Selecting MPLS VPN Services

Size: px
Start display at page:

Download "Selecting MPLS VPN Services"

Transcription

1 Selecting MPLS VPN Services Chris Lewis Steve Pickavance Contributions by: Monique Morrow John Monaghan Craig Huegen Cisco Press 800 East 96th Street Indianapolis, IN USA

2 ix Contents Introduction xxii Part I Business Analysis and Requirements of IP/MPLS VPN 3 Chapter 1 Assessing Enterprise Legacy WANs and IPA/PN Migration 5 Current State of Enterprise Networks 5 Evolutionary Change of Enterprise Networks 7 Acme, a Global Manufacturer 10 Acme's Global Span 10 Business Desires of Acme's Management 10 Acme's IT Applications Base 10 Acme's IT Communications Infrastructure 11 Acme's Intranet: Backbone WAN 12 Acme's Intranet: Regional WANs 12 New WAN Technologies for Consideration by Acme 13 Layer 3 IP/MPLS VPN Services 13 IP/MPLS VPN Service Topologies and Provisioning 14 IP/MPLS VPN: A Foundation for Network Services 16 IP/MPLS VPN Transparency 16 IP/MPLS VPN Network Management and SLAs 16 Enterprise Vendor Management Approach 17 Extranet Integration in IP/MPLS VPN Networks 18 Layer 2 IP/MPLS VPN Services 18 VPWS 18 VPLS 21 Convergence Services 22 Internet Access 22 Mobile Access and Teleworker Access 22 Voice Services: Service Provider Hosted PSTN Gateway 22 Voice Services: Service Provider Hosted IP Telephony 23 Summary 23 Chapter 2 Assessing Service Provider WAN Offerings 27 Enterprise/Service Provider Relationship and Interface 27 Investigation Required in Selecting a Service Provider 28 Coverage, Access, and IP 28 Financial Strength of the Service Provider 29 Convergence 30

3 X Transparency 31 IP Version 6 35 Provider Cooperation/Tiered Arrangements 38 Enhanced Service-Level Agreement 39 Customer Edge Router Management 40 Service Management 41 Customer Reports and SLA Validation 41 Summary 42 Chapter 3 Analyzing Service Requirements 45 Application/Bandwidth Requirements 45 Backup and Resiliency 51 Enterprise Segmentation Requirements 53 Mapping VLANs to VPNs in the Campus 55 Access Technologies 56 Frame Relay 57 ATM 57 Dedicated Circuit from CE to PE 58 ATM PVC from CE to PE 59 Frame Relay PVC from CE to PE 60 Metro Ethernet 60 QoS Requirements 62 Bandwidth 62 Packet Delay and Jitter 63 Packet Loss 63 Enterprise Loss, Latency, and Jitter Requirements 64 QoS at Layer 2 65 Subscriber Network QoS Design 68 Baseline New Applications 68 Develop the Network 68 Security Requirements 70 Topological and Network Design Considerations 71 SP-Managed VPNs 72 Multiprovider Considerations 73 Extranets 74 Case Study: Analyzing Service Requirements for Acme, Inc. 75 Layer 2 Description 76 Existing Customer Characteristics That Are Required in the New Network 76

4 DefenseCo's Backbone Is a Single Autonomous System 77 Reasons for Migrating to MPLS 77 Evaluation Testing Phase 78 Routing Convergence 79 Jitter and Delay 79 Congestion, QoS, and Load Testing 80 First Scenario 81 Second Scenario 81 Third Scenario 81 Subjective Measures 82 Vendor Knowledge and Technical Performance 83 Evaluation Tools 83 TTCP 84 Lessons Learned 85 Transition and Implementation Concerns and Issues 86 Post-Transition Results 86 Summary 87 References 88 Part II Deployment Guidelines 91 Chapter 4 IP Routing with IP/MPLS VPNs 93 Introduction to Routing for the Enterprise MPLS VPN 93 Implementing Routing Protocols 95 Network Topology 95 Addressing and Route Summarization 96 Route Selection 98 Convergence 99 Network Scalability 99 Memory 100 CPU 100 Security 102 Plaintext Password Authentication 102 MD5 Authentication 102 Site Typifying WAN Access: Impact on Topology 103 Site Type: Topology 104 WAN Connectivity Standards 107 Site Type A Attached Sites: Dual CE and Dual PE 108 Site Type B/3 Dual-Attached Site-Single CE, Dual PE 110 Site Type B/3 Dual-Attached Site-Single CE, Single PE 110 Site Type D Single-Attached Site Single CE with Backup 111 Convergence: Optimized Recovery 112

