• No results found

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data."

Copied!
23
0
0

Loading.... (view fulltext now)

Download now ( 23 Page )

Full text

(1)

RA-MPLS

VPN Services

Kapil Kumar

Network Planning & Engineering – Data

(2)

Agenda

¾Introduction

¾Why RA MPLS VPNs?

¾Overview of RA MPLS VPNs

¾Architecture for RA MPLS VPNs

(3)

¾ Highly scalable and effective technology for deployment of IP VPN services

¾ Supports a wide range of services, including extranets, application hosting and e-commerce.

¾ Potential for additional revenue streams and increased ROI

(4)

Why RA-MPLS VPNs?

¾ Enabled by MPLS' technique for designating packets for transmission over explicit routes

¾Does not rely on encapsulation and encryption to maintain a high level of security giving optimal performance.

¾Extremely scalable and provides the ability for very large, fully meshed networks

(5)

¾ Scalability —MPLS-based VPN deployment is capable of supporting tens of thousands of VPNs over the same network.

¾ Security—MPLS provides traffic separation between VPNs by using unique route distinguishers.

¾ Support for SLAs—A well-executed MPLS-based VPN implementation supports SLAs and service-level guarantees (SLGs) by providing scalable, robust QoS mechanisms, guaranteed bandwidth, and traffic engineering capabilities.

(6)
(7)
(8)
(9)

Overview of MPLS VPNs (…contd)

¾ Routing protocol used to distribute VPN routing information across the provider's backbone and MPLS is used to forward VPN traffic from one VPN site to another.

¾ Edge routers have multiple routing and forwarding tables called VRF and routing information of a VPN remains inside a VRF.

(10)

¾ Packet forwarding is performed using labels, or label values, instead of IP header information.

¾ Labels indicate routes as well as service (VPN) attributes.

¾ At the ingress edge, incoming packets are processed and labels are

selected and applied. First a label indicating the VPN is applied, and on top of that a label identifying the route is applied.

¾ MPLS core reads only the upper label, and forwards packets based on the label. When the packets reach the egress edge, labels are removed and based on the inner label packets are forwarded to their final VPN destinations.

(11)

Architecture for RA MPLS VPNs

MPLS Core LNS (PE) Data Center AAA, PGW, DNS servers POTS

Customer ISDN BRI

Customer PSTN Network Modem PWR OK WIC0 ACT/CH0 ACT/CH1 WIC0 ACT/CH0 ACT/CH1 ETHACT COL ISDN Router BRI line POTS line 2 1 0 NCQNO 250V~5A30V5A ALARM

Cisco AS5300 10BaseTACTLNK ACTLNK100BaseTCONSOLEAUXOK INPUT 100-240V ~ 50/60HZ 1.5-4.0A

NRAS Mobile Network Mobile customer PDSN PE CPE LNS - L2TP Network Server PDSN - Packet Data Serving Node

(12)

¾ Customer Premises Equipments (CPE)

Provides customer access to the service provider network over a data link to one or more provider edge (PE) routers.

¾ Narrowband Remote Access Server (NRAS)

Customers having a PSTN connection or BRI connection dial up the number dedicated for VPN services.

The customer call is routed to the NRAS. The NRAS terminates the customer call and forwards the ppp session of the customer to the LNS by building an L2TP tunnel.

¾ Packet Data Serving Node (PDSN)

PDSN works as a gateway for the wireless customers. It terminates connections from the wireless customers and forwards the ppp session to the LNS.

(13)

¾ Provider Edge (PE) Routers

• It exchanges routing information with CPE routers using static routing, RIPv2, OSPF, or EBGP.

• Maintains VPN routing information for those VPNs to which it is directly attached. This design enhances the scalability because it eliminates the need for PE routers to maintain all of the service provider's VPN routes.

• Each PE router maintains a VRF for each of its directly connected sites. Each customer connection is mapped to a specific VRF.

•Ability of PE routers to maintain multiple forwarding tables that supports the per-VPN segregation of routing information.

• After learning local VPN routes from CPE routers, a PE router exchanges VPN routing information with other PE routers using IBGP.

(14)

• PE routers can maintain IBGP sessions to route reflectors as an alternative to a full mesh of IBGP sessions.

• When using MPLS to forward VPN data traffic across the provider’s

backbone, the ingress PE router functions as the ingress LSR and the egress PE router functions as the egress LSR.

(15)

¾ Provider (P) Routers

• It is a router in the provider's MPLS core that does not attach to CPE devices.

• It functions as MPLS transit LSRs when forwarding VPN data traffic between PE routers.

• Since traffic is forwarded across the MPLS backbone using a two layer label stack, P routers are only required to maintain routes to the

provider’s PE routers; they are not required to maintain specific VPN routing information for each customer site.

