© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.26-1 Complex MPLS VPNs Introducing Central Services VPNs.

Slides:



Advertisements
Similar presentations
Quality Monitoring for Communication Manager
Advertisements

INTER-AUTONOMOUS SYSTEM MPLS VPN: ADVANCED CONCEPTS
Virtual Trunk Protocol
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
© 2006 Cisco Systems, Inc. All rights reserved. Network Security 2 Module 4: Configuring Site to Site VPN with Pre-shared keys.
Slide 1 Insert your own content. Slide 2 Insert your own content.
QUALITY CONTROL TOOLS FOR PROCESS IMPROVEMENT
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 3.1 Chapter 3.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 4 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
1 Chapter 40 - Physiology and Pathophysiology of Diuretic Action Copyright © 2013 Elsevier Inc. All rights reserved.
Virtual Links: VLANs and Tunneling
Combining Like Terms. Only combine terms that are exactly the same!! Whats the same mean? –If numbers have a variable, then you can combine only ones.
Public B2B Exchanges and Support Services
MPLS VPN.
0 - 0.
SUBTRACTING INTEGERS 1. CHANGE THE SUBTRACTION SIGN TO ADDITION
Addition Facts
CS4026 Formal Models of Computation Running Haskell Programs – power.
Identifying MPLS Applications
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS TE Overview Configuring MPLS TE on Cisco IOS Platforms.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Frame-Mode MPLS Implementation on Cisco IOS Platforms Troubleshooting Frame-Mode MPLS on Cisco.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
© 2006 Cisco Systems, Inc. All rights reserved. CUDN v Understanding Cisco Unity Bridge and Avaya Interoperability Migrating Voice Mail to Unified.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing MPLS VPN Architecture.
© 2005 AT&T, All Rights Reserved. 11 July 2005 AT&T Enhanced VPN Services Performance Reporting and Web Tools Presenter : Sam Levine x111.
Relational Database Design Via ER Modelling
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 EN0129 PC AND NETWORK TECHNOLOGY I NETWORK LAYER AND IP Derived From CCNA Network Fundamentals.
Past Tense Probe. Past Tense Probe Past Tense Probe – Practice 1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 VLANs LAN Switching and Wireless – Chapter 3.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Implement VTP LAN Switching and Wireless – Chapter 4.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—2-1 Extending Switched Networks with Virtual LANs Introducing VLAN Operations.
BGP Overview Processing BGP Routes.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN BCMSN Module 1 Lesson 1 Network Requirements.
Addition 1’s to 20.
Chapter 9: Subnetting IP Networks
Test B, 100 Subtraction Facts
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
Week 1.
VPN AND REMOTE ACCESS Mohammad S. Hasan 1 VPN and Remote Access.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1 Implementing Cisco MPLS (MPLS) v2.2.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 Module Summary The VRF table is a virtual routing and forwarding instance separating sites.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring VRF Tables.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Troubleshooting MPLS VPNs.
Introducing MPLS Labels and Label Stacks
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Configuring and Monitoring Route Reflectors.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Designing Networks with Route Reflectors.
CS Summer 2003 Lecture 14. CS Summer 2003 MPLS VPN Architecture MPLS VPN is a collection of sites interconnected over MPLS core network. MPLS.
MPLS / VPN Connectivity between VPNs JET 2004/03/15.
© 2006 Cisco Systems, Inc. All rights reserved. Implementing Secure Converged Wide Area Networks (ISCW) Module 4: Frame Mode MPLS Implementation.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5#-1 MPLS VPN Implementation Configuring OSPF as the Routing Protocol Between PE and CE Routers.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1 Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—6-1 Complex MPLS VPNs Introducing Managed CE Router Service.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring Small-Scale Routing Protocols Between PE and CE Routers.
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Forwarding MPLS VPN Packets.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Categorizing VPNs.
Ietf-64 draft-kulmala-l3vpn-interas-option-d-01.txt Additional Inter AS option for BGP/MPLS IP VPN IETF-64 draft-kulmala-l3vpn-interas-option-d-01.txt.
MPLS VPN Security assessment
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Using MPLS VPN Mechanisms of Cisco IOS Platforms.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1-1 MPLS Concepts Introducing Basic MPLS Concepts.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—6-1 Complex MPLS VPNs Introducing Overlapping VPNs.
1MPLS QOS 10/00 © 2000, Cisco Systems, Inc. rfc2547bis VPN Alvaro Retana Alvaro Retana
MPLS VPNs by Richard Bannister. The Topology The next two slides display both the physical and logical topology of our simple example network –Please.
1 BGP ACCEPT_OWN Well-known Community Attribute L3VPN WG – Dublin July 2008 James Uttaro AT&T Labs Pradosh Mohapatra David J. Smith Cisco Systems, Inc.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1 MPLS Lab Physical Connection Diagram.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—1 MPLS Lab Physical Connection Diagram.
Presentation transcript:

