Selecting MPLS VPN Services

Similar documents
ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

End-to-End QoS Network Design

November Defining the Value of MPLS VPNs

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Sprint Global MPLS VPN IP Whitepaper

Managed Services: Taking Advantage of Managed Services in the High-End Enterprise

Virtual Private Networks. Juha Heinänen Song Networks

Implementing Cisco Quality of Service QOS v2.5; 5 days, Instructor-led

Private IP Overview. Feature Description Benefit to the Customer

Colt IP VPN Services Colt Technology Services Group Limited. All rights reserved.

1.1. Abstract VPN Overview

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

Designing and Developing Scalable IP Networks

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

IMPLEMENTING CISCO IP ROUTING V2.0 (ROUTE)

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

Course Contents CCNP (CISco certified network professional)

VPN taxonomy. János Mohácsi NIIF/HUNGARNET tf-ngn meeting April 2005

"Charting the Course to Your Success!" QOS - Implementing Cisco Quality of Service 2.5 Course Summary

Cisco Which VPN Solution is Right for You?

Addressing Inter Provider Connections With MPLS-ICI

Simwood Carrier Ethernet

Top-Down Network Design

Cisco Catalyst 3750 Metro Series Switches

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

MPLS L3 VPN Supporting VoIP, Multicast, and Inter-Provider Solutions

IMPLEMENTING CISCO QUALITY OF SERVICE V2.5 (QOS)

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

MPLS/IP VPN Services Market Update, United States

Multi Protocol Label Switching (MPLS) is a core networking technology that

CARRIER MPLS VPN September 2014

WHITE PAPER. Addressing Inter Provider Connections with MPLS-ICI CONTENTS: Introduction. IP/MPLS Forum White Paper. January Introduction...

MPLS in Private Networks Is It a Good Idea?

Interconnecting Cisco Networking Devices Part 2

MITEL. NetSolutions. Flat Rate MPLS VPN

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net

MPLS L2VPN (VLL) Technology White Paper

Global Headquarters: 5 Speen Street Framingham, MA USA P F

ICTTEN4215A Install and configure internet protocol TV in a service provider network

MPLS VPN Security BRKSEC-2145

State of Texas. TEX-AN Next Generation. NNI Plan

1.264 Lecture 37. Telecom: Enterprise networks, VPN

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

WAN Traffic Management with PowerLink Pro100

Versatile Routing and Services with BGP. Understanding and Implementing BGP in SR-OS

WHY CHOOSE COX BUSINESS FOR YOUR COMPANY S NETWORK SERVICE NEEDS?

APPLICATION NOTE. Benefits of MPLS in the Enterprise Network

Blue 102. IP Service Architecture Futures. Geoff Huston May 2000

MPLS VPN Security Best Practice Guidelines

Demonstrating the high performance and feature richness of the compact MX Series

Virtual Private LAN Service (VPLS)

The Essential Guide to Deploying MPLS for Enterprise Networks

NETWORK TO NETWORK INTERFACE PLAN

Description: To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

MPLS and IPSec A Misunderstood Relationship

Junos MPLS and VPNs (JMV)

Campus LAN at NKN Member Institutions

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

Rolling Out New SSL VPN Service

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Table of Contents. Cisco Configuring a Basic MPLS VPN

IPv6 Migration Challenges for Large Service Providers

SEC , Cisco Systems, Inc. All rights reserved.

IP Telephony Deployment Models

Cisco Certified Network Professional - Routing & Switching

Delivering Dedicated Internet Access (DIA) and IP Services with Converged L2 and L3 Access Device

IPv6 Fundamentals, Design, and Deployment

Broadband Network Architecture

The term Virtual Private Networks comes with a simple three-letter acronym VPN

INTRODUCTION TO L2VPNS

MPLS-Enabled Network Infrastructures

MPLS Implementation MPLS VPN

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

EVALUATING NETWORKING TECHNOLOGIES

Professional Profile Company Experience & Biography SixNet Consulting Group .SixNetConsulting

What Is a Virtual Private Network?

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

Interconnecting Cisco Networking Devices, Part 2 Course ICND2 v2.0; 5 Days, Instructor-led

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

IWAN Security for Remote Site Direct Internet Access and Guest Wireless

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

Designing Cisco Network Service Architectures ARCH v2.1; 5 Days, Instructor-led

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications

Cisco IP Solution Center MPLS VPN Management 5.0

Cisco Virtual Office Unified Contact Center Architecture

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. Kapil.Kumar@relianceinfo.com

Regaining MPLS VPN WAN Visibility with Route Analytics. Seeing through the MPLS VPN Cloud

Managed Services The. The Road to Revenue. Pravin Mahajan Session Number Presentation_ID

MPLS Exchange Platform

VPLS Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Introduction to MPLS-based VPNs

