vpn

About This Presentation

Title:

vpn

Description:

vpnn – PowerPoint PPT presentation

Number of Views:160

Slides: 31

Provided by: smail0s

more less

Transcript and Presenter's Notes

Title: vpn

1
Overview of VPN
2
Private Networks
Organization B Site 1
Organization A Site 3
Organization A Site 1
Organization B Site 3
Organization B Site 2
Leased Lines
Organization A Site 2
3
Private Network

Advantages
Leased lines are secured
Privacy and QoS Guarnteed
Disadvantages
Leased lines are very expensive
No of links required grows exponentially if full
mesh connectivity is required and network
expands.
More nos of CPE ports are required
Network complexity increases as network grows.
All existing sites requires reconfiguration in
case of a new site addition.

4
Internet Based Private Network
Organization B Site 1
Organization A Site 3
Internet
Shared Infrastructure
Organization A Site 1
Organization B Site 3
Organization B Site 2
Organization A Site 2
5
Internet Based Private Network

Advantages
Single physical connectivity at each site.
No reconfiguration required at existing sites in
case of addition of new site to the network.
Saving on CPE ports
Huge saving in annual connectivity charges.
Disadvantages
Highly insecure environment
No guarantee of Privacy and QoS
Any unauthorized traffic can enter in private
network

6
Virtual Private Network

Different solutions are available to make
communication over internet safe, secure and it
can also ensure desired grade of quality of
service.
These solutions are known as VPN solutions.
Different protocols like L2TP, PPTP, IPSec etc
are available to provide VPN solutions to
customers.
These Protocols take care of data authenticity,
data integrity, and if required data
confidentiality.

7
Virtual Private Network
Organization A Site 4
Firewalls
Organization B Site 1
Organization A Site 3
Internet
Organization A Site 1
Organization B Site 3
Organization B Site 2
Organization A Site 2
8
Deploying VPNs in the 21st Century
Corporate Headquarters
Intranet
Branch Office
Internet
Mobile Users and Telecommuters
Remote Access
Suppliers, Partners and Customers
Extranet

Uses IP Infrastructure
May be shared with Internet services
Increasing importance of IP/MPLS (not ATM/FR)
Subscriber requirements
Lower operational expenses
A single network connection for multiple services
Provider requirements
Multiservice infrastructure
Create additional source of revenue

9
Virtual Private Network Categories

VPN can be classified in two categories
Customer Provisioned
VPN Tunnels originate and terminate at customer
premises
Provisioning of equipment and allied activities
is the responsibility of the customer
Provider may not be aware of the VPN tunneling
through his network
Provider Provisioned
VPN Tunnels originate and terminate at the
service providers edge
Responsibilities of creating and maintaining
these tunnels lies with the provider

10
Customer Provisioned VPNs
Organization B Site 1
Internet
Organization A Site 1
Organization B Site 3
Organization B Site 2
11
Provider Provisioned VPNs
Secured Tunnels
Organization B Site 1
Internet
Organization A Site 1
Organization B Site 3
Organization B Site 2
12
MPLS Based VPNs

MPLS Based Layer 3 VPNs
Providers router participates incustomers layer
3 routing
Provider router manages VPN-specific routing
tables, distributes routes to remote sites
CPE routers advertise their routes to the
provider
MPLS Based Layer 2 VPNs
Customer maps their layer 3 routing to the
circuit mesh
Provider delivers Layer 2 circuits to the
customer, one for each remote site
Customer routes are transparent to provider

13
MPLS Based Layer 3 VPN
A VRF is created for each VPN connected to the
PE
VPN A Site 1
VPN A Site2
VPN B Site2
CEA2
CEA1
OSPF Routing
PE 2
P
P
Static Routes
VPN B Site 1
CEB2
VPN A Site 3
PE 1
CEA3
E-BGP
PE 3
P
CEB1
P
CEB3
CEC1
VPN C Site 1
CEC2
VPN C Site 2
VPN B Site3
14
MPLS Based Layer 3 VPNs

Each VRF is populated with
Routes received from directly connected CE
routers associated with the VRF
Routes received from other PE routers with
acceptable BGP attributes
Only the VRF associated with a VPN is used for
packets from a site of that VPN
Provides isolation between VPNs

