Title Subtitle - PowerPoint PPT Presentation

1 / 27
About This Presentation
Title:

Title Subtitle

Description:

A virtual router (VR) is an emulation of physical router. ... VR to VR Direct Connectivity. VR-C. VR-A. VR-B. VPN A. VPN B. VPN C. PE. VR-C. VR-A. VR-B. Backbone ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 28
Provided by: hub78
Category:

less

Transcript and Presenter's Notes

Title: Title Subtitle


1
Network-based IP VPNsusing Virtual Routers
Tim Hubbard
2
Network based VPN Network Reference Model
  • P
  • CE
  • P
  • PE
  • CE
  • PE
  • CE
  • CE
  • CE
  • PE
  • P
  • P
  • CE
  • CE
  • CE
  • CE

3
Network Based VPN Services
Provider Edge Router (PE)
Provider Edge Router (PE)
4
Architecture Design Goals
  • Flexibility
  • solution architected around choices
  • Scalability
  • backbone, VPN, PE, etc.
  • Resiliency
  • NB-VPN services resilient to failures, smooth
    migration,
  • Manageability
  • multiple levels of control while reducing NB-VPN
    service, and network management complexity
  • Reusability
  • existing management aspects, network mechanisms
    and tools
  • Security
  • VPN service, VPN information (routing and data)

5
Architecture Requirements
  • Per VPN routing and forwarding.
  • No routing/forwarding based on private addresses
    in the backbone.
  • Any routing protocol can be used in the VPN
    domain and in the backbone.
  • Overlapping of VPN addresses.
  • Not limited to a single tunneling mechanism.
  • Accommodates different backbone deployment
    scenarios.
  • Not limited to a single backbone technology

6
What is a Virtual Router?
  • A virtual router (VR) is an emulation of physical
    router.
  • A VR has the same mechanisms and functionality as
    physical routers.
  • Each virtual router maintains separate routing
    and forwarding tables.
  • Each virtual router can run any routing protocols
    (OSPF, RIP, BGP-4, etc).

7
VPN Tunneling
  • Network-based VPNs are implemented through some
    form of tunneling mechanism.
  • Different tunneling mechanisms can be used (MPLS,
    IPSec, GRE, L2TP, etc).
  • The architecture allows per VPN tunnels, or using
    VPN shared tunnels across the backbone.

8
Scenario 1- VR to VR Direct Connectivity
PE
PE
VPN A
VPN A
VR-A
VR-A
VR-B
VPN B
VPN B
VR-B
VPN C
VPN C
VR-C
VR-C
9
Virtual Router Backbone Aggregation
  • Virtual router (called Backbone Virtual Router)
    for routing in the backbone used at the PE level
    only.
  • IP or MPLS based tunnels between VRs for
    transport of VPN information across the backbone.

10
Scenario 2- VPNs with Backbone VRs
PE
VPN A
VR-A
VR-B
Backbone VR
VPN B
The backbone virtual router is not functionally
different than other virtual routers.
VR-C
VPN C
Backbone Routing Space
VPN Routing Space
11
Scenario 3 - Combination of VR Deployment
Scenarios
PE
VPN A
VR-A
VPN B
VR-B
VR-C
Backbone VR
VPN C
12
Scenario 4- Multiple Backbones
VPN A
PE
VR-A
VPN B
VR-B
Backbone VR-1
VR-C
VPN C
VR-D
VPN D
Backbone VR-2
VPN E
13
Scenario 5- VPNs with Backdoor Links
VPN A
VR-A
VR-B
VPN B
Backbone VR-1
VPN A
VR-C
VPN C
VR-A
VR-B
VPN B
Backbone VR-1
VPN C
VR-C
VPN C
14
Scenario 6- Outsourcing/Management of the PE
PE
VPN A
Service Provider-1
VR-A
VR-B
VPN B
Backbone VR-1
VR-C
VPN C
VR-D
VPN D
Backbone VR-2
VPN E
Service Provider-2
15
Scenario 7- Multi-protocol VPNs
PE
VPN A IPv6
VR-A
VPN B IPv4
VR-B
Backbone VR-1
VR-C
VPN C IPv6
16
Scenario 8- Backbone Migration Example
PE
VPN A
VR-A
Backbone VR-1
VPN B
VR-B
VR-C
Backbone VR-2 (MPLS)
VPN C
VPN services are migrated one at a time
17
Virtual Router Reachability Scheme
Provider Edge Router 2
Provider Edge Router 1
Virtual
Virtual
Virtual
Router A
Router A
Backbone
Virtual
Virtual
Virtual
Router B
Router B
Backbone
Virtual
Virtual
Virtual
Router C
Router C
Per VPN Reachability Info
  • Each routing instance is independent of each
    other.

18
Membership and Topology Determination
  • Different mechanisms can be used (not mutually
    exclusives)
  • Directory server approach.
  • Explicit configuration
  • Using a VPN auto-discovery mechanism

19
What can be discovered?
Tunnel Mechanism (optionally Tunnel endpoints)
VPN Auto-Discovery
Membership Information
Topology Information
VPN Reachability Information (draft RFC2547)
The virtual router architecture doesnt require
piggybacking VPN reachability information onto
the backbone routing instance.
20
Discovering VPN Information
Provider Edge Router (PE2)
Provider Edge Router (PE1)
Backbone
BVR
BVR
BGP
BGP
BGP
BGP UPDATE
BGP UPDATE
VPN Information (membership, etc.)
21
Discovering Membership Information
Provider Edge Router (PE2)
Provider Edge Router (PE1)
VPN-ID11
VPN-ID11
Backbone
VPN-ID12
BVR
BVR
VPN-ID12
BGP
BGP
BGP
BGP UPDATE
BGP UPDATE
(VPN-IDs,PE-BVR)
VPN-ID13
VPN-ID13
22
Discovering Tunnel Endpoints
Provider Edge Router (PE2)
Provider Edge Router (PE1)
VPN-ID11
VPN-ID11
Backbone
IPsec Tunnel
VPN-ID12
BVR
BVR
VPN-ID12
BGP
BGP
BGP
BGP UPDATE
BGP UPDATE
(VPN-IDs, 123.3.4.5, PE-BVR)
VPN-ID13
VPN-ID13
23
Discovering VPN Topology Information
Provider Edge Router (PE2)
Provider Edge Router (PE1)
VPN-ID11
VPN-ID11
Backbone
VPN-ID12
BVR
BVR
VPN-ID12
BGP
BGP
BGP
BGP UPDATE
BGP UPDATE
(11, hub, PE BVR)
VPN-ID13
VPN-ID13
24
BGP based Auto-Discovery Mechanism (for layer-3
VPNs)
  • Using BGP as an Auto-Discovery Mechanism for
    Network-based VPNs
  • Hamid Ould-Brahim, Bryan Gleeson, Peter
    Ashwood-Smith, Eric Rosen, Yakov Rekhter
  • draft-ouldbrahim-bgpvpn-auto-00.txt

25
Conclusion
  • Virtual Routers allow Service Providers to build
    differentiated network-based VPN services.
  • The architecture is highly flexible and
    accommodates different tunneling mechanisms, and
    different backbone technologies.

26
Contacts
27
Thank You
Write a Comment
User Comments (0)
About PowerShow.com