Transcription:

Selecting MPLS VPN Services Chris Lewis Steve Pickavance Contributions by: Monique Morrow John Monaghan Craig Huegen Cisco Press 800 East 96th Street Indianapolis, IN 46240 USA

ix Contents Introduction xxii Part I Business Analysis and Requirements of IP/MPLS VPN 3 Chapter 1 Assessing Enterprise Legacy WANs and IPA/PN Migration 5 Current State of Enterprise Networks 5 Evolutionary Change of Enterprise Networks 7 Acme, a Global Manufacturer 10 Acme's Global Span 10 Business Desires of Acme's Management 10 Acme's IT Applications Base 10 Acme's IT Communications Infrastructure 11 Acme's Intranet: Backbone WAN 12 Acme's Intranet: Regional WANs 12 New WAN Technologies for Consideration by Acme 13 Layer 3 IP/MPLS VPN Services 13 IP/MPLS VPN Service Topologies and Provisioning 14 IP/MPLS VPN: A Foundation for Network Services 16 IP/MPLS VPN Transparency 16 IP/MPLS VPN Network Management and SLAs 16 Enterprise Vendor Management Approach 17 Extranet Integration in IP/MPLS VPN Networks 18 Layer 2 IP/MPLS VPN Services 18 VPWS 18 VPLS 21 Convergence Services 22 Internet Access 22 Mobile Access and Teleworker Access 22 Voice Services: Service Provider Hosted PSTN Gateway 22 Voice Services: Service Provider Hosted IP Telephony 23 Summary 23 Chapter 2 Assessing Service Provider WAN Offerings 27 Enterprise/Service Provider Relationship and Interface 27 Investigation Required in Selecting a Service Provider 28 Coverage, Access, and IP 28 Financial Strength of the Service Provider 29 Convergence 30

X Transparency 31 IP Version 6 35 Provider Cooperation/Tiered Arrangements 38 Enhanced Service-Level Agreement 39 Customer Edge Router Management 40 Service Management 41 Customer Reports and SLA Validation 41 Summary 42 Chapter 3 Analyzing Service Requirements 45 Application/Bandwidth Requirements 45 Backup and Resiliency 51 Enterprise Segmentation Requirements 53 Mapping VLANs to VPNs in the Campus 55 Access Technologies 56 Frame Relay 57 ATM 57 Dedicated Circuit from CE to PE 58 ATM PVC from CE to PE 59 Frame Relay PVC from CE to PE 60 Metro Ethernet 60 QoS Requirements 62 Bandwidth 62 Packet Delay and Jitter 63 Packet Loss 63 Enterprise Loss, Latency, and Jitter Requirements 64 QoS at Layer 2 65 Subscriber Network QoS Design 68 Baseline New Applications 68 Develop the Network 68 Security Requirements 70 Topological and Network Design Considerations 71 SP-Managed VPNs 72 Multiprovider Considerations 73 Extranets 74 Case Study: Analyzing Service Requirements for Acme, Inc. 75 Layer 2 Description 76 Existing Customer Characteristics That Are Required in the New Network 76

DefenseCo's Backbone Is a Single Autonomous System 77 Reasons for Migrating to MPLS 77 Evaluation Testing Phase 78 Routing Convergence 79 Jitter and Delay 79 Congestion, QoS, and Load Testing 80 First Scenario 81 Second Scenario 81 Third Scenario 81 Subjective Measures 82 Vendor Knowledge and Technical Performance 83 Evaluation Tools 83 TTCP 84 Lessons Learned 85 Transition and Implementation Concerns and Issues 86 Post-Transition Results 86 Summary 87 References 88 Part II Deployment Guidelines 91 Chapter 4 IP Routing with IP/MPLS VPNs 93 Introduction to Routing for the Enterprise MPLS VPN 93 Implementing Routing Protocols 95 Network Topology 95 Addressing and Route Summarization 96 Route Selection 98 Convergence 99 Network Scalability 99 Memory 100 CPU 100 Security 102 Plaintext Password Authentication 102 MD5 Authentication 102 Site Typifying WAN Access: Impact on Topology 103 Site Type: Topology 104 WAN Connectivity Standards 107 Site Type A Attached Sites: Dual CE and Dual PE 108 Site Type B/3 Dual-Attached Site-Single CE, Dual PE 110 Site Type B/3 Dual-Attached Site-Single CE, Single PE 110 Site Type D Single-Attached Site Single CE with Backup 111 Convergence: Optimized Recovery 112

