Presentation is loading. Please wait.

Presentation is loading. Please wait.

BellSouth ® Managed Network VPN Service Next-Generation Network Services for Todays Business Needs.

Published byTamara Verney Modified over 10 years ago

Similar presentations

Presentation on theme: "BellSouth ® Managed Network VPN Service Next-Generation Network Services for Todays Business Needs."— Presentation transcript:

1 BellSouth ® Managed Network VPN Service Next-Generation Network Services for Todays Business Needs

2 Presentation Overview Traditional WAN Solutions VPN Overview MPLS Overview BellSouth Network VPN Value Added Services SLA and CNM Customer Scenario Summary

3 Traditional WAN Solutions

4 The Case for Change: Its Complicated and Expensive for Both of Us Historically… –Separate edge and core networks built for each service offering –Services and networks that address single applications well but do not individually address a broad range of customer needs –Individually highly scalable, robust and stable network platforms Forcing Customers to… –Invest time, money and resources into different platforms –Purchase disparate networks based on service need –Perform network integration and their own access aggregation –Split applications based on networking capabilities –Prioritize investments across applications We never met a network we didnt like… DSL DIA GigE Voice Frame Relay ATM/ Frame Relay Internet

5 Solutions –Management simplification – one platform –Enables network and applications convergence –Shifts complexity/investments to the provider –Connectionless architecture – more efficient –Inter-LATA, limitless reach Challenges –Integrating disparate networks –Managing disparate networks –Capacity planning, extending connectivity –Costly, complex CPE –Multiple WAN connections cost and complexity Data Network Migration Strategy Desired State: Network IP VPN Environment Managed IP Connectivity Services ATM Private Lines Frame Relay Current Environment Internet Access Ethernet Internet Access Access Frame Relay, DSL, Private Line Access Frame Relay, DSL, Private Line Access Frame Relay, DSL, Private Line Access Frame Relay, DSL, Private Line Migration Path Internet Access

6 Evolving Network Solutions Private Line High performance High security Frame Relay/ATM Lower cost Improved scalability Quality of service High performance High security MPLS IP VPN Class of Service for IP Simplified connectivity (easy any-to-any connectivity) Simplified addressing Simplified network topology Simplified L2 and L3 administration Increased flexibility (more access options) IP-based network recovery Simple migration from Frame Relay Lower cost Improved scalability Quality of service High performance High security Functionality Time MPLS IP VPNs build upon traditional Layer 2 technologies, promising a higher order of service capabilities Market Assessment

7 VPN Overview

8 A VPN By Any Other Name… ATM Frame Relay Managed Network VPN Service –MPLS/BGP (RFC 2547) Routers Firewalls VPN Concentrators IPSec Client Software VPN Types Network Based VPNs CPE Based VPNs (IPSec) Layer 2 VPNs (Point-to-Point) Layer 3 (IP-VPNs)

9 IP VPN Models – CPE vs. Network First Generation IP VPN network Implemented over the public Internet Security is provided via IPSec Can be difficult to scale May require expensive CPE Difficult to control QoS Next Generation MPLS network Implemented over a private IP backbone Intelligence resides in the cloud Provides Any-to-Any connectivity Designed for converged IP services Provides QoS/CoS capabilities IP Partitioning/Tunnel Branches Headquarters IP Tunnel Branches Headquarters Network-based VPN CPE-based VPN Internet CarriersBackbone

10 Network VPN Drivers CapabilityCustomer Needs Secure WAN Connectivity Cost-effective WAN connectivity for branch offices & business partners Access options Nationwide coverage Remote User Connectivity Secure connectivity for remote users Cost-effective end-user helpdesk Secure Internet access for remote users Ubiquitous coverage Internet Access Secure Internet access for all sites/users Single, integrated solution from one provider Segmentation of private WAN traffic from Internet traffic Network Management Performance Guarantees Network performance reports User administration tools

11 MPLS Overview

12 What is MPLS? Multiprotocol Label Switching A standard for switching packets over an IP Network using labels or tags that contain forwarding information attached to IP packets LSR = Label Switch Router PE = Provider Edge Device CE = Customer Edge Device VRF = Virtual Route Forwarding MPLS Core Network LSR PE CE VRF LSR VRF How Does It Work? Combines the security and reliability of traditional Layer 2 services (i.e. frame relay, ATM) with the efficiencies of IP networking Forwards packets based on labels Packets are switched, not routed Labels represent destination and may carry service attributes (CoS, Privacy-VPNs, traffic engineering)

