Optimizing Networks for NASPI

Similar documents
November Defining the Value of MPLS VPNs

Multi Protocol Label Switching (MPLS) is a core networking technology that

MITEL. NetSolutions. Flat Rate MPLS VPN

WHITEPAPER MPLS: Key Factors to Consider When Selecting Your MPLS Provider

AT&T. ip vpn portfolio. integrated. IP VPN solutions. for the enterprise. Communication Systems International Incorporated

Global Headquarters: 5 Speen Street Framingham, MA USA P F

IVCi s IntelliNet SM Network

Sprint Global MPLS VPN IP Whitepaper

MPLS/IP VPN Services Market Update, United States

Colt IP VPN Services Colt Technology Services Group Limited. All rights reserved.

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

IP VPN Solutions Secure, flexible networking options from a leader in IP solutions

WAN and VPN Solutions:

multi-site, private networking service Uses MPLS access-agnostic transport routing intelligence in the network Class of Service (CoS)

HughesNet Broadband VPN End-to-End Security Using the Cisco 87x

WAN Data Link Protocols

Frame Relay vs. IP VPNs

IP-VPN Architecture and Implementation O. Satty Joshua 13 December Abstract

Local Area Networks (LANs) Blueprint (May 2012 Release)

VPN. Date: 4/15/2004 By: Heena Patel

Post-Class Quiz: Telecommunication & Network Security Domain

WHY CHOOSE COX BUSINESS FOR YOUR COMPANY S NETWORK SERVICE NEEDS?

Chapter 2 - The TCP/IP and OSI Networking Models

DATA SECURITY 1/12. Copyright Nokia Corporation All rights reserved. Ver. 1.0

The term Virtual Private Networks comes with a simple three-letter acronym VPN

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Ancero Virtual Private Network (AVPN) Service Guide

Overview of Routing between Virtual LANs

Communication Networks. MAP-TELE 2011/12 José Ruela

MANAGEMENT INFORMATION SYSTEMS 8/E

Network System Design Lesson Objectives

MPLS in Private Networks Is It a Good Idea?

1 Which network type is a specifically designed configuration of computers and other devices located within a confined area? A Peer-to-peer network

MPLS and IPSec A Misunderstood Relationship

Group Encrypted Transport VPN

Computer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks

Cisco Group Encrypted Transport VPN: Tunnel-less VPN Delivering Encryption and Authentication for the WAN

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

Cisco Which VPN Solution is Right for You?

Virtual Private LAN Service (VPLS)

EVOLVING ENTERPRISE NETWORKS WITH SPB-M APPLICATION NOTE

Cisco Virtual Office Unified Contact Center Architecture

High Level Overview of IPSec and MPLS IPVPNs

Mastering Network Design with MPLS

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Multi-protocol Label Switching

APPLICATION NOTE. Benefits of MPLS in the Enterprise Network

1.264 Lecture 37. Telecom: Enterprise networks, VPN

Site2Site VPN Optimization Solutions

VitalPBX. Hosted Voice That Works. For You

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

JOB READY ASSESSMENT BLUEPRINT COMPUTER NETWORKING FUNDAMENTALS - PILOT. Test Code: 4514 Version: 01

Chapter 5. Data Communication And Internet Technology

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.

IP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life

FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE

A NIMS Smart Practice

Data Communication Networks and Converged Networks

IP Telephony Management

5.0 Network Architecture. 5.1 Internet vs. Intranet 5.2 NAT 5.3 Mobile Network

EVALUATING NETWORKING TECHNOLOGIES

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

Ancero Network-Based IP VPN Remote Access (ANIRA) Service Guide

Mesh VPN Link Sharing (MVLS) Solutions

ethernet services for multi-site connectivity security, performance, ip transparency

MPLS: Key Factors to Consider When Selecting Your MPLS Provider

Best Effort gets Better with MPLS. Superior network flexibility and resiliency at a lower cost with support for voice, video and future applications

IBM enetwork VPN Solutions

Computer Networks CS321

VPLS lies at the heart of our Next Generation Network approach to creating converged, simplified WANs.

Cisco Virtual Office Express

Virtual Privacy vs. Real Security

An ADTRAN White Paper. Private IP Service BGP/MPLS VPN Networks

Objectives. Remote Connection Options. Teleworking. Connecting Teleworkers to the Corporate WAN. Providing Teleworker Services

High Performance VPN Solutions Over Satellite Networks

Managed 4G LTE WAN: Provide Cost-Effective Wireless Broadband Service

VoIP From Concept to Reality. Hossein Eslambolchi President - AT&T Global Networking Technology Services, CTO & CIO

MASTERING NETWORK DESIGN WITH MPLS

What You Will Learn About. Computers Are Your Future. Chapter 8. Networks: Communicating and Sharing Resources. Network Fundamentals

Virtual Private LAN Service (VPLS)

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Data Communication and Computer Network