15
MPLS Based Layer 3 VPNs

Customers can use overlapping IP addresses
Customers are free to use any IP address even
private IP addresses.
Very little manual configuration. Auto discovery
of new sites. No reconfiguration of existing
sites in case of new site addition.
Cheaper than leased lines as it works on MPLS
based IP infrastructure which is a shared
infrastructure.
QoS can be assured as MPLS has the capability to
provide differentiated QoS

16
MPLS Based Layer 3 VPNs

Customers can create intranet as well as extranet
with the help of layer 3 VPNs.
Extranet allows the customers to allow business
partners, suppliers to access their network.
100 secured intranet as well as extranet.
Single physical connectivity at every site
resulting in very simple network topology.
Provider participates in customers routing
process.

17
MPLS Based Layer 2 VPNs

Provider edge device delivers Layer 2 circuit IDs
(DLCI, VPI/VCI, or VLAN ID) to the customer
Customer sees standard FR or ATM PVCs
From my site, one for each reachable site
Provider edge device maps the circuit ID to an
MPLS LSP to traverse the provider core
Label stacking could be used to improve
scalability
Customer maps their own routing architecture to
the circuit mesh
Customer routes are transparent to provider
Separation of administrative responsibility

18
MPLS Based Layer 2 VPNs
A VFT is created for each CE connected to the PE
VPN A Site 1
VPN A Site2
VPN B Site2
CEA2
CEA1
ATM
PE 2
P
P
ATM
FR
VPN B Site 1
CEB2
VPN A Site 3
PE 1
FR
CEA3
ATM
PE 3
P
CEB1
P

Each VFT is populated with
The information provisioned for the local CEs
VPN Connection Tables received from other PEs via
BGP or LDP

19
MPLS Based Layer 2 VPNs

Layer 2 VPN supported Technologies
Frame Relay
ATM
Ethernet
Ethernet VLANs
HDLC
PPP

20
MPLS Based Layer 2 VPNs

Separation of customers and providers routing
provides extra confidence to customer about
security of his network.
Customer can choose any layer 2 connectivity
which is supported by layer 2 VPN.

21
Virtual Private LAN Service VPLS

Different sites of customers network can get
connected to MPLS network on Ethernet just like
they connect with any LAN switch.
With auto discovery of MAC addressed of devices
each site can learn about the machines connected
with VPLS service.
To customer it appears very much like a ordinary
Ethernet connectivity.
To customer MPLS network appears like a huge LAN
switch with which its different site are
connected just like connected with Ethernet LAN
switch.

22
Virtual Private LAN Service
VPN A Site2
VPN A Site 1
CEA2
VPN B Site2
CEA1
P
P
PE 2
PE 1
CEB2
VPN B Site 1
VPN A Site 3
P
P
PE 3
CEB1
CEA3

A private Ethernet network constructed over a
shared infrastructure which may span several
metro areas
Multipoint to Multipoint Ethernet connectivity
where the SP network looks like an Ethernet
broadcast domain
Compliments Layer 3 2547 and Layer 2 VPNs

23
What is Quality of Service
Desktop Conferencing, Distance Learning
Mission-Critical Applications
E-Mail
FTP
24
Role of QoS

Protect mission-critical applications
Voice, ERP, data warehouse, sales force
automation
Prioritize groups of users
Finance, sales, suppliers
Enable multimedia applications
Distance learning, desktop video conferencing

25
Quality of Service (QoS)

MPLS has got very powerful tools like traffic
prioritization, traffic scheduling, traffic
shaping, traffic policing etc to ensure proper
grade of quality of service to customer.
Broadly three grades of services are available at
present in MPLS VPN Service
Gold (Guaranteed bandwidth, delivery, Jitter and
latency)
Silver (Guaranteed delivery)
Bronze (Best effort)

26
Three Classes of Service

Three class of service according to the customers
requirement (Gold, Silver Bronze)
If customer requirement is more than 2 Mbps then
tariff will be n x tariff for 2 Mbps.

27
Service Tax Discount