High Level Overview of IPSec and MPLS IPVPNs



Similar documents
The term Virtual Private Networks comes with a simple three-letter acronym VPN

Sprint Global MPLS VPN IP Whitepaper

MPLS/IP VPN Services Market Update, United States

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

CARRIER MPLS VPN September 2014

November Defining the Value of MPLS VPNs

Cisco Which VPN Solution is Right for You?

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

Private Cloud Solutions Virtual Onsite Data Center

Mesh VPN Link Sharing (MVLS) Solutions

Site2Site VPN Optimization Solutions

Multi Protocol Label Switching (MPLS) is a core networking technology that

How To Get More Bandwidth From Your Business Network

Frame Relay vs. IP VPNs

How to cut communications costs by replacing leased lines and VPNs with MPLS

Network Services Internet VPN

Global Headquarters: 5 Speen Street Framingham, MA USA P F

SingTel MPLS. The Great Multi Protocol Label Switching (MPLS) Migration

Welcome to Today s Seminar!

MPLS provides multi-site solution

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

Technical papers Virtual private networks

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications

Colt IP VPN Services Colt Technology Services Group Limited. All rights reserved.

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

Managed Services: Taking Advantage of Managed Services in the High-End Enterprise

Cisco Virtual Office Unified Contact Center Architecture

Cisco Virtual Office Express

WAN and VPN Solutions:

EVALUATING NETWORKING TECHNOLOGIES

MITEL. NetSolutions. Flat Rate MPLS VPN

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider

Business Services. Is Ethernet the Right Choice for Your Network? Learn More: Call us at

RA-MPLS VPN Services. Kapil Kumar Network Planning & Engineering Data. Kapil.Kumar@relianceinfo.com

Virtual Privacy vs. Real Security

Analyzing MPLS from an ROI Perspective

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service

MPLS VPN basics. E-Guide

Solution Brief. Migrating to Next Generation WANs. Secure, Virtualized Solutions with IPSec and MPLS

Cisco Easy VPN on Cisco IOS Software-Based Routers

Optimizing Networks for NASPI

Key Considerations for MPLS IP-VPN Success

WAN Traffic Management with PowerLink Pro100

Network Management for Common Topologies How best to use LiveAction for managing WAN and campus networks

Cisco CCNP Optimizing Converged Cisco Networks (ONT)

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

A Business Guide to MPLS IP VPN Migration:

Secure Network Foundation 1.1 Design Guide for Single Site Deployments

MPLS: Key Factors to Consider When Selecting Your MPLS Provider

Connecting Remote Offices by Setting Up VPN Tunnels

WHY CHOOSE COX BUSINESS FOR YOUR COMPANY S NETWORK SERVICE NEEDS?

TrustNet Group Encryption

PREPARED FOR ABC CORPORATION

Unifying the Distributed Enterprise with MPLS Mesh

Multi-protocol Label Switching

IP-VPN Architecture and Implementation O. Satty Joshua 13 December Abstract

Using & Offering Wholesale Ethernet Network and Operational Considerations

White Paper. Complementing or Migrating MPLS Networks

Cisco WAAS Express. Product Overview. Cisco WAAS Express Benefits. The Cisco WAAS Express Advantage

WAN Optimization. Riverbed Steelhead Appliances

Evolving Your Network with Metro Ethernet and MPLS VPNs

TrustNet CryptoFlow. Group Encryption WHITE PAPER. Executive Summary. Table of Contents

Dialogic. BorderNet Products Interwork and Connect Seamlessly and Securely at the Network Edge

Quality of Service Analysis of site to site for IPSec VPNs for realtime multimedia traffic.

Prominic Private Cloud

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

ENTERPRISE CONNECTIVITY

IVCi s IntelliNet SM Network

MPLS: an advanced and affordable private network solution

Virtual Private Networks Secured Connectivity for the Distributed Organization

Comparing MPLS-Based VPNs, IPSec-Based VPNs, and a Combined Approach from Cisco Systems

VPN. Date: 4/15/2004 By: Heena Patel

Secure Network Design: Designing a DMZ & VPN

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

1.1. Abstract VPN Overview

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

Delivering Managed Services Using Next Generation Branch Architectures

CS419: Computer Networks. Lecture 9: Mar 30, 2005 VPNs

BUY ONLINE AT:

Lecture 17 - Network Security

How To Use The Cisco Wide Area Application Services (Waas) Network Module

Exam : Implementing Cisco Service Provider Next-Generation Egde Network Services. Title :

Configure ISDN Backup and VPN Connection

Configuration Example

Understanding VPN Technology Choices

Silver Peak s Virtual Acceleration Open Architecture (VXOA)

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Virtual Private LAN Service (VPLS)

Cisco Integrated Services Routers Performance Overview

Transcription:

IPVPN High Level Overview of IPSec and MPLS IPVPNs Date: 16/0/05 Author: Warren Potts Version: 1.1 Abstract This document provides a high level overview of the differences between IPSec and MPLS based VPNs

