Virtual Private Networks (VPNs)

Virtual Private Networks (VPNs)

MPLS Virtual Private Networks (VPNs) SMU CSE 8344 When VPN? Internet as your own private network Communicate securely between various corporate sites (Intranet) Communicate securely between partner sites (Extranet) Connect remote dial-up users securely to corporate networks SMU CSE 8344

Advantages Flexible and cost effective Better business-to-business connectivity business partners, service providers, contractors, and customers Advances in security SMU CSE 8344 Layer2 vs. Layer3 VPNs Layer 3 VPNs Layer 2 VPNs Provider devices forward customer packets based on Layer 3 information (e.g., IP)

Provider devices forward customer packets based on Layer 2 information SP involvement in routing Tunnels, circuits, LSPs, MAC address MPLS/BGP VPNs (RFC 2547), GRE, virtual router approaches pseudo-wire concept SMU CSE 8344

Layer2 Example Step #1 Workstation A sends packet destined for Server B Step #2 R1 takes Ethernet frame and encapsulates it in L2TP and routes it to tunnel destination IP Core R1 Ethernet

Workstation A SMU Step #3 R2 receives IP/ L2TP/Ethernet Packet and removes the IP/L2TPv3 headers. The remaining Ethernet frame is forwarded to Server B. IP or MPLS Core IP L2TP Ethernet L2TPv3 Tunnel Server B

CSE 8344 R2 Ethernet Overlay Model Each site has a router connected via PT-P links to routers on other sites Leased lines Frame relay ATM circuit Connectivity Fully connected Hub-and-spoke SMU CSE 8344

Limitations of Overlay Customers need to manage the backbones Mapping between Layer2 Qos and IP QoS Scaling problems Cannot support large number of customers (n-1) peering requirement SMU CSE 8344 The Peer Model Aims to support large-scale VPN service Key technologies

SMU Constrained distribution of routing info. Multiple forwarding tables VPN-IP addresses MPLS switching CSE 8344 Terminology CE router Customer Edge router PE router Provider Edge router. Part of the P-Network and interfaces to CE routers

P router Provider (core) router, without knowledge of VPN SMU CSE 8344 Terminology (contd) Route Distinguisher Attributes of each route used to uniquely identify prefixes among VPNs (64 bits) VPN-IPv4 addresses Address including the 64 bits Route Distinguisher and the 32 bits IP address VRF VPN Routing and Forwarding Instance

Routing table and FIB table SMU CSE 8344 Connection Model The VPN backbone is composed by MPLS LSRs PE routers (edge LSRs) P routers (core LSRs) PE routers are faced to CE routers and distribute VPN information through BGP to other PE routers P routers do not run BGP and do not have any VPN knowledge SMU CSE 8344

Model (contd) P and PE routers share a common IGP PE and CE routers exchange routing information through: EBGP, OSPF, RIP, Static routing CE router run standard routing software SMU CSE 8344 Routing The routes the PE receives from CE routers are installed in the appropriate VRF The routes the PE receives through the backbone IGP are installed in the global routing table

By using separate VRFs, addresses need NOT to be unique among VPNs SMU CSE 8344 Forwarding PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP (hop-byhop) corresponding to BGP Next-Hops Label Stack is used for packet forwarding Top label indicates Next-Hop (interior label) Second level label indicates outgoing interface or VRF (exterior label) SMU CSE 8344

Forwarding (contd) The upstream LDP peer of the BGP next-hop (PE router) will pop the first level label The egress PE router will forward the packet based on the second level label which gives the outgoing interface (and VPN) SMU CSE 8344 Forwarding Example CE1 IP packet P routers switch the

packets based on the IGP label (label on top of the stack) PE1 Penultimate Hop Popping P2 is the penultimate hop for the BGP nexthop P2 remove the top label This has been requested through LDP by PE2 PE2 receives the packets with the label corresponding to the outgoing interface (VRF)

One single lookup Label is popped and packet sent to IP neighbour CE2 IGP Label(PE2) VPN IP Label IP packet packet PE1 receives IP packet Lookup is done on site VRF BGP route with Next-Hop and

Label is found BGP next-hop (PE2) is reachable through IGP route with associated label SMU P1 IGP Label(PE2) VPN IP Label packet VPN Label P2

IP packet PE2 CE3 CSE 8344 Scalability Existing BGP techniques can be used to scale the route distribution Each edge router needs only the information for the VPNs it supports Directly connected VPNs Easy to add new sites configure the site on the PE connected to it, the network automatically does the rest

SMU CSE 8344 QoS Support Pipe model Similar to int-serv Unidirectional as opposed to bi-directional model in ATMs Hose Model Similar to diff-serv SMU CSE 8344

Recently Viewed Presentations

  • DV/HDV Tape Drive Synchronization

    DV/HDV Tape Drive Synchronization

    Stereoscopic Displays and Applications Conference 29th - 31th January 2007 San Jose, United States Peter Wimmer - * Overview Introduction to the Stereoscopic Multiplexer Concept and architecture DirectShow capture graphs Simple tape drive synchronization Basic idea Missync detection Advanced...
  • Day 42-Shakespearean and Elizabethan background; Sonnet study

    Day 42-Shakespearean and Elizabethan background; Sonnet study

    Warm-up: Sonnet Part IV. English Sonnets feature the following structural conventions: 14 Lines composed of 3 . quatrains (4 line stanza and a . couplet. at the conclusion). The last . couplet. is used to pull the sonnet together. This...
  • Folie 1 -

    Folie 1 -

    1er janvier 1960 Le nouveau franc débarque en France 17 mars 1969 Golda Meir devient premier ministre d'Israël 21 juillet 1969 Neil Armstrong a marché sur la lune 15 au 18 août 1969 Festival de Woodstock Jimi Hendrix 25 août...
  • Lesson 3.3 - Financial Structure of Entertainment

    Lesson 3.3 - Financial Structure of Entertainment

    A Billabong brand jacket featured in the second Twilight film ignited a buying frenzy. The brand quickly sold out of the jacket and it could later be found on eBay going for many times its retail price.
  • Design Tradeoffs in Modern Software Transactional Memory Systems

    Design Tradeoffs in Modern Software Transactional Memory Systems

    Transaction A finite sequence of instructions (satisfying the linearizability and atomicity properties) that is used to access and modify concurrent objects This paper focuses on discussing two approaches to STM Compares and evaluates strengths and weaknesses of the approaches Section...
  • White Ribbon Workplace Accreditation 2013 Leading Family Violence

    White Ribbon Workplace Accreditation 2013 Leading Family Violence

    White Ribbon Workplace Accredited Workplace (2013) ... Project support: - Program Manager Jessica Luter, based in Sydney, very responsive- Monthly teleconferences of program participants for information exchange.- No other resources were available to pilot participants, e.g. online training.
  • A Level English Literature H47202 interactive SAM

    A Level English Literature H47202 interactive SAM

    Virginia Woolf: Mrs Dalloway 'Literature by and about women is often very strong in its depiction of the inner life.' Discuss this aspect of writing by comparing Mrs Dalloway with at least one other text prescribed for .
  • Addressing gender issues through immersion in ICT Pythagoras

    Addressing gender issues through immersion in ICT Pythagoras

    Boys like computer games, would they perform better in maths if their teaching is computer centered ? The two classes would follow the General course, but the boy's class would incorporate more iCT and time would be factored in to...