% 70ms NC

Bronze <1.0% 80 ms NC

Traffic Class of Service (TCoS) - SLA

Financial penalties for non-conformance of SLA

SLAs will be valid between PE to PE.

confidentia

l

Business Rules

Customer can choose only one CoS profile for a site with BW >512 Kbps.

Customer will be responsible for marking the packets and Reliance will be using those marking for QoS decision as per the CoS Flavour.

CoS request will be accepted at least for two or more than two sites.

SLA for CoS will be offered only between the CoS enabled sites.

SLAs are offered between Reliance’s PE where as for the customers with managed CPE SLAs are offered from CPE to CPE.

Customer can view CoS based reports on the CNM portal. Available reports are Service Availability, Packet Loss, Latency, Jitter, BW utilization.

Customer will be responsible for marking the packets.

Billing is as per the CoS tariff.


confidentia

l

I need to send the same data to multiple sites but I need to send

one-by-one to every site, wasting time and bandwidth resources.

I have a stock ticker to be send to all my clients. My

application can send the ticker simultaneously to all clients.

Will the network support this feature?

Our CEO wants to address all the employees of the regional

offices. Can the audio stream be sent to all the offices

without sacrificing the bandwidth?



confidentia

l

Unicast is one to one delivery of information, which requires more then one time transmission of similar data from the source device, if receivers are more then one.

Broadcast is transmission of information to all sites of VPN irrespective of their need.

Multicast allows the efficient distribution of information within one VPN, from one site (as a Source) to other sites (multiple receivers). For this it allows one time transformation of information from the source device regardless of the number of receivers.

Multicasting reduces the flooding and gives the information to specific sites only and thus overcomes the disadvantage of Broadcast.

Multicast

confidentia

l

Multicasting is the useful feature for the customer who transmits data/audio/video information’s within their VPN to the selected sites.

Multicasting feature is a tradeoff between Unicast and Broadcast.

As in Multicasting all the respective sites of VPN are connected, source can transmit the information to receivers in one time transmission, which not only reduces the transmission effort but also reduces the chargeable bandwidth and thus overcomes the disadvantage of Unicast.

Applications:

Stock tickers

Financial information

Audio streams

Video streams

Multicast

confidentia

l

Limitations

Number of RDN PEs involved in the customer VPN should be < or = 35. Case1: If customer has 60 sites in his VPN, 10 at each of the location Mumbai, Delhi, Chennai,

Bangalore, Pune and Calcutta and wants the multicasting service then customer is eligible for the service as in Reliance network each of the above location constitute a single PE which means customer is asking for the service between 6 PE which is allowed.

Case 2 : If customer has 60 sites in his VPN, each involving a different PE, we will not be able to offer this feature.

Multicast stream size support per customer is up to 256 Kbps.

Customer can’t have more then one source for each VPN. It should be permanent source so that source location remains same within customer VPN. In case, the source needs to be changed a MACD needs to be initiated accordingly

Transmission of multicasting information between two VPN (whether of same customer or different customer) is NOT allowed.

Sites connecting through RAMPLS VPN (ISDN access) CANNOT be a part of multicast session

Multicast

confidentia

l

We are a BPO organization and our actual usage of bandwidth

happens at night. Can I have the bandwidth automatically upgraded

in the night.

Can we periodically upgrade the bandwidth for a specific

time interval

Can I have a differential bandwidth allocated based on time



confidentia

l

Requirement

Customer requires higher bandwidth at a particular site and during particular time of the day, everyday

For that particular time bandwidth should be upgraded automatically.

After the particular time, the bandwidth available should be same as that of contracted one.

CIR

Time

Time of the Day (ToD) bandwidth USP

confidentia

l

Time of Day (ToD) is a feature where in customer can choose to allocate a higher bandwidth at a particular Time of Day on a periodic basis

Customer can upgrade the bandwidth in the off-peak hours of Reliance (22:00 hrs. to 08:00 hrs.)

Customers who have peak usage during the Reliance off-peak hours can drive down their internetworking costs

The bandwidth offered at the off-peak hours would be double the bandwidth subscribed for

Any new / existing customer can subscribe to ToD Feature.

Time of the Day (ToD) bandwidth

confidentia

l

Business Rules

Time of Day (ToD) feature will be offered only to the sites with Metro Ethernet as the last mile

ToD feature will be offered to customers subscribing for at least 1 Mbps bandwidth

Customer can upgrade only to twice the subscribed CIR bandwidth for the off-peak time

Flat Annual Charges will be charged for ToD Feature based on the subscribed CIR


confidentia

l

Value Proposition

Customers having maximum bandwidth utilization at night time can reduce the bandwidth costs significantly

In absence of ToD feature customer would have subscribed for a higher CIR bandwidth which would be hardly utilized in the day time

It’s a one time activity for provisioning higher bandwidth at the night time. No need to request for the same every day.

