Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 61 L2VPN RADIUS Auto-discovery and provisioning Mark Townsley, Greg Weber, Wei Luo,

Published byNoel Waters Modified over 8 years ago

Similar presentations

Presentation on theme: "1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 61 L2VPN RADIUS Auto-discovery and provisioning Mark Townsley, Greg Weber, Wei Luo,"— Presentation transcript:

1 1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 61 L2VPN RADIUS Auto-discovery and provisioning Mark Townsley, Greg Weber, Wei Luo, Skip Booth (Juha Heinanen) IETF 61

2 222 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 Some issues with current version of draft-ietf-l2vpn-radius-pe-discovery Good document, but… Narrowly focused, targeted primarily at VPLS Does not take advantage of newly defined RADIUS CoA extensions (RFC3576), instead requiring periodic polling of the RADIUS server to detect changes in provisioning Requires stateful extension to RADIUS servers, e.g., advertising PE identity via attributes in access request messages rather than relying on a centralized configuration database

3 333 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 L2VPN RADIUS - Goals for Updating Document Generalize RADIUS PE discovery to be applicable to a wider range of L2VPN models (e.g., allow VPWS and VPLS) Better align with L2VPN terminology and architecture More alignment with existing RADIUS server capabilities: Stateless operation (no “polling” by the PE, etc.) Centralized configuration Strive for “Zero-Touch” provisioning. i.e., new CEs to be deployable with little to no impact on PE configuration. Applicable to MPLS or L2TPv3

4 444 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 L2VPN Authorization Steps 1. CE/AC Authorization – Attachment Circuit to VPN ID 2. VPN Authorization – VPN ID to PE Membership 3. PW Authorization – PE Membership to PW signaling CE PE Each step is independent and may be performed by any combination of local configuration, RADIUS, BGP, etc.

5 555 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 L2VPN Authorization Schema Defined using “Single-Sided Signaling” nomenclature Normalized for MPLS or L2TPv3 PWs Likely no need for draft-ietf-l2vpn-l2tp-radius-vpls-00.txt 3 records in schema does not necessarily imply 3 off-box transactions AC Record SAI (AGI+SAII) Service Type (VPLS, VPWS, IPLS, etc) Circuit-specific Parameters (QoS, etc) VPN Record PE Router ID + SAII, PE Router ID + SAII Pseudowire Record PW-specific parameters (TE Tunnel mapping, DSCP Setting, etc). Router ID + SAIIAGI (VPN ID) Router ID + Interface name, SAI, or CE Identity

6 666 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 PE Router ID + SAII PW-specific parameters (Preferred-path, DSCP Setting, etc). PE Router ID + SAII PW-specific parameters (Preferred-path, DSCP Setting, etc). Collapsed Schema Parameters collapsed into single record to reduce the quantity of RADIUS transactions Particularly suited for VPWS, or VPLS with a limited number of PEs. Generic rule for PW setup: If Router ID from Auth Record is different from the local Router ID, use SAI as TAI in PW signaling (LDP or L2TPv3) Auth Record SAI (AGI+SAII) Service Type Circuit-specific Parameters (QoS, etc) PE Router ID + SAII PW-specific parameters (Preferred-path, DSCP Setting, etc). Router ID + Interface name, SAI, or CE identity

7 777 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 VPWS Example AC Record Bandwidth: 40% Cell-packing: 1 Members: 10.0.0.1 VPN-ID: 100 10.0.0.2 atm1/0 1/100 AC Record Bandwidth: 40% Cell-packing: 1 Members: 10.0.0.2 VPN-ID: 100 10.0.0.1 atm2/0 2/100 Control Plane = LDP EXP = 0x03 Control Plane = LDP EXP = 0x03

8 888 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 VPLS example AC Record AGI: foo.com VPN Record Members: 10.0.0.1, 11.0.0.1, 12.0.0.1, 14.0.0.1 VPN-ID: 100 Pseudowire Record Preferred-path: tun1 Exp-setting: 0x3 10.0.0.1:100 foo.com fe1/0.100 AC Record AGI: foo.com fe1/1.100 AC Record AGI: bar.com VPN Record Members: 10.0.0.1, 11.0.0.1, 13.0.0.1, 14.0.0.1 VPN-ID: 200 Pseudowire Record Preferred-path: tun2 Exp-setting: 0x5 10.0.0.1:200 bar.com fe2/0.100 AC Record AGI: bar.com fe2/1.100

9 999 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 RADIUS Accounting RADIUS Accounting messages may be used for logging and billing Really makes sense only at the AC and PW, accounting on VPN PE-membership is not very useful

10 10 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS – IETF 61 Next Steps? Comments/suggestions? Update draft-ietf-l2vpn-radius-pe-discovery with something along the lines of what is in this presentation? Let draft-ietf-l2vpn-l2tp-radius-vpls-00.txt expire?

