CSIR. Over NKN PIU, NKN

CSIR

Vi t

l P i

t N t

k

Virtual Private Network

Over NKN

Application Requiring High Bandwidth

Application Requiring High Bandwidth

ƒ Virtual Laboratories

ƒ Collaborative Mega Science ProjectsCollaborative Mega Science Projects

ƒ Innovative Info-Bio-Nano Experiments

ƒ Non invasive Medicare for Diseases like Cancer

ƒ Non-invasive Medicare for Diseases like Cancer

ƒ Diagnostic Domes as Public Health Centers in Rural Areas

Areas

ƒ Country-wide Classroom

ƒ University without Walls

ƒ University without Walls

ƒ Voice Conferencing among Researchers

Vid C f i R h

ƒ Video Conferencing among Researchers

NKN Design Philosophy

NKN Design Philosophy

ƒ To build a scalable network, which can expand both in

the Reach (spread in the country) and ( p y) Speedp .

ƒ To be a common NetworkTo be a common Network BackboneBackbone like nationallike national

highway, wherein different categories of users shall be supported.

Features NKN

ƒ High Capacity Highly Scalable BackboneHigh Capacity, Highly Scalable Backbone

ƒ Provide Quality of Service (QoS) and Security

Wid G hi l C

ƒ Wide Geographical Coverage

ƒ Common Standard Platform

ƒ Bandwidth from Many NLD’s

ƒ Highly Reliable & Available by Design

ƒ Test beds ( for various implementation)

Ed ti l

NKN CLOUD

Educational Institutions Research Labs CSIR/DAE/ISRO/ICAR NTRO Cert-IN EDUSAT N ti l

NKN

MPL National Internet Exchange P i t (NIXI) INTERNET S Clou ds Broad Band Points (NIXI) Connections to Global Networks (e.g. GEANT) Broad Band Clouds National / State ( g ) _{National / State}

NKN offering MPLS VPN

MCU VOD DNS CSIR Orissa CSIR CSIR

Rajasthan CSIR Delhi

CSIR Roorkee CSIR MCU Server CSIR hyderabad Chennai NKN MPLS - VPN Network ISP Internet ISP Internet Internet Gateway Internet Gateway CSIR CSIR CSIR Gujarat CSIR CSIR CSIR Guwahati CSIR Mumbai CSIR Patna CSIR Kanpur _CSIR Kharagpur Fig-2 CSIR VPN

What NKN will provide?

What NKN will provide?

ƒ Bandwidth

ƒ Availability and reliability

ƒ IP space/ Interface with the APNIC ƒ NOC and DC

ƒ DR NOC and DC

ƒ 24 X 7 Support operations support

ƒ Common Services like Web/Mail/ MX/DNS etc. All h MPLS VPN V4 / V6 d L2 VPN

ƒ All the MPLS VPN V4 / V6 and L2 VPN support.

ƒ Guidelines and Procedures to effectively use the NKN. R ti / S it hi i t t th d d t

ƒ Routing/ Switching equipment at the end node to connect to the NKN.

What will NKN provide? Contd.

What will NKN provide? Contd.

ƒ Internet bandwidth

ƒ Interface with other networks ( EU-GRID and others.) ƒ Applications like Video on Demand would be hosted on

the Data Center

ƒ Any other PORTAL / APPLICATION is deemed fit to beAny other PORTAL / APPLICATION is deemed fit to be kept at Data center of NKN for efficient usage

Criterion to join NKN

Criterion to join NKN

M t b K l d C t ƒ Must be a Knowledge Creator

ƒ Participate in any of the killer applications that is envisaged

envisaged

ƒ Minimum bandwidth interface will be 100 Mbps M t l t th li i f NKN

ƒ Must comply to the policies of NKN

–IP Usage Policy - Operations policy –Security Policyy y

What logistics are expected from End

Nodes

Nodes

ƒ Space for equipments. ( Router/ switch/ ups/ Racks from NLD) Typically 12’ X 12’ kind of space.

ƒ Air- Conditioned Environment

ƒ UPS (5 KVA & 10 KVA Based on router supplied)U S (5 & 0 ased o oute supp ed)

ƒ 24 X 7 access to NKN personnel or persons authorized by NKN.

What logistics are expected from End

Nodes Contd..

Nodes Contd..

ƒ Safety of the equipments supplied under NKNSafety of the equipments supplied under NKN.

ƒ Cabling with in the user location for connecting to the NKN router.

ƒ Right of Way with in the User Campus for cabling to be done by the long distance providers.

ƒ Nodal Officer appointed will be the single point of interface for NKN.

What NKN will not provide?

What NKN will not provide?

ƒ Training / Troubleshooting on applications which are run g g pp internally by the end user.

