1. 1 Overview of VPN

2. 2 Private Networks Leased Lines Organization A Site 1 Organization A Site 2 Organization A Site 3 Organization B Site 1 Organization B Site 2 Organization B Site 3 Organization A Site 4

3. 3 Private Network Advantages: –Leased lines are secured –Privacy and QoS Guarnteed Disadvantages –Leased lines are very expensive –No of links required grows exponentially if full mesh connectivity is required and network expands. –More nos of CPE ports are required –Network complexity increases as network grows. All existing sites requires reconfiguration in case of a new site addition.

4. 4 Internet Based Private Network Organization A Site 1 Organization A Site 2 Organization A Site 3 Organization B Site 1 Organization B Site 2 Organization B Site 3 Organization A Site 4 Internet Shared Infrastructure

5. 5 Internet Based Private Network Advantages: –Single physical connectivity at each site. –No reconfiguration required at existing sites in case of addition of new site to the network. –Saving on CPE ports –Huge saving in annual connectivity charges. Disadvantages: –Highly insecure environment –No guarantee of Privacy and QoS –Any unauthorized traffic can enter in private network

6. 6 Virtual Private Network Different solutions are available to make communication over internet safe, secure and it can also ensure desired grade of quality of service. These solutions are known as VPN solutions. Different protocols like L2TP, PPTP, IPSec etc are available to provide VPN solutions to customers. These Protocols take care of data authenticity, data integrity, and if required data confidentiality.

7. 7 Virtual Private Network Organization A Site 1 Organization A Site 2 Organization A Site 3 Organization B Site 1 Organization B Site 2 Organization B Site 3 Organization A Site 4 Internet Firewalls

8. 8 Deploying VPNs in the 21st Century Uses IP Infrastructure –May be shared with Internet services Increasing importance of IP/MPLS (not ATM/FR) Subscriber requirements –Lower operational expenses –A single network connection for multiple services Provider requirements –Multiservice infrastructure –Create additional source of revenue Internet Remote Access IntranetIntranet ExtranetExtranet Mobile Users and Telecommuters BranchOffice CorporateHeadquarters Suppliers, Partners and Customers

9. 9 Virtual Private Network Categories VPN can be classified in two categories –Customer Provisioned VPN Tunnels originate and terminate at customer premises Provisioning of equipment and allied activities is the responsibility of the customer Provider may not be aware of the VPN tunneling through his network –Provider Provisioned VPN Tunnels originate and terminate at the service provider’s edge Responsibilities of creating and maintaining these tunnels lies with the provider

10. 10 Customer Provisioned VPNs Organization A Site 1 Organization B Site 1 Organization B Site 2 Internet Organization B Site 3 Secured Tunnels

11. 11 Provider Provisioned VPNs Organization A Site 1 Organization B Site 1 Organization B Site 2 Internet Organization B Site 3 Secured Tunnels

12. 12 MPLS Based VPNs MPLS Based Layer 3 VPNs –Provider’s router participates incustomer’s layer 3 routing –Provider router manages VPN-specific routing tables, distributes routes to remote sites –CPE routers advertise their routes to the provider MPLS Based Layer 2 VPNs –Customer maps their layer 3 routing to the circuit mesh –Provider delivers Layer 2 circuits to the customer, one for each remote site –Customer routes are transparent to provider

13. 13 MPLS Based Layer 3 VPN P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 Site 1 PE 1 PE 3 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P VPN B Site3 CE–B3 CE–C1 VPN C Site 1 VPN C Site 2 CE–C2 A VRF is created for each VPN connected to the PE Static Routes OSPF Routing E-BGP

14. 14 MPLS Based Layer 3 VPNs Each VRF is populated with: –Routes received from directly connected CE routers associated with the VRF –Routes received from other PE routers with acceptable BGP attributes Only the VRF associated with a VPN is used for packets from a site of that VPN –Provides isolation between VPNs

15. 15 MPLS Based Layer 3 VPNs Customers can use overlapping IP addresses Customers are free to use any IP address even private IP addresses. Very little manual configuration. Auto discovery of new sites. No reconfiguration of existing sites in case of new site addition. Cheaper than leased lines as it works on MPLS based IP infrastructure which is a shared infrastructure. QoS can be assured as MPLS has the capability to provide differentiated QoS

16. 16 MPLS Based Layer 3 VPNs Customers can create intranet as well as extranet with the help of layer 3 VPNs. Extranet allows the customers to allow business partners, suppliers to access their network. 100 % secured intranet as well as extranet. Single physical connectivity at every site resulting in very simple network topology. Provider participates in customer’s routing process.