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Complex MPLS VPNs Introducing Central Services VPNs

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Outline Overview What Are the Access Characteristics of a Central Services VPN? What Are the Routing Characteristics of a Central Services VPN? Identifying the Central Services VPN Data Flow Model Configuring a Central Services VPN Integrating a Central Services VPN with a Simple VPN Identifying the RD Requirements When Integrating Central Services and Simple VPNs Identifying the RT Requirements When Integrating Central Services and Simple VPN Summary

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Clients need access to central servers. Servers can communicate with each other. Clients can communicate with all servers but not with each other. Central Services VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Client routes need to be exported to the server site. Server routes need to be exported to client and server sites. No routes are exchanged between client sites. Central Services VPN Routing

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Client VRFs contain server routes; clients can talk to servers. Server VRFs contain client routes; servers can talk to clients. Client VRFs do not contain routes from other clients; clients cannot communicate. Make sure that there is no client-to-client leakage across server sites. Central Services VPN Data Flow Model

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Steps for Configuring a Central Services VPN Client sites: Use a separate VRF per client site. Use a unique RD on each client site. Import and export routes with an RT that is the same value as the RD for each client site (VPN of client). Export routes with an RT (clients-to-server) associated with the server site. Import routes with the RT (server-to-clients) into client VRFs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Steps for Configuring a Central Services VPN (Cont.) Server sites: Use one VRF for each service type. Use a unique RD on each service type. Import and export routes with an RT that is the same value as the RD for each server site (VPN of server). Export server site routes with an RT (server-to-client). Import routes with the RT (clients-to-server) into the server VRFs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Configuring a Central Services VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Central Services VPN and Simple VPN Requirements Customers run a simple VPN: All A-Spoke sites in A-VPN All B-Spoke sites in B-VPN Only A-Central and B-Central need access to central servers. This situation results in a combination of rules from the overlapping VPN and central services VPN.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v For all sites participating in a simple VPN, configure a separate VRF per set of sites participating in the same VPNs per PE router. For sites that are only clients of central servers, create a VRF per site. Create one VRF for central servers per PE router. Central Services VPN and Simple VPN Requirements (Cont.)

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Configuring RDs in a Central Services VPN and Simple VPN Configure a unique RD for every set of VRFs with unique membership requirements: –A-Spoke-1 and A-Spoke-2 can share the same RD. –B-Spoke-1 and B-Spoke-2 can share the same RD. –A-Central needs a unique RD. –B-Central needs a unique RD. Configure one RD for all central server VRFs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Configure the customer VPN import-export route target in all VRFs participating in customer VPN. Configure a unique import-export route target in every VRF that is only a client of central servers. Configure the central services import and export route targets in VRFs that participate in central services VPN. Configuring RTs in a Central Services VPN and Simple VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Configuring VRFs in a Central Services VPN and Simple VPN

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Summary A central services VPN is used to provide access from centralized servers to one or more customers. A central services VPN routing model indicates these requirements: –Client routes need to be exported to the server site. –Service routes need to be exported to client and server sites. –No routes are exchanged between client sites. The data flow in a central services VPN model indicates these requirements: –Client VRFs contain server routes and do not contain routes from other clients. –Server VRFs contain client routes. Some of the requirements to configure a central services VPN are these: –Use a separate VRF for each client. –Use a unique RD on each client site. –Use a unique RD in each set of server sites. –Use import and export RT matching between server and client sites.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v Summary (Cont.) The hybrid of a simple VPN and a central VPN provides the following: – Customers have intra-VPN access, including their central site. – The central sites of each customer can access centralized servers available to multiple customers. Intra-VPN customer sites can share the same RD. The central site of a customer and shared centralized servers require a unique RD. The import-export RT must match from respective customer intra-VPN sites to a central site. A different import-export RT set must match from the central site of the respective customers to the shared centralized server site.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.