MPLS@NLBd.d. Janko Jager * MPLS Multi Protocol Label Switching ** NLBd.d. Nova Ljubljanska banka d.d. Telecommunications, Portorož, 04.10.2008 NLB d.d. 1
Foreword This presentation is about NLB d.d. experience in upgrading network communications infrastructure why, what, how, pros., cons., lessons learned and not about technology and configurations. Some statements in this presentation could be author s personal opinion and not official opinion of NLB d.d. Telecommunications, Portorož, 04.10.2008 NLB d.d. 2
Agenda About NLB d.d. WHY... WHAT... HOW... Conclusions Q&A Telecommunications, Portorož, 04.10.2008 NLB d.d. 3
About NLB d.d. NLB Group NLB in Slovenia Telecommunications, Portorož, 04.10.2008 NLB d.d. 4
NLB d.d. - NLB Group 58 members in 17 countries banks: 13 (including NLB d.d.) leasing: 11 trade finance: 11 insurance: 5 asset mgmt: 1 non financial: 17 Telecommunications, Portorož, 04.10.2008 NLB d.d. 5
NLB d.d. - Slovenia around 150 branches; more than 700 ATMs (SNA) Telecommunications, Portorož, 04.10.2008 NLB d.d. 6
WHY to upgrade network Capacity Technology New services Costs Telecommunications, Portorož, 04.10.2008 NLB d.d. 7
WAN topology (present) leased lines from 512kbps to 2Mbps; ISDN backups Telecommunications, Portorož, 04.10.2008 NLB d.d. 8
WAN utilization (present) 100% increase of network traffic in less than one year ISDN backups no longer sufficient Telecommunications, Portorož, 04.10.2008 NLB d.d. 9
Goals To provide sufficient capacity, quality, availability, security - to migrate corporate network from switching and routing to service oriented network platform. To provide network support for several emerging technologies and network services IP ATMs, IP telephony, IP video surveillance... To lower communications costs (enhance price performance) and achieve independence from only one telecom provider. Telecommunications, Portorož, 04.10.2008 NLB d.d. 10
WHAT is obvious technical solution MPLS VPN GRE/IPsec MPLS VPN over GRE/IPsec Telecommunications, Portorož, 04.10.2008 NLB d.d. 11
MPLS VPN (maybe right solution for non-corporate networks) Provided/implemented by telecom provider + Customer s virtual private communication cloud within provider s network Media independent (Ethernet, xdsl, leased lines, Frame Relay, FO...) Network devices managed by provider - Customer depends on provider (costs, QoS...) Different customers communication clouds are separated but not safe Telecommunications, Portorož, 04.10.2008 NLB d.d. 12
GRE/IPsec Implemented by customer + GRE/IPsec tunnels provide data security Tunnels connect customer s private networks (branches datacenters) Network devices managed by customer - Additional network equipment (costs, management, processor power) Additional configuration (routing) Telecommunications, Portorož, 04.10.2008 NLB d.d. 13
MPLS VPN over GRE/IPsec Implemented by customer + Customer defined MPLS VPN network(s) over GRE/IPsec Provider independent (better monitoring and service management, easy to introduce new network services, customer defines virtual networks within his network) More than one provider (costs, price-performance, QoS, redundancy...) Network devices managed by customer - Additional configuration Telecommunications, Portorož, 04.10.2008 NLB d.d. 14
Comparison... MPLS VPN GRE/IPsec MPLS VPN over GRE/IPsec Implemented/provided by Provider Customer Customer Media independency Yes Yes Yes Provider independency No Yes Yes Authentication No Yes Yes Encryption No Yes Yes Trafic separation Yes No Yes Telecommunications, Portorož, 04.10.2008 NLB d.d. 15
MPLS VPN over GRE/IPsec Simplifyed logical scheme Customer s network MP-BGP Customer s network VPN A VPN B Branch 1 MPLS VPN MPLS VPN GRE/IPsec GRE/IPsec Provider #1 VPN A VPN B VPN A VPN B Branch 2 Branch 3 Provider #2 Primary & secondary datacentre VPN A VPN B VPN A VPN B Branch 4 Provider #3 Telecommunications, Portorož, 04.10.2008 NLB d.d. 16
HOW to do it... (project) Requirements Pilot testing Telecom Slovenia... (implementation) Telecommunications, Portorož, 04.10.2008 NLB d.d. 17
Requirements, decisions... Selecting telecom provider(s): primary and secondary connections by Telecom Slovenia (all connections MPLS VPN; defined QoS, reporting, on-line monitoring, problem solving...) Selecting system integrator(s): NIL d.o.o., NLB Propria Datacenter: 1Gbps, FO, Ethernet Cisco routers ASR 1002 Branch office: Primary connection: 10Mbps, FO, Ethernet, RJ45 (to the micro location) Secondary connection: xdsl Cisco routers 28xx, 38xx Telecommunications, Portorož, 04.10.2008 NLB d.d. 18
QoS requirements Parameters Required Acceptable offset Bandwidth 10Mbps up to 20% Availability monthly average >= 99,9% Delay hourly average <= 100 ms up to 3 times/month Delay daily average <= 70 ms up to 1 time/month Delay monthly average <= 60 ms Jitter hourly average <= 15 ms up to 3 times/month Jitter daily average <= 10 ms up to 1 time/month Jitter monthly average <= 5 ms Packet loss hourly average <= 0.8% up to 3 times/month Packet loss daily average <= 0.3% up to 1 time/month Packet loss monthly average <= 0.2% Should be confirmed by provider (and put in a contract) Measurement and reporting should also be defined Telecommunications, Portorož, 04.10.2008 NLB d.d. 19
