Prototype Cloud-based Services on MPLS Service Provider in Iraq



Similar documents
MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

ICTTEN6172A Design and configure an IP- MPLS network with virtual private network tunnelling

Configuring a Basic MPLS VPN

MikroTik RouterOS Introduction to MPLS. Prague MUM Czech Republic 2009

IPv4/IPv6 Transition Mechanisms. Luka Koršič, Matjaž Straus Istenič

Enterprise Network Simulation Using MPLS- BGP

Implementing VPN over MPLS

MPLS-based Layer 3 VPNs

MP PLS VPN MPLS VPN. Prepared by Eng. Hussein M. Harb

Multi Protocol Label Switching (MPLS) is a core networking technology that

Demonstrating the high performance and feature richness of the compact MX Series

SBSCET, Firozpur (Punjab), India

Deploying and Configuring MPLS Virtual Private Networks In IP Tunnel Environments

Kingston University London

Multiprotocol Label Switching Load Balancing

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Approach to build MPLS VPN using QoS capabilities

MPLS. Cisco MPLS. Cisco Router Challenge 227. MPLS Introduction. The most up-to-date version of this test is at:

SEC , Cisco Systems, Inc. All rights reserved.

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

Data Networking and Architecture. Delegates should have some basic knowledge of Internet Protocol and Data Networking principles.

Configuring MPLS Hub-and-Spoke Layer 3 VPNs

Introducing Basic MPLS Concepts

SSVVP SIP School VVoIP Professional Certification

MPLS-based Virtual Private Network (MPLS VPN) The VPN usually belongs to one company and has several sites interconnected across the common service

MPLS L2VPN (VLL) Technology White Paper

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Virtual Private LAN Service on Cisco Catalyst 6500/6800 Supervisor Engine 2T

l.cittadini, m.cola, g.di battista

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

November Defining the Value of MPLS VPNs

Table of Contents. Cisco Configuring a Basic MPLS VPN

Expert Reference Series of White Papers. Cisco Service Provider Next Generation Networks

For internal circulation of BSNLonly

MPLS VPN. Agenda. MP-BGP VPN Overview MPLS VPN Architecture MPLS VPN Basic VPNs MPLS VPN Complex VPNs MPLS VPN Configuration (Cisco) L86 - MPLS VPN

WAN Traffic Management with PowerLink Pro100

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

MPLS Multi-Vendor Provisioning. Presented by Brian O Sullivan Director, Product Management Dorado Software October 21, 2003

White Paper. McAfee Multi-Link. Always-on connectivity with significant savings

N2X Core Routing - BGP-4 MPLS VPN scenario with integrated traffic Application Note

White Paper. Cisco MPLS based VPNs: Equivalent to the security of Frame Relay and ATM. March 30, 2001

Configuring the Transparent or Routed Firewall

Frame Mode MPLS Implementation

Networking 4 Voice and Video over IP (VVoIP)

Introduction to MPLS-based VPNs

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

How Routers Forward Packets

MPLS Implementation MPLS VPN

Cisco Which VPN Solution is Right for You?

MPLS in Private Networks Is It a Good Idea?

Designing and Developing Scalable IP Networks

MPLS VPN Services. PW, VPLS and BGP MPLS/IP VPNs

MPLS/BGP Network Simulation Techniques for Business Enterprise Networks

SSVP SIP School VoIP Professional Certification

VXLAN: Scaling Data Center Capacity. White Paper

- Multiprotocol Label Switching -

Implementing Cisco MPLS

Sprint Global MPLS VPN IP Whitepaper

IP/MPLS-Based VPNs Layer-3 vs. Layer-2

MPLS: Key Factors to Consider When Selecting Your MPLS Provider

Expert Reference Series of White Papers. Cisco Service Provider Next Generation Networks

A Simulation Analysis of Latency and Packet Loss on Virtual Private Network through Multi Virtual Routing and Forwarding

PREPARED FOR ABC CORPORATION

Network Virtualization with the Cisco Catalyst 6500/6800 Supervisor Engine 2T

This chapter covers four comprehensive scenarios that draw on several design topics covered in this book:

Internetworking II: VPNs, MPLS, and Traffic Engineering

Managed Services: Taking Advantage of Managed Services in the High-End Enterprise

MPLS/IP VPN Services Market Update, United States

CLOUD NETWORKING FOR ENTERPRISE CAMPUS APPLICATION NOTE

ICTTEN4215A Install and configure internet protocol TV in a service provider network

CS419: Computer Networks. Lecture 9: Mar 30, 2005 VPNs

Implementing Cisco Service Provider Next-Generation Edge Network Services **Part of the CCNP Service Provider track**

Interconnecting Data Centers Using VPLS

Task 20.1: Configure ASBR1 Serial 0/2 to prevent DoS attacks to ASBR1 from SP1.

Why Is MPLS VPN Security Important?

