ip vpn management - knom · network based ip vpn layer 3 vpn ... • pe-ce can be e-bgp, ospf, rip...
TRANSCRIPT
![Page 1: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/1.jpg)
IP VPN Management
Samsung Electronics Telecom R&D Center
Yongseok Park
![Page 2: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/2.jpg)
Taxonomy
Data ServicePrivate LineFrame RelayATMInternet Access
Dial-up, Broadband, Private line, ATM, Frame relay, EthernetManaged or Do-it-yourself
IP VPNNetwork basedPremise based
IPSec basedRemote AccessSite to Site
SSL based
![Page 3: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/3.jpg)
Network based IP VPN
Layer 3 VPNBGP/MPLS based (rfc2547)Virtual Router basedIPSec VPN
Layer 2 VPNVPLS (Virtual Private LAN Service)VPWS (Virtual Private Wire Service)IPLS (IP-only LAN-like Service)
Functional subset of VPLS
![Page 4: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/4.jpg)
BGP/MPLS VPN
RFC2547 basedTwo-level Label Stacking
Outer label for tunnelingSignaled by LDP or RSVP-TE
Inner label for VPN identificationMP-iBGP (PE to PE)
CE (Customer Edge) router to PE (provider Edge) router
Static, rip, ospf, isis, eBGPPE router
VRF (VPN Routing and Forwarding) table per VPN
![Page 5: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/5.jpg)
VPLS
![Page 6: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/6.jpg)
MPLS VPN Comparison
![Page 7: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/7.jpg)
Deployment Scenarios – AT&T case
![Page 8: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/8.jpg)
Configuration:• IGP (e.g. OSPF, or IS-IS) routing in the core• MPLS (e.g. LDP) enabled for all P and PE routers• MP-iBGP fully meshed between PE’s• VPN configured on VPN PE’s• PE-CE can be e-BGP, OSPF, RIP or Static
• Setting up LSP through LDP, LSP path = IGP path - Simplicity• Requires LDP interoperability; VPN/LDP inter-working• No control on LSP, label failure on IGP path can cause VPN failure
Case Study 1: VPN (PE) + LDP (P,PE)
VPN A
VPN A
VPN B
VPN AVPN B
VPN
LDPVPN
LDPVPN
LDPVPN
P1
P2
P3
P4
P5
LSP - Label Switched Path
PHP LDP
PHP: Penultimate Hop Popping
<L. Fang, AT&T>
![Page 9: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/9.jpg)
• Requires RSVP TE tunnel, potentially across multi-OSPF areas• Requires RSVP TE interoperability; VPN / TE inter-working• End-to-end LSP control - better failure protection, fast re-route may be used
VPN A
VPN A
VPN B
VPN AVPN B
VPNP1
P2
P3
P4
P5
TEVPN TE
VPNTEVPN
OSPF area 0OSPF area 1 OSPF area 2
Configuration:• Using RSVP TE Tunnel (PE-PE) to set up the LSP• Set up back-up tunnel for failure protection• IGP, BGP, VPN, and PE-CE link configuration as in Case 1
Case Study 2: VPN (PE) + RSVP TE (PE-PE)
PHP TE
<L. Fang, AT&T>
![Page 10: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/10.jpg)
Configuration:• LDP enabled on all routers, except P4 and P5• RSVP TE Tunnels used only in OSPF area 0 (P1-P3-P5), with back-up tunnel (P1-P2-P4-P5)
• Requires RSVP TE interoperability • Requires VPN/LDP inter-working, LDP/TE inter-working• Provides feasible solutions when cases 1 and 2 cannot be realized
Case Study 3: VPN + LDP + RSVP TE Tunnel
VPN A
VPN A
VPN B
VPN AVPN B
VPNP1
P2
P3
P4
P5
OSPF area 0OSPF area 1 OSPF area 2
LDPVPN
LDPVPN
TELDPVPN
P3PHP LDP
PHP TE
<L. Fang, AT&T>
![Page 11: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/11.jpg)
ISP A backbone provides VPN services to ISP B• Case 1. ISP B may not run MPLS in its network • Case 2. ISP B may run MPLS (LDP) in its network • Case 3. ISP B may run MPLS VPN in its network - Hierarchical VPN’s
ISP B - Site Y
ISP B’s Customers
PE2
ISP A Carrier Backbone
ISP B - Site X
ISP B’s CustomersCE2
CE1 PE1
ASBR1, RR ASBR2, RR
iBGP
MP- iBGP
LDP
VPN B
VPN B
VPN A
VPN B
LDPVPN A
VPN B
LDPVPN A
VPN B
LDP
VPN B
LDPVPN A
VPN B
LDP
VPN B
Carrier’s Carrier VPN Case 3
Carrier’s Carrier VPN
<L. Fang, AT&T>
![Page 12: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/12.jpg)
Inter-Providers Backbone VPN
Customers have sites connected to different AS’s or ISP’sPE-ASBR’s connect the two AS’s
E-BGP sessions for VPN-IPv4single VPN label, no LDP labelno VRF assigned, based on policy agreed by the two ISP’s (AS’s)
Route reflectors reflect VPN-IPv4 internal routes within its ASSecurity, scalability, policies between ISP’s
PE-ASBR1 PE-ASBR2
AS B
CE1 CE2
PE1
PE2
RR-A RR-B
LDP
VPN B VPN B
LDPVPN A LDP
VPN A
VPN AB
AS A
MP- eBGP
MP- iBGPMP- iBGP
<L. Fang, AT&T>
![Page 13: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/13.jpg)
Framework for PPVPN Operations and Management
![Page 14: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/14.jpg)
PE-based Management
Customer Manager Customer Agent
Provider Network Manager
PE Device CE Device
Customer Interface
Service Management
Network Management
Element Management
![Page 15: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/15.jpg)
CE-based Management
Customer Manager Customer Agent
Provider Network Manager
PE Device CE Device
Customer Interface
Service Management
Network Management
Element Management
![Page 16: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/16.jpg)
Customer Manager/Agent
DefinitionProvides customer-specific topology, operational state, order status, etc.
