300 likes | 317 Views
Overview of VPN. Organization A Site 4. Private Networks. Organization B Site 1. Organization A Site 3. Organization A Site 1. Organization B Site 3. Organization B Site 2. Leased Lines. Organization A Site 2. Private Network. Advantages: Leased lines are secured
E N D
Organization A Site 4 Private Networks Organization B Site 1 Organization A Site 3 Organization A Site 1 Organization B Site 3 Organization B Site 2 Leased Lines Organization A Site 2
Private Network • Advantages: • Leased lines are secured • Privacy and QoS Guarnteed • Disadvantages • Leased lines are very expensive • No of links required grows exponentially if full mesh connectivity is required and network expands. • More nos of CPE ports are required • Network complexity increases as network grows. All existing sites requires reconfiguration in case of a new site addition.
Organization A Site 4 Internet Based Private Network Organization B Site 1 Organization A Site 3 Internet Shared Infrastructure Organization A Site 1 Organization B Site 3 Organization B Site 2 Organization A Site 2
Internet Based Private Network • Advantages: • Single physical connectivity at each site. • No reconfiguration required at existing sites in case of addition of new site to the network. • Saving on CPE ports • Huge saving in annual connectivity charges. • Disadvantages: • Highly insecure environment • No guarantee of Privacy and QoS • Any unauthorized traffic can enter in private network
Virtual Private Network • Different solutions are available to make communication over internet safe, secure and it can also ensure desired grade of quality of service. • These solutions are known as VPN solutions. • Different protocols like L2TP, PPTP, IPSec etc are available to provide VPN solutions to customers. • These Protocols take care of data authenticity, data integrity, and if required data confidentiality.
Virtual Private Network Organization A Site 4 Firewalls Organization B Site 1 Organization A Site 3 Internet Organization A Site 1 Organization B Site 3 Organization B Site 2 Organization A Site 2
Deploying VPNs in the 21st Century • Uses IP Infrastructure • May be shared with Internet services • Increasing importance of IP/MPLS (not ATM/FR) • Subscriber requirements • Lower operational expenses • A single network connection for multiple services • Provider requirements • Multiservice infrastructure • Create additional source of revenue Corporate Headquarters Intranet Branch Office Internet Mobile Users and Telecommuters Remote Access Suppliers, Partners and Customers Extranet
Virtual Private Network Categories • VPN can be classified in two categories • Customer Provisioned • VPN Tunnels originate and terminate at customer premises • Provisioning of equipment and allied activities is the responsibility of the customer • Provider may not be aware of the VPN tunneling through his network • Provider Provisioned • VPN Tunnels originate and terminate at the service provider’s edge • Responsibilities of creating and maintaining these tunnels lies with the provider
Secured Tunnels Customer Provisioned VPNs Organization B Site 1 Internet Organization A Site 1 Organization B Site 3 Organization B Site 2
Provider Provisioned VPNs Secured Tunnels Organization B Site 1 Internet Organization A Site 1 Organization B Site 3 Organization B Site 2
MPLS Based VPNs • MPLS Based Layer 3 VPNs • Provider’s router participates incustomer’s layer 3 routing • Provider router manages VPN-specific routing tables, distributes routes to remote sites • CPE routers advertise their routes to the provider • MPLS Based Layer 2 VPNs • Customer maps their layer 3 routing to the circuit mesh • Provider delivers Layer 2 circuits to the customer, one for each remote site • Customer routes are transparent to provider
MPLS Based Layer 3 VPN A VRF is created for each VPN connected to the PE VPN A Site 1 VPN A Site2 CE–A2 VPN B Site2 CE–A1 OSPF Routing PE 2 P P Static Routes VPN B Site 1 CE–B2 VPN A Site 3 PE 1 CE–A3 E-BGP PE 3 CE–B1 P P CE–B3 CE–C1 VPN C Site 1 CE–C2 VPN C Site 2 VPN B Site3
MPLS Based Layer 3 VPNs • Each VRF is populated with: • Routes received from directly connected CE routers associated with the VRF • Routes received from other PE routers with acceptable BGP attributes • Only the VRF associated with a VPN is used for packets from a site of that VPN • Provides isolation between VPNs
MPLS Based Layer 3 VPNs • Customers can use overlapping IP addresses • Customers are free to use any IP address even private IP addresses. • Very little manual configuration. Auto discovery of new sites. No reconfiguration of existing sites in case of new site addition. • Cheaper than leased lines as it works on MPLS based IP infrastructure which is a shared infrastructure. • QoS can be assured as MPLS has the capability to provide differentiated QoS
MPLS Based Layer 3 VPNs • Customers can create intranet as well as extranet with the help of layer 3 VPNs. • Extranet allows the customers to allow business partners, suppliers to access their network. • 100 % secured intranet as well as extranet. • Single physical connectivity at every site resulting in very simple network topology. • Provider participates in customer’s routing process.
