How To Build A Virtual Rivate Network
|
|
- Robert Cole
- 3 years ago
- Views:
Transcription
1 rovider based Virtual rivate Networks An introduction and an MLS case Lecture slides for S Mika Ilvesmäki The idea is to create a private network via tunneling and/or encryption over the public Internet. Sure, it s a lot cheaper than using your own frame-relay connections, but it works about as well as sticking cotton in your ears in Times Square and pretending nobody else is around. - Wired Magzine on VNs in February Lecturer s note: If, in the final exam, asked about VNs, do not use the above definition. lease! Networking laboratory Contents VN terminology VNs on I layer addressing, routing, security Engineering VNs with Controlled route leaking Tunnels MLS What is a VN? Virtual network resources used are part of a common shared resource rivate privacy of addressing and routing topological isolation security (authentication, encryption, integrity) of the data (seemingly) dedicated use of network resources temporal isolation Network devices that communicate through some arbitrary method 1
2 Virtual rivate Networks A VN is a private network constructed within a public network infrastructure, such as the global internet Equipment and facilities used to build the VN are also in other s use->virtual and addressing is separate from all other networks and data is secured -> private VNs require that the flow of routing data is constrained to constrain the flow of user data Connect geographically dispersed sites -> network VN rivate network where privacy is introduced with some method of virtualization Between two organizations, end-systems within single organization or multiple organizations or applications Across the global Internet Intersite connectivity types Ranging from full-mesh (n(n-1)/2 connections) to hub and spoke type of connectivity reliability problems! Hub Spoke Spoke Why VNs? Omnipresent coverage Cost reduction no separate private networks Security E-Commerce especially B2B Corporate Intranet Intranet ublic Internet Dial-up Access rivate lines Extranet Access 2
3 VN technologies Data Integrity and Confidentiality Controlled route leaking manually or with BG communities (RFC 2858) Tunneling GRE, IinI or MinI VDNs Tunneling -traffic with L2T or T thru dial-up connections Layer 2 VNs with dedicated ATM or FR connections VNs with MLS (and BG in RFC 2547) VNs and routing Virtual private networks require special actions from standard I routing Controlled route leaking (route filtering), NAT manual management, scalability problems, address space mgmnt VNs can also be constructed on layer 2 restricted use of ATM or FR virtual connections x x management problems transferred to layer x x Route Filter to x deny all permit /3/4/5.x x x x x x Addressing rivate address space defined in RFC 1918 (BC) Addresses may be used freely within enterprise networks (10/8 prefix) (172.16/12 prefix) ( /16 prefix) ISs will reject packets with above addresses Need for NAT or application layer gateways for Internet communications Notes on route filtering Route filtering is the most basic way of constructing VNs not recommendable rivacy through obscurity Security means ISs managing customer edges or inserting address filters Requires common routing core VN addresses may not overlap within the routing core 3
4 BG issues RFC 2858 Multiprotocol extensions for BG-4 Network Layer Reachability Identifier RFC 1997 BG communities attribute Mark the NLRI with a community attribute routes within VN can be marked with a single community instead of keeping up with individual routes Tunneling Configure tunnels across the network Customer edge routers will act as tunnel exit points Allows for multiple use of VN/I addresses in different VNs Manual configuration without use of routing protocols Requires connectivity to all customer premises (VN members) n(n-1)/2 connections -> no management scalability x x x x x x x x x Notes on tunneling Allows for overlapping in VN addresses Multiprotocol capable Manual configuration of tunnels Low tolerance on network topology changes Concerns on QoS issues CE routers (tunnel exit points) have to managed by the IS VN management issues Management of traditional VNs is manual Tunnels are setup manually information is manually configured Complexity of VN management results from the integration of I route lookup and forwarding decisions 4
5 MLS for VNs with BG Meeting the (MLS) objective for flexibility in new service introduction MLS separates the route lookup and forwarding somewhere in between layers 2 and 3. MLS basics covered in S Virtual rivate Network Tunnel via core network virtual backbones Separate VN address spaces Advertising of VN networks either by a routing protocol (RFC 2547 BG/MLS VNs) or label distribution protocol Requirements for MLS/VNs Use of VN/I addresses Constrained distribution of routing information BG, LD Multiple forwarding tables Naturally for traffic inside the VN outside the VN At IS edge VN addresses may conflict for traffic between VNs This is where MLS kicks in! Note on BG mechanisms Globally non-unique addresses dealt with VN-I addresses and Route Distinguisher no constraint on connectivity Constrain the distribution of routing info dealt with BG (extended) community - field Constrained distribution of routing information 1. info from customer site (CE) to provider edge (OSF) 2. Export routing info to provider BG (CE->E) Attach BG (extended) community attribute constrained distribution of BG info 3. Distribute with other VN/Es using BG 4. Extract routing info on other Es (opposite to 2.) Route filtering based on BG community attribute 5. info from E to CE (OSF) C 1 E 1 C 2 E 1 E1 E 2 C 1 E 2 C 2 E 3 C 1 E 3 C 2 E 2 C 2 E 4 5