13 What Does MPLS Provide? CapabilityMPLS Provides Secure WAN Connectivity MPLS securely segments traffic using customer specific labels to ensure that traffic is not visible to other customers or across the public Internet Outsourcing of complexity MPLS moves routing decisions away from CPE to the provider network allowing for any-to-any configurations without complex and potentially expensive CPE ScalabilityMPLS is scaleable, supporting thousands of VPNs Building block for converged services MPLS is designed to transport a variety of application types, i.e. VoIP, Video over IP, email, SAP, etc.

14 BellSouth Managed Network VPN Services

15 The BellSouth Regional IP Backbone Attributes: 3 high speed IPOPs provide diversity and redundancy (Atlanta, Miami, and New Orleans) Consolidation of multiple IntraLATA IP networks into 1 core IP network enables BellSouth to maintain control of network traffic from end-to-end Customer Benefits… Redundancy for high reliability Overcomes LATA boundaries Cornerstone for future information service capabilities Moves routing complexity into the BellSouth network

16 Network VPN Nationwide Availability Network VPN is: –Available across the continental United States via close to 1200 access POPs –A BellSouth Managed Network Services (MNS) offering on a single contract and single bill for ALL customer locations BellSouth Network VPN Service Out-of-Franchise In-Franchise

17 BellSouth ® Managed Network VPN Customer benefits… Consolidated remote user access and site-to-site networking Flexibility to aggregate multiple access types (i.e. Private Line, Frame Relay, DSL, Metro E) Off-Net capabilities for connecting remote users and Extranet partners via the BellSouth ® IPSec Gateway Integrated Internet access via network-based firewall Connecting the Entire Organization Headquarters Internet BellSouth MPLS Network Firewall & IPSec Gateway Branch Office (IPSec) Branch Office Extranet Partner (IPSec) Branch Office Network-based Internet Access Service Remote User (IPSec client)

18 Site-to-Site Service Site-to-Site Service Access Options: 1.Frame Relay, Private Line, DSL, Metro Ethernet (2Q06), ATM (limited availability) 2.IPSec Access via BellSouth IPSec gateway Optional Services: –eMRS Complementary Managed Router Service (soft-bundle) option –Internet access with firewall feature –Equipment purchase, installation and maintenance services Headquarters Internet BellSouth MPLS Network Firewall & IPSec Gateway Branch Office (IPSec) Branch Office Extranet Partner (IPSec) Branch Office Network-based Internet Access Service 2 2 2 2 1 1 1 1 1 1 1 1

19 Access Types – Site-to-Site Managed Network VPN Site-to-Site Service Access Types In-FranchiseOut-of-Franchise Site-to-Site Private IP DSL BellSouth Private Line Service BellSouth Frame Relay Service Metro Ethernet (2Q06) ATM (limited availability) BellSouth Integrated Solutions (BIS-T1) DSL (in limited areas) Private Line Net VPN with BSLD* Extension –Frame Relay –Private Line –DSL –Frame over DSL Off-Net IPSec connectivity to the MPLS cloud via BellSouth IPSec gateway

20 Remote User Service (Off-Net IPSec) Remote User Service: Available via any Internet connection (BellSouth or third party ISP) using BellSouth provided IPSec client software AAA User Authentication required – customer provided (AAA Proxy) or BellSouth hosted Tiered pricing based on minimum number of unique users per month Optional: network-based Internet access with managed firewall feature Internet BellSouth MPLS Network Firewall & IPSec Gateway Remote User (IPSec client) Remote User (IPSec client)

21 Class of Service CoS is an optional service that allows for prioritization of traffic on a per application basis: 1.Real-Time: Suitable for IP voice applications 2.Interactive: Suitable for IP video applications 3.Priority Business: Suitable for business critical data applications 4.Best Effort: Suitable for non-critical data (e.g. email, general web surfing) BellSouth Network VPN offers Three levels of service to meet your CoS needs: 1.Standard: Single class (Best Effort) 2.CoS Basic: Two classes (Best Effort and Business Priority) 3.CoS Premium: Four classes (Best Effort, Business Priority, Interactive, Real-Time)

