Transcript Document
Overview of VPN
1
Private Networks
Organization A
Site 4
Organization B
Site 1
Organization A
Site 3
Organization A
Site 1
Organization B
Site 3
Organization B
Site 2
Leased Lines
Organization A
Site 2
2
Private Network
• Advantages:
– Leased lines are secured
– Privacy and QoS Guarnteed
• Disadvantages
– Leased lines are very expensive
– No of links required grows exponentially if full mesh
connectivity is required and network expands.
– More nos of CPE ports are required
– Network complexity increases as network grows. All existing
sites requires reconfiguration in case of a new site addition.
3
Internet Based Private Network
Organization A
Site 4
Organization B
Site 1
Internet
Organization A
Site 3
Shared Infrastructure
Organization A
Site 1
Organization B
Site 3
Organization B
Site 2
Organization A
Site 2
4
Internet Based Private Network
• Advantages:
– Single physical connectivity at each site.
– No reconfiguration required at existing sites in case
of addition of new site to the network.
– Saving on CPE ports
– Huge saving in annual connectivity charges.
• Disadvantages:
– Highly insecure environment
– No guarantee of Privacy and QoS
– Any unauthorized traffic can enter in private network
5
Virtual Private Network
• Different solutions are available to make
communication over internet safe, secure and it can
also ensure desired grade of quality of service.
• These solutions are known as VPN solutions.
• Different protocols like L2TP, PPTP, IPSec etc are
available to provide VPN solutions to customers.
• These Protocols take care of data authenticity, data
integrity, and if required data confidentiality.
6
Virtual Private Network
Organization A
Site 4
Firewalls
Organization B
Site 1
Internet
Organization A
Site 3
Organization A
Site 1
Organization B
Site 3
Organization B
Site 2
Organization A
Site 2
7
Deploying VPNs in the 21st Century
Corporate
Headquarters
Intranet
Internet
Remote Access
Extranet
•
•
•
•
Branch
Office
Mobile Users and
Telecommuters
Suppliers, Partners
and Customers
Uses IP Infrastructure
– May be shared with Internet services
Increasing importance of IP/MPLS (not ATM/FR)
Subscriber requirements
– Lower operational expenses
– A single network connection for multiple services
Provider requirements
– Multiservice infrastructure
– Create additional source of revenue
8
Virtual Private Network Categories
• VPN can be classified in two categories
– Customer Provisioned
• VPN Tunnels originate and terminate at customer premises
• Provisioning of equipment and allied activities is the responsibility of
the customer
• Provider may not be aware of the VPN tunneling through his network
– Provider Provisioned
• VPN Tunnels originate and terminate at the service provider’s edge
• Responsibilities of creating and maintaining these tunnels lies with
the provider
9
Customer Provisioned VPNs
Secured
Tunnels
Organization B
Site 1
Internet
Organization A
Site 1
Organization B
Site 3
Organization B
Site 2
10
Provider Provisioned VPNs
Secured
Tunnels
Organization B
Site 1
Internet
Organization A
Site 1
Organization B
Site 3
Organization B
Site 2
11
MPLS Based VPNs
• MPLS Based Layer 3 VPNs
– Provider’s router participates incustomer’s layer 3 routing
– Provider router manages VPN-specific routing tables,
distributes routes to remote sites
– CPE routers advertise their routes to the provider
• MPLS Based Layer 2 VPNs
– Customer maps their layer 3 routing to the circuit mesh
– Provider delivers Layer 2 circuits to the customer, one for
each remote site
– Customer routes are transparent to provider
12
MPLS Based Layer 3 VPN
A VRF is created
for each VPN
connected to the PE
VPN A
Site 1
VPN A
Site2
CE–A2
VPN B
Site2
CE–A1
VPN B
Site 1
P
Static
Routes
OSPF
PE 2 Routing
P
CE–B2
PE 1
CE–B1
VPN C
Site 1
P
P
PE 3
CE–A3
E-BGP
VPN A
Site 3
CE–B3
CE–C1
CE–C2
VPN B
Site3
VPN C
Site 2
13
MPLS Based Layer 3 VPNs
• Each VRF is populated with:
– Routes received from directly connected CE
routers associated with the VRF
– Routes received from other PE routers
with acceptable BGP attributes
• Only the VRF associated with a VPN is used
for packets from a site of that VPN
– Provides isolation between VPNs
14
MPLS Based Layer 3 VPNs
• Customers can use overlapping IP addresses
• Customers are free to use any IP address even
private IP addresses.
• Very little manual configuration. Auto discovery of new
sites. No reconfiguration of existing sites in case of
new site addition.
• Cheaper than leased lines as it works on MPLS based
IP infrastructure which is a shared infrastructure.
• QoS can be assured as MPLS has the capability to
provide differentiated QoS
15
MPLS Based Layer 3 VPNs
• Customers can create intranet as well as
extranet with the help of layer 3 VPNs.
• Extranet allows the customers to allow business
partners, suppliers to access their network.
• 100 % secured intranet as well as extranet.
• Single physical connectivity at every site
resulting in very simple network topology.
• Provider participates in customer’s routing
process.