6 Constrained distribution of routing information - notes Distribution of BG info is handled by the IS no involvement from the customer CE maintains routing peering with only the nearest E To add a new site to an existing VN only the connecting E needs to be configured E only maintains routes for the directly connected VNs Multiple Forwarding s To allow per-vn segregation otherwise packets could be traveling from one VN to another OR alternatively careful management of address would be needed C 1 E 1 C 2 E 1 VN C 1 FT -forwarding table VN C 2 FT -another forwarding table E1 E 2 C 1 E 2 C 2 E 3 C 1 E 3 C 2 E 2 C 2 E 4 VN-I addresses BG assumes that I addresses are unique not valid when using private address space (RFC 1918) I address + Route Distinguisher RD=Type+AS number+assigned number AS number = IS AS number Assigned number = VN identifier given byis VN-I addresses are unique Use of VN-I addresses is done only in IS network no customer involvement, conversion done at E VN-I addresses are carried only in routing protocol messages, not in I headers not used for packet forwarding MLS as a forwarding mechanism Bind MLS labels to VN-I addresses at E IS with 200 routers (E and ) with VNs with 100 routes per VN = 10000*100 routes in each router Use two levels of labels (label stacks) 1st level label is from E to E (labels distributed with LD etc.) 2nd level label is from egress E forward (distributed with BG/VN-I routes) IS -routers maintain only200 routes C 1 E 1 C 2 E 1 C 2 E 2 VN label X E1 IG label to E 2 MLS cloud E 2 C 2 E 4 C 1 E 2 C 2 E 3 C 1 E 3 6
7 2-level MLS label stack Bottom label E receives a packet from CE If the packet should be forwarded to the backbone, a label is attached to reach the egress E Top label E starts to send the packet to the backbone E looks into the IG routing table to find the next hop () towards E and assigns a label to this information acket is the carried through the backbone ( routers) and routers are unaware of the VNs Isec, I Security Architecture IETF I Security Working Group Several commercial implementations Authentication header (AH) provides for access control, message integrity, authentication and anti-replay Encapsulated Security ayload (ES) provides for AH services + confidentiality Key Exchange rotocol ISAKM + Oakley/SKEME ISEC tunneling methods Encrypting of the I Datagram (IinI) I gateway address ES Original, but encrypted TC/I preventing traffic analysis Encryption of transport layer data Original I address AH ES Original, but encrypted TC securing the contents of a connection QoS in VNs Manual link provisioning dedicated connection oriented layer 2 links guarantee performance Internet is not connection oriented layer 2 CE or E routers set the DSC-byte traffic classification? Alternative routes Quality of Service in the Internet dealt with in S
8 VNs with or without ISs VNs realized with IS Strategic partnership with IS IS may manage the CE devices Centralized management, outsourced VN mgmnt VNs realized on your own Restricted knowledge on network outside the company Need for VN specialists Flexibility E-1 alveluntarjoajan runkoverkko E-2 Interface Serial0: VN A VN A Target Next Hop Label - VN A VN B Global BG / OSF / RI Update, NH= E-1 E-2 BG / OSF / RI Update, NH= E-1 E-2 alveluntarjoajan runkoverkko alveluntarjoajan runkoverkko 8
9 Global RT: VN-A In-label Next Hop Label 69 VN A O VN A VN C Global E-1 E-2 E-1 E-2 alveluntarjoajan runkoverkko VN-v4 update: RD:1:27:, Next-hop=E-1 SOO=J:kylä, RT=VN-A, Label=(69) VN A Target Next Hop Label E-1 69 E-1 E-2 E-1 E-2 BG / OSF / RI Update, NH=E-2 VN-v4 update: RD:1:27:, Next-hop=E-1 SOO=J:kylä, RT=VN-A, Label=(69) VN-v4 update: RD:1:27:, Next-hop=E-1 SOO=J:kylä, RT=VN-A, Label=(69) 9
10 Interface Serial0.1: VN A VN A Target Next Hop Label E-1 69 VN A VN C Global E-1 E-2 E-1 E-2 69 Global Dest Out-int Label E-1 Serial2 27 In-int/label Out-int Label Serial0/27 Serial1 O E-1 E-2 E-1 E
11 Global In-int/label Next Hop Label In-int/label Out-int Label Serial2/69 VN A O Serial0/27 Serial1 O E-1 E-2 E-1 E VN A Target Next Hop Label - E-1 E-2 E-1 E-2 Ville Helenius,
12 Final words VNs are an existing solution due to the need of Intranets VNs may connect anything from two end devices to two networks with tunnels, routing, MLS and naturally with leased lines Use of VNs adds network management load either in the company or within the IS 12
APNIC elearning: Introduction to MPLS
2/5/5 ANIC elearning: Introduction to MLS 3 MAY 25 3: M AEST Brisbane (UTC+) Issue Date: Revision: Introduction resenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security DNS/DNSSEC
More informationKeep it Simple with BGP/MPLS Virtual Private Networks
White aper Keep it Simple with BG/MLS Virtual rivate Networks Joël Repiquet May 2002 www.lambdanet.net info@lambdanet.fr Contents 1. Introduction... 3 2. VN Models... 4 2.1. Overlay vs. eer VNs... 4 2.2.
