Document

Download Report

Transcript Document

Overview of VPN

1

Organization B Site 1

Private Networks

Organization A Site 4 Organization A Site 3 Organization A Site 1 Organization B Site 2 Organization A Site 2 Organization B Site 3

Leased Lines 2

Private Network

• Advantages: – Leased lines are secured – Privacy and QoS Guarnteed • Disadvantages – Leased lines are very expensive – No of links required grows exponentially if full mesh connectivity is required and network expands.

– More nos of CPE ports are required – Network complexity increases as network grows. All existing sites requires reconfiguration in case of a new site addition.

3

Internet Based Private Network

Organization A Site 4 Organization B Site 1 Organization A Site 3 Internet

Shared Infrastructure

Organization A Site 1 Organization B Site 3 Organization B Site 2 Organization A Site 2

4

Internet Based Private Network

• Advantages: – Single physical connectivity at each site. – No reconfiguration required at existing sites in case of addition of new site to the network.

– Saving on CPE ports – Huge saving in annual connectivity charges.

• Disadvantages: – Highly insecure environment – No guarantee of Privacy and QoS – Any unauthorized traffic can enter in private network 5

Virtual Private Network

• Different solutions are available to make communication over internet safe, secure and it can also ensure desired grade of quality of service.

• These solutions are known as VPN solutions.

• Different protocols like L2TP, PPTP, IPSec etc are available to provide VPN solutions to customers. • These Protocols take care of data authenticity, data integrity, and if required data confidentiality. 6

Virtual Private Network

Organization A Site 4

Firewalls

Organization B Site 1 Organization A Site 3 Internet Organization A Site 1 Organization B Site 3 Organization B Site 2 Organization A Site 2

7

Deploying VPNs in the 21st Century

Corporate Headquarters Intranet Internet Remote Access Branch Office Mobile Users and Telecommuters Suppliers, Partners and Customers

• • • •

Extranet

Uses IP Infrastructure – May be shared with Internet services Increasing importance of IP/MPLS (not ATM/FR) Subscriber requirements – Lower operational expenses – A single network connection for multiple services Provider requirements – Multiservice infrastructure – Create additional source of revenue 8

Virtual Private Network Categories

• VPN can be classified in two categories – Customer Provisioned • VPN Tunnels originate and terminate at customer premises • Provisioning of equipment and allied activities is the responsibility of the customer • Provider may not be aware of the VPN tunneling through his network – Provider Provisioned • VPN Tunnels originate and terminate at the service provider’s edge • Responsibilities of creating and maintaining these tunnels lies with the provider 9

Customer Provisioned VPNs

Secured Tunnels

Organization B Site 1 Organization A Site 1 Organization B Site 2 Internet Organization B Site 3

10

Provider Provisioned VPNs

Organization B Site 1

Secured Tunnels

Internet Organization A Site 1 Organization B Site 2 Organization B Site 3

11

MPLS Based VPNs

• MPLS Based Layer 3 VPNs – Provider’s router participates incustomer’s layer 3 routing – Provider router manages VPN-specific routing tables, distributes routes to remote sites – CPE routers advertise their routes to the provider • MPLS Based Layer 2 VPNs – Customer maps their layer 3 routing to the circuit mesh – Provider delivers Layer 2 circuits to the customer, one for each remote site – Customer routes are transparent to provider 12

VPN B Site 1 VPN A Site 1

MPLS Based Layer 3 VPN

CE–A1 Static Routes PE 1 A VRF is created for each VPN connected to the PE P P VPN A Site2 CE–A2 PE 2 OSPF Routing CE–B2 CE–A3 E-BGP PE 3 CE–B1 P P CE–B3 VPN B Site2 VPN A Site 3 VPN C Site 1 CE–C1 CE–C2 VPN C Site 2 VPN B Site3

13

MPLS Based Layer 3 VPNs

• Each VRF is populated with: – Routes received from directly connected CE routers associated with the VRF – Routes received from other PE routers with acceptable BGP attributes • Only the VRF associated with a VPN is used for packets from a site of that VPN – Provides isolation between VPNs 14

MPLS Based Layer 3 VPNs

• Customers can use overlapping IP addresses • Customers are free to use any IP address even private IP addresses.

• Very little manual configuration. Auto discovery of new sites. No reconfiguration of existing sites in case of new site addition.

• Cheaper than leased lines as it works on MPLS based IP infrastructure which is a shared infrastructure.

• QoS can be assured as MPLS has the capability to provide differentiated QoS 15

MPLS Based Layer 3 VPNs

• Customers can create intranet as well as extranet with the help of layer 3 VPNs.

• Extranet allows the customers to allow business partners, suppliers to access their network.

• 100 % secured intranet as well as extranet.

• Single physical connectivity at every site resulting in very simple network topology.

• Provider participates in customer’s routing process.

