Presentation is loading. Please wait.

Presentation is loading. Please wait.

Draft-ietf-l3sm-l3vpn-service-model S. Litkowski R. Shakir L. Tomotaki K. D’Souza.

Published byVivian Bailey Modified over 8 years ago

Similar presentations

Presentation on theme: "Draft-ietf-l3sm-l3vpn-service-model S. Litkowski R. Shakir L. Tomotaki K. D’Souza."— Presentation transcript:

1 draft-ietf-l3sm-l3vpn-service-model S. Litkowski R. Shakir L. Tomotaki K. D’Souza

2 Context A lot of YANG models for network elements and protocols are in progress Need also service models Let’s start with Layer 3 VPN « famous » service L3SM WG set up to follow the work (short live WG)

3 A service model, not a configuration model Service model provides an abstraction of customer requirements to build the service No bits and bytes regarding protocol and element detailed configuration Focus : what the customer wants in abstracted terms

4 Service model and config models working together

5 Note … We started from PE-Based L3VPN service … The model may need to be extended/modified to support all types of L3VPN.

6 Design of the model Two main blocks : – vpn-svc : Describe a VPN and its associated services (Cloud, multicast …) – sites : Describe a VPN site VPN#1 Site#1 Site#2 Site#3

7 VPNs are identified by a unique name We also provide an optional ID We cannot use the customer-name as a key, as a customer may have multiple VPNs A VPN has a specific topology : – Anytoany, Hub&Spoke, Hub&Spoke disjoint Design of the model : vpn-svc

8 Services can be added on the VPN : – Cloud access : Access to any Cloud service Provider CSP identified by an internal ID (local administrative identificator) Some sites can be registered to access to the CSP NAT to CSP is possible – Multicast : Allow to enable multicast traffic on the VPN Some strong coordination with customer parameters required (type of tree …) Design of the model : vpn-svc

9 Site parameters : – ID – Type of site (in the VPN topology) -> Hub, Spoke … – Possibility to schedule site enabling – Location of the site (address) – Diversity parameters : Do I need to have sites not connected on the same provider edge ? – Security parameters (encryption …) – Availability parameters : do I need a backup ? Or loadsharing ? – Type of attachment (bearer, IP layer, routing …) – Services : QoS, Bandwidth, MTU, protection … – Management : Is it a comanaged site ? – VPN policy – Customer specific information Design of the model : sites

10 Site location The address of the site would permit to the SP OSS to find the appropriate provider edge to place the customer access.

11 Site diversity When placing accesses onto network elements, customer may want to avoid some sites to share fate. Two proposed options : PoP diversity, PE diversity

12 Site availability Increase availability of the site access Three options : – Single : no redundancy (basic) – Primary-backup : dual homing scenario, with traffic primarly going to one site – Loadsharing : multihoming scenario Each access has a function in the availability scenario through the « access-type » : single-access, primary-access,backup-access,loadsharing-access

13 Site attachment Attachment = customer connection to the SP Required parameters from the customer or external systems : – Some physical parameters (bearer) – IP address allocation – Type of routing – Fast failure detection or not

14 Site services Defining QoS requirements : customized or SP profile Defining BW (may be asymetric) Defining if protection is required Defining if MPLS or multicast forwarding is required

15 VPN policy A site can be part of multiple VPNs Moreover some LANs of a site can be part of some VPNs, while some other LAN can be part of others. VPN policy is something complex …  Site#1 Site#2 Site#3 LAN#31 LAN#32 LAN#11 LAN#12 LAN#21 LAN#22 ???? LAN#31 can talk with LAN#11 and LAN#21 but not LAN#12 and #22 LAN#32 can talk with LAN#22 only

16 We introduce the notion of native VPN A site belongs to ONLY one native VPN : this does not mean that the site belongs to only one VPN ! Base behavior : – All prefixes of the site will be able to reach other prefixes of other sites in the native VPN according to the VPN topology (any to any, hub & spoke …) More complex scenarios are created by using vpn- policy VPN policy

17 Why not multiple native VPNs ? – This is causing issues if two « native » VPNs have different topologies and the site has a different role in those topologies. – Example : site #1 belongs to VPN A (H&S) and is a Hub, and belongs to VPN B (H&S) and is a spoke  Native VPN does not prevent a site to belongs to multiple VPN … see next slide … VPN policy