More informationThis work is licensed under a Creative Commons License http://creativecommons.org/licenses/by-sa/2.0/. The updated versions of the slides may be
This work is licensed under a Creative Commons License http://creativecommons.org/licenses/by-sa/2.0/. The updated versions of the slides may be found on http:// totem.info.ucl.ac.be/ BG Outline Organization
More informationIntroduction to MPLS-based VPNs
Introduction to MPLS-based VPNs Ferit Yegenoglu, Ph.D. ISOCORE ferit@isocore.com Outline Introduction BGP/MPLS VPNs Network Architecture Overview Main Features of BGP/MPLS VPNs Required Protocol Extensions
More informationRFC 2547bis: BGP/MPLS VPN Fundamentals
White Paper RFC 2547bis: BGP/MPLS VPN Fundamentals Chuck Semeria Marketing Engineer Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2001 or 888 JUNIPER www.juniper.net
More informationAn ADTRAN White Paper. Private IP Service BGP/MPLS VPN Networks
An ADTRAN White aper rivate I Service BG/MLS VN Networks rivate I Service BG/MLS VN Networks U ntil the advent of business communications over the Internet, a clear distinction between private and public
More informationISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2
1 ISTANBUL 1.1 MPLS overview 1 1.1.1 Principle Use of a ATM core network 2 Overlay Network One Virtual Circuit per communication No routing protocol Scalability problem 2 1.1.1 Principle Weakness of overlay
More informationBGP Configuration Guide
Configuration Guide 5991-3730 August 2005 BG Configuration Guide Configuring BG for Access to rivate I Services (BG/MLS VN Networks) This Configuration Guide provides an overview of rivate I Services (BG/MLS
More informationMPLS VPN Security. Intelligent Information Network. Klaudia Bakšová Systems Engineer, Cisco Systems kbaksova@cisco.com
Intelligent Information Network MLS VN Security Klaudia Bakšová Systems Engineer, Cisco Systems kbaksova@cisco.com Agenda Analysis of MLS/VN Security Inter-AS VNs rovider Edge DoS possibility Secure MLS
More informationIPv6 over MPLS. Course Number Presentation_ID. Patrick Grossetete Cisco Systems Cisco IOS IPv6 Product Manager pgrosset@cisco.com
I over MLS Course Number resentation_id 2001, Cisco Systems, Inc. All rights reserved. atrick Grossetete Cisco Systems Cisco IOS I roduct Manager pgrosset@cisco.com 1 Agenda I Migration Approaches enabled
More informationMPLS Implementation MPLS VPN
MPLS Implementation MPLS VPN Describing MPLS VPN Technology Objectives Describe VPN implementation models. Compare and contrast VPN overlay VPN models. Describe the benefits and disadvantages of the overlay
More informationMPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service
Nowdays, most network engineers/specialists consider MPLS (MultiProtocol Label Switching) one of the most promising transport technologies. Then, what is MPLS? Multi Protocol Label Switching (MPLS) is
More informationHow Routers Forward Packets
Autumn 2010 philip.heimer@hh.se MULTIPROTOCOL LABEL SWITCHING (MPLS) AND MPLS VPNS How Routers Forward Packets Process switching Hardly ever used today Router lookinginside the packet, at the ipaddress,
More informationIP/MPLS-Based VPNs Layer-3 vs. Layer-2
Table of Contents 1. Objective... 3 2. Target Audience... 3 3. Pre-Requisites... 3 4. Introduction...3 5. MPLS Layer-3 VPNs... 4 6. MPLS Layer-2 VPNs... 7 6.1. Point-to-Point Connectivity... 8 6.2. Multi-Point
More informationWhite Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001
The leading edge in networking information White Paper Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM March 30, 2001 Abstract: The purpose of this white paper is to present discussion
More informationNetwork Working Group Request for Comments: 2547. March 1999
Network Working Group Request for Comments: 2547 Category: Informational E. Rosen Y. Rekhter Cisco Systems, Inc. March 1999 BGP/MPLS VPNs Status of this Memo This memo provides information for the Internet
More informationMPLS Concepts. Overview. Objectives
MPLS Concepts Overview This module explains the features of Multi-protocol Label Switching (MPLS) compared to traditional ATM and hop-by-hop IP routing. MPLS concepts and terminology as well as MPLS label
More informationPRASAD ATHUKURI Sreekavitha engineering info technology,kammam
Multiprotocol Label Switching Layer 3 Virtual Private Networks with Open ShortestPath First protocol PRASAD ATHUKURI Sreekavitha engineering info technology,kammam Abstract This paper aims at implementing
More informationHughesNet and MPLS. This white paper addresses how it is possible to seamlessly integrate MPLS and HughesNet.
