Transcript Document
MPLS VPN
Data Network - ‘Do it all by yourself’
Call Center
Leased Lines
VSAT
Internet
IP-VPN
Internet
Data
Center
A Network you can plug into - to bring your biz entities on-line
with your IT apps
Call Center
Terabit MPLS
Network with All
India Reach
Own/
3rd Party
Data Center
ERP
CRM
E-mail
Supply Chain Mgt
Intranet Portal
Wired
Wireless
VPN
A Virtual Private Network constructed over shared
infrastructure
Virtual – Not a separate physical network, but
appears to be one
Private - Separate addressing and routing
Network
Supplier
Factory
Shared
Infrastructure
Corporate
HQ
Branch
Mobile User
A partitioned private network over common shared IP backbone
using technologies to ensure privacy of data either self-provided or
provided by Service Provider
VPN Requirements
Extend Corporate Network
Reduce Hardware costs by decreasing termination ports
Prioritization of applications like voice/video
Integrate Suppliers and Customers to Corporate Network
Remote Access from anywhere, anytime
Business
Supplier
Factory
Shared
Infrastructure
Corporate
HQ
Branch
Mobile User
Scalable and Flexible
Predictable performance and pro-active management
Highly secure in conformation to world standards
Ability to support Private Addressing
Ability to support Convergence
Technical
MPLS Building Blocks
LSP
PE
CE
P
• CE – Customer Edge router
– Metro Ethernet, Leased
Line
• P – Provider router
– Forward packet based on
label
– Swaps label
(label-in, label-out)
• PE – Provider Edge router
– Assigns Labels
– Associates CE with
customers VPN
• Label switched path (LSP)
– LDP/RSVP
– Path between ingress and
egress PE
MPLS Packet Forwarding
Forward based on
destination IP
192.168.2.0
192.168.1.0
192.168.1.1
IP Packet
Forward based on
Label
Add Label and
forward based on
Label
Forward based on
Label
Forward based on
Label
Forward based on
Label
192.168.1.1
192.168.1.1
PE1
192.168.1.1
192.168.1.1
VPN
VPN
1.0
192.168.2.0
191.168.1.1
PE2
2.0
Remote Labels learnt
through Route learning.
Black Label for
192.168.1.0 is stored at
PE1
Remote Labels learnt
through Route learning.
Blue Label for
192.168.2.0 is stored at
PE2
Repeat
192.168.1.0
MPLS Packet Forwarding (Repeat)
Forward based on
destination IP
192.168.2.0
192.168.1.0
192.168.1.1
IP Packet
Forward based on
Label
Add Label and
forward based on
Label
Forward based on
Label
Forward based on
Label
Forward based on
Label
192.168.1.1
192.168.1.1
PE1
VPN
192.168.2.0
192.168.1.1
192.168.1.1
191.168.1.1
PE2
VPN
192.168.1.0
Packet Forwarding in MPLS
192.168.2.0
192.168.1.0
192.168.1.1
IP Packet
192.168.1.1
192.168.1.1
192.168.1.1
PE1
LSP VPN
LSP
192.168.1.1
191.168.1.1
PE2
IP
Swapped after every hop
Used for forwarding in MPLS core
Identifies the Label Switched Path
192.168.2.0
192.168.1.0
VPN
Identifies VPN and customer destination address
Used to separate customer VPN
Added when packets enter and removed when packets leave
Packet Forwarding in IP Network
192.168.2.0
192.168.1.0
Forward based on
destination IP
IP Packet
Forward based on
destination IP
Forward based on
destination IP
IP Packet
IP Packet
Forward based on
Destination IP
Forward based on
destination IP
IP Packet
IP Packet
IP Packet
192.168.2.0
192.168.1.0
MPLS Delivers
As a technology
Packet switched technology
Supports Layer2 and Layer3
VPNs
Supports Traffic Engineering
As IP VPN
Network based VPN
CEs need to exchange Layer3 information
only with connected PEs; No need to
exhanage routing informatioin with other
CEs
Overcomes overlapping private IP
Address issues
Routing Protocols establish reachability
Routing at Edge and Swicthing at Core
Delivers CoS/QoS
Platform to address convergence
Without IPSec, Security is as good as
FR/ATM
Reliance MPLS VPN Solution
XYZ
Franchisee
Remote Users
LMDS
Hub
BA
Ring
BN
Head
Office
MA Ring
BAN
BA
Ring
BN
RAS
PSTN
Network
MA Ring
BAN
Internet
Reliance Core
Network
MA Ring
Reliance
Wireless
Network
BA
Ring
Regional
Office
BN
Mobile
Worker
BAN
MA Ring
BA
Ring
