Telecommunications, Portorož, 04.10.2008 NLB d.d. 1
MPLS@NLBd.d.
* MPLS – Multi Protocol Label Switching ** NLBd.d. – Nova Ljubljanska banka d.d.
Foreword
This presentation is about NLB d.d. experience in upgrading network communications infrastructure –
why, what, how, pros., cons., lessons learned – and not about technology and configurations.
Some statements in this presentation could be author’s personal opinion and not official opinion of NLB d.d.
Telecommunications, Portorož, 04.10.2008 NLB d.d. 3
Agenda
About NLB d.d.
WHY...
WHAT...
HOW...
Conclusions
Q&A
About NLB d.d.
NLB Group
Telecommunications, Portorož, 04.10.2008 NLB d.d. 5
NLB d.d. - NLB Group
58 members in 17 countries banks: 13 (including NLB d.d.) leasing: 11 trade finance: 11 insurance: 5 asset mgmt: 1 non financial: 17NLB d.d. - Slovenia
Telecommunications, Portorož, 04.10.2008 NLB d.d. 7
WHY to upgrade network
Capacity Technology New services Costs
WAN topology (present)
Telecommunications, Portorož, 04.10.2008 NLB d.d. 9
WAN utilization (present)
100% increase of network traffic in less than one year
Goals
To provide sufficient capacity, quality, availability, security - to migrate corporate network from switching and routing to service oriented network platform.
To provide network support for several emerging technologies and network services – IP ATMs, IP telephony, IP video surveillance...
To lower communications costs (enhance price –
performance) and achieve independence from only one telecom provider.
Telecommunications, Portorož, 04.10.2008 NLB d.d. 11
WHAT is obvious technical solution
MPLS VPN GRE/IPsec
MPLS VPN
(maybe right solution for “non-corporate” networks) Provided/implemented by telecom provider
+
Customer’s virtual private “communication cloud” within provider’s network
Media independent (Ethernet, xDSL, leased lines, Frame Relay, FO...)
Network devices managed by provider
- Customer depends on provider (costs, QoS...)
Telecommunications, Portorož, 04.10.2008 NLB d.d. 13
GRE/IPsec
Implemented by customer
+
GRE/IPsec tunnels provide data security
Tunnels connect customer’s private networks (branches – datacenters)
Network devices managed by customer
- Additional network equipment (costs, management, processor power)
MPLS VPN over GRE/IPsec
Implemented by customer
+
Customer defined MPLS VPN network(s) over GRE/IPsec
Provider independent (better monitoring and service management, easy to introduce new network services, customer defines virtual networks within his network) More than one provider (costs, price-performance, QoS, redundancy...)
Network devices managed by customer
-Telecommunications, Portorož, 04.10.2008 NLB d.d. 15
Comparison...
MPLS VPN over GRE/IPsec
MPLS VPN GRE/IPsec
Provider independency No Yes Yes
Authentication No Yes Yes
Encryption No Yes Yes
Media independency Yes Yes Yes
Trafic separation Yes No Yes
MPLS VPN over GRE/IPsec
Customer’s network Customer’s network MPLS VPN MPLS VPN Provider #1 Provider #2 Provider #3 GRE/IPsec GRE/IPsec VPN A VPN A VPN B VPN B Branch 2 VPN A VPN A VPN B VPN B Branch 1 VPN A VPN A VPN B VPN B Branch 3 VPN A VPN A Branch 4 VPN A VPN A VPN B VPN B Primary MP-BGP Simplifyed logical scheme
datacentre secondary
Telecommunications, Portorož, 04.10.2008 NLB d.d. 17
HOW to do it
... (project) Requirements Pilot testing Telecom Slovenia ... (implementation)Requirements, decisions...
Selecting telecom provider(s): primary and secondary connections by Telecom Slovenia (all connections MPLS VPN; defined QoS,
reporting, on-line monitoring, problem solving...)