Review of IPSec and MPLS The goal of VPNs is to provide inter-site connectivity over a shared infrastructure., whereby the users at the end sites enjoy the same access and integrity of service that would be available if accessed via a private network. Therefore any solution must be secure from external access and manipulation, be reliable, not detrimental to access speeds, scalable and not burdensome on resource. There are 5 broad categories of service defined by Cisco that a VPN must adhere to. Scalability Security Quality of Service Manageability Reliability Must be scalable across VPN platforms ranging from a small office configuration through the largest enterprise implementations ubiquitously on a global scale; the ability to adapt the VPN to meet changing bandwidth and connectivity needs is crucial in a VPN solution. Additionally, in the fiercely competitive and dynamic market environment, large orders can be won and must be provisioned rapidly, hence the VPN must be highly scalable in order to accommodate unplanned growth and changes driven by customer demand. A typical MPLS deployment must be designed for highly scalable solutions, enabling tens of thousands of VPNs over the same network for maximum revenue and profitability Ensures business-critical traffic remains confidential via security mechanisms such as tunneling, encryption, traffic separation, packet authentication, user authentication, and access control. Ensures prioritization of mission-critical or delay-sensitive traffic and manages congestion across varying bandwidth rates. Quality of service (QoS) functions such as queuing, network congestion avoidance, traffic shaping, and packet classification, as well as VPN routing services utilizing an optimal routing protocol Essential for cost-effective provisioning to enforce security and QoS policies, management and billing, with advanced monitoring and automated flow-through systems to quickly roll out new services and support service-level agreements (SLA). For predictable and extremely high service availability that business customers expect and require There are two VPN technologies that are widely available in the market. IPSec and MPLS. A line by line comparison is shown over Category IPSec MPLS Scalability Large scale rollouts need careful planning. Need to define key distribution and management, peering connections between sites and capacity planning of key infrastructure. Meshed networks need careful control Ideally suited to hub and spoke networks IPSec is suited where there is a mix of On Net and Off Net connections i.e. where connections are required across legacy services MPLS easily scales to tens of thousands of connections and no need to determine peering policies between sites as this facility is inherent within the service Suited to hub and spoke or meshed services All connections must be ON Net

Quality of Service There may be interoperability issues between differing IPSec devices It is not possible to implement QoS across an IPSec network although it is possible to prioritise traffic at the router. There is a latency impact for encapsulation and encryption especially with low end CPE. This problem is compounded if ON Net and Off Net connections are used as the Internet carries no SLA. Additionally if routing to a remote site across a hub site all data will have to be encrypted and decrypted twice. Any device may be used to connect to the VPN As all connections are ON Net and as PLS has inherent CoS mechanisms and traffic engineering capabilities, QoS guarantees and SLAs can be provided. No encapsulation and encryption issues in fact Label switching is faster than traditional routed networks. Security Reliability Provided via encryption and tunnelling methodologies All connections are Internet facing on public addresses, each node must be made secure. Each session/vpn membership is determined by digital certificate or preshared key. Certificates must be managed In a hub and spoke design, loss of the hub can lead to loss of the entire network In large networks a time server may be required to ensure that all devices are kept in synch increasing complexity of the service. Provided by traffic segregation Connections generally are on Private Address space (RFC 1918). These are not routable across the Internet. A closed VPN can have no access to the Internet VPN membership determined by initial VPN provisioning Loss of one site will not prevent other sites talking to each other. No additional hardware is required. The above services have concentrated on physical characteristics of the two VPN technologies the next section outlines through an example the potential differences in costs.

Cost Comparison - MPLS and IPSEC The example below assumes that a company wishes to create a closed user group with 30 remote sites connecting to a head office site Item IPSec MPLS Notes DSL Connections 540/month 930/month This assumes that the IPSec connection is built on a WADSL service @ 18 month against 31 month for MPLS services. Prices based on Tiscali price book. Labour content to manage rollout of DSL and adds moves and changes Head Office Leased Line 90/month This is the project management and provisioning overhead to rollout the DSL network and provide subsequent management 1000/month 900/month Services based on Mb connection. MPLS connection is slightly cheaper as no Internet access is required. Management of Routers 00/month 00/month Management of firewalls 500/month No firewalls are required for MPLS therefore no cost. Recurring costs per 30/month 1830/month month Total Yearly costs 6760 1960 MPLS has cheaper opex costs in this example Site Routers Zyxel 660Rs Site Firewalls Watchguard Soho HQ Router Cisco 1700 HQ firewall Watchguard 4500 1500 1500 5400 No site firewalls required by MPLS. To simplify the model no labour has been shown for configuring the Site firewalls, however this should also be brought in. 000 000 5000 No site firewalls required by MPLS Total Capex 13900 3500 MPLS has cheaper capex Total 1 year contract Total year contract 40660 5460 6740 4740

Note 1. It would be possible to go for cheaper firewalls however that needs to be assessed against the integrity of the network, ease of management and remote accessibility, feature sets and support. Although the ones featured could be considered budget.. The Wholesale DSL service has business hours support, Tiscali MPLS has 4 x7 3. The MPLS business VPN traffic has priority across the Tiscali core compared to Wholesale traffic. 4. MPLS traffic will take feature services such as QoDSL and VoiP when available.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information