Pilot implementation Simplified logical scheme Telecom Slovenia Datacentre Branch office Primary MPLS HSRP Secondary MPLS Leased line New (MPLS) routers Existing routers ISDN Ethernet Leased line ISDN IPsec GRE tunnel Telecommunications, Portorož, 04.10.2008 NLB d.d. 20
Telecom Slovenia 1/3 VPN business services Carrier Class equipment Carrier Grade network infrastructure with DWDM protection mechanisms MPLS Based Core network with protection of all links Metroethernet based Access Network with protection of business customers Usage of different kind of first mile technologies as ADSL2+, VDSLx, FTTx, SHDSL, EFM, Wimax and Mobile network Over 100 cities covered with business network for VPN services E2E QoS assurance SLA monitoring/reporting and advanced SLA monitoring/reporting (with applications) 24/7 Network operations center Dedicated contact channel and technical team for business customers * Signed contract with mobile operater Mobitel (on trial) MPLS@NLB add on from TS Telecommunications, Portorož, 04.10.2008 NLB d.d. 21
Telecom Slovenia 2/3 Services on MPLS network L3 VPN VoIP for SB, SMB and large enterprise networks (IP centrex and IP PBX support) Advanced IP TV services, standard and high definition VoIP for residental segment and for SOHO FMC services Hotels multimedia services and advanced hotels multimedia services SLA monitoring and advanced SLA monitoring (with applications) Combination of P2P and mash VPN network L2 VPN* IMS (IP multimedia subsystem)* IPS service (Intrusion Prevention System)* Redundancy location of DRC** Surveillance service (commercial name INFRANET)* VPN service for IP/POS terminals and ATM s* * on trial MPLS@NLB add on from TS Telecommunications, Portorož, 04.10.2008 NLB d.d. 22
Telecom Slovenia 3/3 Telekom Slovenia topology Carrier Class equipment MPLS Based Core network with protection of all links (10G) Metroethernet based Access Network with protection of business customers Over 100 cities covered with business network for VPN services Separate business and residental netwotk on physical layer Dual WAN connectivity MPLS@NLB add on from TS Telecommunications, Portorož, 04.10.2008 NLB d.d. 23
Conclusions Lessons learned Results TO DO... Telecommunications, Portorož, 04.10.2008 NLB d.d. 24
Lessons learned Importan Project Plan, plan, plan Equipment Testing, pilot branch office implementation Telecom providers NLB d.d. experience Involve internal users/customers; gain management support; prepare business case... More than one year of planning, meetings, educations. Larger network, more services more planning required. Think about big picture don t forget about other network segments (network core, monitoring and management) and new services (IP telephony, IP ATMs...) Significant architecture change server centralization. Be careful when buying new network equipment: capacity, end of sale, end of support, SW versions for required functionalities... Support costs for new equipment might be lower; part of business case. Proved to be very useful; some configurations were changed. Internal users/customers confirmation. Take time for negotiations. Think about contract: obligations and penals costs, response times, QoS parameters, measurements, reporting... Not all telecom providers are capable of connecting all NLB d.d. branch offices. Different providers very different prices. Cable installations (within buildings) Might be a problem: protected buildings, permits, cabling documentation, extra costs, extra time... Who is responsible for cabling... Telecommunications, Portorož, 04.10.2008 NLB d.d. 25
Results Goals Sufficient capacity QoS Availability Security Ability to easily support new network services (IP ATMs, IP telephony...) Lower communications costs Independence from only one telecom provider NLB d.d. conclusions 10Mbps for each branch office, can be upgraded. Telecom providers put QoS parameters and measurement methods into contracts. Unfortunately they do not offer QoS as required. High availability is technically supported by using primary and secondary connections. Unfortunately both are still from the same provider. Enabled by using MPLS VPN over GRE/IPsec. Enabled by using MPLS VPN over GRE/IPsec. Independent from telecom provider. Consideration could be sufficient QoS. Much better price-performance. Lower network equipment maintenance costs. Server centralization/consolidation. Independence is technically supported. Not all telecom providers are capable of connecting all NLB d.d. branch offices. Telecommunications, Portorož, 04.10.2008 NLB d.d. 26
TO DO... Sign the contract with provider Establish connectivity with all branches Finish implementation (only datacenters and one branch implemented) Introduce network support for new services (IP ATMs) Start redesigning network core... Telecommunications, Portorož, 04.10.2008 NLB d.d. 27
Q&A One question at a time, please... Telecommunications, Portorož, 04.10.2008 NLB d.d. 28
Thank you. Janko Jager, B.Sc. Manager NLB d.d., IT Processing and Infrastructure, Network Šmartinska 132, SI-1520 Ljubljana, Slovenia T:+386 1 476 46 98, F:+386 1 476 41 25, janko.jager@nlb.si, www.nlb.si Telecommunications, Portorož, 04.10.2008 NLB d.d. 29