HughesNet and MLS This white paper addresses how it is possible to seamlessly integrate MLS and HughesNet. The first sections contain a basic introduction to MLS and the required scenarios in which the
More informationIntroduction to Carrier Ethernet VPNs: Understanding the Alternatives
WHITE AR Introduction to Carrier Ethernet VNs: Understanding the Alternatives Copyright 2009, Juniper Networks, Inc. WHITE AR - Introduction to Carrier Ethernet VNs: Understanding the Alternatives Table
More information6th WSEAS International Conference on CIRCUITS, SYSTEMS, ELECTRONICS,CONTROL & SIGNAL PROCESSING, Cairo, Egypt, Dec 29-31, 2007 527
6th WSEAS International Conference on CIRCUITS, SYSTEMS, ELECTRONICS,CONTROL & SIGNAL ROCESSING, Cairo, Egypt, Dec 29-31, 2007 527 Using policy-based MLS management architecture to Improve QoS on I Network
More informationCisco Which VPN Solution is Right for You?
Table of Contents Which VPN Solution is Right for You?...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1 Components Used...1 NAT...2 Generic Routing Encapsulation Tunneling...2
More informationMP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb
MP PLS VPN MPLS VPN Prepared by Eng. Hussein M. Harb Agenda MP PLS VPN Why VPN VPN Definition VPN Categories VPN Implementations VPN Models MPLS VPN Types L3 MPLS VPN L2 MPLS VPN Why VPN? VPNs were developed
More informationQuidway MPLS VPN Solution for Financial Networks
Quidway MPLS VPN Solution for Financial Networks Using a uniform computer network to provide various value-added services is a new trend of the application systems of large banks. Transplanting traditional
More informationIntroducing Basic MPLS Concepts
Module 1-1 Introducing Basic MPLS Concepts 2004 Cisco Systems, Inc. All rights reserved. 1-1 Drawbacks of Traditional IP Routing Routing protocols are used to distribute Layer 3 routing information. Forwarding
More informationCS419: Computer Networks. Lecture 9: Mar 30, 2005 VPNs
: Computer Networks Lecture 9: Mar 30, 2005 VPNs VPN Taxonomy VPN Client Network Provider-based Customer-based Provider-based Customer-based Compulsory Voluntary L2 L3 Secure Non-secure ATM Frame Relay
More informationRA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. E-mail: Kapil.Kumar@relianceinfo.com
RA-MPLS VPN Services Kapil Kumar Network Planning & Engineering Data E-mail: Kapil.Kumar@relianceinfo.com Agenda Introduction Why RA MPLS VPNs? Overview of RA MPLS VPNs Architecture for RA MPLS VPNs Typical
More information5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network
5.0 Network Architecture 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network 1 5.1The Internet Worldwide connectivity ISPs connect private and business users Private: mostly dial-up connections Business:
More informationIPv6 over IPv4/MPLS Networks: The 6PE approach
IPv6 over IPv4/MPLS Networks: The 6PE approach Athanassios Liakopoulos Network Operation & Support Manager (aliako@grnet.gr) Greek Research & Technology Network (GRNET) III Global IPv6 Summit Moscow, 25
More informationFor internal circulation of BSNLonly
E3-E4 E4 E&WS Overview of MPLS-VPN Overview Traditional Router-Based Networks Virtual Private Networks VPN Terminology MPLS VPN Architecture MPLS VPN Routing MPLS VPN Label Propagation Traditional Router-Based
More informationPart The VPN Overview
VPN1 6/9/03 6:00 PM Page 1 Part 1 The VPN Overview VPN1 6/9/03 6:00 PM Page 2 VPN1 6/9/03 6:00 PM Page 3 Chapter 1 VPN-in-Brief 1.1 VPN Overview This is the information age. We no longer have to commute
More informationA Review Paper on MPLS VPN Architecture
32 A Review Paper on MPLS VPN Architecture Tejender Singh Rawat 1, Manoj Kumar Pandey 2, *Upendra Kumar 3 1, 2, 3 - Assistant Professor, ECE Department, ASET, Amity University Haryana Abstract A Virtual
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Chair for