22 Class of Service Network VPN CoS Levels of Service StandardCoS BasicCoS Premium Transport Types Private Line, Frame Relay, DSL, ATM, Metro Ethernet (when available) Private Line, Frame Relay, ATM, Metro Ethernet (when available) (min speed: 128K) Classes Supported Best effortPriority business Best effort Real-time Interactive Priority business Best effort SLAs Core (availability SLA includes access and CPE) Core and CoS Premium access SLAs for sites with: >= 768K and P+A+CPE Packages Port Only Port + Access Port + Access + CPE Port Only Port + Access Port + Access + CPE Port Only Port + Access Port + Access + CPE

23 Value-Added Services

24 Secure Internet Access Basic Internet Access Features Outbound Only Rule Set DNS Caching (1) Public IP address Advanced Internet Access Features Inbound and Outbound Rule Sets DNS Caching or DNS hosting Support for inbound NAT translation Support for physical DMZ Up to (15) Public IP addresses Firewall Features Provisioning and configuration Initial design and implementation of rule base Support for Network Address Translation (NAT) 24X7 Monitoring of the firewall platform Firewall administration and backup Help desk support Firewall logging Service level agreements Secure Internet Access via Network-based Firewall Internet access is provided via the Network VPN cloud Two levels of firewall service are available; Basic and Advanced Subscription to a firewall service is required for Internet access

25 Additional Value Added Services Equipment and Professional Services –Equipment: Cisco, Nortel, Telco, Adtran –Professional Services: Staging, Configuration, Installation and Project Management Equipment Maintenance Managed Router Service –Real-time Monitoring and Management of Customer Routers –For all On-Net site-to-site transport types (Private Line, frame relay, and DSL)

26 SLAs and CNM

27 Network VPN SLAs/SLOs Core SLAs apply from edge to edge of the MPLS network. This summarized information is outlined in the actual SLA and is subject to the limitations set forth in the Network VPN Service Description. SLAs Exclude Private IP Site-to-Site DSL Core SLAs - Regional (In-Franchise) & National "On-Net" S2S Services MeasurementBest EffortPriority BusinessInteractiveReal-Time Latency (roundtrip) <=55 ms<=50 ms <=45ms Jitter (roundtrip) NA <=2 ms Packet Delivery >=99.60%>=99.70%>=99.80%>=99.90% Access SLAs - Regional (In-Franchise) "On-Net" S2S Services Access Circuit SLA TargetsTargets for Real Time Class of Service (Regional Network VPN Service) Measurement Latency (roundtrip) <=50ms Jitter (roundtrip) <=5 ms Packet Delivery >=99.90%

28 Network VPN SLAs/SLOs (Cont.)

29 Customer Network Management (CNM) CNM is a secure Internet-based portal that allows customers to view their BellSouth Network VPN service functionality Including: Remote User Management & Reporting IPSec Client Download Security Management Network Performance Reporting Trouble Management Order Status

30 Example Customer Scenario Pre/Post Network VPN

31 Example Company – Acme, Inc. Customer Network Needs: LAN to LAN connectivity –5 sites growing to 10 –1HQ, 2 branch offices and 2 remote offices Remote access connectivity –20 Users growing to 200 –Mix of both company provided and end user provided transport Secure Internet access for all sites and remote users –DS1 growing to Fractional DS3 Key Network Decision Drivers: Utilize most cost effective access method to connect sites Minimize complexity in order to minimize management costs Scaleable solution without requiring significant upgrade costs Minimize capital expenditures Long term, Acme would like to migrate to one network for voice, video and data Will require a fully meshed network Scenario: New network deployment, extending current network to other locations or overhaul of existing network

32 Pre-Network VPN Solution Internet Customer Premise Router (1) DS1 with (2) PVCs Frame Relay Network Layer 2 Only Branch Offices Frame Relay (128K) Frame Relay (DS1) Router IPSec Client Branch /Remote Sites VPN Device Headquarters Customer IP Network Remote Users Frame Relay (128K) Frame Relay (128K) Frame Relay (128K) DSL, dial, ISDN or cable access