5 XII IPAddressing 113 Routing Between the Enterprise and the Service Provider 113 Using EIGRP Between the CE and PE 114 How EIGRP MPLS VPN PE-to-CE Works 114 PE Router: Non-EIGRP-Originated Routes 115 PE Router: EIGRP-Originated Internal Routes 116 PE Router: EIGRP-Originated External Routes 116 Multiple VRF Support 117 Extended Communities Defined for EIGRP VPNv4 117 Metrie Propagation 117 Configuring EIGRP for CE-to-PE Operation 118 Using BGP Between the CE and PE 119 Securing CE-PE Peer Sessions 120 Improving BGP Convergence 121 Case Study: BGP and EIGRP Deployment in Acme, Inc. 122 Small Site Single-Homed, No Backup 122 Medium Site Single-Homed with Backup 124 Medium Site Single CE Dual-Homed to a Single PE 126 Large Site-Dual-Homed (Dual CE, Dual PE) 128 Load Sharing Across Multiple Connections 130 Very Large Site/Data Center Dual Service Provider MPLS VPN 131 Site Typifying Site Type A Failures 134 Solutions Assessment 134 Summary 135 References 136 Cisco Press 136 Chapter 5 Implementing Quality of Service 139 Introduction to QoS 139 Building a QoS Policy: Framework Considerations 141 QoS Tool Chest: Understanding the Mechanisms 143 Classes of Service 143 IP ToS 145 Hardware Queuing 146 Software Queuing 146 QoS Mechanisms Defined 146 Pulling It Together: Build the Trust 152 Building the Policy Framework 154 Classification and Marking of Traffic 154 TrustedEdge 154

6 Device Trust 155 Application Trust 155 CoSandDSCP 156 Strategy for Classifying Voice Bearer Traffic 156 QoS on Backup WAN Connections 156 Shaping/Policing Strategy 157 Queuing/Link Efficiency Strategy 158 IP/VPN QoS Strategy 160 Approaches for QoS Transparency Requirements for the Service Provider Network 161 Uniform Mode 162 PipeMode 163 Short-Pipe Mode 163 QoS CoS Requirements for the SP Network 163 WRED Implementations 163 Identification of Traffic 165 What Would Constitute This Real-Time Traffic? 165 QoS Requirements for Voice, Video, and Data 167 QoS Requirements for Voice 167 Sample Calculation 168 QoS Requirements for Video 169 QoS Requirements for Data 170 The LAN Edge: L2 Configurations 171 Classifying Voice on the WAN Edge 174 Classifying Video on the WAN Edge 175 Classifying Data on the WAN Edge 176 Case Study: QoS in the Acme, Inc. Network 179 QoS for Low-Speed Links: 64 kbps to 1024 kbps 180 Slow-Speed (768-kbps) Leased-Line Recommendation: Use MLP LFI and crtp 181 QoS Reporting 181 Summary 182 References 183 Multicast in an MPLS VPN 187 Introduction to Multicast for the Enterprise MPLS VPN 187 Multicast Considerations 188

7 Mechanics of IP Multicast 190 RPF 190 RPF Check 191 Source Trees Versus Shared Trees 191 Protocol-Independent Multicast 192 PIM Dense Mode 192 PIM Sparse Mode 192 Bidirectional PIM (Bidir-PIM) 193 Interdomain Multicast Protocols 194 Multiprotocol Border Gateway Protocol 194 Multicast Source Discovery Protocol 195 Source-Specific Multicast 195 Multicast Addressing 196 Administratively Scoped Addresses 197 Deploying the IP Multicast Service 198 Default PIM Interface Configuration Mode 200 Host Signaling 200 Sourcing 202 Multicast Deployment Models 203 Any-Source Multicast 203 Source-Specific Multicast 204 Enabling SSM 206 Multicast in an MPLS VPN Environment: Transparency 207 Multicast Routing Inside the VPN 208 Case Study: Implementing Multicast over MPLS for Acme 210 Multicast Addressing 210 Multicast Address Management 212 Predeployment Considerations 212 MVPN Configuration Needs on the CE 213 BoundaryACL 214 Positioning of Multicast Boundaries 215 Configuration to Apply a Boundary Access List 216 RateLimiting 218 Rate-Limiting Configuration 219 MVPN Deployment Plan 219 Preproduction User Test Sequence 220 What Happens When There Is No MVPN Support? 224 Other Considerations and Challenges 225 Summary 226 References 227

8 Enterprise Security in an MPLS VPN Environment 229 Setting the Playing Field 230 Comparing MPLS VPN Security to Frame Relay Networks 234 Security Concerns Specific to MPLS VPNs 236 Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks 244 History of IP Network Attacks 244 Strong Password Protection 245 Preparing for an Attack 245 Identifying an Attack 246 Initial Precautions 247 Receiving ACLs 247 Infrastructure ACLs 248 Basic Attack Mitigation 250 Basic Security Techniques 253 Remote-Triggered Black-Hole Filtering 253 Loose urpf for Source-Based Filtering 255 Strict urpf and Source Address Validation 256 Sinkholes and Anycast Sinkholes 258 Backscatter Traceback 259 Cisco Guard 262 Distributed DoS, Botnets, and Worms 263 Anatomy of a DDoS Attack 264 Botnets 266 Worm Mitigation 268 Case Study Selections 270 Summary 270 References 271 Comparing MPLS VPN to Frame Relay Security 271 ACL Information 271 Miscellaneous Security Tools 271 Cisco Reference for MPLS Technology and Operation 271 Cisco Reference for Cisco Express Forwarding 272 Public Online ISP Security Bootcamp 272 Tutorials, Workshops, and Bootcamps 272 Original Backscatter Traceback and Customer-Triggered Remote-Triggered Black-Hole Techniques 272