(16)

¾ L2TP Network Server (LNS)

• Terminates the ppp session of the customer forwarded by NRAS in L2TP tunnel.

• Single shared LNS can be used for terminating both wire line as well as wireless customers.

• Before terminating the ppp session, the customer is authenticated with use of an AAA server. Then the customer is put into his associated VPN.

• LNS works as a PE router for dial-up customers.

•It maintains VPN routing information of all customers connecting it, and advertises the routing information of customers dynamically whenever they connect or disconnect.

(17)

¾ Packet Gateway (PGW) and Signalling Link Terminator (SLT) • It is deployed when out-of-band signalling is used.

• Out-of-band signalling does not consume bandwidth on the bearer channel and effectively increases the number of customers that can be supported.

• It works in conjunction with STP (Signal Terminating Point) for routing of the signalling information between PSTN Switch and NRAS.

(18)

¾ AAA Server

• The AAA server is used to authenticate, authorize and account the customers. • NRAS and LNS sends the request to AAA for tunnel and user authentication and authorization

• AAA server authenticates the customer and returns authorization attributes if the authentication is successful. AAA server also stores accounting records which are used for billing.

(19)

Typical Call flow for RA-MPLS VPN customers

¾ Wireline customer dials the RA-MPLS VPN services number with his username and password, which lands on the NRAS device. If the customer is wireless, his call lands on PDSN.

¾ The NRAS or the PDSN builds an L2TP tunnel to the LNS and tunnels the ppp session of the customer inside it after the successful authentication

¾ LNS terminates the ppp session of the customers, and passes the authentication information i.e. “username and password” obtained during ppp negotiations to the AAA server in an access-request packet.

(20)

¾Customer is assigned an IP address and put into his VRF according to the AAA response after the customer is authenticated. The customer will then be part of his Enterprise network.

¾ AAA server generates billing logs as soon as the dial-up session is

established and also when the session is terminated. This billing information is then exported to the billing servers for billing purposes.

(21)

¾ No constraints on the address plan used by each VPN customer. The customer can use either globally unique or private IP address spaces. ¾ CPE router at each customer site does not directly exchange routing information with other CPE routers.

¾ Providers do not have a separate backbone or virtual backbone to administer for each customer VPN. Thus, providers do not require management access to CPE routers.

¾By using the PSTN network, anytime-anywhere connectivity is possible thus enabling customers to work from home, hotel or anywhere

(22)

Advantages (…contd)

¾Allows low-speed network access using a dial-up connection

¾ With ISDN technology, speed as much as 2 Mbps can be delivered

(23)

References

Download now ( PDF - 23 Page - 381.65 KB )

Related documents

CANADIAN SECURITIES LAW AND PRACTICE

• Types of securities that can be offered through private placements • Overview of exemption criteria for private placements across Canada • The new rules for takeover bids..

Water Priming Mode Purge air from plumbing system. How do I solve ER-3 WATER PRIME: TIPS ON FILLING SPA IMPORTANT NOTE WARNING

Cause: Low water level, airlock in pipe work, closed shut-off valves, dirty filter cartridges, filtration pump failed or operation intermittent Solutions: Turn mains power

Why Consider Multiprotocol Label Switching (MPLS)?

The following topics will be discussed: MPLS VPN privacy, distributed network-based and endpoint security, traffic management, and routing architecture design.. MPLS VPN

Designing and Implementing IP/MPLS-Based Ethernet Layer 2 VPN Services. An Advanced Guide for VPLS and VLL

Part III Ethernet VPN Services... Chapter 9 IP/MPLS VPN Service Routing Architecture. 9.1 IP/MPLS VPN Service Network Infrastructure. 9.2 Alcatel-Lucent Service Routing

WHO PAYS FOR CONTRACEPTIVES UNDER THE AFFORDABLE CARE ACT?

As the demand curve shows, the employer will offer no more in total payments, including the fee, than the value of the work performed, i.e., the summation of the fee plus wages

S ITGuru Excercise 3: BGP/MPLS VPN. Spring Timo-Pekka Heikkinen, Juha Järvinen and Piia Töyrylä

The MPLS/LDP network from the last exercise is used as a starting point and the aim is to build a VPN connection between the PE routers as well as stretch the routing to

Quidway MPLS VPN Solution for Financial Networks

- Provider Edge (PE): It is an edge device in the backbone network, directly connected with the CE of user. In a carrier's network, the structure of the MPLS VPN network is set up

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

Manfred Lindner MPLS_VPN, v4.6 33 Physical Topology IP VPN Customer A Location A1 Customer B Location B1 Customer A Location A2 Customer B Location B2 Customer A Location A3 Customer