33 Network VPN Solution Internet Customer Premise Router BellSouth MPLS Network Branch Offices S2S Private IP DSL Frame Relay (DS1) IPSec Client Branch /Remote Sites Headquarters BellSouth ® IPSec Gateway S2S Private IP DSL Frame Relay (128K) Private Line BellSouth ® FastAccess ® DSL/ FastAccess ® Telecommute DSL Remote Users On-Net Remote Users Off-Net DSL, dial, ISDN or cable access

34 BellSouth Managed Network VPN Summary

35 Network VPN Summary - BellSouth Delivers CapabilityCustomer NeedsNetwork VPN Provides Secure WAN Connectivity Cost-effective WAN connectivity for branch offices & business partners Access options Nationwide coverage Single network for intranet & extranet connectivity Nationwide Support for multiple access types (i.e. DSL, Frame Relay, Private Line) IPSec connectivity for Off-Net locations Remote User Connectivity Secure connectivity for remote users Cost-effective end-user helpdesk Secure Internet access for remote users Ubiquitous coverage IPSec client & AAA authentication 24x7 end-user helpdesk Internet access via network-based firewall Connectivity using any Internet access Internet Access Secure Internet access for all sites/users Single, integrated solution from one provider Segmentation of private WAN traffic from Internet traffic Customized network-based firewall Single port for WAN & Internet connectivity Virtual firewall technology segments WAN traffic from the public Internet Network Management Performance Guarantees Network performance reports User administration tools Competitive Proactive SLAs Performance reports via web-based portal Network management via web-based portal

36 Back-up Materials

37 Cost and complexity typically result in less than optimal network topologies (i.e. hub and spoke with multiple PVCs, overbuilt hubs, costly NNI arrangements) Potential bottlenecks and single points of failure Responsibility for functional integration and network management typically falls on the customer –Does not address remote access needs –Access aggregation and integration further increases cost and complexity Traditional Approach Using Frame Relay Desired StateTypical Deployment

38 Who Benefits from the BellSouth Managed Network VPN Service? Organizations that need wide area connectivity Organizations seeking cost-effective backup/disaster recovery solutions for their existing legacy WANs Organizations forming extranets with highly dynamic and meshed network traffic requirements Organizations with strong telecommuting initiatives Organizations deploying new IP-based applications: –Supply Chain Management (SCM) –Enterprise Resource Planning (ERP) –Customer Relationship Management (CRM)

39 BellSouth Managed Network VPN Service Summary of Benefits Reduced complexity in your network operations –BellSouth provides all necessary equipment, facilities and support – one fixed monthly fee (includes ongoing network monitoring and administration) –Fully meshed networks can be easily deployed without the cost and complexity associated with traditional Layer 2 networking services –SLAs assure service quality Greater flexibility to support a wide range of applications –Extended reach to branch offices, remote workers, customers, suppliers and partners –New sites and users can be quickly and easily deployed –Class of Service capabilities allow application specific prioritization Lower total cost of ownership –Shift complexity from customer premise to providers network –Reduce capital investments (All customers need is a basic router at their premise) –Enables future convergence of voice and data services via a robust integrated IP/MPLS-based network Companies can leverage the capabilities of a carrier class, shared IP infrastructure while maintaining the "look and feel" of their own private network.

40 Source: TeleChoice (March 2002) Content Source: BellSouth In$ite WAN Technologies Comparison Criteria Layer 2 ServicesIP VPN Services Private LineFrame RelayCPE-basedNetwork-based Perceived Cost Highest cost solution Viewed as cost effective for hub-and- spoke networks Perceived to be less expensive than Frame since it leverages the Internet for connectivity Lowered capital expenditure and operational expenditure (due to limited number of VPN devices at customer premise) Viewed as cost effective ScalabilityLeast scalable solution Scalable for hub-and spoke designs IP is scalable but configuring individual location CPE is an administrative challenge Highest scalability for large networks Network-based IP VPNs are fully meshed in nature and pre-configure IP VPN virtually defined by the provider within its network Perceived Security Perceived to be secure due to dedicated circuits but lack encryption and authentication Perceived to be secure but lack encryption and authentication IPSec is perceived to be very secure but additional CPE (i.e. firewalls) may be required to effectively guard against Internet based threats Basic configuration perceived as secure from POP to POP and on par with Frame Relay Lack of end to end encryption may be perceived as less secure than CPE- based solutions