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

WAN Failover Scenarios Using Digi Wireless WAN Routers

The Next Generation Network:

Master Course Computer Networks IN2097

Introduction to MPLS-based VPNs

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Network Access Security. Lesson 10

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Intranet Security Solution

Course Description. Students Will Learn

Transcription:

Optimizing Networks for NASPI Scott Pelton, CISSP National Director AT&T Enterprise Network Architecture Center 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

Agenda Introduction & Definition OSI Model Point to Point vs. Any to Any Public vs. Private AT&T Engineered Networks Core Backbone Description Security, Integrity, Reliability, Availability Virtual Private Networks (VPN) Public: SSL, IPSec, and others Private: MPLS Options and Connectivity Page 2

Introduction & Definition 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

OSI Model Data unit Layer Function Host layers Data 7. Application Network process to application 6. Presentation Data representation and encryption 5. Session Interhost communication Segment 4. Transport End-to-end connections and reliability (TCP) Media layers Packet/Datagram 3. Network Path determination and logical addressing (IP) Frame 2. Data link Physical addressing (MAC & LLC) Bit 1. Physical Media, signal and binary transmission OSI Model courtesy of Wikipedia http://en.wikipedia.org/wiki/osi_model Page 4

Characteristics of Networks Layer 2 Network OSI Data Link Layer Point to Point; Circuit Based Secure Mesh becomes expensive and difficult n(n-1) Dial, X.25, SNA, Frame Relay, ATM, etc. Hub and Spoke most common MAC & LLC Addressing (Hardware) 2 Layer 3 Network OSI Network Layer Any to Any data paths Private is secure; Public is not Packet Switched pre-defined routes Mesh is inherent Internet, MPLS Networks Private defined networks common; yet public Internet most ubiquitous IP Routing (Packet Header) Page 5

Point to Point vs. MPLS Network View A B Simple Point to Point F E MPLS D H1 A B A Core B C H2 D Typical Point to Point Hub and Spoke (with second hub and partial MESH) C MPLS Customer Defined Network (Any to Any) Built in Disaster Recovery Page 6

MPLS Basics Any to Any connectivity within customer defined network MultiProtocol Label Switching is a hybrid L2 and L3 protocol Independent customer networks predefined via Virtual Routing and Forwarding (VRF) tables Uses MPLS labels to traverse authorized path (VRF) Actual path can be dynamically determined depending upon network and traffic conditions (within the VRF) AT&T uses MPLS within our Core Backbone AT&T is a world-leader in providing private customer MPLS networks MPLS offers Class of Service (assigning priorities to traffic types) Private MPLS networks have same security characteristics as L2 networks Page 7

Public vs. Private PUBLIC (UNTrusted) Internet is a Public Network Publicly Accessible Network of Networks Inherently INSECURE No universal safeguards in place Variable and Unknown data path Packet Headers can be spoofed and re-directed PRIVATE (Trusted) Private Networks do not allow external access except through controlled measures Access Control and Authentication: Token, SSL, IPSec, etc. Point to Point (L2 Networks) are inherently secure MPLS Networks using VRF are inherently PRIVATE Page 8

Value of MPLS Any to any connectivity within a VPN, allowing enterprise level security. Highly scalable. Level of security equivalent to Frame Relay or ATM through logical partitioning of traffic and routing information. Standards compliant, RFC 2547. Transition from frame-relay network technologies. Failure recovery is simple, leading to increased network stability Quality of service mechanisms allow one solution for voice, video and data Easy to manage, no virtual circuit provisioning required Can use private addresses within VPN Scaleable full mesh connectivity with single connection per location, leading to lower costs and more flexibility Page 9

AT&T Engineered Networks 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

OC768 Capable MPLS Core Network OC 768 MPLS BB 40 Gb/sec AT&T POP Distribution Not Represented on Map: OC192, OC48, OC12, OC3 T1, T3/DS3 There are many kinds of POPs (AT&T Point of Presence offices) For T1 service, there are greater than 600 POPs nationwide (CONUS) Page 11

AT&T Global Network Leadership Today, the network comprises: 523,000 fiber route miles 30 Internet data centers on 4 continents Dedicated MPLS access from over 1,550 nodes serving 127 countries Wired Ethernet from over 1,600 access points in 17 countries 5.4 petabytes of traffic on an average business day Customer care 24/7 service Petabyte = one Quadrillion Bytes (10 15 ) Page 12

How AT&T Secures its MPLS Network and Global Network Backbone Block access to infrastructure addresses Anti-Spoofing for NOC addresses Source address assurance Routing stability filters Flow monitors & reactive DoS tools Customer Customer Customer Internet AT&T IP Backbone Block access to infrastructure addresses Anti-Spoofing for NOC addresses Maximum AS limit checks Route dampening Router Filtering (eg RFC1918) TACAS+ Authentication Turn-off unnecessary services Automated configuration & exception reports AT&T Work Center Ingress/egress packet filters Firewalls Route advertise. suppression Token based authentication IDS Sensors Encrypted remote access Remote Sniffers AT&T Service VoIP ICDS WorldNet Ingress/egress packet filters Firewalls Route advertise. suppression Token based authentication IDS Sensors Encrypted remote access Page 13