Customer can upgrade to twice the subscribed CIR bandwidth for his peak utilization time

This feature can be subscribed by any one or few sites of the VPN based on the requirement.

It is perfectly suitable for those customers having a periodic pattern of need of higher bandwidth at night time


confidentia

l

Reliance MPLS VPN Solution

Regional Office

Head Office

XYZ Franchisee

LMDS Hub



MobileWorker

?

Remote Office

confidentia

l

Remote ConnectRA MPLS VPN

confidentia

l

Private IP

Internet

Access from Anywhere

TelecommuterSolution

Remote Dial-up

Remote Connect : Full portfolio

PSTN / ISDN

CDMA Wireless

Remote Users

7500+ Towns in

India

Head Office

confidentia

l

Remote Connect : PSTN / ISDN

Provides a secure, high availability, dial-up solution that connects employees, customers, and business partners to corporate intranets, extranets, and the Internet.

Scalable to support organizations of all sizes, RA MPLS VPN offers PSTN / ISDN access from 22 locations in India

The service offers corporate customers the facility to allow their employees and staff to access their Intranet and central resources securely.

Other companies such as partners, supplies, major customers or consultants (Extranet) also can have limited access to this organization’s Intranet.

To gain Remote Access, customer dials in to a network access server at the nearest Reliance POP, which enables the dial traffic to be placed into the customer’s VPN

confidentia

l

Mode of Access

The customer can get a dial up access to his IP VPN through any PSTN / ISDN line from any BSO.

Though the customer can dial into the VPN from any PSTN / ISDN line, the data access rate to the VPN will depend on the customer’s local loop as well as the public infrastructure over which the call will travel to the VPN service.

The customer will be provided with a unique login id ([email protected]) that will identify the particular user.

The ‘User Name’ will be system auto-generated and alias can be created by the customer at the CNM portal

In case of PSTN dial-up, multiple users of the same organization can also be allowed to use the same login id


confidentia

l

PC / Laptop based remote access

Individual Login ID for Single User Login

Unique Login ID for each individual user. This Login IDs will allow only one user to Login.

Common Login ID with Multiple Login Users (Applicable for PSTN remote access only)

Multiple Users can use same Login ID for Remote Access. The number of simultaneous users using the same Login ID has to be specified by the customer as “No. of Login Users”


confidentia

l

LAN based remote access

Unique Login ID for each LAN based access.

The customer may specify a Static IP to be provided for a particular user from the defined WAN IP Pool. If not specified, the IP will be dynamically allocated from the WAN IP Address Pool

The customer must specify the LAN IP Address to enable the PCs on the LAN to access the VPN. The customer may specify more than one LAN IP Address.

The Router used by the customer must be capable for dial-up access and should allow configuring the Login ID on the router.


confidentia

l

Reliance PSTN Network

A A ARegional Office

Head Office


ISDN


Remote Users

Reliance Remote Connect SolutionPSTN / ISDN

Other BSOs PSTN Network

R

A

S

PSTN

confidentia

l

Private IP

Internet



Remote Dial-up


PSTN / ISDN

CDMA Wireless

Remote Users

7500+ Towns in

India

Head Office

confidentia

l

Nationwide availability of the Reliance CDMA wireless data services Pan India coverage (over 7500 towns and 30,000 villages)

Fast & Secure CDMA 2000 1X Technology.

No exposure to Internet

Scalable & redundancy of the network

Fundamental bandwidth of 9.6 Kbps burstable to 144 Kbps

Fast Deployment

No WPC/SACFA approvals required

Low upfront cost of CDMA terminal

Add endpoints / applications on the same back end network at no extra cost

24 X 7 support and central monitoring from NNOC

Remote Connect : Wireless CDMA Wireless Data VPN (WDVPN)

USP

confidentia

l

Key Features

Security

CDMA technology ensures security over the air

Isolation of customer traffic after the radio network up to customer server over VPN

Option to choose Data Only or Data + Voice service profile

Option to choose WDVPN service only or a combination of WDVPN & Net-Connect service on the same device

Option to choose Static or Dynamic IP addressing

Common dial access no #777 for data-calls across India

Speed up to 144 Kbps / Latency 200 ms ~ 400 ms

Per BTS 3 sectors - 90 concurrent data connections

Dormancy after 10 sec. of inactivity for optimizing the RF network resources without dropping the session.