Selecting system integrator(s): NIL d.o.o., NLB Propria
Datacenter:
1Gbps, FO, Ethernet
Cisco routers ASR 1002
Branch office:
Primary connection: 10Mbps, FO, Ethernet, RJ45 (to the micro location)
Telecommunications, Portorož, 04.10.2008 NLB d.d. 19
QoS requirements
Parameters Required Acceptable offset
Bandwidth 10Mbps up to 20%
Availability – monthly average >= 99,9%
Delay – hourly average <= 100 ms up to 3 times/month
Delay – daily average <= 70 ms up to 1 time/month
Delay – monthly average <= 60 ms
Jitter – hourly average <= 15 ms up to 3 times/month
Jitter – daily average <= 10 ms up to 1 time/month
Jitter – monthly average <= 5 ms
Packet loss – hourly average <= 0.8% up to 3 times/month
Packet loss – daily average <= 0.3% up to 1 time/month
Packet loss – monthly average <= 0.2%
Should be confirmed by provider (and put in a contract)
Pilot implementation
Telecom Slovenia Datacentre Branch office Secondary MPLS New (MPLS) routersExisting routers ISDN Ethernet
Leased line
Primary MPLS
Leased line
HSRP
Telecommunications, Portorož, 04.10.2008 NLB d.d. 21
Telecom Slovenia 1/3
MPLS@NLB add on from TS
VPN business services
Carrier Class equipment
Carrier Grade network infrastructure with DWDM protection mechanisms
MPLS Based Core network with protection of all links
Metroethernet based Access Network with protection of business customers
Usage of different kind of first‐mile technologies as ADSL2+, VDSLx, FTTx, SHDSL, EFM, Wimax and Mobile network
Over 100 cities covered with business network for VPN services
E2E QoS assurance
SLA monitoring/reporting and advanced SLA monitoring/reporting (with applications)
24/7 Network operations center
Dedicated contact channel and technical team for business customers * Signedcontractwith mobile operater Mobitel (on trial)
Telecom Slovenia 2/3
Services on MPLS network L3 VPN VoIP for SB, SMB and large enterprise networks (IP centrex and IP PBX support) Advanced IP TV services, standard and high definition VoIP for residental segment and for SOHO FMC services Hotels multimedia services and advanced hotels multimedia services SLA monitoring and advanced SLA monitoring (with applications) Combination of P2P and mash VPN network L2 VPN* IMS (IP multimedia subsystem)* IPS service (Intrusion Prevention System)* Redundancy location of DRC** Surveillance service (commercial name INFRANET)* VPN service for IP/POS terminals and ATM’s* * on trialTelecommunications, Portorož, 04.10.2008 NLB d.d. 23
Telecom Slovenia 3/3
MPLS@NLB add on from TS Telekom Slovenia topology Carrier Class equipment MPLS Based Core network with protection of all links (10G) Metroethernet based Access Network with protection of business customers Over 100 cities covered with business network for VPN services Separate business and residental netwotk on physical layer Dual WAN connectivityConclusions
Lessons learned Results
Telecommunications, Portorož, 04.10.2008 NLB d.d. 25
Lessons learned
Importan NLB d.d. experience
Project Involve internal users/customers; gain management support; prepare business case...
Plan, plan, plan More than one year of planning, meetings, educations. Larger network, more services – more planning required.
Think about big picture – don’t forget about other network segments (network core, monitoring and management) and new services (IP telephony, IP ATMs...)
Significant architecture change – server centralization.
Equipment Be careful when buying new network equipment: capacity, end of sale, end of support, SW versions for required functionalities...
Support costs for new equipment might be lower; part of business case. Testing, pilot branch office implementation Proved to be very useful; some configurations were changed.
Internal users/customers confirmation.
Telecom providers Take time for negotiations. Think about contract: obligations and penals – costs, response times, QoS parameters, measurements, reporting... Not all telecom providers are capable of connecting all NLB d.d. branch offices.
Different providers – very different prices.
Cable installations (within buildings) Might be a problem: protected buildings, permits, cabling documentation, extra costs, extra time...
Results
Goals NLB d.d. conclusions
Sufficient capacity 10Mbps for each branch office, can be upgraded.
QoS Telecom providers put QoS parameters and measurement methods into contracts. Unfortunately they do not offer QoS as required.
Availability High availability is technically supported by using primary and secondary connections. Unfortunately both are still from the same provider.
Security Enabled by using MPLS VPN over GRE/IPsec. Ability to easily support new network
services (IP ATMs, IP telephony...)
Enabled by using MPLS VPN over GRE/IPsec. Independent from telecom provider. Consideration could be sufficient QoS. Lower communications costs Much better price-performance. Lower network equipment
maintenance costs. Server centralization/consolidation. Independence from only one telecom
provider
Independence is technically supported. Not all telecom providers are capable of connecting all NLB d.d. branch offices.
Telecommunications, Portorož, 04.10.2008 NLB d.d. 27
TO DO...
Sign the contract with provider
Establish connectivity with all branches
Finish implementation (only datacenters and one branch implemented)
Introduce network support for new services (IP ATMs) Start redesigning network core
Q&A
Telecommunications, Portorož, 04.10.2008 NLB d.d. 29
Thank you.
Janko Jager, B.Sc. Manager
NLB d.d., IT Processing and Infrastructure, Network Šmartinska 132, SI-1520 Ljubljana, Slovenia