Customer AgentMake dynamic requests for changes to service parameters
![Page 17: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/17.jpg)
Customer management information model
SLA/SLS contentPer access connection, VPN, site, etcService Level Objects
QoS and traffic parametersAvailability for the site, VPN, and access connectionDuration of outage per site, route, or VPNTrouble report response timeTime to repairTotal traffic offered to the site, route, or VPNMeasure of non-conforming traffic for the site, route, or VPN
![Page 18: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/18.jpg)
Customer Management Functions
Fault managementIndication of customer’s service impacted by failureIncident recording or logs
Configuration ManagementService templates for customer’s configuration
ExamplesIPSec tunnel setup
Tunnel end points, authentication modes, encryption and authentication algorithms, pre-shared keys, traffic filters
BGP/MPLS VPN service: sitesQoS agreement
Throughput, delay, jitter, packet loss
![Page 19: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/19.jpg)
Customer Management Functions
AccountingRetrieval of accounting information from Provider Network ManagerAnalysis, storage, and administration of measurements
Performance managementProvide measurements w.r.t. SLSSupport analysis of measurementsCapacity Planning for Customer VPN
![Page 20: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/20.jpg)
Customer Management Functions
Security managementManagement access controlAuthentication
PE to PECE to PE
![Page 21: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/21.jpg)
Provider Network Manager
DefinitionProvides customer-specific topology, operational state, order status, etc.Provides underlying logical and physical topology, operational state, provisioning ststus, etc associated with network
![Page 22: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/22.jpg)
Network Management Functions
Fault ManagementFault detection (reports, alarms, failure visualization)Fault localization (analysis of alarms, diagnostics)Corrective actions (traffic, routing, resource allocation)
![Page 23: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/23.jpg)
Network Management FunctionsConfiguration management
PE-based VPNIntranet/extranet membership, CE routingTunnels between PE and P devicesRouting protocols running between PE routers, and between PE and P routersConfiguration of Layer 1 and 2 networks
CE-based VPNTunnels between CE devicesRouting protocols between PE and CE devices
RoutingNetwork accessSecurity serviceVPN resource parametersValue-added service accessHybrid VPN services
![Page 24: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/24.jpg)
Network Management Functions
Accounting ManagementMeasurement of resource utilization
Performance ManagementMonitoring and collecting performance data regarding devices, facilities, and servicesThreshold crossing alerts (TCA)Capacity Planning for Service Provider
Security ManagementManagement features to guarantee security of customer data and control
![Page 25: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/25.jpg)
Standard MIBs/PIBs
Standard MIBs for routing protocols[IPSEC-PIB] draft-ietf-ipsp-ipsecpib-04[Diffsev MIB] RFC3289[Diffserv QoS PIB] RFC3317[MIB-2547] draft-ietf-ppvpn-mpls-vpn-mib-04[PIB-2547] draft-yacine-ppvpn-2547bis-pib-02
![Page 26: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/26.jpg)
MPLS-VPN-MIB
mplsVpnVrfTablemplsVPNInterfaceConfTable mplsVPNPerfTable mplsVpnVrfRouteTable MplsVpnRouteTargetTable
![Page 27: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/27.jpg)
Communication Protocols
SNMPCOPS-PRLDAPNetconf XML
![Page 28: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/28.jpg)
Tools
CiscoIP Solution Center MPLS VPN module
VRFPE-CE routingMulticast VPNAuto-discovery of MPLS VPN serviceRole-based access controlAutomatic Resource allocationInter-AS supportL2 access to MPLS VPNCORBA and XML interface
![Page 29: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/29.jpg)
Tools
MetasolvOrchestream Service Activator
BGP/MPLS VPNCisco, Juniper, AlcatelAutomated VRF tableiBGP peering iBGP PE’sStatic, rip, ospf, eBGP peering between PE and CE
VPLSRiverstone
![Page 30: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/30.jpg)
Tools
TrendiumServicePATH
Management of Application Service (VoIP)Management of CE-CE ServiceManagement of MPLS tunnelsInterface and device statisticsProbesQoS policies
![Page 31: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/31.jpg)
Tools
HP OpenViewNNM smart plug-in for MPLS VPN
PE interface impact on VPN informationPE-CE link managementDiscovery of interface to VRF and VPN relationshipsCore MPLS VPN network availabilityCisco SAA test configuration utility
![Page 32: IP VPN Management - KNOM · Network based IP VPN Layer 3 VPN ... • PE-CE can be e-BGP, OSPF, RIP or Static ... Case Study 3: VPN + LDP + RSVP TE Tunnel VPN A VPN A](https://reader030.vdocuments.mx/reader030/viewer/2022020316/5b5c828e7f8b9ac8618c6666/html5/thumbnails/32.jpg)
Conclusions
BGP/MPLS Service has many components to manageEfficient Operations Architecture is key to rapid deployment of profit generationHighly integrated solution is wanted
OSSNMSDevice