Hierarchical VPNs, Neighbor Discovery and Broadcast Links in Virtual Router Approach
description
Transcript of Hierarchical VPNs, Neighbor Discovery and Broadcast Links in Virtual Router Approach
26 April 2001 ©2001, Lucent Technologies
Hierarchical VPNs, Neighbor Discovery and Broadcast Links in Virtual Router Approach
Karthik MuthukrishnanSenior Consulting Engineer
Thomas WalshPrincipal Network Consultant
Lucent Technologies
26 April 2001 2© 2001, Lucent Technologies
IP VPN Motivation
Realization of multiple private, geographically dispersed IP Networks (transparent and secure private IP interconnection) over a shared provider infrastructure
26 April 2001 3© 2001, Lucent Technologies
Shared IP Network
IP MPLS VPNs Emulate a Private Network Over a Shared IP Network
Branch/RegionalOffices
CorporateHeadquarters
Customers,Suppliers
RemoteWorkers
Internet
• Layer 3 - Any to Any connectivity• Security, reliability, performance, management• No manual configuration of PVCs or tunnels
IP VPNsMotivation
26 April 2001 4© 2001, Lucent Technologies
VNP 20000
VNP 10
VNP 10000
VNP 10
VNP 100
VNP10
VNP 1000
VNP 10
VNP 10
VNP 100
VNP 20000
VNP 10
VNP 20000
VNP 100
Multiple IP VPNs
Logical VPN View
HQ
LABoston
Customer AVPN
HQ
LADallas
Customer BVPN
Physical Topology ViewCustomer B
HeadquartersCustomer B
Dallas Branch
CE Router
Customer A Boston Branch
Customer A LA Branch
CE Router
Customer AHeadquarters
CE Router
CE Router
Customer B LA Branch
CE Router
CE Router
PE PE
PEPE
P P
26 April 2001 5© 2001, Lucent Technologies
IP VPN Features
• Private Addressing• Intranet• Extranet• Privacy• Multiple sites• Traffic engineering• IP enabled services
(including voice)
26 April 2001 6© 2001, Lucent Technologies
What are Virtual Routers?• Each Virtual Router (VR) is a cross sectional slice of
the hardware and software resources.• Each VR is NOT a separate operating system“task”• Resides only at edge of SP network• Logically equivalent to a physical router (filters,
interfaces, routing ports, access lists, configuration, management, monitoring,)
• VRs and physical routers in a VPN represent a private routing domain with defined points of connection to the rest of the world
• VRs discover each other in the same way physical routers discover each other over a LAN
• Use standard link level multicast• No need for an additional membership discovery scheme
26 April 2001 7© 2001, Lucent Technologies
Hierarchical VPNs [Carrier’s carrier]
26 April 2001 8© 2001, Lucent Technologies
Berlin Office Green Foods
Boston Office Green Foods
IP VPN - Green Foods
Paris Office Green Foods
RemoteWorkers
PSTN/Cable/DSL/Wireless
Omni Present Provider
26 April 2001 9© 2001, Lucent Technologies
Internet
IP VPN - Red Foods
Omni Present Provider
London Office
Red Foods
Paris Office
Red FoodsPSTN/DSL/Cable/Wireless
26 April 2001 10© 2001, Lucent Technologies
Problem Statement
• Omni present provider rarely present..• Regional providers provide last mile
service• National/International carriers provide
global connectivity• Need bridge to connect regional and
global carriers
26 April 2001 11© 2001, Lucent Technologies
Hierarchical VPNs - Business Model
Boston Provider
Boston Office Green Foods
International Provider
Paris Provider
Berlin Provider
Paris Office Green Foods
Berlin Office Green Foods
London Provider
London Office
Red Foods
Paris Office
Red Foods
26 April 2001 12© 2001, Lucent Technologies
Hierarchical VPNs - Network Model
Boston Provider
Boston Office Green Foods
International Provider
Paris Provider
Berlin Provider
Paris Office Green Foods
Berlin Office Green Foods
London Provider
London Office
Red Foods
Paris Office
Red Foods
VR
VR
VR
VR
VR VR
VR
VR
VRVR
VR
VR
VR
VRVR
VR
VR
VR
26 April 2001 13© 2001, Lucent Technologies
Multi-Level Hierarchical VPNs
Level 1 VPNs Level 1 VPNsLevel 0 VPN
VPN A
VPN X
VPN Z
VPN Y
VPN X
VPN Y
VPN Z
Data within a Level 1 VPN is transported transparently across the Level 0 VPN
Hierarchies can be extended to more than two Levels
26 April 2001 14© 2001, Lucent Technologies
Hierarchical VPNs
Boston Provider
Boston Office Green Foods
International Provider
Paris Provider
Berlin Provider
Paris Office Green Foods
Berlin Office Green Foods
London Provider
London Office
Red Foods
Paris Office
Red Foods
VR
VR
VR
VR
VR VR
VR
VR
VRVR
VR
VR
VR
VR
VR
VR
VR
VR
26 April 2001 15© 2001, Lucent Technologies
VPN LSP Tunnels
VR
VR
VR
VR
VRInter VR link
Purple VPN’s LSP Tunnel Inter VR link
Inter VR link
26 April 2001 16© 2001, Lucent Technologies
Inter VR Links
VR
VR
VR
Inter VR link
Inter VR link
VR
VR
VR
Level 1 VPN
Level 2 VPN
Level 2 VPN
26 April 2001 17© 2001, Lucent Technologies
Inter VR Links
• Supports hierarchical relationship• Level 1 .. Level 2 .. Level N VPNs
• Supports peering relationship• Internet connectivity• Inter VPN [controlled] connectivity
– Controlled by standard routing policies at both ends
26 April 2001 18© 2001, Lucent Technologies
Neighbor Discovery via Broadcast Links
26 April 2001 19© 2001, Lucent Technologies
Service Provider’sNetwork
Switch-C internal Backbone address =150.202.79.12
Switch-A Backbone address =150.202.78.12
Switch-B Backbone address =150.202.77.2
Inter VR Broadcast LinkIP Interface(150.1.1.2)
IP Interface(150.1.1.3)
IP Interface(150.1.1.1)
Neighbor Discovery
Customer A HQ (Chicago)
VR-A
VR-B
Customer A Branch (Boston)
Parts DB165.1.1.1
Customer A’sVendor
VR-C
185.1.1.1
26 April 2001 20© 2001, Lucent Technologies
For more information
• Muthukrishnan, K. et al, “A Core MPLS IP VPN Architecture”, RFC-2917, September 2000
• Muthukrishnan, K. et al, “A Core MPLS IP VPN Architecture”, <draft-muthukrishnan-rfc2917bis-00.txt>, work in progress in IETF
• Kathirvelu, C. et al, “A Core MPLS IP VPN Link Broadcast and Virtual Router Discovery”, <draft-kathirvelu-corevpn-disc-00.txt>, work in progress in IETF
• Kathirvelu, C. et al, “Hierarchical VPN over MPLS Transport”, <draft-kathirvelu-hiervpn-corevpn-00.txt>, work in progress in IETF
• Draft ITU-T Recommendation Y.1311.1, Network Based IP VPN over MPLS Architecture
26 April 2001 21© 2001, Lucent Technologies
Thank you!Karthik [email protected]
Thomas [email protected]