Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network-based IP VPNs using Virtual Routers Tim Hubbard.

Published byMalcolm Tucker Modified over 8 years ago

Similar presentations

Presentation on theme: "Network-based IP VPNs using Virtual Routers Tim Hubbard."— Presentation transcript:

1 Network-based IP VPNs using Virtual Routers Tim Hubbard

2 Backbone(s) VPN AVPN CVPN BVPN DVPN AVPN BVPN CVPN D PE CE P P P P Network based VPN Network Reference Model CE - Customer Edge Router PE - Provider Edge Router P - Provider Router CE

3 Network Based VPN Services Provider Edge Router (PE) VPN A VPN B VPN C Provider Edge Router (PE) VPN Service 1 VPN Service 2 VPN Service 3 VPN Service 1 VPN Service 2 VPN Service 3 VPN A VPN B VPN C Backbone(s)

4 Architecture Design Goals Flexibility –solution architected around choices Scalability –backbone, VPN, PE, etc. Resiliency –NB-VPN services resilient to failures, smooth migration, Manageability –multiple levels of control while reducing NB-VPN service, and network management complexity Reusability –existing management aspects, network mechanisms and tools Security –VPN service, VPN information (routing and data)

5 Architecture Requirements Per VPN routing and forwarding. No routing/forwarding based on private addresses in the backbone. Any routing protocol can be used in the VPN domain and in the backbone. Overlapping of VPN addresses. Not limited to a single tunneling mechanism. Accommodates different backbone deployment scenarios. Not limited to a single backbone technology

6 What is a Virtual Router? A virtual router (VR) is an emulation of physical router. A VR has the same mechanisms and functionality as physical routers. Each virtual router maintains separate routing and forwarding tables. Each virtual router can run any routing protocols (OSPF, RIP, BGP-4, etc).

7 VPN Tunneling Network-based VPNs are implemented through some form of tunneling mechanism. Different tunneling mechanisms can be used (MPLS, IPSec, GRE, L2TP, etc). The architecture allows per VPN tunnels, or using VPN shared tunnels across the backbone.

8 Scenario 1: - VR to VR Direct Connectivity VR-C VR-A VR-B VPN A VPN B VPN C PE VR-C VR-A VR-B Backbone (ATM, FR, MPLS, etc) PE VPN A VPN B VPN C

9 Virtual Router Backbone Aggregation Virtual router (called Backbone Virtual Router) for routing in the backbone used at the PE level only. IP or MPLS based tunnels between VRs for transport of VPN information across the backbone.

10 Scenario 2: - VPNs with Backbone VRs PE Backbone Routing SpaceVPN Routing Space The backbone virtual router is not functionally different than other virtual routers. Backbone VR Backbone VR-C VR-A VR-B VPN A VPN B VPN C

11 Scenario 3: - Combination of VR Deployment Scenarios VR-B VR-C Backbone VR VPN B VPN C Backbone(s) VR-A VPN A PE

12 Scenario 4: - Multiple Backbones VR-C VR-A VR-B Backbone VR-1 VPN A VPN B VPN C Backbone-1 VR-D VR-E Backbone VR-2 Backbone-2 VPN E VPN D PE

13 Scenario 5: - VPNs with Backdoor Links VR-C VR-A VR-B Backbone VR-1 VPN A VPN B VPN C Backbone-1 VR-C VR-A VR-B Backbone VR-1 VPN A VPN B VPN C

14 Scenario 6: - Outsourcing/Management of the PE VR-C VR-A VR-B Backbone VR-1 VPN A VPN B VPN C Backbone-1 VR-D VR-E Backbone VR-2 Backbone-2 VPN E VPN D PE Service Provider-1 Service Provider-2

15 Scenario 7: - Multi-protocol VPNs VR-C VR-A VR-B Backbone VR-1 VPN A IPv6 VPN B IPv4 VPN C IPv6 Backbone-1 IPv4/IPv6 PE

16 Scenario 8: - Backbone Migration Example VR-C VR-A VR-B Backbone VR-1 VPN A VPN B VPN C Backbone IPv4 Backbone VR-2 (MPLS) Backbone MPLS PE VPN services are migrated one at a time

17 Provider Edge Router 1 Virtual Router B Virtual Router A Virtual Router C Provider Edge Router 2 Virtual Router A Virtual Router C Virtual Router B Routing Instance Routing Instance Routing Update Routing Update Routing Update Backbone Per VPN Reachability Info Virtual Virtual Router Reachability Scheme Each routing instance is independent of each other. Routing Instance Routing Instance Routing Update Routing Update Routing Update Routing Instance Routing Instance Routing Update Routing Update Routing Update VPN A VPN B VPN C VPN A VPN B VPN C

18 Membership and Topology Determination Different mechanisms can be used (not mutually exclusives): Directory server approach. Explicit configuration Using a VPN auto-discovery mechanism

19 What can be discovered? VPN Auto-Discovery Tunnel Mechanism (optionally Tunnel endpoints) Membership Information Topology Information VPN Reachability Information (draft RFC2547) The virtual router architecture doesn’t require piggybacking VPN reachability information onto the backbone routing instance.