9 xvi Source for Good Papers on Internet Technologies and Security 272 Security Work Definitions 272 NANOG SP Security Seminars and Talks 272 Birds of a Feather and General Security Discussion Sessions at NANOG 274 Chapter 8 MPLS VPN Network Management 277 The Enterprise: Evaluating Service Provider Management Capabilities 279 Provisioning 279 SLA Monitoring 280 Fault Management 281 Handling Reported Faults 281 Passive Fault Management 282 Reporting 288 Root Cause Analysis 289 The Enterprise: Managing the VPN 289 Planning 290 Ordering 291 Provisioning 291 CE Provisioning 292 CE Management Access 293 Acceptance Testing 297 Monitoring 298 Optimization 299 The Service Provider: How to Meet and Exceed Customer Expectations 300 Provisioning 300 Zero-Touch Deployment 300 PE Configuration 302 Fault Monitoring 302 MPLS-Related MIBs 302 Resource Monitoring 304 OAM and Troubleshooting 306 Proactive Monitoring in Detail 306 Performance Problems 319 Fault Management 320 Proactive Fault Management 320 Reactive Fault Management 326 SLA Monitoring 327 Accuracy 327 Probe Metrie Support 328 QoS Support 329 Specialized Voice Probes 330 Threshold Breach Notification 330

10 XVII Reporting 331 Summary 332 References 333 Chapter 9 Off-Net Access to the VPN 335 Remote Access 335 Dial Access via RAS 336 RAS Configuration 338 Dial Access via L2TP 339 L2TP Components 340 L2TP Call Procedure 340 Connecting L2TP Solutions to VRFs 341 DSL Considerations 345 Cable Considerations 347 IPsec Access 347 GRE + IPsec on the CPE 350 Designing for GRE Resiliency 352 Configuring GRE Resiliency 353 CE-to-CE IPsec 354 DMVPN Overview 355 mgre for Tunneling 356 NHRP for Address Resolution 357 Routing Protocol Concerns 358 IPsec Profiles for Data Protection 359 Summary of DMVPN Operation 361 The Impact of Transporting Multiservice Traffic over IPsec 362 Split Tunneling in IPsec 365 Supporting Internet Access in IP VPNs 366 Case Study Selections 369 Summary 370 References 371 Genera] PPP Information 371 Configuring Dial-In Ports 371 L2TP 371 Layer 2 Tunnel Protocol Fact Sheet 371 Layer 2 Tunnel Protocol 371 VPDN Configuration Guide 371 VPDN Configuration and Troubleshooting 371 Security Configuration Guide 371 RADIUS Configuration Guide 372

11 XVIII Broadband Aggregation to MPLS VPN 372 Remote Access to MPLS VPN 372 Network-Based IPsec VPN Solutions 372 IPsec 372 GRE + IPsec 372 DMVPN 372 Split Tunneling 373 Prefragmentation 373 ChapteMO Migration Strategies 375 Network Planning 375 Writing the RFP 375 Architecture and Design Planning with the Service Providers 379 Project Management 381 SLAs with the Service Providers 381 Network Operations Training 385 Implementation Planning 388 Phase Phase Phase Phase On-Site Implementation 390 Case Study Selections 392 Summary 392 Part IM Appendix 395 Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability 397 Coverage and Topology 398 Customer Edge Router Management 398 Network Access, Resiliency, and Load Balancing 399 QoS Capability 400 Multicast Capability 402 Routing Protocol Capability 403 SLA Measurement and Monitoring Capability 404 SLA Details 404 Security 405 Software Deployment Processes 406

12 XIX Index 413 Inter-Provider IP/VPN 406 IPv6 406 MTU Considerations 407 Hosting Capability 407 IP Telephony PSTN Integration 408 IP Telephony Hosted Call Agent 408 Remote and Dial Access 409 Internet Access 410 Other Network Services 410

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling Release: 1 ICTTEN6172A Design and configure an IP-MPLS network with virtual private network tunnelling Modification

More information

End-to-End QoS Network Design

End-to-End QoS Network Design End-to-End QoS Network Design Tim Szigeti, CCIE No. 9794, and Christina Hattingh Cisco Press Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA Table of Contents Introduction xxii Part I Introduction

More information

November 2013. Defining the Value of MPLS VPNs

November 2013. Defining the Value of MPLS VPNs November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do

More information

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Product Overview Cisco Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software-based security solution for building scalable

More information

Sprint Global MPLS VPN IP Whitepaper

Sprint Global MPLS VPN IP Whitepaper Sprint Global MPLS VPN IP Whitepaper Sprint Product Marketing and Product Development January 2006 Revision 7.0 1.0 MPLS VPN Marketplace Demand for MPLS (Multiprotocol Label Switching) VPNs (standardized

More information

Managed Services: Taking Advantage of Managed Services in the High-End Enterprise

Managed Services: Taking Advantage of Managed Services in the High-End Enterprise Managed Services: Taking Advantage of Managed Services in the High-End Enterprise What You Will Learn This document explores the challenges and solutions for high-end enterprises using managed services.

More information

Colt IP VPN Services. 2010 Colt Technology Services Group Limited. All rights reserved.