BAN
BN
Extranet
(Dealers / Suppliers)
Wireless
Users
Access Technology Matrix
Interface
Access
Technology*
CPE Provided
Ethernet
ADSL
ADSL Modem
DLC
G.703 Modem
LMDS3
LMDS RT
DLC
V.35 Converter
LMDS3
LMDS RT
LMDS3
LMDS RT
Metro Ethernet
None
Ethernet
Metro Ethernet
None
32 Mbps (E3) /
42 Mbps (DS3)
G.703
SDH
TN1C (SDH Mux)
126 Mbps (STM 1)
G.703 /
optical
SDH
TN1X (SDH Mux)
Port Bandwidth
64 Kbps to 512 Kbps
G.703
64 Kbps to 2 Mbps
V.35
Ethernet
>2Mbps to 100 Mbps
*Tulip Wireless Access solution option is also available on a case-to-case basis
SLA Parameters
SLA Parameter
SLA Measurement period
Port Uptime Assurance
Percentage
MTTR *
Standard
Premium
Annually
Annually
Up to 98.5%
Up to 99.5%
Up to 10 hours
Up to 6 hours
<= 80 msec
<= 80 msec
Packet Loss (PE to PE)
<= 1%
<= 1%
Usage Credit against SLA
default
100%
300%
Network Latency (PE to PE)#
Customized
To be proposed
only after DAKC
approvals for values
to be committed
Disaster Recovery
Disasters have no preferences
7/26 – Mumbai Floods
The enterprise Biz would however prefer to stay
unaffected
Reliance IDC’s : Integral part of
the MPLS Network
A ready-to-move-in DR / Primary site
4 Level-3 certified IDCs
2 in Mumbai,
2 in Bangalore
DR-site ready MPLS Network
Reliance
IDC as
DR site
Primary
Data
center
Terabit MPLS
Network
Reliance Network Overview
Reliance Data Network (RDN)
7 Primary Locations
Heavily Physically Meshed
STM 16 (64) connectivity between
primary core locations
14 Secondary Locations
Fully Logically Meshed
STM 4 connectivity to
two or more primary locations
172 Collector Locations
Connected to a core location
STM 1 / n * E1 to core locations
Largest MPLS enabled Core Data Network already
Access Methodology: Wireline FTTB
BAN : Building Aggregation Node
BN : Building Node
Data Centre
MCN : Media Convergence Node
BA Ring:Building Aggregation Ring
Customer’s
Router
MA Ring:Main Aggregation Ring
MCN,
DAKC
City
4
MCN,
City 3
2
MCN,
DAKC
Reliance’s Core
Network
MCN,
City 1
MCN,
City
2
Hyderabad
Customer’s
Routers
Customer’s
Location
BN
Access Methodology: Wireline FTTB
MCN
MCN
Core Backbone
MCN
MCN
BAN
Main Access Ring
12-fiber direct
building cable
BAN
MAN
BA Ring
BOI (BN location)
MCN- Media Convergence Node
MAN- Media Access Node
BAN- Building Access Node
BA- Building Access Ring
BOI- Building Of Interest
BN- Building Node
Connects major nodes within a
city (Metro) – act as aggregation
points for customer traffic within
city
Interconnects to all telecom
service providers
End-to-end (customer premise
to core) self healing ring
topology
Optical Fiber based network to
support high bandwidths
Cable based on ITU G.652
standard
End-to-end optical fiber based
self healing topology
Remote Access MPLS VPN
RA MPLS VPN
Provides a secure, high availability, dial-up solution that connects employees,
customers, and business partners to corporate intranets, extranets, and the
Internet.
Scalable to support organizations of all sizes, RA MPLS VPN offers PSTN / ISDN
access from 22 locations in India
The service offers corporate customers the facility to allow their employees and
staff to access their Intranet and central resources securely.
Other companies such as partners, supplies, major customers or consultants
(Extranet) also can have limited access to this organization’s Intranet.
To gain Remote Access, customer dials in to a network access server at the
nearest Reliance POP, which enables the dial traffic to be placed into the
customer’s VPN
RA MPLS VPN
Mode of Access
PSTN Dial-up
ISDN Dial-up
The customer can get a dial up access to his IP VPN through any PSTN / ISDN
line from any BSO.
Though the customer can dial into the VPN from any PSTN / ISDN line, the data
access rate to the VPN will depend on the customer’s local loop as well as the
public infrastructure over which the call will travel to the VPN service.
The customer will be provided with a unique login id
([email protected]) that will identify the particular user.