16
MPLS Based Layer 2 VPNs
• Provider edge device delivers Layer 2 circuit IDs
(DLCI, VPI/VCI, or VLAN ID) to the customer
– Customer sees standard FR or ATM PVCs
– From my site, one for each reachable site
• Provider edge device maps the circuit ID to an MPLS
LSP to traverse the provider core
– Label stacking could be used to improve scalability
• Customer maps their own routing architecture to the
circuit mesh
– Customer routes are transparent to provider
– Separation of administrative responsibility
17
MPLS Based Layer 2 VPNs
A VFT is created
for each CE
connected to the PE
VPN A
Site 1
VPN A
Site2
CE–A2
CE–A1
ATM
VPN B
Site 1
VPN B
Site2
ATM
P
PE 2
P
FR
CE–B2
PE 1
FR
CE–B1
P
P
PE 3
ATM
CE–A3
VPN A
Site 3
Each VFT is populated with:
The information provisioned for the local CEs
VPN Connection Tables received from other PEs via BGP or LDP
18
MPLS Based Layer 2 VPNs
• Layer 2 VPN supported Technologies
– Frame Relay
– ATM
– Ethernet
– Ethernet VLANs
– HDLC
– PPP
19
MPLS Based Layer 2 VPNs
• Separation of customer’s and provider’s routing
provides extra confidence to customer about
security of his network.
• Customer can choose any layer 2 connectivity
which is supported by layer 2 VPN.
20
Virtual Private LAN Service VPLS
• Different sites of customer’s network can get
connected to MPLS network on Ethernet just like they
connect with any LAN switch.
• With auto discovery of MAC addressed of devices
each site can learn about the machines connected
with VPLS service.
• To customer it appears very much like a ordinary
Ethernet connectivity.
• To customer MPLS network appears like a huge LAN
switch with which its different site are connected just
like connected with Ethernet LAN switch.
21
Virtual Private LAN Service
VPN A
Site 1
VPN A
Site2
CE–A2
VPN B
Site2
CE–A1
P
P
PE 2
PE 1
CE–B2
VPN B
Site 1
P
CE–B1
P
PE 3
VPN A
Site 3
CE–A3
• A private Ethernet network constructed over a ‘shared’
infrastructure which may span several metro areas
• Multipoint to Multipoint Ethernet connectivity where the SP
network looks like an Ethernet broadcast domain
• Compliments Layer 3 2547 and Layer 2 VPNs
22
What is Quality of Service
Desktop
Conferencing,
Distance Learning
Mission-Critical
Applications
E-Mail
FTP
23
Role of QoS
• Protect mission-critical applications
– Voice, ERP, data warehouse,
sales force automation
• Prioritize groups of users
– Finance, sales, suppliers
• Enable multimedia applications
– Distance learning, desktop video conferencing
Quality of Service (QoS)
• MPLS has got very powerful tools like traffic
prioritization, traffic scheduling, traffic shaping,
traffic policing etc to ensure proper grade of
quality of service to customer.
• Broadly three grades of services are available
at present in MPLS VPN Service
– Gold (Guaranteed bandwidth, delivery, Jitter and
latency)
– Silver (Guaranteed delivery)
– Bronze (Best effort)
25
Three Classes of Service
• Three class of service according to the
customers requirement (Gold, Silver & Bronze)
– If customer requirement is more than 2 Mbps then
tariff will be n x tariff for 2 Mbps.
Class
of
Service
Comitted
Bandwidth
(%)
1.
Gold
2.
3.
Sl No.
Tariff per Annum (Rs in Lakhs)
64
kbps
128
kbps
256
kbps
512
kbps
1 Mbps
2 Mbps
99
0.77
1.38
2.38
3.69
5.84
12.32
Silver
50
0.58
1.04
1.79
2.76
4.38
9.24
Bronze
25
0.38
0.69
1.19
1.84
2.92
6.16
26
Service Tax & Discount
• Service tax @ 10% will be charged w.e.f
10/9/2004 and
• Education cess @ 2 % of the service tax will
also be levied in addition to service tax
No of Ports
Discount on VPN Port
2 to 5
10 %
6 to 10
12 %
11 to 15
15 %
16 and above
20 %
27
Tariff for Leased Line Data Circuits
S.N.
Distance
(kms)
64 Kbps
(Rs.)
2 Mbps
(Rs.)
8 Mbps
(Rs.)
34 Mbps
(Rs.)
140 Mbps
(Rs.)
1
50
34,319
3,48,642
13,94,568
55,78,272
2,23,13,088
2
100
40,646
5,38,454
21,53,816
86,15,264
3,44,61,056
3
200
54,412
9,51,431
38,05,724
1,52,22,896
6,08,91,584
4
300
68,178
13,64,407
54,57,628
2,18,30,512
8,73,22,048
5
400
81,944
17,77,384
71,09,536
2,84,38,144
11,37,52,576
6
500
95,710
21,90,360
87,61,440
3,50,45,760
14,01,83,040
7
Beyond
500
96,000
(Fixed)
22,00,000
(Fixed)
88,00,000
(Fixed)
3,52,00,000
(Fixed)
14,08,00,000
(Fixed)
28
Tariff for 128 kbps to 960 kbps
• The tariffs for 128 kbps to 960 kbps is equal to
– the tariff for 64 kbps x by the coefficients as below
Capacity
Coefficient
960 kbps
7.6
768 kbps
6.4
512 kbps
4.8
384 kbps
4.0
320 kbps
3.6
256 kbps
3.1
192 kbps
2.5
128 kbps
1.8
29
ICICI Bank Case Study
• Total nos of Leased Lines of Various capacities
across the Country – 82
• Total Annual charges paid – Rs 142604651/• 75 links were possible to be shifted on VPN
• Cost of 75 VPNs of different capacities –
Rs- 7,30,00,000/• Cost of rest 7 leased lines – Rs-50,00,000/
• Total cost – 7,80,00,000/30