Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.

Similar presentations


Presentation on theme: "Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001."— Presentation transcript:

1

2 Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001

3 Objectives n Enable Service Provider to provide value added VPN services in a scalable manner n Scale to large number of VPN customers w.r.t. t Router resources t Operation and management n Utilize existing protocols and tools n Provide: t separation of VPNs serviced by the same provider t separation of VPNs and the provider network t security using standard mechanisms

4 Virtual Router Concept Provider’s NetworkCustomer Site(s) Customer Site(s) VPN Without VR CE PP PP PE VPN With VR PP PP CE VR

5 Virtual Router Definition n A virtual router (VR) is an emulation of a physical router at the software and hardware levels n VRs have independent IP routing and forwarding tables and they are isolated from each other n Two main functions t Constructing routing using any routing technology t Forwarding packets to the next hops within the VPN domain n From the VPN user point of view, a virtual router provides the same functionality as a physical router

6 VPN Built with VRs SP Network VR-1 VR-2 SPVR VR-1 VR-2 SPVR VPN-1 Sites VPN-2 Sites VPN-2 Sites VPN-1 Sites Connecting multiple VRs to the Provider Network through the use of a single VR “the provider virtual router” - SPVR VPN-1 Sites

7 VPN Basic Building Blocks n Membership t VRs belong to the same VPN share the same VPN-ID n Tunnel t VR to VR tunnel, a point-to-point link from each VR’s view t Tunnel mechanisms can be IPsec, GRE, IPinIP or MPLS, etc. t Tunnel type l Per VPN tunnel (originate at VR) or l aggregated two level tunnel (originate at SPVR) n Routing t Independent from SP backbone routing t Each VPN can have its own choice of routing protocols

8 VPN Establishment with VRs n Like all VPN implementation mechanisms, membership information needs to be disseminated n In VR model, membership information can be distributed with the following mechanism t Manual configuration t Directory based mechanism t Utilize routing protocol l BGP Auto-discovery

9 Inter-domain VPN Support n With VR model, the mechanisms for multiple domain VPN remains the same as single domain VPN n Main requirements t Providers support a common tunnel mechanism t The ability to assign unambiguous VPN identification across the domains

10 Inter-domain VPN Support SP Network VR-1 VR-2 SPVR VPN-1 Sites VPN-2 Sites VR-1 VR-2 SPVR VPN-2 Sites VPN-1 Sites SP Network VPN-1 Sites VPN-1 Sites

11 Extranet Support n Two or more corporate have network access to a limited amount of each other’s corporate data n It’s a matter of control of who can access what data, i.e. a policy decision n VR model supports extranet by allowing two or more VRs connect to each other with policy control for data flow

12 VR VPN Properties n VPNs built with VRs are overlay model n The Provider routers (P) are VPN unaware – scalable n Routing for each VPN is the same as regular network routing n The choice of the backbone protocols is not constrained by the VPNs and vise versa n No protocol modifications needed n No tool (debugging, management,etc.) modifications needed n Deployment will not impact normal operation of the provider network

13 Scalability n Only PEs handle VPN type information, other provider routers are VPN unaware n Establishment and reconfigure can use Directory based tool and BGP-auto discovery – no manual configuration is necessarily

14 Deployment Status n A number of SPs have already deployed VPN implemented with VR model in their network and providing Network Based VPN service

15 Reference n ftp://ftp.ietf.org/internet-drafts/draft-oluldbrahim-vpn-vr- 02.txt


Download ppt "Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001."

Similar presentations


Ads by Google