Colt IP VPN Services. 2010 Colt Technology Services Group Limited. All rights reserved. Colt IP VPN Services 2010 Colt Technology Services Group Limited. All rights reserved. Agenda An introduction to IP VPN Colt IP VPN Hybrid Networking Workforce Mobility Summary 2 Drivers behind IP VPN

More information

Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led

Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led Course Description Implementing Cisco Quality of Service (QOS) v2.5 provides learners with in-depth knowledge of QoS requirements,

More information

Virtual Private Networks. Juha Heinänen jh@song.fi Song Networks

Virtual Private Networks. Juha Heinänen jh@song.fi Song Networks Virtual Private Networks Juha Heinänen jh@song.fi Song Networks What is an IP VPN? an emulation of private (wide area) network facility using provider IP facilities provides permanent connectivity between

More information

Private IP Overview. Feature Description Benefit to the Customer

Private IP Overview. Feature Description Benefit to the Customer Private IP Overview Private IP is a network-based virtual private network (VPN) enabling customers to effectively communicate over a secure network. It also provides the foundation for automating business

More information

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0 COURSE OVERVIEW Implementing Secure Converged Wide Area Networks (ISCW) v1.0 is an advanced instructor-led course that introduces techniques and features that enable or enhance WAN and remote access solutions.

More information

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Essential Curriculum Computer Networking II Cisco Discovery 3: Introducing Routing and Switching in the Enterprise 157.8 hours teaching time Chapter 1 Networking in the Enterprise-------------------------------------------------

More information

1.1. Abstract. 1.2. VPN Overview

1.1. Abstract. 1.2. VPN Overview 1.1. Abstract Traditionally organizations have designed their VPN networks using layer 2 WANs that provide emulated leased lines. In the last years a great variety of VPN technologies has appeared, making

More information

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb MP PLS VPN MPLS VPN Prepared by Eng. Hussein M. Harb Agenda MP PLS VPN Why VPN VPN Definition VPN Categories VPN Implementations VPN Models MPLS VPN Types L3 MPLS VPN L2 MPLS VPN Why VPN? VPNs were developed

More information

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE) IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE) COURSE OVERVIEW: Implementing Cisco IP Routing (ROUTE) v2.0 is an instructor-led five day training course developed to help students prepare for Cisco CCNP _

More information

Designing and Developing Scalable IP Networks

Designing and Developing Scalable IP Networks Designing and Developing Scalable IP Networks Guy Davies Telindus, UK John Wiley & Sons, Ltd Contents List of Figures List of Tables About the Author Acknowledgements Abbreviations Introduction xi xiii

More information

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track** Course: Duration: Price: $ 3,695.00 Learning Credits: 37 Certification: Implementing Cisco Service Provider Next-Generation Edge Network Services Implementing Cisco Service Provider Next-Generation Edge

More information

CCNP ROUTE 642-902. Official Certification Guide. Wendell Odom, CCIE No. 1624. Cisco Press. Indianapolis, IN 46240. 800 East 96th Street

CCNP ROUTE 642-902. Official Certification Guide. Wendell Odom, CCIE No. 1624. Cisco Press. Indianapolis, IN 46240. 800 East 96th Street CCNP ROUTE 642-902 Official Certification Guide Wendell Odom, CCIE No. 1624 Cisco Press 800 East 96th Street Indianapolis, IN 46240 IX Contents Foreword xxiv Introduction xxv Part I Perspectives on Network

More information

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles. Data Networking and Architecture The course focuses on theoretical principles and practical implementation of selected Data Networking protocols and standards. Physical network architecture is described

More information

"Charting the Course... ... to Your Success!" QOS - Implementing Cisco Quality of Service 2.5 Course Summary

Charting the Course... ... to Your Success! QOS - Implementing Cisco Quality of Service 2.5 Course Summary Course Summary Description Implementing Cisco Quality of Service (QOS) v2.5 provides learners with in-depth knowledge of QoS requirements, conceptual models such as best effort, IntServ, and DiffServ,

More information

Course Contents CCNP (CISco certified network professional)

Course Contents CCNP (CISco certified network professional) Course Contents CCNP (CISco certified network professional) CCNP Route (642-902) EIGRP Chapter: EIGRP Overview and Neighbor Relationships EIGRP Neighborships Neighborship over WANs EIGRP Topology, Routes,

More information

Addressing Inter Provider Connections With MPLS-ICI

Addressing Inter Provider Connections With MPLS-ICI Addressing Inter Provider Connections With MPLS-ICI Introduction Why migrate to packet switched MPLS? The migration away from traditional multiple packet overlay networks towards a converged packet-switched

More information

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs. Virtual Private LAN Service (VPLS) A WAN that thinks it s a LAN. VPLS is a high security, low latency means to connect sites or services either point-to-point or as a mesh. We use Virtual Private LAN Service

More information

VPN taxonomy. János Mohácsi NIIF/HUNGARNET tf-ngn meeting April 2005

VPN taxonomy. János Mohácsi NIIF/HUNGARNET tf-ngn meeting April 2005 VPN taxonomy János Mohácsi NIIF/HUNGARNET tf-ngn meeting April 2005 VPNs Definition: the capability of both private and public networks to support a communication infrastructure connecting geographically

More information

Cisco Which VPN Solution is Right for You?