ƒ Interfacing with the end nodes which are not directly

connected to the NKN (this includes broadband users any connected to the NKN (this includes broadband users, any end node of other MPLS cloud)

ƒ Campus LAN support / maintenance inside the End Nodes ( p pp ( whether connected directly or indirectly to NKN)

Start Using NKN by creating a

g

y

g

VPN connecting all the CSIRs

Objective:

Obj

ti

T

bl CSIR t

d

ti

Objective: To enable CSIRs to advertise

the exisiting public IP segments (leased

from ISPs) through NKN so that NKN

from ISPs) through NKN so that NKN

connected institutes can reach any of the

advertised public IPs through NKN links

advertised public IPs through NKN links

rather than spin around through ISPs

NKN link already in the institute and the NKN

router is presently configured as a MPLS PE

ƒ

Assumption:

The Virtual Classrooms are on the NKN IP segment Normally the Institute's campus LAN segments

router is presently configured as a MPLS PE.

segment. Normally, the Institute s campus LAN segments are terminated at a Core Switch, typically installed in the Computer Centre (CC). Internet access is provided through P /Fi ll/UTM d i

Prxy/Firewall/UTM devices. ƒ

ƒ The Institutes router (which is connected to ISP) shall be capable of peering a BGP session with NKN router and the Institute router shall announce public IP segments to this p g BGP session. This will help the other institutes in the NKN cloud to reach the public IPs (hence webserver and other content enabled services) through NKN link

How Do I start using the link immediately:

Currently NKN provides IP segments from RFC 1918's 10 n n n Currently, NKN provides IP segments from RFC 1918 s 10.n.n.n. These IP segments could clash with the exisiting assigned segment in the Institutes and re-assigning of the NKN suggested segments may be a daunting task However for the specified segments may be a daunting task. However, for the specified projects, the NKN suggested IP segments can be assigned from the day one.

Connect the NKN router to the Institute's gateway router. Configure the gateway router to do a BGP session with NKN router and announce the public segment (normally provided by the router and announce the public segment (normally provided by the ISP). This link at the NKN router is configured to be in VRF instance called NKNGEN.

The public IPs are announced through the NKN who are part of this VRF instance NKNGEN. This way every CSIR's can announce their public IP segments in NKN and hence all the announce their public IP segments in NKN and hence all the Institutes which are part of the VRF NKNGEN can reach the

I th NKN li k t th I tit t f il th t ( bli

How Do I start using the link immediately:

In case the NKN links to the Institutes fails, the routes (public

segments) will automatically ceases to exist and reachability to the Institute's public segment falls back through ISP link. In case

f NKN li k f il th t f th NKN CLOUD ill t of NKN link failure the routes from the NKN CLOUD will cease to exist and thereby the gateway of the institutes will start using the Internet link that they have for normal browsing. This way the i t t i b i d li d th h th i ti id

internet is being delivered through the existing provider.

To Achieve Fig-1 and Fig-3, and Fig-3 the CSIRs must connect the NKN router to the CC router and announce the IP number the NKN router to the CC router and announce the IP number allocated to them either from the ISP ( currently providing the Internet) or ERNET to NKN.

If the CSIR wants to announce some resource, then it can be

made available to all the others in NKN. The resource can be kept at the CSIR itself or could be transferred to DATA CENTER

at the CSIR itself or could be transferred to DATA CENTER proposed in NKN.

EXISTING ISP 

NKN

NKN

NKN Router Placed inside

WWW server 

MAIL server 

Link between NKN CSIR

NKN Router Placed inside the institute

I tit t C IP h i

Proxy server 

Layer 3 switch

Link between NKN – CSIR GW

Institute  Campus IP schema is 

not changed in the  existing 

setup

OSDD LAB ith IP

Virtual Class 

Room on NKN  

private IP OSDD LAB with IP 

schema which 

already exists

Internet Browsing Only using

Internet Browsing Only using

the NKN:

O

f

Objective:

Using

Internet

facility

on

an

immediate basis through NKN.

How Do I start using Internet using the NKN:

Assumption: The Public IP number provided by ISP deployed currently.

In case the institute wants to have the internet facility from In case the institute wants to have the internet facility from

the NKN, then the following needs to be done:

The proxy server must have the real IP provided to the The proxy server must have the real IP provided to the institute as a part of NKN. This IP shall be advertised by the NKN to the Internet world and hence the browsing is made possible through the NKN link During this any made possible through the NKN link. During this, any failure in the NKN link will result in proxy not getting internet connectivity.

The other resources like the web site / mail server etc will still use the ISP as the IP numbers belong to the ISP and has been leased out to the institute

has been leased out to the institute.

EXISTING ISP 

NKN

NKN

NKN Router Placed inside

WWW server 

MAIL server 

Link between NKN – CSIR GW

NKN Router Placed inside the institute I tit t C IP h i Proxy server  Layer 3 switch Proxy server  External  Interface with  NKN public IP

Institute  Campus IP schema is 

not changed in the  existing 

setup

GARUDA LAB ith

Virtual Class 

Room on NKN  

private IP

Block 1

GARUDA LAB with 

IP schema which 

already exists

Block N

Block 2

Using the NKN when the USER has

PUBLIC IP from APNIC/ ARIN:

Using the NKN when USER has PUBLIC IP

from APNIC/ ARIN:

The following are the assumptions for scenario in (Fig5):

•User with public IP pool

from APNIC/ ARIN:

User with public IP pool

•Multi-homing to NKN & other ISP with separate local routers (running BGP between them).