MPLS Based Layer 2 VPNs • Provider edge device delivers Layer 2 circuit IDs (DLCI, VPI/VCI, or VLAN ID) to the customer • Customer sees standard FR or ATM PVCs • From my site, one for each reachable site • Provider edge device maps the circuit ID to an MPLS LSP to traverse the provider core • Label stacking could be used to improve scalability • Customer maps their own routing architecture to the circuit mesh • Customer routes are transparent to provider • Separation of administrative responsibility
MPLS Based Layer 2 VPNs A VFT is created for each CE connected to the PE VPN A Site 1 VPN A Site2 CE–A2 VPN B Site2 CE–A1 ATM PE 2 P P ATM FR VPN B Site 1 CE–B2 VPN A Site 3 PE 1 FR CE–A3 ATM PE 3 CE–B1 P P • Each VFT is populated with: • The information provisioned for the local CEs • VPN Connection Tables received from other PEs via BGP or LDP
MPLS Based Layer 2 VPNs • Layer 2 VPN supported Technologies • Frame Relay • ATM • Ethernet • Ethernet VLANs • HDLC • PPP
MPLS Based Layer 2 VPNs • Separation of customer’s and provider’s routing provides extra confidence to customer about security of his network. • Customer can choose any layer 2 connectivity which is supported by layer 2 VPN.
Virtual Private LAN Service VPLS • Different sites of customer’s network can get connected to MPLS network on Ethernet just like they connect with any LAN switch. • With auto discovery of MAC addressed of devices each site can learn about the machines connected with VPLS service. • To customer it appears very much like a ordinary Ethernet connectivity. • To customer MPLS network appears like a huge LAN switch with which its different site are connected just like connected with Ethernet LAN switch.
Virtual Private LAN Service • A private Ethernet network constructed over a ‘shared’ infrastructure which may span several metro areas • Multipoint to Multipoint Ethernet connectivity where the SP network looks like an Ethernet broadcast domain • Compliments Layer 3 2547 and Layer 2 VPNs VPN A Site2 VPN A Site 1 CE–A2 VPN B Site2 CE–A1 P P PE 2 PE 1 CE–B2 VPN B Site 1 VPN A Site 3 P P PE 3 CE–B1 CE–A3
What is Quality of Service Desktop Conferencing, Distance Learning Mission-Critical Applications E-Mail FTP
Role of QoS • Protect mission-critical applications • Voice, ERP, data warehouse, sales force automation • Prioritize groups of users • Finance, sales, suppliers • Enable multimedia applications • Distance learning, desktop video conferencing
Quality of Service (QoS) • MPLS has got very powerful tools like traffic prioritization, traffic scheduling, traffic shaping, traffic policing etc to ensure proper grade of quality of service to customer. • Broadly three grades of services are available at present in MPLS VPN Service • Gold (Guaranteed bandwidth, delivery, Jitter and latency) • Silver (Guaranteed delivery) • Bronze (Best effort)
Sl No. Class of Service Comitted Bandwidth (%) Tariff per Annum (Rs in Lakhs) 64 kbps 128 kbps 256 kbps 512 kbps 1 Mbps 2 Mbps 1. Gold 99 0.77 1.38 2.38 3.69 5.84 12.32 2. Silver 50 0.58 1.04 1.79 2.76 4.38 9.24 3. Bronze 25 0.38 0.69 1.19 1.84 2.92 6.16 Three Classes of Service • Three class of service according to the customers requirement (Gold, Silver & Bronze) • If customer requirement is more than 2 Mbps then tariff will be n x tariff for 2 Mbps.
No of Ports Discount on VPN Port 2 to 5 10 % 6 to 10 12 % 11 to 15 15 % 16 and above 20 % Service Tax & Discount • Service tax @ 10% will be charged w.e.f 10/9/2004 and • Education cess @ 2 % of the service tax will also be levied in addition to service tax
S.N. Distance(kms) 64 Kbps(Rs.) 2 Mbps(Rs.) 8 Mbps(Rs.) 34 Mbps(Rs.) 140 Mbps(Rs.) 1 50 34,319 3,48,642 13,94,568 55,78,272 2,23,13,088 2 100 40,646 5,38,454 21,53,816 86,15,264 3,44,61,056 3 200 54,412 9,51,431 38,05,724 1,52,22,896 6,08,91,584 4 300 68,178 13,64,407 54,57,628 2,18,30,512 8,73,22,048 5 400 81,944 17,77,384 71,09,536 2,84,38,144 11,37,52,576 6 500 95,710 21,90,360 87,61,440 3,50,45,760 14,01,83,040 7 Beyond500 96,000(Fixed) 22,00,000(Fixed) 88,00,000(Fixed) 3,52,00,000(Fixed) 14,08,00,000(Fixed) Tariff for Leased Line Data Circuits
Capacity Coefficient 960 kbps 7.6 768 kbps 6.4 512 kbps 4.8 384 kbps 4.0 320 kbps 3.6 256 kbps 3.1 192 kbps 2.5 128 kbps 1.8 Tariff for 128 kbps to 960 kbps • The tariffs for 128 kbps to 960 kbps is equal to • the tariff for 64 kbps x by the coefficients as below
ICICI Bank Case Study • Total nos of Leased Lines of Various capacities across the Country – 82 • Total Annual charges paid – Rs 142604651/- • 75 links were possible to be shifted on VPN • Cost of 75 VPNs of different capacities – Rs- 7,30,00,000/- • Cost of rest 7 leased lines – Rs-50,00,000/ • Total cost – 7,80,00,000/-