The ‘User Name’ will be system auto-generated and alias can be created by the
customer at the CNM portal
In case of PSTN dial-up, multiple users of the same organization can also be
allowed to use the same login id
RA MPLS VPN
Availability
The service is available at 22 identified potential locations in India where local
dialing would be possible
Mumbai, Pune, Panjim, Delhi, Chandigarh, Jaipur, Chennai, Bangalore, Mysore,
Hyderabad, Ernakulam, Vizag, Coimbatore, Kolkata, Bhubhaneshwar,
Ahmedabad, Vadodara, Bhopal, Indore, Raipur, Lucknow, Rachi
All the locations other than these 22 locations would be dialing a STD call to any
of these 22 locations close to the location today……
Additional locations would be added where local dialing would be possible as
when required depending upon the business potential at those locations
Type of Remote Access
PC / Laptop based remote access
Individual Login ID for Single User Login
Unique Login ID for each individual user. This Login IDs will allow only one
user to Login.
The customer can specify a Static IP to be provided for a particular user from
the defined WAN IP Pool. If not specified, the IP will be dynamically allocated
from the WAN IP Pool
Common Login ID with Multiple Login Users
(Applicable for PSTN remote access only)
Multiple Users can use same Login ID for Remote Access. The number of
simultaneous users using the same Login ID has to be specified by the
customer as “No. of Login Users”
Type of Remote Access
LAN based remote access
Unique Login ID for each LAN based access.
The customer may specify a Static IP to be provided for a particular user
from the defined WAN IP Pool. If not specified, the IP will be dynamically
allocated from the WAN IP Address Pool
The customer must specify the LAN IP Address to enable the PCs on the
LAN to access the VPN. The customer may specify more than one LAN IP
Address.
The Router used by the customer must be capable for dial-up access and
should allow configuring the Login ID on the router.
Charging Basis
The customer will be charged a FLAT FEES per annum for each login user for
remote access to MPLS VPN.
The FLAT FEES would vary with the type of access technology
The charges remain the same irrespective of whether the customer chooses a single
login id or multiple login ID’s.
The charges will be based on number of users and not number of login ID’s.
For Reliance provided ISDN/PSTN lines, the charges for installation of ISDN line or
POTS will be charged separately as per the product provisioning.
Reliance RA MPLS VPN Solution
Remote Users
BA
Ring
Head
Office
BN
MA Ring
BAN
Reliance PSTN
Network
R
A
S
Reliance Core
Network
MA Ring
BA
Ring
Regional
Office
BN
AAA
BAN
MA Ring
BA
Ring
BN
Extranet
(Dealers / Suppliers)
BAN
Other BSOs
PSTN Network
Access Methodology: Wireless CDMA
Reliance’s IDC,DAKC,Navi Mumbai
Switch
AAA
Secure L2TP Tunnel
Per PC
LNS
LNS
PDSN
Firewall
Firewall
10/100
Ethernet
Reliance CDMA
Network
PE
PE
P
PE
P
PE
PE
Reliance MPLS Network
Reliance
MPLS
Network
P
PE
PE
PC
FWT
Reliance India
Mobile (RIM)
PE
PE
PC
New Features
Multicast
Unicast is one to one delivery of information, which requires more then one time
transmission of similar data from the source device, if receivers are more then one.
Broadcast is transmission of information to all sites of VPN irrespective of their
need.
Multicast allows the efficient distribution of information within one VPN, from one
site (as a Source) to other sites (multiple receivers). For this it allows one time
transformation of information from the source device regardless of the number of
receivers.
Multicasting reduces the flooding and gives the information to specific sites only
and thus overcomes the disadvantage of Broadcast.
Multicast
Multicasting is the useful feature for the customer who transmits data/audio/video
information’s within their VPN to the selected sites.
Multicasting feature is a tradeoff between Unicast and Broadcast. As in Multicasting
all the respective sites of VPN are connected, source can transmit the information
to receivers in one time transmission, which not only reduces the transmission
effort but also reduces the chargeable bandwidth and thus overcomes the
disadvantage of Unicast.
Applications:
Stock tickers
Financial information
Audio streams
Video streams
Multicast
Business Rules
This feature will be offered as a product feature to the customer
Any existing / new VPN customer can opt for this service
Existing VPN Customer can opt for Multicast feature through a MACD
New Customer has to select Multicast feature in MPLS VPN CAF
Multicast
Limitations
Number of RDN PEs involved in the customer VPN should be < or = 35.
Case1: If customer has 60 sites in his VPN, 10 at each of the location Mumbai, Delhi, Chennai,
Bangalore, Pune and Calcutta and wants the multicasting service then customer is eligible for the service
as in Reliance network each of the above location constitute a single PE which means customer is asking
for the service between 6 PE which is allowed.