Remote Connect : Wireless CDMA USP

confidentia

l

Supported Devices

Mobile Phone with Data Cable

FWT with Data Cable

FWP with Data Cable

CDMA Wireless PCMCIA Data Card (for laptop users)

CDMA USB Modem

Remote Connect : Wireless CDMA

confidentia

l

Your CXO’s and other senior executives Stay connected to your

office network while traveling

One hop secure connection to your company’s e-mail / ERP / Intranet while u travel across the country


confidentia

l


PDSN

AAA

Reliance MPLS Network

PE

PE

PE

Switch

10/100

Secure L2TP TunnelPer PC

LNS

Firewall

LNS

Firewall

LNS

Firewall

LNS

PE

PE

PE

P

P

P

PE

P

P

PE

Ethernet

PE

Reliance’s IDC,DAKC,Navi Mumbai

PE

PE

PC

PEPE

Reliance CDMA Mobile

FWT PC

Reliance CDMA Network

Reliance MPLS Network

Firewall

Acc

ess

Rin

g

confidentia

l

WDVPN – Other Applications

Online Gaming Solution

Over 70% market share

ATM solution used by about 15 Banks & Euronet

Over 600 ATMs connected till date

POS solutions used by 4 Banks and Venture Infotek

Over 10,000 POS Terminals deployed by the banks

Automatic Meter Reading

To be deployed very soon

confidentia

l

Private IP

Internet



Remote Dial-up


PSTN / ISDN

CDMA Wireless

Remote Users

7500+ Towns in

India

Head Office

confidentia

l

Let your employees transform their Home into a workplace

Instead of going to work, let the work come to employees

Telecommuting apart from freeing up office space is also a good option to foster employee retention, boost worker productivity, and slash real estate costs.

Welcome to the Age of Portable job !!

confidentia

l

Telecommuter Solution –Work from Home !

USP

confidentia

l

Telecommuter ?

Who is a Telecommuter ?

Empowered by ubiquitous broadband availability and increased wireless options, telecommuters just aren't what they used to be

No longer are work-from-home (WFM) arrangements limited to new mothers or other employees who have extenuating circumstances and need to rotate between the office and home, depending on the day of week --

Telecommuters have become Tele-workers - Employees across professions and market sectors who Work full time From Home

confidentia

l

Telecommuter Requirements

Always ON network

Same solution ubiquitously available across the country

Secure Access to the VPN with NO exposure to public Internet

Uniform Tariff across country

confidentia

l

Telecommuter Solution

Based on WiMAX Technology

Non-Line of Sight (NLOS)

Always ON network

Ubiquitously available across the cities covered for WiMAX (Top 10 cities in Phase 1)

Ideal solution for Telecommuter - Work from Home (WFH) Concept

Secure Access to the VPN

Bandwidth up to 256 Kbps

Same infrastructure could be used for personal Internet Access

confidentia

l

What is Wi-MAX ?

Worldwide Interoperability for Microwave Access (WiMax)IEEE name 802.16.

It works in point to multi point, non-line of site (NLOS) mode.

It is capable of delivering broadband Internet and extending services like VPN.

WiMax offers a fast, affordable, and convenient solution to widespread access needs.

confidentia

l

WiMAX Specifications Range – 2.5 Km radius from base station

Speed – Up to 24 Mbps per Base Station

Non-Line Of Sight (NLOS) :

Line-of-sight not needed between user and base station

Frequency bands – 3.3 GHz

Licensed band dedicated to Reliance Communications

NO Interference

Subscriber Station

This consists of an ODU typically mounted on the building rooftop / Window seal

CAT5 cable laid till customer end equipment.

The CAT5 cable also carries the power (POE) to the ODU.

Subscriber Station

confidentia

l

Telecommuter Network

WiMAX Network

Reliance Core Network

Ubiquitous Coverage Quick Deployment Always ON Highly Secure

Head Office Firewall

ERP Server

Messaging Server

ApplicationServer

confidentia

l


WiMAX NetworkReliance Core Network

Extension of LAN

CXO Home

Head Office Firewall

ERP Server

Messaging Server

ApplicationServer

confidentia

l


What I need at Home ?

PC

How do I connect ?

Just Connect the Ethernet Cable from the RRU to your PCs NIC

Work as you work at Office !!