20 Discovering VPN Information Provider Edge Router (PE1) VPN A VPN B VPN C Backbone BGP BGP UPDATE BGP UPDATE VPN Information (membership, etc.) Provider Edge Router (PE2) BVR VR-C VR-A VR-B VR-C VR-A VR-B VPN A VPN B VPN C

21 Discovering Membership Information Provider Edge Router (PE1) VPN A VPN B VPN C Backbone VPN A VPN B VPN C BGP BGP UPDATE BGP UPDATE (VPN-IDs,PE-BVR) Provider Edge Router (PE2) BVR VPN-ID=1:1 VPN-ID=1:2 VPN-ID=1:3 VPN-ID=1:1 VPN-ID=1:2 VPN-ID=1:3 VR-C VR-A VR-B VR-C VR-A VR-B

22 Discovering Tunnel Endpoints Provider Edge Router (PE1) Backbone BGP BGP UPDATE BGP UPDATE (VPN-IDs, 123.3.4.5, PE- BVR) Provider Edge Router (PE2) BVR VPN-ID=1:1 VPN-ID=1:2 VPN-ID=1:3 VPN-ID=1:1 VPN-ID=1:2 VPN-ID=1:3 VR-C VR-A VR-B VR-C VR-A VR-B IPsec Tunnel VPN A VPN B VPN C VPN A VPN B VPN C

23 Discovering VPN Topology Information Provider Edge Router (PE1) Backbone BGP BGP UPDATE BGP UPDATE (1:1, hub, PE BVR) Provider Edge Router (PE2) BVR VPN-ID=1:1 VPN-ID=1:2 VPN-ID=1:3 VPN-ID=1:1 VPN-ID=1:2 VPN-ID=1:3 VR-C VR-A VR-B VR-C VR-A VR-B VPN A VPN B VPN C VPN A VPN B VPN C

24 BGP based Auto-Discovery Mechanism (for layer-3 VPNs) “Using BGP as an Auto-Discovery Mechanism for Network-based VPNs” Hamid Ould-Brahim, Bryan Gleeson, Peter Ashwood-Smith, Eric Rosen, Yakov Rekhter draft-ouldbrahim-bgpvpn-auto-00.txt

25 Conclusion Virtual Routers allow Service Providers to build differentiated network-based VPN services. The architecture is highly flexible and accommodates different tunneling mechanisms, and different backbone technologies.

26 Contacts Hamid Ould-Brahim Nortel Networks P. O. Box 3511 Station C Ottawa, ON, K1Y 4H7 Canada Phone: +1 (613) 765 3418 hbrahim@nortelnetworks.com Bryan Gleeson Nortel Networks 2305 Mission College Blvd Santa Clara CA 95054 USA Phone: +1 (408) 565 2625 bgleeson@shastanets.com

27 Thank You

Download ppt "Network-based IP VPNs using Virtual Routers Tim Hubbard."

Similar presentations

Virtual Links: VLANs and Tunneling

Virtual Links: VLANs and Tunneling
APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University

APNOMS03 1 A Resilient Path Management for BGP/MPLS VPN Jong T. Park School of Electrical Eng. And Computer Science Kyungpook National University
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.

All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
MPLS VPN.

MPLS VPN.
Identifying MPLS Applications

Identifying MPLS Applications
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing the MPLS VPN Routing Model.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing the MPLS VPN Routing Model.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.24-1 MPLS VPN Technology Introducing MPLS VPN Architecture.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v MPLS VPN Technology Introducing MPLS VPN Architecture.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
Provider Provisioned Virtual Private Networks Wing C. Lau Performance Analysis Department Bell Labs, Lucent Technologies Holmdel, New Jersey Dec. 6. 2002.

Provider Provisioned Virtual Private Networks Wing C. Lau Performance Analysis Department Bell Labs, Lucent Technologies Holmdel, New Jersey Dec
Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,

All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 Module Summary The VRF table is a virtual routing and forwarding instance separating sites.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 Module Summary The VRF table is a virtual routing and forwarding instance separating sites.
IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs.
Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.

Agenda Virtual Private Networks (VPNs) Motivation and Basics Deployment Topologies IPSEC (IP Security) Authentication Header (AH) Encapsulating Security.
MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer

MPLS-VPN/BGP Approach Hari Rakotoranto Technical Marketing Engineer
Pseudowire Edge to Edge Emulation FROM THE SERVICE PROVIDER POINT OF VIEW

Pseudowire Edge to Edge Emulation FROM THE SERVICE PROVIDER POINT OF VIEW
Virtual Private Networks Network Based IP VPN 03/10/2002.

Virtual Private Networks Network Based IP VPN 03/10/2002.

Similar presentations

Ads by Google