18 VPN policy defines a set of communication rules No need of VPN policy if only communication rules of the VPN native are used. VPN policy is there to create more complex rules Today we use import/export concept but maybe not enough abstracted or do we need to rely on policy model in RTGWG ? VPN policy

19 Customer specific information To ensure proper configuration through the config models, some parameters from the customers may be required

20 Mapping service model to config model Example : – We want to create Spoke_site#1 in this VPN :

21 Mapping service model to config model

22 Site templates VPNs may have many sites, and some sites may share the same description We can use templates to refer to some shared configuration

23 Template definition : – Create a site with « template=true » No need to detail all the parameters, just describe the ones you want to inherit – Apply template : Template can be applied at : top level of the site (inherit all the config from the template) Security section (only security section is inherited) Attachment section Service section A parameter defined in a real site must override inherited parameter Site templates

24 Not finished … next steps … We still need to work on : – Comments from the list : Do we need externalize Cloud accesses and multicast from VPN ? Some wordings to be changed … – Security parameters – VPN policy ? – Need to review if the current proposal fits any L3VPN rather than PE-Based only Operational states ? What about interAS consideration ? – In my mind, nothing to do … but need to be discussed ! What about Hybrid VPNs (public+private sites) ? What about value added services ? (DDoS, antivirus, DPI, …) Anything else ?

Download ppt "Draft-ietf-l3sm-l3vpn-service-model S. Litkowski R. Shakir L. Tomotaki K. D’Souza."

Similar presentations

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Draft-bogdanovic-netmod-yang- model-classification-03 IETF 92 Dallas NETMOD WG B. Claise, C. Moberg, Cisco Systems D. Bogdanovic Juniper Networks.

Draft-bogdanovic-netmod-yang- model-classification-03 IETF 92 Dallas NETMOD WG B. Claise, C. Moberg, Cisco Systems D. Bogdanovic Juniper Networks.
Kae Hsu Communication Network Dept. Redundant Internet service provision - customer viewpoint.

Kae Hsu Communication Network Dept. Redundant Internet service provision - customer viewpoint.
MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,

MPLS L3 and L2 VPNs Virtual Private Network –Connect sites of a customer over a public infrastructure Requires: –Isolation of traffic Terminology –PE,
Announcements List Lab is still under construction Next session we will have paper discussion, assign papers,

Announcements List Lab is still under construction Next session we will have paper discussion, assign papers,
1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.
Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon

Kenji Kumaki KDDI, Editor Raymond Zhang BT Nabil Bitar Verizon
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.

Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
72nd IETF Dublin July 2008 Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-01.txt Yuji.

72nd IETF Dublin July 2008 Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-01.txt Yuji.
Status of Work Feb 2, 2015. What and how fits? (option 1) Network Manager Network Elements (routers, switches, etc) RESTCONF / NETCONF Service Management.

Status of Work Feb 2, What and how fits? (option 1) Network Manager Network Elements (routers, switches, etc) RESTCONF / NETCONF Service Management.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
Lecture 4: BGP Presentations Lab information H/W update.

Lecture 4: BGP Presentations Lab information H/W update.
Network Layer4-1 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection RIP, OSPF, BGP IP protocol.

Network Layer4-1 The Internet Network layer forwarding table Host, router network layer functions: Routing protocols path selection RIP, OSPF, BGP IP protocol.
Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng

Multiple Interfaces (MIF) WG IETF 79, Beijing, China Margaret Wasserman Hui Deng
1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.

1 Firewall Rules. 2 Firewall Configuration l Firewalls can generally be configured in one of two fundamental ways. –Permit all that is not expressly denied.
Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.

Chapter 4 Version 1 Virtual LANs. Introduction By default, switches forward broadcasts, this means that all segments connected to a switch are in one.
73rd IETF Minneapolis Nov 20081 Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-02.txt.

73rd IETF Minneapolis Nov Framework and Requirements for Virtual Private Multicast Service (VPMS) draft-kamite-l2vpn-vpms-frmwk-requirements-02.txt.
Introduction to Active Directory

Introduction to Active Directory
Site Multihoming for IPv6 Brian Carpenter IBM TERENA Networking Conference, Poznan, 2005.

Site Multihoming for IPv6 Brian Carpenter IBM TERENA Networking Conference, Poznan, 2005.

Similar presentations

Ads by Google