GÉANT MD-VPN Service Description High performance IP-VPN connectivity to support European Research and Education Issue Date: 12 June 2015<Doc Property: Keywords> 1
1 GÉANT MD-VPN service description The GÉANT MD-VPN service will provide private high bandwidth international connectivity for research and education partners and providers. Based on the same infrastructure that delivers IP service to millions of academic users through NRENs and GÉANT, MD-VPN is designed to be robust and highly scalable. Many research projects require the security and reassurance of a Virtual Private Network (VPN) to ensure data services are logically isolated from general internet traffic. MD-VPN provide a safer inter-university network for research and education for end users. Moreover the logical traffic isolation allows projects to minimise the effect of the firewall enabling high throughput performance. GÉANT MD-VPN is a seamless infrastructure meaning the only configuration required is the setting up of end-user connections. This makes the lead time for delivery much shorter. The service is delivered to end-users over the combined NREN and GEANT networks building a true multi-domain MPLS VPN. Figure 1: MD-VPN infrastructure This infrastructure allows researchers access to a seamless infrastructure where the intermediate networks are transparent for end-users. A typical scenario would be an
international collaboration where a project wants to connect a number of sites from different physical locations to create a collaborative infrastructure as if they were in the same physical location; so the organization can access to the same level of security as all their sites would be in the same location. Secondly, logical network isolation provided by MD-VPN can allow projects to minimise the effect of firewall deep packet inspection meaning better end to end performance which is important for applications that transfer large amounts of data and reduces the complexity of implementing GRID environments. The MD-VPN service also provides privacy amongst different instances (VPNs) of the service where the content being sent back and forth between the different sites is kept in the private entity that owns the data. This is achieved because the data flows of the MD-VPN customer are isolated from any other traffic, standard IP traffic and traffic of other the MD-VPN customers. 2 Use Cases for GÉANT MD-VPN There is a wide scope for GÉANT MD-VPN use, from the long-term infrastructure with intensive network usage to quick point-to-point services for a conference demonstration. The following cases give examples of how GÉANT MD-VPN can be used to support R&E collaboration; International Collaboration - Universities, labs and all scientific projects based on international collaboration will benefit from the use of GÉANT MD-VPN services as the end-to-end service demarcation and the ability to support "out of area" connections improve ease of use. Ad hoc P2P connections - For example conference demonstrations or P2P data transport between sites needed only rarely and only for short periods of time. The rapid deployment of VPNs will enable such projects to take advantage of the service whereas the time for deployment of earlier services would have been prohibitive. Distributed Infrastructure Services - Cloud service providers, Grid and HPC centres could offer services across VPNs to increase service assurance and to separate traffic flows for management and billing purposes Scientific Infrastructure GÉANT MD-VPN is ideally suited to hub and spoke network structures enabling access to centralised infrastructure projects. Also distributed networking for remote sensors could benefit from higher levels of assurance offered by VPNs
Education Ad hoc and semi-permanent VPNs can provide linkages between school and campus networks in a clearly separated manner. This can be used to support outreach projects and collaboration. Transparent Transport Services - As GÉANT MD-VPN can provide a transparent data transport, it can be used by high level network services like SDN and by future internet projects. 3 Where MD-VPN service is available? The service has been implemented by over half the European NRENs, for the latest updates please view the GÉANT Intranet. 4 MD-VPN Benefits MD-VPN brings many benefits for the GÉANT NRENs and their end-users Benefits for end-users MD-VPN offers a safe and secure environment for education and research network Can improve network performance by eliminating the need for firewall traffic inspection, which can also reduce campus CAPEX requirements MD-VPN can be implemented very quickly, either on a permanent or dynamic basis Benefit for NRENs Reduced OPEX saving because only a single MD-VPN activation is required between the GÉANT and the NREN networks. GÉANT NO CAPEX is required as the service uses existing network infrastructure NRENs provides an original service that cannot be provided by commercial telecoms providers as MD-VPN is based on collaboration between domains;
Provides NRENs a platform to deliver innovative end-users services MD-VPN technical description for end-users (campus) Service delivery The GÉANT MD-VPN service is delivered by seamless transport infrastructure that is able to transport L3VPN (IPv4/IPv6) over several network providers (domains). The service is delivered jointly by NRENs and the pan-european network GÉANT; The MD-VPN service can be extended over regional, metropolitan or campus networks. The service is delivered to end-users over a point called Service Demarcation Point (SDP) at the edge of the NRENs or Regional Networks. In practice, the way the service is delivered to the end-users depends on NRENs but typically uses: L3VPN in IP packets form over dedicated BGPs peering; Service-Level Target The Service Level Target (SLT) for the GÉANT MD-VPN service offers the same as metrics as GÉANT IP because calculated from the GÉANT demarcation point and does not include any local tail that may be the NREN's responsibility. Additional NREN GÉANT MD-VPN peering can improve the SLT metrics contact GÉANT Partner Relations Team to request further information. Time to Fix a Fault and Time to Respond Target GÉANT MD-VPN offers the same metrics as GÉANT IP. Request procedure, service implementation and delivery time Requesting Additional GÉANT Access Capacity The bandwidth capacity used by the MD-VPN service is part of the NRENs GÉANT IP subscriptions. To request an IP upgrade, please go to the GÉANT Partner Portal at: https://partner.geant.net/pages/home.aspx For any further details please contact the GÉANT Partner Relations Team: partnerrelations@geant.net. Service Implementation and Delivery Time for NREN connection to GEANT MD-VPN service Service implementation for GÉANT MD-VPN occurs once, after which NRENs can create VPN connections to other MD-VPN enabled NRENs without further implementation from GÉANT.
Service GÉANT MD-VPN delivered on an existing interface GÉANT MD-VPN delivered on a new interface Delivery time 10 working days 10 weeks Service Implementation and Delivery Time for the end-to-end VPN Completion of the overall MD-VPN depends on many variable typically related to local conditions. GÉANT can act as the central coordination between NRENs to project manage and build the core service between NRENs, allowing the NRENs to concentrate on the local VPN implementation. If NRENS require support in co-ordinating the delivery of a VPN please contact the GÉANT Partner Relations Team: partner-relations@geant.net Price of MD-VPN service for NREN The GÉANT MD-VPN is included in the standard IP subscription Where an NREN is unable to natively support GÉANT MD-VPN, please contact GÉANT Partner Relations Team to discuss alternative connection options including the MD-VPN Proxy service. For NRENS using the MD-VPN Proxy service there is an annual charge of 2,750. Pricing MD-VPN for end-users (campus) It is the responsibility of each NREN to determine their local MD-VPN pricing policy.