XII IPAddressing 113 Routing Between the Enterprise and the Service Provider 113 Using EIGRP Between the CE and PE 114 How EIGRP MPLS VPN PE-to-CE Works 114 PE Router: Non-EIGRP-Originated Routes 115 PE Router: EIGRP-Originated Internal Routes 116 PE Router: EIGRP-Originated External Routes 116 Multiple VRF Support 117 Extended Communities Defined for EIGRP VPNv4 117 Metrie Propagation 117 Configuring EIGRP for CE-to-PE Operation 118 Using BGP Between the CE and PE 119 Securing CE-PE Peer Sessions 120 Improving BGP Convergence 121 Case Study: BGP and EIGRP Deployment in Acme, Inc. 122 Small Site Single-Homed, No Backup 122 Medium Site Single-Homed with Backup 124 Medium Site Single CE Dual-Homed to a Single PE 126 Large Site-Dual-Homed (Dual CE, Dual PE) 128 Load Sharing Across Multiple Connections 130 Very Large Site/Data Center Dual Service Provider MPLS VPN 131 Site Typifying Site Type A Failures 134 Solutions Assessment 134 Summary 135 References 136 Cisco Press 136 Chapter 5 Implementing Quality of Service 139 Introduction to QoS 139 Building a QoS Policy: Framework Considerations 141 QoS Tool Chest: Understanding the Mechanisms 143 Classes of Service 143 IP ToS 145 Hardware Queuing 146 Software Queuing 146 QoS Mechanisms Defined 146 Pulling It Together: Build the Trust 152 Building the Policy Framework 154 Classification and Marking of Traffic 154 TrustedEdge 154

Device Trust 155 Application Trust 155 CoSandDSCP 156 Strategy for Classifying Voice Bearer Traffic 156 QoS on Backup WAN Connections 156 Shaping/Policing Strategy 157 Queuing/Link Efficiency Strategy 158 IP/VPN QoS Strategy 160 Approaches for QoS Transparency Requirements for the Service Provider Network 161 Uniform Mode 162 PipeMode 163 Short-Pipe Mode 163 QoS CoS Requirements for the SP Network 163 WRED Implementations 163 Identification of Traffic 165 What Would Constitute This Real-Time Traffic? 165 QoS Requirements for Voice, Video, and Data 167 QoS Requirements for Voice 167 Sample Calculation 168 QoS Requirements for Video 169 QoS Requirements for Data 170 The LAN Edge: L2 Configurations 171 Classifying Voice on the WAN Edge 174 Classifying Video on the WAN Edge 175 Classifying Data on the WAN Edge 176 Case Study: QoS in the Acme, Inc. Network 179 QoS for Low-Speed Links: 64 kbps to 1024 kbps 180 Slow-Speed (768-kbps) Leased-Line Recommendation: Use MLP LFI and crtp 181 QoS Reporting 181 Summary 182 References 183 Multicast in an MPLS VPN 187 Introduction to Multicast for the Enterprise MPLS VPN 187 Multicast Considerations 188

Mechanics of IP Multicast 190 RPF 190 RPF Check 191 Source Trees Versus Shared Trees 191 Protocol-Independent Multicast 192 PIM Dense Mode 192 PIM Sparse Mode 192 Bidirectional PIM (Bidir-PIM) 193 Interdomain Multicast Protocols 194 Multiprotocol Border Gateway Protocol 194 Multicast Source Discovery Protocol 195 Source-Specific Multicast 195 Multicast Addressing 196 Administratively Scoped Addresses 197 Deploying the IP Multicast Service 198 Default PIM Interface Configuration Mode 200 Host Signaling 200 Sourcing 202 Multicast Deployment Models 203 Any-Source Multicast 203 Source-Specific Multicast 204 Enabling SSM 206 Multicast in an MPLS VPN Environment: Transparency 207 Multicast Routing Inside the VPN 208 Case Study: Implementing Multicast over MPLS for Acme 210 Multicast Addressing 210 Multicast Address Management 212 Predeployment Considerations 212 MVPN Configuration Needs on the CE 213 BoundaryACL 214 Positioning of Multicast Boundaries 215 Configuration to Apply a Boundary Access List 216 RateLimiting 218 Rate-Limiting Configuration 219 MVPN Deployment Plan 219 Preproduction User Test Sequence 220 What Happens When There Is No MVPN Support? 224 Other Considerations and Challenges 225 Summary 226 References 227