Back

confidentia

l

Is WiMAX Secure ??

confidentia

l

Security in Wi-MAX

Security is achieved in three stages between Subscriber Station and Base Station

Authentication

Data key exchange

Encryption (Data Transfer)

Security is implemented at MAC layer.

confidentia

l

Security Information

Information available in SS (Subscriber Station) X.509 Certificate

Public key

MAC address

Unique number of CA Digital signature of CA Private Key Encryption capability (SHA-1 Algorithm)

Information available in BS (Base Station) Information for all the SS (Subscriber Station) in the data base The public key of Certificate Authority (CA) which helps in accessing the

data base

confidentia

l

Telecommuter Self Service Portal (TCSS)http://cnm.reliancecommunications.co.in

confidentia

l

Telecommuter Self Service Portal

Customer Network Management (CNM)

Web-based online Telecommuter Self Service Portal (TCSS Portal) available on CNM, allows to add Telecommuter sites of the subscribed Profile. The Portal provides both single site addition as well as bulk request option for every subscribed profile.

At TCSS portal customer administrator will also have the following administrative privileges Deletion of Telecommuter site Contact Detail Change Installation Address Change Service Migration (within the existing profile)

In event of any problem with the service, customer can raise a Trouble Ticket (TT) online.

Based on the selected period, Active users, Added users & TT reports will be available on the portal.

confidentia

l


CNM Portal

Enter Login ID

Enter Password

CAN Number

Select to enter in your account

confidentia

l


Service Summary Page

Customer Logo

confidentia

l


List of VPNs & Telecommuter profiles

Link for Hub site Selection shows the

site detail as in case of VPN.

“TC links” indicating different profiles added through CAF. Selection

gives the list of sites (TCUIDs) having same

profiles.

confidentia

l


User Addition for existing profile & city - ADD

ADD button

Submit

confidentia

l


User Addition for existing profile & city – Bulk Upload

Bulk Upload Button

Download the given file

NOTE : • Attachment of file will add the records with “WIP” status similar to ADD.

confidentia

l

Telecommuter Service ManagementSr. No. Feature Description Mode

1 Delete TCUID Customer wants to delete one of the “Active” site TCSS Portal

2Contact detail change

Customer wants to change the contact person’s details (Name, Contact No. E-Mail ID etc.)

TCSS Portal

3Installation Address change

Customer wants to change the Installation address for the same profile & city.

TCSS Portal

4 Migrate TCUIDCustomer wants to Migrate the TCUID between the existing profiles for the same city.

TCSS Portal

5 Migration of TCUID Customer wants to Migrate the TCUID from one city to other existing city which has the required profile.

TCSS Portal (Delete from one city and

create the same in another city)

6 Migration of TCUID

Customer wants to migrate the TCUID from existing to

- New profile & New city

- New profile & existing city

- Existing profile & new city

New CAF

confidentia

l


Change requests - Delete

Delete

- Change Contact Detail

Change Contact Detail

- Installation Address Change

Change Address

- Migration of service in same city in existing profile

Migrate TCUID

Select

confidentia

l


In case of any problem the customer administrator can raise the Trouble Ticket (TT) online on the Portal against each Telecommuter site (TCUID)

The TT Reports are also available at the TCSS portal for customer reference

Alternatively, customer can call the RCOM call centre and mention the Subscriber ID (of the profile to which the effected site belongs) and the TCUID of the Telecommuter site to log a Trouble Ticket

Service Assurance

confidentia

l

Create Trouble Ticket


Trouble Ticket

Select any of the problem

for which you want to create

TT

Reports

confidentia

l

Private IP

Internet



Remote Dial-up


PSTN / ISDN

CDMA Wireless

Remote Users

7500+ Towns in

India

Head Office

confidentia

l

Private WEB access

Private access for a designated C/S application

Full network access for a designated workstation

Customizable Application AccessMultiple Modes of Operation

confidentia

l


Clientless Mode Access to web-based applications and Citrix

No software to be downloaded

Best option for limited web application access and unmanaged desktops

Applicable for Uncontrolled environment

Unknown security posture & system privileges

Limited application access

Posture assessment, post-session clean-up required

confidentia

l


Thin Client Mode Access to web, email, calendar, IM and many other TCP applications Small client dynamically loaded (No need to have the client on the PC !!)

