Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.

Published byAugusta Atkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001."— Presentation transcript:

1

2 Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001

3 Objectives n Enable Service Provider to provide value added VPN services in a scalable manner n Scale to large number of VPN customers w.r.t. t Router resources t Operation and management n Utilize existing protocols and tools n Provide: t separation of VPNs serviced by the same provider t separation of VPNs and the provider network t security using standard mechanisms

4 Virtual Router Concept Provider’s NetworkCustomer Site(s) Customer Site(s) VPN Without VR CE PP PP PE VPN With VR PP PP CE VR

5 Virtual Router Definition n A virtual router (VR) is an emulation of a physical router at the software and hardware levels n VRs have independent IP routing and forwarding tables and they are isolated from each other n Two main functions t Constructing routing using any routing technology t Forwarding packets to the next hops within the VPN domain n From the VPN user point of view, a virtual router provides the same functionality as a physical router

6 VPN Built with VRs SP Network VR-1 VR-2 SPVR VR-1 VR-2 SPVR VPN-1 Sites VPN-2 Sites VPN-2 Sites VPN-1 Sites Connecting multiple VRs to the Provider Network through the use of a single VR “the provider virtual router” - SPVR VPN-1 Sites

7 VPN Basic Building Blocks n Membership t VRs belong to the same VPN share the same VPN-ID n Tunnel t VR to VR tunnel, a point-to-point link from each VR’s view t Tunnel mechanisms can be IPsec, GRE, IPinIP or MPLS, etc. t Tunnel type l Per VPN tunnel (originate at VR) or l aggregated two level tunnel (originate at SPVR) n Routing t Independent from SP backbone routing t Each VPN can have its own choice of routing protocols

8 VPN Establishment with VRs n Like all VPN implementation mechanisms, membership information needs to be disseminated n In VR model, membership information can be distributed with the following mechanism t Manual configuration t Directory based mechanism t Utilize routing protocol l BGP Auto-discovery

9 Inter-domain VPN Support n With VR model, the mechanisms for multiple domain VPN remains the same as single domain VPN n Main requirements t Providers support a common tunnel mechanism t The ability to assign unambiguous VPN identification across the domains

10 Inter-domain VPN Support SP Network VR-1 VR-2 SPVR VPN-1 Sites VPN-2 Sites VR-1 VR-2 SPVR VPN-2 Sites VPN-1 Sites SP Network VPN-1 Sites VPN-1 Sites

11 Extranet Support n Two or more corporate have network access to a limited amount of each other’s corporate data n It’s a matter of control of who can access what data, i.e. a policy decision n VR model supports extranet by allowing two or more VRs connect to each other with policy control for data flow

12 VR VPN Properties n VPNs built with VRs are overlay model n The Provider routers (P) are VPN unaware – scalable n Routing for each VPN is the same as regular network routing n The choice of the backbone protocols is not constrained by the VPNs and vise versa n No protocol modifications needed n No tool (debugging, management,etc.) modifications needed n Deployment will not impact normal operation of the provider network

13 Scalability n Only PEs handle VPN type information, other provider routers are VPN unaware n Establishment and reconfigure can use Directory based tool and BGP-auto discovery – no manual configuration is necessarily

14 Deployment Status n A number of SPs have already deployed VPN implemented with VR model in their network and providing Network Based VPN service

15 Reference n ftp://ftp.ietf.org/internet-drafts/draft-oluldbrahim-vpn-vr- 02.txt

Download ppt "Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001."

Similar presentations

Virtual Links: VLANs and Tunneling

Virtual Links: VLANs and Tunneling
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing the MPLS VPN Routing Model.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing MPLS VPN Architecture.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing MPLS VPN Architecture.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
Provider Provisioned Virtual Private Networks Wing C. Lau Performance Analysis Department Bell Labs, Lucent Technologies Holmdel, New Jersey Dec. 6. 2002.

Provider Provisioned Virtual Private Networks Wing C. Lau Performance Analysis Department Bell Labs, Lucent Technologies Holmdel, New Jersey Dec
Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer
Virtual Private Networks Network Based IP VPN 03/10/2002.

Virtual Private Networks Network Based IP VPN 03/10/2002.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.
Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Virtual Private Networks. Why VPN Fast, secure and reliable communication between remote locations –Use leased lines to maintain a WAN. –Disadvantages.

Similar presentations

Ads by Google