USER R i t

USER Requirement

•Primary (NKN) ISP & Backup (non-NKN) ISP

•Exit/Entry via Primary or Backup on Primary Failsy y y

Solution for preferred exit point

•Mark updates from NKN only with higher local preference.

Solution for preferred entry point Solution for preferred entry point

•Advertise self public pool with AS ( number of NKN itself) path prepend to other ISP only and to NKN have a ibgp session.

NKN’ R l

24

NKN’s Role

•Accept only end node’s prefixes & filter

EXISTING ISP 

NKN

iBGP between the

NKN

Institute has IP number 

(public) provided by APNIC

WWW server 

MAIL server 

NKN – CSIR GW (public)  provided_/ ARIN  by APNIC 

Proxy server 

Layer 3 switch

NKN Router Placed inside the institute

Proxy server 

External 

Interface with 

NKN public IP

GARUDA LAB ith

Virtual Class 

Room on NKN  

private IP

Block 1

Institute  Campus IP schema is 

not changed in the  existing 

GARUDA LAB with 

IP schema which  already exists Block N Block 2 g g setup

Fanning-Out

E i i E i i NKN P P NKN P P Ingress NKN Router NKN Engineering Engineering collège

collège PolyPoly--techtech

PoP PoP Egress NKN Router Ingress NKN Router NKN Cloud Médical Médical collège collège Some NLD Some NLD providing providing connectivity connectivity PE -NKN Education Education community community collège collège PE NKN VPN Blue Site VPN Blue Site BIO TECH BIO TECH VPN Green Site VPN Green Site DAE LAB DAE LAB MAIN UNIVERSITY MAIN UNIVERSITY With IN CAMPUS With IN CAMPUS Colleges/ dpts Colleges/ dpts

Short Term Migrating to NKN

LAB #1 NKN IP Address Scheme LAB #4 NKN IP Address Scheme Internet Service Provider 124.124.1.0-255 202.141.40.0-255 Provider NKN RESOURCE NKN NKN Internet Internet NKN RESOURCE DATA CENTER CLOUD CLOUD Internet Service Provider Internet Service Provider 121.121.240.0-255 NKN IP Address NKN IP Address LAB #2 203.197.140.0-255 Scheme Scheme

Migrating to NKN

Institute #1 Institute #4 Internet Service Provider NKN IP SCHEMA CWCR NKN IP SCHEMA CWCR 124.124.1.0-255 202.141.40.0-255 Provider NKN RESOURCE NKN NKN Internet Internet NKN RESOURCE DATA CENTER CLOUD CLOUD Internet Service Provider Internet Service Provider 121.121.240.0-255 NKN IP SCHEMA NKN IP SCHEMA Institute #2 Institute #3 203.197.140.0-255 CWCR CWCR

Short Term Migration

ƒ

Each one of the closed user group can

advertise the IP numbers through the NKN. ( It

g

(

will be the Public IP given to the organisation

by the ISP currently engaged.)

ƒ

A separate VRF will be created which will allow

the organisation to browse the others in the

l

d

closed user group.

ƒ

This will also provide Internet facility.

ƒ

Provision can also be made on a short term

basis for public IP for the organisation from

NKN to cater to the PUBLIC/ INTERNET

Killer Applications

Killer Applications

ƒ

Peer to Peer Collaboration

ƒ

Desktop Video

ƒ

Enterprise ERP

ƒ

Central Web Based Applications

ƒ

Central Web Based Applications

ƒ

Library resources

ƒ

MOST IMPORTANTLY A DESIGN THAT

CAN CATER TO FURTURE

CAN CATER TO FURTURE

INOOVATIVE IDEAS

HOW TO CONNECT EXISTING

HOW TO CONNECT EXISTING

HOW TO CONNECT GARUDA LABS?

GARUDA: It has been decided to provide the bandwidth to Garuda through NKN. It is important that the LAB taking part in the GARUDA project gets a link from the router provided to the institutions through NKN project.

Suggestion:

The LAB has to extend the link from the NKN router which in many cases will be in the Computer Center and in some cases it could be a part of some other project like ERNET PoP.

The approximate distance is 0-2 KM in most cases.

Connect the cable provided to the NKN router in the institute and Garuda LAB. ( responsibility of GARUDA)

Institute

NKN

ISP ISP Reliance/Bharti/TATA New Delhi/Hyderabad Internet Gateway Primary For NKN Tier‐1/2/3 POP PE Router PE

Institute

 

NKN

ISP Backup NKN MPLS  Institute Network Tier‐1/2 POP PE Router NKN MPLS  Backbone Tier‐1/2/3 POP

PE Routers WWW server MAIL server 

Proxy server 

Tier‐1 POP

P Router GARUDA LAB

Details within 

the INSTITUTE

THANK YOU

THANK YOU

For further information:

Contact: piu@nkn.in