1 / 14

Network based IP VPN Architecture using Virtual Routers

Network based IP VPN Architecture using Virtual Routers. Jessica Yu CoSine Communications, Inc. Feb. 19 th , 2001. Objectives. Enable Service Provider to provide value added VPN services in a scalable manner Scale to large number of VPN customers w.r.t. Router resources

Download Presentation

Network based IP VPN Architecture using Virtual Routers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19th, 2001

  2. Objectives • Enable Service Provider to provide value added VPN services in a scalable manner • Scale to large number of VPN customers w.r.t. • Router resources • Operation and management • Utilize existing protocols and tools • Provide: • separation of VPNs serviced by the same provider • separation of VPNs and the provider network • security using standard mechanisms

  3. Customer Site(s) Provider’s Network Customer Site(s) P P PE PE CE CE CE CE VR VR CE CE CE CE VR VR CE CE CE CE VR VR P P VPN Without VR P P P P VPN With VR Virtual Router Concept

  4. Virtual Router Definition • A virtual router (VR) is an emulation of a physical router at the software and hardware levels • VRs have independent IP routing and forwarding tables and they are isolated from each other • Two main functions • Constructing routing using any routing technology • Forwarding packets to the next hops within the VPN domain • From the VPN user point of view, a virtual router provides the same functionality as a physical router

  5. VPN-1 Sites VR-1 SPVR VR-2 VPN Built with VRs VPN-1 Sites SP Network VPN-1 Sites VR-1 SPVR VR-2 VPN-2 Sites VPN-2 Sites Connecting multiple VRs to the Provider Network through the use of a single VR “the provider virtual router” - SPVR

  6. VPN Basic Building Blocks • Membership • VRs belong to the same VPN share the same VPN-ID • Tunnel • VR to VR tunnel, a point-to-point link from each VR’s view • Tunnel mechanisms can be IPsec, GRE, IPinIP or MPLS, etc. • Tunnel type • Per VPN tunnel (originate at VR) or • aggregated two level tunnel (originate at SPVR) • Routing • Independent from SP backbone routing • Each VPN can have its own choice of routing protocols

  7. VPN Establishment with VRs • Like all VPN implementation mechanisms, membership information needs to be disseminated • In VR model, membership information can be distributed with the following mechanism • Manual configuration • Directory based mechanism • Utilize routing protocol • BGP Auto-discovery

  8. Inter-domain VPN Support • With VR model, the mechanisms for multiple domain VPN remains the same as single domain VPN • Main requirements • Providers support a common tunnel mechanism • The ability to assign unambiguous VPN identification across the domains

  9. VPN-1 Sites VPN-1 Sites VPN-1 Sites VPN-1 Sites SP Network SP Network SP Network VR-1 VR-1 SPVR SPVR VR-2 VR-2 VPN-2 Sites VPN-2 Sites Inter-domain VPN Support

  10. Extranet Support • Two or more corporate have network access to a limited amount of each other’s corporate data • It’s a matter of control of who can access what data, i.e. a policy decision • VR model supports extranet by allowing two or more VRs connect to each other with policy control for data flow

  11. VR VPN Properties • VPNs built with VRs are overlay model • The Provider routers (P) are VPN unaware – scalable • Routing for each VPN is the same as regular network routing • The choice of the backbone protocols is not constrained by the VPNs and vise versa • No protocol modifications needed • No tool (debugging, management,etc.) modifications needed • Deployment will not impact normal operation of the provider network

  12. Scalability • Only PEs handle VPN type information, other provider routers are VPN unaware • Establishment and reconfigure can use Directory based tool and BGP-auto discovery – no manual configuration is necessarily

  13. Deployment Status • A number of SPs have already deployed VPN implemented with VR model in their network and providing Network Based VPN service

  14. Reference • ftp://ftp.ietf.org/internet-drafts/draft-oluldbrahim-vpn-vr-02.txt

More Related