17. 17 MPLS Based Layer 2 VPNs Provider edge device delivers Layer 2 circuit IDs (DLCI, VPI/VCI, or VLAN ID) to the customer –Customer sees standard FR or ATM PVCs –From my site, one for each reachable site Provider edge device maps the circuit ID to an MPLS LSP to traverse the provider core –Label stacking could be used to improve scalability Customer maps their own routing architecture to the circuit mesh –Customer routes are transparent to provider –Separation of administrative responsibility

18. 18 MPLS Based Layer 2 VPNs P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 Site 1 PE 1 PE 3 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P A VFT is created for each CE connected to the PE ATM ATM ATM  Each VFT is populated with:  The information provisioned for the local CEs  VPN Connection Tables received from other PEs via BGP or LDP FR

19. 19 MPLS Based Layer 2 VPNs Layer 2 VPN supported Technologies –Frame Relay –ATM –Ethernet –Ethernet VLANs –HDLC –PPP

20. 20 MPLS Based Layer 2 VPNs Separation of customer’s and provider’s routing provides extra confidence to customer about security of his network. Customer can choose any layer 2 connectivity which is supported by layer 2 VPN.

21. 21 Virtual Private LAN Service VPLS Different sites of customer’s network can get connected to MPLS network on Ethernet just like they connect with any LAN switch. With auto discovery of MAC addressed of devices each site can learn about the machines connected with VPLS service. To customer it appears very much like a ordinary Ethernet connectivity. To customer MPLS network appears like a huge LAN switch with which its different site are connected just like connected with Ethernet LAN switch.

22. 22 P P P PE 2 VPN A Site 3 VPN A Site 1 VPN B Site2 Site 1 PE 1 VPN A Site2 CE–A1 CE–B1 CE–A3 CE–A2 CE–B2 P Virtual Private LAN Service A private Ethernet network constructed over a ‘shared’ infrastructure which may span several metro areas Multipoint to Multipoint Ethernet connectivity where the SP network looks like an Ethernet broadcast domain Compliments Layer 3 2547 and Layer 2 VPNs PE 3

23. 23 What is Quality of Service Desktop Conferencing, Distance Learning Mission-Critical Applications FTP E-Mail

24. Role of QoS Protect mission-critical applications –Voice, ERP, data warehouse, sales force automation Prioritize groups of users –Finance, sales, suppliers Enable multimedia applications –Distance learning, desktop video conferencing

25. 25 Quality of Service (QoS) MPLS has got very powerful tools like traffic prioritization, traffic scheduling, traffic shaping, traffic policing etc to ensure proper grade of quality of service to customer. Broadly three grades of services are available at present in MPLS VPN Service –Gold (Guaranteed bandwidth, delivery, Jitter and latency) –Silver (Guaranteed delivery) –Bronze (Best effort)

26. 26 Three Classes of Service Three class of service according to the customers requirement (Gold, Silver & Bronze) –If customer requirement is more than 2 Mbps then tariff will be n x tariff for 2 Mbps. Sl No. Class of Service Comitted Bandwidth (%) Tariff per Annum (Rs in Lakhs)64 kbps 128 kbps 256 kbps 512 kbps 1 Mbps2 Mbps 1.Gold990.771.382.383.695.8412.32 2.Silver500.581.041.792.764.389.243.Bronze250.380.691.191.842.926.16

27. 27 Service Tax & Discount No of PortsDiscount on VPN Port 2 to 510 % 6 to 1012 % 11 to 1515 % 16 and above20 % Service tax @ 10% will be charged w.e.f 10/9/2004 and Education cess @ 2 % of the service tax will also be levied in addition to service tax

28. 28 Tariff for Leased Line Data Circuits S.N. Distance (kms) 64 Kbps (Rs.) 2 Mbps (Rs.) 8 Mbps (Rs.) 34 Mbps (Rs.) 140 Mbps (Rs.) 15034,3193,48,64213,94,56855,78,2722,23,13,088 210040,6465,38,45421,53,81686,15,2643,44,61,056 320054,4129,51,43138,05,7241,52,22,8966,08,91,584 430068,17813,64,40754,57,6282,18,30,5128,73,22,048 540081,94417,77,38471,09,5362,84,38,14411,37,52,576 650095,71021,90,36087,61,4403,50,45,76014,01,83,040 7 Beyond 500 96,000 (Fixed) 22,00,000 (Fixed) 88,00,000 (Fixed) 3,52,00,000 (Fixed) 14,08,00,000 (Fixed)

29. 29 Tariff for 128 kbps to 960 kbps CapacityCoefficient 960 kbps7.6 768 kbps6.4 512 kbps4.8 384 kbps4.0 320 kbps3.6 256 kbps3.1 192 kbps2.5 128 kbps1.8 The tariffs for 128 kbps to 960 kbps is equal to –the tariff for 64 kbps x by the coefficients as below

30. 30 ICICI Bank Case Study Total nos of Leased Lines of Various capacities across the Country – 82 Total Annual charges paid – Rs 142604651/- 75 links were possible to be shifted on VPN Cost of 75 VPNs of different capacities – Rs- 7,30,00,000/- Cost of rest 7 leased lines – Rs-50,00,000/ Total cost – 7,80,00,000/-