Best option for limited web and client/server applications and unmanaged desktops

Applicable for Uncontrolled environment Unknown security posture & system privileges Very granular access controls Posture assessment, post-session clean-up required Customized access portal often desirable

confidentia

l


LAN-Like Mode Persistent, “LAN-like” networked connectivity Access to virtually any application Utilizes small, dynamically loaded client (Can be stored, if required)

Best option for broad application access

Applicable for Controlled software environment Known security posture & system privileges Diverse application requirements Post-session clean-up optional “LAN-like” remote connectivity desired

confidentia

l

Remote User

Employee at Home

Supply Partner

During SSL VPN Session Is session data protected? Are typed passwords

protected? Has malware launched?

Post SSL VPN Session Browser cached intranet web

pages? Browser stored passwords? Downloaded files left behind?

Before SSL VPN Session Who owns the endpoint? Endpoint security posture: AV,

personal firewall? Is malware running?

Extranet Machine

Unmanaged Machine

Customer Managed Machine

Security ChallengesSSL VPN Brings New Points of Attack

confidentia

l

Security Measures Transmission privacy

Payload encryption to avoid information sniff, as Internet is a shared network. Corporate Network protection

Host checking (based on login, policy and antivirus signature)

Automatic installation of thin / thick client on host based on access mode.

Detection and filtering of files having viruses attached.

Avoid split tunneling – Protection of VPN tunnel against Internet based attackers .

Granular and session specific application access control.

Session duration control for each end-user.

Granular access policy setting for each end-user restricts end-users access to finely defined network resources and not to a network of resources.

End point security and information protection

Session remnant purging (Removes session specific data from the end device)

Virtual desktop (A area stores all session data and removes at the end of session)

File download control (Policy setting for file downloading)

Virtual keyboard (obfuscation technique for password entry)

confidentia

l

Internet

Reliance Wireless Network

BNRegional Office

Head Office

XYZ Franchisee

LMDS Hub

PSTN Network


Remote Users

RAS

ISDN

PS

TN

Wireless Users

MobileWorker

Unmanaged PC Cyber cafe

Home Internet

Kiosk

WiMAXMEN

RCOM MPLS VPN Solution

confidentia

l

View Network PerformanceImplementation StatusRaise Trouble Tickets

Bill ViewView/Download SLA Reports

Get Alerts on Planned Events/FailuresContacts of your Account & Program Managers

Some of the above functionalities are on roadmap

CNM Portal

confidentia

l

CNM Portal

Customer Network Management [CNM] Portal

High-level capacity planning and advanced trend analysis have never been easier, with web-based online CNM Portal providing detailed information on the bandwidth you are using.

At the CNM Portal customer can also monitor all the SLA parameters - Service Availability, Network Latency and Network Packet Loss.

In the event of any problem with the network, customer can raise a trouble ticket (TT) online

The monthly SLA Reports would also be available at the portal

confidentia

l

CNM Portal

confidentia

l

CNM Portal

confidentia

l

CNM Portal

confidentia

l

CNM Portal

confidentia

l

CNM Portal

Summary Report

confidentia

l

CNM Portal

Summary Report

confidentia

l

Bandwidth Utilization (IN)

CNM Portal

confidentia

l

Bandwidth Utilization (OUT)

CNM Portal

confidentia

l

Latency

CNM Portal

confidentia

l

Packet Loss

CNM Portal

confidentia

l

VPN_Ntwrk-Srvcs_Connectivity

Packet Loss

Trouble Ticket Module

CNM Portal

confidentia

l

CNM Portal – RA MPLS VPN

confidentia

l

The system will generate unique Usernames & a default Password per user name and provide it to the customer

The customer will have a CAN, which would be used to access CNM portal.

In case of RAMPLS VPN CAF entered in the system, the CNM portal of that customer would have a link at the portal to get into RAMPLS VPN Service page.

At the RAMPLS VPN Service page the administrator of the customer would have the List of configured Unique Usernames & default Passwords with corresponding attributes viz. No. of Users, Access Technology, LAN IP address (if applicable), Static WAN IP address (if applicable)

The administrator should be able to create aliases of each User Name which he could enter against each User Name and also to change the respective default password

The aliases & passwords will be updated at the CNM portal and the customer will be able to login with the aliases

The administrator at any time can change either the aliases or passwords or both, at the CNM portal.

CNM Portal

confidentia

l

CNM Portal

confidentia

l

CNM Portal

confidentia

l

CNM Portal

confidentia

l

CNM : Helping you to analyze performance of your IT applications

+Convenience of

Ordering – MACD – TT – Bill View – SLA reportsONLINE

confidentia

l

Call Center

We will be glad to keep your Biz UP andconnected

We will be glad to keep your Biz

UP andconnected

Education

Mpls vpn