Cisco Which VPN Solution is Right for You? Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2

More information

Simwood Carrier Ethernet

Simwood Carrier Ethernet Simwood Carrier Ethernet Simwood Carrier Ethernet is a high security, low latency means to connect sites or services either point-to-point or as a mesh. We use a number of technologies on top of our own

More information

IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS)

IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS) IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS) COURSE OVERVIEW: Implementing Cisco Quality of Service (QOS) v2.5 provides learners with in-depth knowledge of QoS requirements, conceptual models such

More information

Top-Down Network Design

Top-Down Network Design Top-Down Network Design Third Edition Priscilla Oppenheimer Cisco Press 800 East 96th Street Indianapolis, IN 46240 vi Тор-Down Network Design Contents at a Glance Introduction xxii Part I Identifying

More information

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) reserved. Lesson 2.4: Calculating Bandwidth Requirements for VoIP reserved. Objectives Describe factors influencing encapsulation overhead and bandwidth requirements

More information

Cisco Catalyst 3750 Metro Series Switches

Cisco Catalyst 3750 Metro Series Switches Cisco Catalyst 3750 Metro Series Switches Product Overview Q. What are Cisco Catalyst 3750 Metro Series Switches? A. The Cisco Catalyst 3750 Metro Series is a new line of premier, customer-located switches

More information

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

IP/MPLS-Based VPNs Layer-3 vs. Layer-2 Table of Contents 1. Objective... 3 2. Target Audience... 3 3. Pre-Requisites... 3 4. Introduction...3 5. MPLS Layer-3 VPNs... 4 6. MPLS Layer-2 VPNs... 7 6.1. Point-to-Point Connectivity... 8 6.2. Multi-Point

More information

MPLS L3 VPN Supporting VoIP, Multicast, and Inter-Provider Solutions

MPLS L3 VPN Supporting VoIP, Multicast, and Inter-Provider Solutions MPLS L3 VPN Supporting VoIP, Multicast, and Inter-Provider Solutions Luyuan Fang ATT MPLSCon 2005, NYC The world s networking company SM Outline Overview of the L3 VPN deployment VoIP over MPLS VPN MPLS

More information

CARRIER MPLS VPN September 2014

CARRIER MPLS VPN September 2014 CARRIER MPLS VPN September 2014 SERVICE OVERVIEW The International MPLS IP-VPN service provides a full range of VPN connectivity solutions, including: Carrier MPLS IP VPN: dedicated to operators looking

More information

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks April 2014 www.liveaction.com Contents 1. Introduction... 1 2. WAN Networks... 2 3. Using LiveAction

More information

Multi Protocol Label Switching (MPLS) is a core networking technology that

Multi Protocol Label Switching (MPLS) is a core networking technology that MPLS and MPLS VPNs: Basics for Beginners Christopher Brandon Johnson Abstract Multi Protocol Label Switching (MPLS) is a core networking technology that operates essentially in between Layers 2 and 3 of

More information

WHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January 2008. Introduction...

WHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January 2008. Introduction... Introduction WHITE PAPER Addressing Inter Provider Connections with MPLS-ICI The migration away from traditional multiple packet overlay networks towards a converged packet-switched MPLS system is now

More information

MPLS in Private Networks Is It a Good Idea?

MPLS in Private Networks Is It a Good Idea? MPLS in Private Networks Is It a Good Idea? Jim Metzler Vice President Ashton, Metzler & Associates March 2005 Introduction The wide area network (WAN) brings indisputable value to organizations of all

More information

Interconnecting Cisco Networking Devices Part 2

Interconnecting Cisco Networking Devices Part 2 Interconnecting Cisco Networking Devices Part 2 Course Number: ICND2 Length: 5 Day(s) Certification Exam This course will help you prepare for the following exam: 640 816: ICND2 Course Overview This course

More information

MPLS L2VPN (VLL) Technology White Paper

MPLS L2VPN (VLL) Technology White Paper MPLS L2VPN (VLL) Technology White Paper Issue 1.0 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any

More information

State of Texas. TEX-AN Next Generation. NNI Plan

State of Texas. TEX-AN Next Generation. NNI Plan State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...

More information

MPLS VPN Security BRKSEC-2145

MPLS VPN Security BRKSEC-2145 MPLS VPN Security BRKSEC-2145 Session Objective Learn how to secure networks which run MPLS VPNs. 100% network focus! Securing routers & the whole network against DoS and abuse Not discussed: Security

More information

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Multiprotocol Label Switching Layer 3 Virtual Private Networks with Open ShortestPath First protocol PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Abstract This paper aims at implementing

More information

MPLS/IP VPN Services Market Update, 2014. United States

MPLS/IP VPN Services Market Update, 2014. United States MPLS/IP VPN Services Market Update, 2014 United States August 2014 Contents Section Slide Numbers Executive Summary 4 Market Overview & Definitions 8 Drivers & Restraints 14 Market Trends & Revenue Forecasts

More information

MPLS and IPSec A Misunderstood Relationship

MPLS and IPSec A Misunderstood Relationship # 129 TECHNOLOGY WHITE PAPER Page: 1 of 5 MPLS and IPSec A Misunderstood Relationship Jon Ranger, Riverstone Networks ABSTRACT A large quantity of misinformation and misunderstanding exists about the place

More information

MPLS VPN Security Best Practice Guidelines

MPLS VPN Security Best Practice Guidelines Security Best Practice Guidelines con 2006 May 24 2006 Monique Morrow and Michael Behringer Distinguished Consulting Engineer and Distinguished Systems Engineer Cisco Systems, Inc. mmorrow@cisco.com mbehring@cisco.com

More information

MITEL. NetSolutions. Flat Rate MPLS VPN

MITEL. NetSolutions. Flat Rate MPLS VPN MITEL NetSolutions Flat Rate MPLS VPN A Comprehensive, Intelligent Network-based Solution Businesses today demand an ever-evolving list of requirements of their networks. From connecting branch locations

More information

WHY CHOOSE COX BUSINESS FOR YOUR COMPANY S NETWORK SERVICE NEEDS?