Case 2 : If customer has 60 sites in his VPN, each involving a different PE, we will not be able to offer this
feature.
Multicast stream size support per customer is up to 256 Kbps.
Customer can’t have more then one source for each VPN. It should be permanent
source so that source location remains same within customer VPN. In case, the source
needs to be changed a MACD needs to be initiated accordingly
Transmission of multicasting information between two VPN (whether of same customer
or different customer) is NOT allowed.
Sites connecting through RAMPLS VPN (ISDN access) CANNOT be a part of multicast
session
Time of the Day bandwidth (ToD)
Requirement
Customer requires higher bandwidth at a particular site and during particular time of
the day, everyday
For that particular time bandwidth should be upgraded automatically.
After the particular time, the bandwidth available should be same as that of
contracted one.
CIR
Time
Time of the Day bandwidth (ToD)
Time of Day (ToD) is a feature where in customer can choose to allocate a higher
bandwidth at a particular Time of Day on a periodic basis
Customer can upgrade the bandwidth in the off-peak hours of Reliance (22:00 hrs.
to 08:00 hrs.)
Customers who have peak usage during the Reliance off-peak hours can drive
down their internetworking costs
The bandwidth offered at the off-peak hours would be double the bandwidth
subscribed for
Any new / existing customer can subscribe to ToD Feature.
Time of the Day bandwidth (ToD)
Business Rules
Time of Day (ToD) feature will be offered only to the sites with Metro Ethernet
as the last mile
ToD feature will be offered to customers subscribing for at least 1 Mbps
bandwidth
Customer can upgrade only to twice the subscribed CIR bandwidth for the offpeak time
Flat Annual Charges will be charged for ToD Feature based on the subscribed
CIR
Time of the Day bandwidth (ToD)
Value Proposition
Customers having maximum bandwidth utilization at night time can reduce the
bandwidth costs significantly
In absence of ToD feature customer would have subscribed for a higher CIR
bandwidth which would be hardly utilized in the day time
It’s a one time activity for provisioning higher bandwidth at the night time. No need
to request for the same every day.
Customer can upgrade to twice the subscribed CIR bandwidth for his peak
utilization time
This feature can be subscribed by any one or few sites of the VPN based on the
requirement.
It is perfectly suitable for those customers having a periodic pattern of need of
higher bandwidth at night time
Key Differentiators – Quick Recap
Ethernet apart from Leased Line and LMDS
Ring architecture in Access and Core to deliver high uptimes
National NOC to monitor and manage network on 24X7 basis
Online Performance Reports
End to End managed network backed up SLA
All flavours of Remote Access Integration
International VPN
Internet
World class IDC
Integrated approach for complete range of Enterprise networking needs
VPN Customers - A Partial List
CNM Portal
Customer Network Management [CNM] Portal
High-level capacity planning and advanced trend analysis have never been easier,
with web-based online CNM Portal providing detailed information on the bandwidth
you are using.
At the CNM Portal customer can also monitor all the SLA parameters
- Service Availability, Network Latency and Network Packet Loss.
In the event of any problem with the network, customer can raise a trouble ticket
(TT) online
The monthly SLA Reports would also be available at the portal
CNM Portal
Summary Report
CNM Portal
Summary Report
CNM Portal
Bandwidth Utilization (IN)
CNM Portal
Bandwidth Utilization (OUT)
CNM Portal
Latency
CNM Portal
Packet Loss
CNM Portal
Trouble Ticket Module
VPN_Ntwrk-Srvcs_Connectivity
Packet Loss
CNM Portal – RA MPLS VPN
CNM Portal
1.
The system will generate unique Usernames & a default Password per user name and
provide it to the customer
2.
The customer will have a CAN, which would be used to access CNM portal.
3.
In case of RAMPLS VPN CAF entered in the system, the CNM portal of that customer
would have a link at the portal to get into RAMPLS VPN Service page.
4.
At the RAMPLS VPN Service page the administrator of the customer would have the List of
configured Unique Usernames & default Passwords with corresponding attributes viz. No.
of Users, Access Technology, LAN IP address (if applicable), Static WAN IP address (if
applicable)
5.
The administrator should be able to create aliases of each User Name which he could
enter against each User Name and also to change the respective default password
6.
The aliases & passwords will be updated at the CNM portal and the customer will be able
to login with the aliases
7.
The administrator at any time can change either the aliases or passwords or both, at the
CNM portal.
CNM Portal
CNM Portal
CNM Portal