Enterprise Security in an MPLS VPN Environment 229 Setting the Playing Field 230 Comparing MPLS VPN Security to Frame Relay Networks 234 Security Concerns Specific to MPLS VPNs 236 Issues for Enterprises to Resolve When Connecting at Layer 3 to Provider Networks 244 History of IP Network Attacks 244 Strong Password Protection 245 Preparing for an Attack 245 Identifying an Attack 246 Initial Precautions 247 Receiving ACLs 247 Infrastructure ACLs 248 Basic Attack Mitigation 250 Basic Security Techniques 253 Remote-Triggered Black-Hole Filtering 253 Loose urpf for Source-Based Filtering 255 Strict urpf and Source Address Validation 256 Sinkholes and Anycast Sinkholes 258 Backscatter Traceback 259 Cisco Guard 262 Distributed DoS, Botnets, and Worms 263 Anatomy of a DDoS Attack 264 Botnets 266 Worm Mitigation 268 Case Study Selections 270 Summary 270 References 271 Comparing MPLS VPN to Frame Relay Security 271 ACL Information 271 Miscellaneous Security Tools 271 Cisco Reference for MPLS Technology and Operation 271 Cisco Reference for Cisco Express Forwarding 272 Public Online ISP Security Bootcamp 272 Tutorials, Workshops, and Bootcamps 272 Original Backscatter Traceback and Customer-Triggered Remote-Triggered Black-Hole Techniques 272

xvi Source for Good Papers on Internet Technologies and Security 272 Security Work Definitions 272 NANOG SP Security Seminars and Talks 272 Birds of a Feather and General Security Discussion Sessions at NANOG 274 Chapter 8 MPLS VPN Network Management 277 The Enterprise: Evaluating Service Provider Management Capabilities 279 Provisioning 279 SLA Monitoring 280 Fault Management 281 Handling Reported Faults 281 Passive Fault Management 282 Reporting 288 Root Cause Analysis 289 The Enterprise: Managing the VPN 289 Planning 290 Ordering 291 Provisioning 291 CE Provisioning 292 CE Management Access 293 Acceptance Testing 297 Monitoring 298 Optimization 299 The Service Provider: How to Meet and Exceed Customer Expectations 300 Provisioning 300 Zero-Touch Deployment 300 PE Configuration 302 Fault Monitoring 302 MPLS-Related MIBs 302 Resource Monitoring 304 OAM and Troubleshooting 306 Proactive Monitoring in Detail 306 Performance Problems 319 Fault Management 320 Proactive Fault Management 320 Reactive Fault Management 326 SLA Monitoring 327 Accuracy 327 Probe Metrie Support 328 QoS Support 329 Specialized Voice Probes 330 Threshold Breach Notification 330

XVII Reporting 331 Summary 332 References 333 Chapter 9 Off-Net Access to the VPN 335 Remote Access 335 Dial Access via RAS 336 RAS Configuration 338 Dial Access via L2TP 339 L2TP Components 340 L2TP Call Procedure 340 Connecting L2TP Solutions to VRFs 341 DSL Considerations 345 Cable Considerations 347 IPsec Access 347 GRE + IPsec on the CPE 350 Designing for GRE Resiliency 352 Configuring GRE Resiliency 353 CE-to-CE IPsec 354 DMVPN Overview 355 mgre for Tunneling 356 NHRP for Address Resolution 357 Routing Protocol Concerns 358 IPsec Profiles for Data Protection 359 Summary of DMVPN Operation 361 The Impact of Transporting Multiservice Traffic over IPsec 362 Split Tunneling in IPsec 365 Supporting Internet Access in IP VPNs 366 Case Study Selections 369 Summary 370 References 371 Genera] PPP Information 371 Configuring Dial-In Ports 371 L2TP 371 Layer 2 Tunnel Protocol Fact Sheet 371 Layer 2 Tunnel Protocol 371 VPDN Configuration Guide 371 VPDN Configuration and Troubleshooting 371 Security Configuration Guide 371 RADIUS Configuration Guide 372

XVIII Broadband Aggregation to MPLS VPN 372 Remote Access to MPLS VPN 372 Network-Based IPsec VPN Solutions 372 IPsec 372 GRE + IPsec 372 DMVPN 372 Split Tunneling 373 Prefragmentation 373 ChapteMO Migration Strategies 375 Network Planning 375 Writing the RFP 375 Architecture and Design Planning with the Service Providers 379 Project Management 381 SLAs with the Service Providers 381 Network Operations Training 385 Implementation Planning 388 Phase 1 388 Phase 2 389 Phase 3 389 Phase 4 390 On-Site Implementation 390 Case Study Selections 392 Summary 392 Part IM Appendix 395 Appendix Questions to Ask Your Provider Regarding Layer 3 IP/MPLS VPN Capability 397 Coverage and Topology 398 Customer Edge Router Management 398 Network Access, Resiliency, and Load Balancing 399 QoS Capability 400 Multicast Capability 402 Routing Protocol Capability 403 SLA Measurement and Monitoring Capability 404 SLA Details 404 Security 405 Software Deployment Processes 406

XIX Index 413 Inter-Provider IP/VPN 406 IPv6 406 MTU Considerations 407 Hosting Capability 407 IP Telephony PSTN Integration 408 IP Telephony Hosted Call Agent 408 Remote and Dial Access 409 Internet Access 410 Other Network Services 410

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information