WHY CHOOSE COX BUSINESS FOR YOUR COMPANY S NETWORK SERVICE NEEDS? WHY CHOOSE COX BUSINESS FOR YOUR COMPANY S NETWORK SERVICE NEEDS? This document provides an overview of the Cox Business portfolio of business networking services and explains why customers should consider

More information

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net MPLS Layer 3 and Layer 2 VPNs over an IP only Core Rahul Aggarwal Juniper Networks rahul@juniper.net Agenda MPLS VPN services and transport technology Motivation for MPLS VPN services over an IP only core

More information

Demonstrating the high performance and feature richness of the compact MX Series

Demonstrating the high performance and feature richness of the compact MX Series WHITE PAPER Midrange MX Series 3D Universal Edge Routers Evaluation Report Demonstrating the high performance and feature richness of the compact MX Series Copyright 2011, Juniper Networks, Inc. 1 Table

More information

Blue 102. IP Service Architecture Futures. Geoff Huston May 2000

Blue 102. IP Service Architecture Futures. Geoff Huston May 2000 Blue 102 IP Service Architecture Futures Geoff Huston May 2000 Next Wave IP Services Service Requirements Connectivity service for customer-operated routers Service payload is IP packet High peak carriage

More information

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R F l e x i b l e N e t w o r k - B a s e d, E n t e r p r i s e - C l a s s I P

More information

NETWORK TO NETWORK INTERFACE PLAN

NETWORK TO NETWORK INTERFACE PLAN AT&T will provide interconnect points at both the Network Security Operations Center (NSOC) and the Sam Houston Building (SHB), the prescribed DIR locations via AT&T s VPN (AVPN) service. The standards-based

More information

ICTTEN4215A Install and configure internet protocol TV in a service provider network

ICTTEN4215A Install and configure internet protocol TV in a service provider network ICTTEN4215A Install and configure internet protocol TV in a service provider network Release: 1 ICTTEN4215A Install and configure internet protocol TV in a service provider network Modification History

More information

Virtual Private LAN Service (VPLS)

Virtual Private LAN Service (VPLS) Virtual Private LAN Service (VPLS) Walking through Wan history, from the early days Leased lines Customers subscribe to dedicated point-to-point links Cost prohibitive for customers Started in the 1980

More information

The Essential Guide to Deploying MPLS for Enterprise Networks

The Essential Guide to Deploying MPLS for Enterprise Networks White Paper The Essential Guide to Deploying MPLS for Enterprise Networks Daniel Backman Systems Engineer Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale,

More information

WAN Traffic Management with PowerLink Pro100

WAN Traffic Management with PowerLink Pro100 Whitepaper WAN Traffic Management with PowerLink Pro100 Overview In today s Internet marketplace, optimizing online presence is crucial for business success. Wan/ISP link failover and traffic management

More information

Campus LAN at NKN Member Institutions

Campus LAN at NKN Member Institutions Campus LAN at NKN Member Institutions RS MANI rsm@nkn.in 1/7/2015 3 rd Annual workshop 1 Efficient utilization Come from: Good Campus LAN Speed Segregation of LANs QoS Resilient Access Controls ( L2 and

More information

Versatile Routing and Services with BGP. Understanding and Implementing BGP in SR-OS

Versatile Routing and Services with BGP. Understanding and Implementing BGP in SR-OS Brochure More information from http://www.researchandmarkets.com/reports/2720838/ Versatile Routing and Services with BGP. Understanding and Implementing BGP in SR-OS Description: Design a robust BGP control

More information

1.264 Lecture 37. Telecom: Enterprise networks, VPN

1.264 Lecture 37. Telecom: Enterprise networks, VPN 1.264 Lecture 37 Telecom: Enterprise networks, VPN 1 Enterprise networks Connections within enterprise External connections Remote offices Employees Customers Business partners, supply chain partners Patients

More information

APPLICATION NOTE. Benefits of MPLS in the Enterprise Network

APPLICATION NOTE. Benefits of MPLS in the Enterprise Network APPLICATION NOTE Benefits of MPLS in the Enterprise Network Abstract As enterprises evolve to keep pace with the ever-changing business climate, enterprises networking needs are becoming more dynamic.