More informationBuilding VPNs. Nam-Kee Tan. With IPSec and MPLS. McGraw-Hill CCIE #4307 S&
Building VPNs With IPSec and MPLS Nam-Kee Tan CCIE #4307 S& -.jr."..- i McGraw-Hill New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto
More informationBuilding MPLS VPNs with QoS Routing Capability i
Building MPLS VPNs with QoS Routing Capability i Peng Zhang, Raimo Kantola Laboratory of Telecommunication Technology, Helsinki University of Technology Otakaari 5A, Espoo, FIN-02015, Finland Tel: +358
More informationMPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs
A Silicon Valley Insider MPLS VPN Services PW, VPLS and BGP MPLS/IP VPNs Technology White Paper Serge-Paul Carrasco Abstract Organizations have been demanding virtual private networks (VPNs) instead of
More informationHow To Make A Network Secure
1 2 3 4 -Lower yellow line is graduate student enrollment -Red line is undergradate enrollment -Green line is total enrollment -2008 numbers are projected to be near 20,000 (on-campus) not including distance
More informationWAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr. 2006 Cisco Systems, Inc. All rights reserved.
MPLS WAN Topologies 1 Multiprotocol Label Switching (MPLS) IETF standard, RFC3031 Basic idea was to combine IP routing protocols with a forwarding algoritm based on a header with fixed length label instead
More informationMPLS Cloud. White Paper. MPLS Cloud. ZettaNet Pty Ltd Call 1300 139 550 sales@zetta.net.au support@zetta.net.au
White aper MLS Cloud ZettaNet ty Ltd Call 1300 139 550 sales@zetta.net.au support@zetta.net.au Contents 1 OVERVIEW... 3 1.1 HOW MLS WORKS...3 1.2 AVAILABLE ENDOINT TECHNOLOGIES...3 2 NTRALNET MLS... 4
More informationSEC-370. 2001, Cisco Systems, Inc. All rights reserved.
SEC-370 2001, Cisco Systems, Inc. All rights reserved. 1 Understanding MPLS/VPN Security Issues SEC-370 Michael Behringer SEC-370 2003, Cisco Systems, Inc. All rights reserved. 3
More informationMPLS L2VPN (VLL) Technology White Paper
MPLS L2VPN (VLL) Technology White Paper Issue 1.0 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any
More informationMPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN
MPLS VPN Peer to Peer VPN s Agenda MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) CE-PE OSPF Routing CE-PE Static Routing CE-PE RIP Routing
More informationMPLS is the enabling technology for the New Broadband (IP) Public Network
From the MPLS Forum Multi-Protocol Switching (MPLS) An Overview Mario BALI Turin Polytechnic Mario.Baldi@polito.it www.polito.it/~baldi MPLS is the enabling technology for the New Broadband (IP) Public
More information- Multiprotocol Label Switching -
1 - Multiprotocol Label Switching - Multiprotocol Label Switching Multiprotocol Label Switching (MPLS) is a Layer-2 switching technology. MPLS-enabled routers apply numerical labels to packets, and can
More informationOverlay Networks and Tunneling Reading: 4.5, 9.4
Overlay Networks and Tunneling Reading: 4.5, 9.4 COS 461: Computer Networks Spring 2009 (MW 1:30 2:50 in COS 105) Mike Freedman Teaching Assistants: WyaN Lloyd and Jeff Terrace hnp://www.cs.princeton.edu/courses/archive/spring09/cos461/
More informationIntroduction Inter-AS L3VPN
Introduction Inter-AS L3VPN 1 Extending VPN services over Inter-AS networks VPN Sites attached to different MPLS VPN Service Providers How do you distribute and share VPN routes between ASs Back- to- Back
More informationSDN CONTROLLER. Emil Gągała. PLNOG, 30.09.2013, Kraków
SDN CONTROLLER IN VIRTUAL DATA CENTER Emil Gągała PLNOG, 30.09.2013, Kraków INSTEAD OF AGENDA 2 Copyright 2013 Juniper Networks, Inc. www.juniper.net ACKLOWLEDGEMENTS Many thanks to Bruno Rijsman for his
More informationl.cittadini, m.cola, g.di battista
MPLS VPN l.cittadini, m.cola, g.di battista motivations customer s problem a customer (e.g., private company, public administration, etc.) has several geographically distributed sites and would like to
More informationAnalyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP
Telfor Journal, Vol. 2, No. 1, 2010. 13 Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP Aleksandar Cvjetić and Aleksandra Smiljanić Abstract The paper analyzes implementations
More informationDD2491 p2 2009. BGP-MPLS VPNs. Olof Hagsand KTH/CSC
DD2491 p2 2009 BGP-MPLS VPNs Olof Hagsand KTH/CSC Literature Practical BGP: Chapter 10 JunOS Cookbook: Chapter 14 and 15 MPLS Advantages Originally, the motivation was speed and cost. But routers does
More informationMPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre
The feature overcomes the requirement that a carrier support multiprotocol label switching (MPLS) by allowing you to provide MPLS connectivity between networks that are connected by IP-only networks. This
More informationMobile IP Part I: IPv4
Mobile IP Part I: IPv4 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse574-06/ 12-1 q Mobile
More informationManaging MPLS Networks. Oleg Kupershmidt and Joel Kaufman
Managing MLS Networks Oleg Kupershmidt and Joel Kaufman Terms of This resentation This presentation was based on current information and resource allocations as of October 2009 and is subject to change
More informationKingston University London
Kingston University London Thesis Title Implementation and performance evaluation of WAN services over MPLS Layer-3 VPN Dissertation submitted for the Degree of Master of Science in Networking and Data
More informationAT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0
AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0 Introduction...2 Overview...2 1. Technology Background...2 2. MPLS PNT Offer Models...3
More informationMulti Protocol Label Switching (MPLS) is a core networking technology that
MPLS and MPLS VPNs: Basics for Beginners Christopher Brandon Johnson Abstract Multi Protocol Label Switching (MPLS) is a core networking technology that operates essentially in between Layers 2 and 3 of
More informationDD2491 p2 2011. MPLS/BGP VPNs. Olof Hagsand KTH CSC
DD2491 p2 2011 MPLS/BGP VPNs Olof Hagsand KTH CSC 1 Literature Practical BGP: Chapter 10 MPLS repetition, see for example http://www.csc.kth.se/utbildning/kth/kurser/dd2490/ipro1-11/lectures/mpls.pdf Reference:
More informationBandwidth Management in MPLS Networks
School of Electronic Engineering - DCU Broadband Switching and Systems Laboratory 1/17 Bandwidth Management in MPLS Networks Sanda Dragos & Radu Dragos Supervised by Dr. Martin Collier email: dragoss@eeng.dcu.ie
More informationBUY ONLINE AT: http://www.itgovernance.co.uk/products/730
IPSEC VPN DESIGN Introduction Chapter 1: Introduction to VPNs Motivations for Deploying a VPN VPN Technologies Layer 2 VPNs Layer 3 VPNs Remote Access VPNs Chapter 2: IPSec Overview Encryption Terminology
More informationCisco Configuring Basic MPLS Using OSPF
Table of Contents Configuring Basic MPLS Using OSPF...1 Introduction...1 Mechanism...1 Hardware and Software Versions...2 Network Diagram...2 Configurations...2 Quick Configuration Guide...2 Configuration
More informationUNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS
WHITE PAPER UNDERSTANDING JUNOS OS NEXT-GENERATION MULTICAST VPNS Copyright 2010, Juniper Networks, Inc. 1 Table of Contents Executive Summary.............................................................................................
More informationNetwork Security Topologies. Chapter 11
Network Security Topologies Chapter 11 Learning Objectives Explain network perimeter s importance to an organization s security policies Identify place and role of the demilitarized zone in the network
More informationMPLS-based Layer 3 VPNs
MPLS-based Layer 3 VPNs Overall objective The purpose of this lab is to study Layer 3 Virtual Private Networks (L3VPNs) created using MPLS and BGP. A VPN is an extension of a private network that uses
More informationIPv6 Security: How is the Client Secured?