AT&T VPN Service Customer Network AT&T VPN Network-Based IP VPN Service enabled by Multiprotocol Label Switching (MPLS) ATM Customer Access FR Ethernet The Internet Firewall Application awareness supported by Class of Service (CoS) IP DSL AT&T POP AT&T MPLS Network Features MPLS inherent security Variety of access options Global availability Diversity Options -FR & ATM MPLS ports (US availability) Unilink Multicast U.S. availability; MOW Controlled Introduction Multi-link Point-to-Point Protocol (MLPPP) (US availability) Service Level Agreements Award-winning AT&T BusinessDirect portal Client Benefits Application awareness Scalability Agile, reliable, flexible any-to-any connectivity Easy access to reporting / tools Industry-leading Service Level Agreements Investment Protection Meshed network with Class of Service Built-in Disaster Recovery Security, Integrity, Reliability, Availability Page 14

Virtual Private Networks 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

VPN over Internet Architecture Premise Based VPN Technologies Employed at Remote Locations and Head Office Tunneling, Encryption, Authentication SSL IPSec PPTP Tokens Corporate Office Tunnel Termination and Authentication Dial/Broadband Internet Secure Tunnel Remote Users WiFi /Mobile DSL Cable Remote Offices Internet (Untrusted, Public) + VPN Technologies = Secure Network Typically Point to Point Tunnel Page 16

AT&T MPLS VPN Network Based VPN AT&T VPN Multiprotocol Label Switching (MPLS) Any to Any Connectivity Application awareness supported by Class of Service (CoS) Features MPLS inherent security capabilities Variety of access options Domestic and Global availability Feature rich services Service Level Agreements Integration of wireline and wireless Award-winning AT&T BusinessDirect portal Remote Location Customer Location Mobile Worker Mobile Worker Client Benefits Cellular Wi-Fi IPSec IPSEC/SSL Application awareness Scalability Internet Dial/DSL VPN GW Agile, reliable, flexible, any-to-any connectivity Easy to access reporting / tools Industry-leading Service Level Agreements Investment Protection Meshed network with Class of Service Built-in Disaster Recovery AT&T Network MPLS VPN IPSec Customer Location (ATT mg d CPE) Customer Location Page 17

AT&T Integrated Remote Access to Private Network (ANIRA) Remote Offices Regional Office Remote Users Dial/Broadband AT&T DSL Private Line WiFi /Mobile AT&T IP network VIG VIG MPLS VPN Private VPN Dial/Broadband Remote Users WiFi /Mobile Secure Tunnel Internet DSL Cable Remote Offices Service Manager (authentication, device configuration) Regional Office Page 18

AT&T VPN The Added Value Designing Complete Solutions VPN Remote Access Branch Managed Router VoIP Supplier AT&T Global Network Ultra-Available Ring Managed Firewall Data Center VPN Remote Access Intrusion Detection MPLS VPN Internet Storage AT&T Internet Data Center Network Based Firewall Customer Web / App Server Web Site Application Value Adds Voice over IP / LAN Telephony Content Hosting Storage Management Remote Access AT&T VPN Tunneling Service (AVTS) Network Based Video Bridging WAN Optimization 1Q08 Security Value Adds Managed Firewall Managed Authentication Anti-Virus Scanning InterNet Protect (Intrusion Detection) Private Intranet Protect Transport / Access Value Adds Private Line Frame Relay / ATM AT&T Network-based IPVPN Remote Access (ANIRA) Page 19

Delivering Differentiated Networking Value Enterprise Networking Solutions Performance Agility Control Security Consistent global architecture, seamlessly integrated Unsurpassed application performance around the world Industry leading Service Level Agreements for VPN s Site Availability / TTR Latency/Packet Delivery/Jitter On-Time Provisioning Always-on infrastructure and recovery capabilities In-country / inlanguage end-user support Integrate wireline and wireless solutions Any-to-any connectivity regardless of access type, location or speed Traffic prioritization with ability to set performance at transaction level AT&T Global Network Client enabling intelligent, integrated access selection Leading network convergence to IP VPN and IP applications Global Network Operations Center network monitoring 24/7 Industry leading, award winning AT&T BusinessDirect portal Global Network Client with end-user control Enterprise determines extent of access for endusers Manage costs as well as existing investments Service level preferences (congestion, latency, security); network manages administration Network-based, technology inherent protection Optional Personal Firewall Encrypted site to site connectivity Intrusion detection as network safeguard Dedicated connectivity between AT&T and customer data center Infrastructure helps ensure confidentiality and integrity of communications Device level, application and endto-end security service best practices Page 20

Thank You Questions? 2008 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information