16

MPLS Based Layer 2 VPNs

• Provider edge device delivers Layer 2 circuit IDs (DLCI, VPI/VCI, or VLAN ID) to the customer – Customer sees standard FR or ATM PVCs – From my site, one for each reachable site • Provider edge device maps the circuit ID to an MPLS LSP to traverse the provider core – Label stacking could be used to improve scalability • Customer maps their own routing architecture to the circuit mesh – Customer routes are transparent to provider – Separation of administrative responsibility 17

VPN B Site 1 VPN A Site 1

MPLS Based Layer 2 VPNs

A VFT is created for each CE connected to the PE CE–A1 ATM P P VPN A Site2 CE–A2 ATM PE 2 FR CE–B2 FR PE 1 CE–B1 P P PE 3 ATM CE–A3 VPN B Site2 VPN A Site 3

Each VFT is populated with:

The information provisioned for the local CEs

VPN Connection Tables received from other PEs via BGP or LDP

18

MPLS Based Layer 2 VPNs

• Layer 2 VPN supported Technologies – Frame Relay – ATM – Ethernet – Ethernet VLANs – HDLC – PPP 19

MPLS Based Layer 2 VPNs

• Separation of customer’s and provider’s routing provides extra confidence to customer about security of his network.

• Customer can choose any layer 2 connectivity which is supported by layer 2 VPN.

20

Virtual Private LAN Service VPLS

• Different sites of customer’s network can get connected to MPLS network on Ethernet just like they connect with any LAN switch.

• With auto discovery of MAC addressed of devices each site can learn about the machines connected with VPLS service.

• To customer it appears very much like a ordinary Ethernet connectivity. • To customer MPLS network appears like a huge LAN switch with which its different site are connected just like connected with Ethernet LAN switch. 21

Virtual Private LAN Service

VPN A Site 1 CE–A1 CE–A2 VPN A Site2 VPN B Site2 P P PE 2 VPN B Site 1 PE 1 CE–B1 P P PE 3 CE–A3 CE–B2 VPN A Site 3

• A private Ethernet network constructed over a ‘shared’ infrastructure which may span several metro areas • Multipoint to Multipoint Ethernet connectivity where the SP network looks like an Ethernet broadcast domain • Compliments Layer 3 2547 and Layer 2 VPNs 22

What is Quality of Service

Desktop Conferencing, Distance Learning Mission-Critical Applications E-Mail FTP

23

Role of QoS

• Protect mission-critical applications – Voice, ERP, data warehouse, sales force automation • Prioritize groups of users – Finance, sales, suppliers • Enable multimedia applications – Distance learning, desktop video conferencing

Quality of Service (QoS)

• MPLS has got very powerful tools like traffic prioritization, traffic scheduling, traffic shaping, traffic policing etc to ensure proper grade of quality of service to customer.

• Broadly three grades of services are available at present in MPLS VPN Service – Gold (Guaranteed bandwidth, delivery, Jitter and latency) – Silver (Guaranteed delivery) – Bronze (Best effort) 25

Three Classes of Service

Three class of service

according to the customers requirement (Gold, Silver & Bronze) – If customer requirement is more than 2 Mbps then tariff will be

n x tariff

for 2 Mbps.

Tariff per Annum (Rs in Lakhs) Sl No.

Class of Service Comitted Bandwidth (%) 64 kbps 128 kbps 256 kbps 512 kbps 1 Mbps 2 Mbps 1.

Gold 99 0.77

1.38

2.38

3.69

5.84

12.32

2.

3.

Silver Bronze 50 25 0.58

0.38

1.04

0.69

1.79

1.19

2.76

1.84

4.38

2.92

9.24

6.16

26

Service Tax & Discount

• Service tax @ 10% will be charged w.e.f 10/9/2004 and • Education cess @ 2 % of the service tax will also be levied in addition to service tax

No of Ports 2 to 5 Discount on VPN Port 10 % 6 to 10 11 to 15 16 and above 12 % 15 % 20 %

27

Tariff for Leased Line Data Circuits

3 4 5 6 S.N.

1 Distance (kms) 50 64 Kbps (Rs.) 34,319 2 Mbps (Rs.) 3,48,642 2 100 40,646 5,38,454 200 300 54,412 68,178 9,51,431 13,64,407 7 400 500 Beyond 500 81,944 95,710 96,000 (Fixed) 17,77,384 21,90,360 22,00,000 (Fixed) 8 Mbps (Rs.) 13,94,568 21,53,816 38,05,724 54,57,628 71,09,536 87,61,440 88,00,000 (Fixed) 34 Mbps (Rs.) 55,78,272 86,15,264 1,52,22,896 2,18,30,512 2,84,38,144 3,50,45,760 3,52,00,000 (Fixed) 140 Mbps (Rs.) 2,23,13,088 3,44,61,056 6,08,91,584 8,73,22,048 11,37,52,576 14,01,83,040 14,08,00,000 (Fixed)

28

Tariff for 128 kbps to 960 kbps

The tariffs for 128 kbps to 960 kbps is equal to the tariff for 64 kbps

x by the coefficients as below Capacity Coefficient 960 kbps 768 kbps 512 kbps 384 kbps 320 kbps 256 kbps 192 kbps 128 kbps 7.6

6.4

4.8

4.0

3.6

3.1

2.5

1.8

29

ICICI Bank Case Study

• Total nos of Leased Lines of Various capacities across the Country – 82 • Total Annual charges paid – Rs 142604651/ • 75 links were possible to be shifted on VPN • Cost of 75 VPNs of different capacities – Rs- 7,30,00,000/ • Cost of rest 7 leased lines – Rs-50,00,000/ • Total cost – 7,80,00,000/ 30