41 CNM Back-up Materials

42 Remote User Management and Reports Note: Ability to export to excel Types of Reports Audit Report –By date –By user Average Session Length Trend Hosted Usage Hosted User Session Session Graph Trend Top 15 Usage Usage Graph Trend

43 Example SLA Report Phase I: Sent via e-mail

44 CNM – User Administration Step 1: Select Department Step 2: Add User Information Step 3: Save New User Add New User to a Department

45 CNM Remote User – Client Download

46 CNM: Firewall Policy Change Request

47 CNM: Submit Trouble Ticket

48 Network VPN CNM – User Administration Tool Company Administrator Types Of Users Set up new departments Assign department administrator Add/delete users by department Password reset Generate Usage Reports Department Administrator End User Role/Capabilities Add/delete users by department Password reset Generate Usage Reports Download IPSec Client Password reset

49 BellSouth is Listening Your needs are our concerns

50 Private Lines Coverage for Out of Region Sites –Private Line Nationwide Network VPN service has 100% PL coverage of the Continental US Nationwide Network VPN service can be accessed from close to 1200 domestic POPs, including 50 in BellSouth territory –Initially Continental US locations supported only Can support International sites via IPSec access to MPLS network

51 Nationwide DSL Coverage for Out of Region Sites Coverage in 60 markets DSL access requires specific supported CPE make and models Los Angeles Santa Barbara San Diego San Francisco Sacramento Portland Seattle Salt Lake City Phoenix Tucson Las Vegas Albuquerque Denver Dallas San Antonio Houston Austin Kansas City Minneapolis Milwaukee Grand Rapids Detroit St. Louis New Orleans Memphis Nashville Louisville Indianapolis Chicago Tampa Orlando Miami Boston/ Providence Hartford New York Philadelphia/Harrisbur g Baltimore / DC Richmond Raleigh Greensboro Charlotte Charleston Greenville Columbia AtlantaBirmingha m Jacksonville Columbus Dayton Cleveland Pittsburg h Norfolk San Jose Newark DSL SpeedRouters 1.5M x 384KbpsBroadxent 8120 192 x 192 Kbps 384 x 384 Kbps 768 x 768 Kbps Efficient Networks: 5851 Netopia 4652-T

Download ppt "BellSouth ® Managed Network VPN Service Next-Generation Network Services for Todays Business Needs."

Similar presentations

Virtual Links: VLANs and Tunneling

Virtual Links: VLANs and Tunneling
Multi-service Architecture: Evolution of Network Architecture Keith Knightson Khalid Ahmad Carrier Data Networks Nortel Networks, Canada IP-Networking/Mediacom.

Multi-service Architecture: Evolution of Network Architecture Keith Knightson Khalid Ahmad Carrier Data Networks Nortel Networks, Canada IP-Networking/Mediacom.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
AT&T Multi-protocol Label Switching Private Network Transport Service (MPLS PNT) National Communications Tel: 866-624-2008 Email: Sales@nationalcommunicationsgroup.com.

AT&T Multi-protocol Label Switching Private Network Transport Service (MPLS PNT) National Communications Tel:
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing MPLS VPN Architecture.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing MPLS VPN Architecture.
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
The Business Solutions Revolution Xavier Villegas Chief Business Market Officer September 17, 2013.

The Business Solutions Revolution Xavier Villegas Chief Business Market Officer September 17, 2013.
Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe
IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)

IT’S HERE Bandwidth Technologies. Agenda Technologies for Bandwidth –Single Location DSL/Cable T1/Bonded T1 DS3/OC-N Ethernet Over Copper (EoC, EoFM)
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Broadband and Wide Area Network Services Carrier Gigabit Ethernet Multi Protocol Label Switching Vs. IP VPNs T-1 & T-3 SIP Trunks Security Network Topology.

Broadband and Wide Area Network Services Carrier Gigabit Ethernet Multi Protocol Label Switching Vs. IP VPNs T-1 & T-3 SIP Trunks Security Network Topology.
ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.

ONE PLANET ONE NETWORK A MILLION POSSIBILITIES Barry Joseph Director, Offer and Product Management.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Module CSY3021 Network Planning and Programming RD-CSY3021-08/09 1.

Module CSY3021 Network Planning and Programming RD-CSY /09 1.

Similar presentations

Ads by Google