Download ppt "1 © 2004 Cisco Systems, Inc. All rights reserved. L2VPN RADIUS - IETF 61 L2VPN RADIUS Auto-discovery and provisioning Mark Townsley, Greg Weber, Wei Luo,"

Similar presentations

History of VPLS at IETF Ali Sajassi November 12, 2002.

History of VPLS at IETF Ali Sajassi November 12, 2002.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 BGP based Virtual Private Multicast Service Auto-Discovery and Signaling.
1 Analysis of VPLS Deployment R. Gu, J. Dong, M. Chen, Q. Zeng (Huawei) Z. Liu (China Telecom) IETF80 L2VPN Mar. 2011 Prague draft-gu-l2vpn-vpls-analysis-00.

1 Analysis of VPLS Deployment R. Gu, J. Dong, M. Chen, Q. Zeng (Huawei) Z. Liu (China Telecom) IETF80 L2VPN Mar Prague draft-gu-l2vpn-vpls-analysis-00.
Pseudowire freeze mechanism draft-jin-pwe3-pw-freeze-00 Lizhong Jin Bhumip. Khasnabish.

Pseudowire freeze mechanism draft-jin-pwe3-pw-freeze-00 Lizhong Jin Bhumip. Khasnabish.
Leaf discovery mechanism for mLDP based P2MP/MP2MP LSP

Leaf discovery mechanism for mLDP based P2MP/MP2MP LSP
LDP extensions for Explicit Pseudowire to transport LSP mapping draft-cao-pwe3-mpls-tp-pw-over-bidir-lsp-02.txt Mach Chen Wei Cao.

LDP extensions for Explicit Pseudowire to transport LSP mapping draft-cao-pwe3-mpls-tp-pw-over-bidir-lsp-02.txt Mach Chen Wei Cao.
Identifying MPLS Applications

Identifying MPLS Applications
BGP L2VPN Auto-discovery and Signaling

BGP L2VPN Auto-discovery and Signaling
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Multicast in BGP/MPLS VPNs and VPLS draft-raggarwa-l3vpn-mvpn-vpls-mcast-
Juniper Networks, Inc. Copyright © 2000 1 L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe

Juniper Networks, Inc. Copyright © L2 MPLS VPNs Hector Avalos Technical Director-Southern Europe
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Point-to-Multipoint Pseudowire Signaling and Auto-Discovery in Layer.
All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,

All Rights Reserved © Alcatel-Lucent 2006, ##### Scalability of IP/MPLS networks Lieven Levrau 30 th April, 2008 France Telecom, Cisco Systems, uawei Technologies,
Classical Ethernet Services, Evolution to VPLS (an L2VPN), VPLS Operation Vishal Sharma, Ph.D. Metanoia, Inc. Web:

Classical Ethernet Services, Evolution to VPLS (an L2VPN), VPLS Operation Vishal Sharma, Ph.D. Metanoia, Inc. Web:
Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen

Pseudowire Endpoint Fast Failure Protection draft-shen-pwe3-endpoint-fast-protection-00 Rahul Aggarwal Yimin Shen
Benchmarking Carrier Ethernet Technologies Workshop Session MI.1: PW/MPLS Krakow, Poland Lieven Levrau 30 th April 2008.

Benchmarking Carrier Ethernet Technologies Workshop Session MI.1: PW/MPLS Krakow, Poland Lieven Levrau 30 th April 2008.
IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,

IETF 59, March 2004Mustapha AïssaouiSlide 1 OAM Procedures for VPWS Interworking draft-aissaoui-l2vpn-vpws-iw-oam-00 Mustapha Aïssaoui, Matthew Bocci,
Draft-li-l2vpn-ccvpn-arch-00IETF 88 L2VPN1 An Architecture of Central Controlled Layer 2 Virtual Private Network (L2VPN) draft-li-l2vpn-ccvpn-arch-00 Zhenbin.

Draft-li-l2vpn-ccvpn-arch-00IETF 88 L2VPN1 An Architecture of Central Controlled Layer 2 Virtual Private Network (L2VPN) draft-li-l2vpn-ccvpn-arch-00 Zhenbin.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—6-1 Complex MPLS VPNs Introducing Managed CE Router Service.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—6-1 Complex MPLS VPNs Introducing Managed CE Router Service.
Requirements for MEF E-Tree Support in VPLS draft-key-l2vpn-vpls-etree-reqt-00 Presenter: Frederic Jounay IETF78, July 2010 Authors: Raymond Key Simon.

Requirements for MEF E-Tree Support in VPLS draft-key-l2vpn-vpls-etree-reqt-00 Presenter: Frederic Jounay IETF78, July 2010 Authors: Raymond Key Simon.
SMUCSE 8344 MPLS Virtual Private Networks (VPNs).

SMUCSE 8344 MPLS Virtual Private Networks (VPNs).

Similar presentations

Ads by Google