IPv6 Security: How is the Client Secured? Jeffrey L Carrell Network Conversions Network Security Consultant 1 IPv6 Security: How is the Client Secured? IPv6/IPsec IPsec Challenges IPsec Monitoring/Management
More informationQoS Performance Evaluation in BGP/MPLS VPN
1 QoS Performance Evaluation in BGP/MPLS VPN M. C. Castro, N. A. Nassif and W. C. Borelli 1 Abstract-- The recent exponential growth of the Internet has encouraged more applications, users and services
More informationVirtual Private Networks
Virtual Private Networks The Ohio State University Columbus, OH 43210 Jain@cse.ohio-State.Edu http://www.cse.ohio-state.edu/~jain/ 1 Overview Types of VPNs When and why VPN? VPN Design Issues Security
More informationLecture 17 - Network Security
Lecture 17 - Network Security CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12/ Idea Why donʼt we just integrate some of these neat
More informationVirtual Private Networks. Juha Heinänen jh@song.fi Song Networks
Virtual Private Networks Juha Heinänen jh@song.fi Song Networks What is an IP VPN? an emulation of private (wide area) network facility using provider IP facilities provides permanent connectivity between
More informationComputer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS
Computer Network Architectures and Multimedia Guy Leduc Chapter 2 MPLS networks Chapter based on Section 5.5 of Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley,
More informationIntroducción n a MPLS y MPLS VPN MPLS VPN
Introducción n a MPLS y MPLS VPN nemunoz@cisco.com Nelson Muñoz Presentation_ID 200, Cisco Systems, Inc. Agenda Introducción Que es una VPN? IP+ATM Conceptos básicos de MPLS MPLS VPN QoS en MPLS Ventajas
More informationMPLS Based Networks in Railway Deployments
Adam Oliver Bachelor of Electronic Engineering SUMMARY Safe and reliable communications are a critical component in operating modern railway networks. Voice radio, signalling, asset protection, CCTV, station
More informationMPLS Virtual Private Networks
MPLS Virtual Private Networks Luca Cittadini Giuseppe Di Battista Maurizio Patrignani Summary This chapter is devoted to Virtual Private Networks (VPNs) designed with Multi Protocol Label Switching (MPLS)
More informationAdvanced IPSec with GET VPN. Nadhem J. AlFardan Consulting System Engineer Cisco Systems nalfarda@cisco.com
Advanced IPSec with GET VPN Nadhem J. AlFardan Consulting System Engineer Cisco Systems nalfarda@cisco.com 1 Agenda Motivations for GET-enabled IPVPN GET-enabled IPVPN Overview GET Deployment Properties
More informationA Simulation Analysis of Latency and Packet Loss on Virtual Private Network through Multi Virtual Routing and Forwarding
A Simulation Analysis of Latency and Packet Loss on Virtual Private Network through Multi Virtual Routing and Forwarding Rissal Efendi STMIK PROVISI Semarang, Indonesia ABSTRACT MPLS is a network management
More informationInvestigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions (Study Thesis)
MEE09:44 BLEKINGE INSTITUTE OF TECHNOLOGY School of Engineering Department of Telecommunication Systems Investigation of different VPN Solutions And Comparison of MPLS, IPSec and SSL based VPN Solutions
More informationHigh Level Overview of IPSec and MPLS IPVPNs
IPVPN High Level Overview of IPSec and MPLS IPVPNs Date: 16/0/05 Author: Warren Potts Version: 1.1 Abstract This document provides a high level overview of the differences between IPSec and MPLS based
More informationInternetworking II: VPNs, MPLS, and Traffic Engineering
Internetworking II: VPNs, MPLS, and Traffic Engineering 3035/GZ01 Networked Systems Kyle Jamieson Lecture 10 Department of Computer Science University College London Taxonomy of communica@on networks Virtual
More informationCisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications
Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications Product Overview Cisco Dynamic Multipoint VPN (DMVPN) is a Cisco IOS Software-based security solution for building scalable
More informationIntroduction to MPLS. About the Speaker
Introduction to MLS aul Borghese, Chesapeake Netcraftsmen pborghese@netcraftsmen.net 1 About the Speaker aul Borghese Cisco CCIE #3760, CCSI #97115 Specialties: Large-Scale Routing & Switching, High Aailability,
More informationExpert Reference Series of White Papers. An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire
Expert Reference Series of White Papers An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire 1-800-COURSES www.globalknowledge.com An Overview of MPLS VPNs: Overlay; Layer 3; and PseudoWire Al Friebe,
More informationCLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE
CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE EXECUTIVE SUMMARY This application note proposes Virtual Extensible LAN (VXLAN) as a solution technology to deliver departmental segmentation, business
More informationRouting Overlays and Virtualization. Nick Feamster CS 7260 March 7, 2007
Routing Overlays and Virtualization Nick Feamster CS 7260 March 7, 2007 Today s Lecture Routing Overlays: Resilient Overlay Networks Motivation Basic Operation Problems: scaling, syncrhonization, etc.