More information

Junos MPLS and VPNs (JMV)

Junos MPLS and VPNs (JMV) Junos MPLS and VPNs (JMV) Course No: EDU-JUN-JMV Length: Five days Onsite Price: $32500 for up to 12 students Public Enrollment Price: $3500/student Course Level JMV is an advanced-level course. Prerequisites

More information

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6) Cisco Certified Network Associate Exam Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and

More information

Rolling Out New SSL VPN Service

Rolling Out New SSL VPN Service Rolling Out New SSL VPN Service Introduction Typically, service providers offer infrastructure services, such as site-to-site connectivity and data center hosting. In addition to this, they are always

More information

SEC-370. 2001, Cisco Systems, Inc. All rights reserved.

SEC-370. 2001, Cisco Systems, Inc. All rights reserved. SEC-370 2001, Cisco Systems, Inc. All rights reserved. 1 Understanding MPLS/VPN Security Issues SEC-370 Michael Behringer SEC-370 2003, Cisco Systems, Inc. All rights reserved. 3

More information

Cisco Certified Network Professional - Routing & Switching

Cisco Certified Network Professional - Routing & Switching Cisco Certified Network Professional - Routing & Switching Information Course Price 5,265 No. Vouchers: Course Code 0 Vouchers CCNP-RS No. Courses: 3 1/9 Implementing Cisco IP Routing Information Length:

More information

Table of Contents. Cisco Configuring a Basic MPLS VPN

Table of Contents. Cisco Configuring a Basic MPLS VPN Table of Contents Configuring a Basic MPLS VPN...1 Introduction...1 Prerequisites...1 Requirements...1 Components Used...2 Related Products...2 Conventions...2 Configure...3 Network Diagram...3 Configuration

More information

IPv6 Migration Challenges for Large Service Providers

IPv6 Migration Challenges for Large Service Providers IPv6 Migration Challenges for Large Service Providers Aruna P General manager Network Operation Agenda Airtel Overview Drivers of IPV6 Migration challenges Design Considerations Deployment plan Airtel

More information

The term Virtual Private Networks comes with a simple three-letter acronym VPN

The term Virtual Private Networks comes with a simple three-letter acronym VPN Application Brief Nortel Networks Virtual Private Networking solutions for service providers Service providers addressing the market for Virtual Private Networking (VPN) need solutions that effectively

More information

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service Nowdays, most network engineers/specialists consider MPLS (MultiProtocol Label Switching) one of the most promising transport technologies. Then, what is MPLS? Multi Protocol Label Switching (MPLS) is

More information

INTRODUCTION TO L2VPNS

INTRODUCTION TO L2VPNS INTRODUCTION TO L2VPNS 4 Introduction to Layer 2 and Layer 3 VPN Services CE Layer 3 VPN Link Comprised of IP Traffic Passed Over IP Backbone LEGEND Layer 3 VPN Layer 2 VPN CE CE PE IP Backbone PE CE Layer

More information

Description: To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

Description: To participate in the hands-on labs in this class, you need to bring a laptop computer with the following: Course: Implementing Cisco Quality of Service Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,395.00 Learning Credits: 34 Description: Implementing Cisco Quality of Service (QOS) v2.5 provides

More information

MPLS Implementation MPLS VPN

MPLS Implementation MPLS VPN MPLS Implementation MPLS VPN Describing MPLS VPN Technology Objectives Describe VPN implementation models. Compare and contrast VPN overlay VPN models. Describe the benefits and disadvantages of the overlay

More information

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more

More information

MPLS-Enabled Network Infrastructures

MPLS-Enabled Network Infrastructures T E C H N O L O G Y W H I T E P A P E R MPLS-Enabled Network Infrastructures Delivering Reliable Enterprise VPN Services Enterprise and government CIOs will testify that lowering information technology

More information

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor 642-902 Route: Implementing Cisco IP Routing Course Introduction Course Introduction Module 01 - Planning Routing Services Lesson: Assessing Complex Enterprise Network Requirements Cisco Enterprise Architectures

More information

s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ] s@lm@n Cisco Exam 400-201 CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ] Cisco 400-201 : Practice Test Question No : 1 Which two frame types are correct when configuring T3 interfaces?

More information

IP Telephony Deployment Models

IP Telephony Deployment Models CHAPTER 2 Sections in this chapter address the following topics: Single Site, page 2-1 Multisite Implementation with Distributed Call Processing, page 2-3 Design Considerations for Section 508 Conformance,

More information

IPv6 Fundamentals, Design, and Deployment

IPv6 Fundamentals, Design, and Deployment IPv6 Fundamentals, Design, and Deployment Course IP6FD v3.0; 5 Days, Instructor-led Course Description The IPv6 Fundamentals, Design, and Deployment (IP6FD) v3.0 course is an instructor-led course that

More information

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre The feature overcomes the requirement that a carrier support multiprotocol label switching (MPLS) by allowing you to provide MPLS connectivity between networks that are connected by IP-only networks. This

More information

Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led

Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led Course Description The Interconnecting Cisco Networking Devices, Part 2 (ICND2) v2.0 course provides entry-level

More information

Delivering Dedicated Internet Access (DIA) and IP Services with Converged L2 and L3 Access Device

Delivering Dedicated Internet Access (DIA) and IP Services with Converged L2 and L3 Access Device Delivering Dedicated Internet Access (DIA) and IP Services with Converged L2 and L3 Access Device THE NEED Communications Service providers (CSPs) have been transitioning from legacy SONET/SDH to IP and