More informationSecurity of the MPLS Architecture
WHITE PAPER Security of the MPLS Architecture Scope and Introduction Many enterprises are thinking of replacing traditional Layer 2 VPNs such as ATM or Frame Relay (FR) with MPLS-based services. As Multiprotocol
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationDesign of Virtual Private Networks with MPLS
Design of Virtual Private Networks with MPLS Luca Cittadini Giuseppe Di Battista Maurizio Patrignani Summary This chapter is devoted to Virtual Private Networks(VPNs) designed with Multi Protocol Label
More informationEnterprise Network Simulation Using MPLS- BGP
Enterprise Network Simulation Using MPLS- BGP Tina Satra 1 and Smita Jangale 2 1 Department of Computer Engineering, SAKEC, Chembur, Mumbai-88, India tinasatra@gmail.com 2 Department of Information Technolgy,
More informationReti Private Virtuali - VPN
1 Reti Private Virtuali - VPN Marco Misitano, CISSP Enterprise Conulting, Security misi@cisco.com Ordine degli Ingegneri della Provincia di Milano 2 Agenda Technology introduction Remote Access VPN Site
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationLesson 13: MPLS Networks
Slide supporting material Lesson 13: MPLS Networks Giovanni Giambene Queuing Theor and Telecommunications: Networks and Applications 2nd edition, Springer All rights reserved IP Over ATM Once defined IP
More informationVirtual Leased Lines - Martini
Virtual Lease Lines - Martini Virtual Leased Lines - Martini Martini Drafts draft -martini-l2circuit-encap-mpls -04.txt defines the handling and encapsulation of layer two packets. draft -martini-l2circuit-trans-mpls
More informationLAN Switching. 15-441 Computer Networking. Switched Network Advantages. Hubs (more) Hubs. Bridges/Switches, 802.11, PPP. Interconnecting LANs
LAN Switching 15-441 Computer Networking Bridges/Switches, 802.11, PPP Extend reach of a single shared medium Connect two or more segments by copying data frames between them Switches only copy data when
More informationSecurity in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity
Basic Security Requirements and Techniques Confidentiality The property that stored or transmitted information cannot be read or altered by an unauthorized party Integrity The property that any alteration
More informationNovember 2013. Defining the Value of MPLS VPNs
November 2013 S P E C I A L R E P O R T Defining the Value of MPLS VPNs Table of Contents Introduction... 3 What Are VPNs?... 4 What Are MPLS VPNs?... 5 What Are the Benefits of MPLS VPNs?... 8 How Do
More informationMPLS over IP-Tunnels. Mark Townsley Distinguished Engineer. 21 February 2005
MPLS over IP-Tunnels Mark Townsley Distinguished Engineer 21 February 2005 1 MPLS over IP The Basic Idea MPLS Tunnel Label Exp S TTL MPLS VPN Label Exp S TTL MPLS Payload (L3VPN, PWE3, etc) MPLS Tunnel
More informationGroup Encrypted Transport VPN
Group Encrypted Transport VPN Petr Růžička petr.ruzicka@cisco.com Cisco Systems Czech Republic V Celnici 10, 117 21 Praha Abstract Today's networked applications, such as voice and video, are accelerating
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationAnalysis of traffic engineering parameters while using multi-protocol label switching (MPLS) and traditional IP networks
Analysis of traffic engineering parameters while using multi-protocol label switching (MPLS) and traditional IP networks Faiz Ahmed Electronic Engineering Institute of Communication Technologies, PTCL
More informationOVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS
OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS Matt Eclavea (meclavea@brocade.com) Senior Solutions Architect, Brocade Communications Inc. Jim Allen (jallen@llnw.com) Senior Architect, Limelight
More informationMPLS Security Considerations
MPLS Security Considerations Monique J. Morrow, Cisco Systems mmorrow@cisco.com November 1 2004 MPLS JAPAN 2004 1 Acknowledgments Michael Behringer, Cisco Systems 2 Why is MPLS Security Important? Customer
More informationNetwork Management for Common Topologies How best to use LiveAction for managing WAN and campus networks
Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks April 2014 www.liveaction.com Contents 1. Introduction... 1 2. WAN Networks... 2 3. Using LiveAction
More information