More information

Broadband Network Architecture

Broadband Network Architecture Broadband Network Architecture Jan Martijn Metselaar May 24, 2012 Winitu Consulting Klipperaak 2d 2411 ND Bodegraven The Netherlands slide Broadband Services! Dual play, Triple play, Multi play! But what

More information

Cisco IP Solution Center MPLS VPN Management 5.0

Cisco IP Solution Center MPLS VPN Management 5.0 Cisco IP Solution Center MPLS VPN Management 5.0 As part of the Cisco IP Solution Center (ISC) family of intelligent network management applications, the Cisco ISC MPLS VPN Management application reduces

More information

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Christina Hattingh Darryl Sladden ATM Zakaria Swapan Cisco Press 800 East 96th Street Indianapolis, IN 46240 SIP Trunking Contents Introduction xix Part I: From TDM Trunking to SIP Trunking

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

Regaining MPLS VPN WAN Visibility with Route Analytics. Seeing through the MPLS VPN Cloud

Regaining MPLS VPN WAN Visibility with Route Analytics. Seeing through the MPLS VPN Cloud Regaining MPLS VPN WAN Visibility with Route Analytics Seeing through the MPLS VPN Cloud Executive Summary Increasing numbers of enterprises are outsourcing their backbone WAN connectivity to MPLS VPN

More information

Managed Services The. The Road to Revenue. Pravin Mahajan pmahajan@cisco.com. Session Number Presentation_ID

Managed Services The. The Road to Revenue. Pravin Mahajan pmahajan@cisco.com. Session Number Presentation_ID Managed Services The The Road to Revenue Pravin Mahajan pmahajan@cisco.com Session Number 1 Agenda Managed Services Introduction Solution Offerings Market to Services Mapping Summary 2 High Business Interest

More information

EVALUATING NETWORKING TECHNOLOGIES

EVALUATING NETWORKING TECHNOLOGIES WHITE PAPER EVALUATING NETWORKING TECHNOLOGIES CONTENTS EXECUTIVE SUMMARY 01 NETWORKS HAVE CHANGED 02 Origin of VPNS Next-generation VPNS TODAY S CHOICES 04 Layer 3 VPNS Layer 2 VPNS MAKING YOUR DECISION

More information

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0

AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0 Course Outline AMPLS - Advanced Implementing and Troubleshooting MPLS VPN Networks v4.0 Module 1: MPLS Features Lesson 1: Describing Basic MPLS Concepts Provide an overview of MPLS forwarding, features,

More information

MPLS Exchange Platform

MPLS Exchange Platform An for Telecommunications Carriers 1270 Broadway, Suite 1105, New York, NY 10010 +1 (646) 254-6800 s Acme Level 3 Emca XO eenni Option A or B Acme Verizon MEP Fabric Emca AT&T Acme PCCW can provide MPLS

More information

What Is a Virtual Private Network?

What Is a Virtual Private Network? C H A P T E R 1 What Is a Virtual Private Network? A virtual private network (VPN) allows the provisioning of private network services for an organization or organizations over a public or shared infrastructure

More information

Professional Profile Company Experience & Biography SixNet Consulting Group .SixNetConsulting

Professional Profile Company Experience & Biography SixNet Consulting Group .SixNetConsulting Professional Profile Company Experience & Biography SixNet Consulting Group SixNet Consulting Group, LLC Michel Thomatis, CCIE #6778 March 12, 2007 Overview 10 Years of Networking & System Experience Cisco

More information

Optimizing Converged Cisco Networks (ONT)

Optimizing Converged Cisco Networks (ONT) Optimizing Converged Cisco Networks (ONT) Module 2: Cisco VoIP Implementations (Deploy) Calculating Bandwidth Requirements for VoIP Objectives Describe factors influencing encapsulation overhead and bandwidth

More information

200-101: Interconnecting Cisco Networking Devices Part 2 v2.0 (ICND2)

200-101: Interconnecting Cisco Networking Devices Part 2 v2.0 (ICND2) 200-101: Interconnecting Cisco Networking Devices Part 2 v2.0 (ICND2) Course Overview This course provides students with the knowledge and skills to successfully install, operate, and troubleshoot a small

More information

MPLS VPNs: Layer 2 or Layer 3? Understanding the Choice

MPLS VPNs: Layer 2 or Layer 3? Understanding the Choice #128 TECHNOLOGY WHITE PAPER Page: 1 of 6 MPLS VPNs: Layer 2 or Layer 3? Understanding the Choice Tim Wu, Riverstone Networks ABSTRACT Since there s been data networking, there s been a debate between switched

More information

VPLS Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-10-30

VPLS Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date 2012-10-30 Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of

More information

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper 2006-20011 EarthLink Business Page 1 EXECUTIVE SUMMARY Multiprotocol Label Switching (MPLS), once the sole domain of major corporations

More information

IWAN Security for Remote Site Direct Internet Access and Guest Wireless

IWAN Security for Remote Site Direct Internet Access and Guest Wireless IWAN Security for Remote Site Direct Internet Access and Guest Wireless Technology Design Guide (ISR4K) March 2015 Table of Contents Preface...1 CVD Navigator...2 Use Cases... 2 Scope... 2 Proficiency...

More information