How To Understand The Benefits Of An Mpls Network

MPLS - A Choice of Signaling Protocol

IMPLEMENTING CISCO MPLS V2.3 (MPLS)

1.1. Abstract VPN Overview

RFC 2547bis: BGP/MPLS VPN Fundamentals

Multi-Link - Firewall Always-on connectivity with significant savings

Addressing Inter Provider Connections With MPLS-ICI

Whitepaper. StoneGate Multi-Link. Ensuring Always-on Connectivity with Significant Savings

MPLS: Key Factors to Consider When Selecting Your MPLS Provider Whitepaper

Configure ISDN Backup and VPN Connection

MPLS VPN Implementation

IMPLEMENTING CISCO MPLS V3.0 (MPLS)

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Juniper / Cisco Interoperability Tests. August 2014

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

Virtual Private Networks. Juha Heinänen Song Networks

Configuring Remote Access to MPLS VPN

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

Implementing Secured Converged Wide Area Networks (ISCW) Version 1.0

Introduction Inter-AS L3VPN

Implementing MPLS VPNs over IP Tunnels

Voice Over IP. MultiFlow IP Phone # 3071 Subnet # Subnet Mask IP address Telephone.

Design of Virtual Private Networks with MPLS

Cisco IP Solution Center MPLS VPN Management 5.0

Transcription:

Prototype Cloud-based Services on MPLS Service Provider in Iraq Shahad H. Zwayen College of Information Engineering Al-Nahrain University Iraq, Baghdad Mustapha B. Ibrahim College of Information Engineering Al-Nahrain University Iraq, Baghdad ABSTRACT Multiprotocol Label Switching (MPLS) is a technique for data transmission that works on wide area networks (WAN), it is used by most service providers to improve the functionality of the ISPs networks, ISPs and suppliers of Internet services use this technique to take advantage of their ability to engineering data traffic in the network traffic. Guaranteed QoS in an MPLS network requires backup paths to be preset in the network. As the world is moving to virtualization techniques Cloud computing has become an important feature for service providers. Windows Server 2012 R2 will be our tool to provide customers with the services. A business paradigm with flexible and powerful computational architecture will be shown to offer universal services to users via Internet or local network. Three main services provided by the cloud are (IaaS, SaaS and PaaS). Keywords Multiprotocol Label Switching (MPLS), Frame-Relay (FR), Cloud-Computing, Graphical Network Simulator (GNS3), Virtual Private Network (VPN), Virtual Routing and Forwarding (VRF), Traffic Engineering (TE), Adaptive Security Appliance (ASA), Generic Routing Encapsulation (GRE), Internet Protocol (IP), Voice Over IP (VOIP), Open Shortest Path First (OSPF), Border Gateway Protocol (BGP). 1. INTRODUCTION Service providers around the world can use techniques like ATM, Frame-Relay, MPLS and others to deliver services to their customers. Globally Frame-Relay was widely used but since the technology is growing so fast the world starts to migrate to a newest technology (e.g. MPLS), Frame-Relay has start to be discontinued by major Internet service providers. Our goal was to make Iraq keep pace with the world. MPLS is a private networking technology similar to the concept of Frame Relay that delivers data in the cloud which leads service providers in Iraq to move to virtualization world [1]. This service provider provides clients with internet, remote application access and a full access and control on the virtual machine with a full Email system. The customer can query any application, a username and password would be given to login and access the application they requested [2]. Multicast was chosen as a part of the services may be offered, based on the requirements of services that would be provided to customers like TV services that is very important and widely used In Iraq today. 2. SERVICE PROVIDER DESIGN The proposed Visio design shown in figure 1-2 describes how the infrastructures were allocated to cover most of Iraq's provinces. Figure 1-1: Service provider design 3. COMPETITIVE TECHNIQUES In Iraq, service providers still work with legacy technologies like Frame-Relay. FR doesn t support VPN's or QoS or Traffic Engineering It's based on an oversubscription model where frames get switched around in a Frame relay cloud. MPLS is a layer2.5 technology that switches data packets below layer3; it handles data much faster without the overhead of L3 protocols. We hoped to change the existing used technology with MPLS which is highly recommended by the world most popular service providers. A comparative analysis was made between existing techniques using OPNET modeler 14.5 simulator. 12

Figure 1-5: Latency result Figure 1-2: Frame relay topology Figure 1-3: MPLS topology The two above scenarios where simulated using OPNET modeler 14.5, using video conference as a traffic load in both scenarios the results are shown in the figures below. Figure 1-6: Traffic received result the improvement in delay and latency is refer to the use of labels in MPLS which speeds up forwarding procedure by looking into the label table without the need to examine layer 3 and layer 4 information [5]. 4. MPLS OVERVIEW MPLS is a technology can be used to facilitate the service creation process for both service provider and enterprise organizations. It is working in 2.5 layers in OSI seven layers. In MPLS networks packets are forwarded based on label. These labels might correspond to IP destination addresses per router and near local significance to router generating them. An MPLS label is a 20 bit number that is assigned to destination prefix on a router that defines the properties of the prefix as well as forwarding mechanisms that will be performed for a packets destined for the prefix. Figure 1-1 shows how the packet is forwarding based on labels [3]. Figure 1-4: Delay result Figure 1-7: forwarding in MPLS domain 13

MPLS technology offers businesses the performance of traditional VPNs but is far more cost effective. As the intelligence resides in the MPLS network core, there is no need for any expensive VPN appliances to be located on the customer premises. MPLS allows service providers to create new virtual private networks without having to install new hardware; it significantly reduces the cost of implementation, which in turn reduces the overall cost of VPNs. MPLS has many benefits from the customer perspective and service provider perspective because it connect different sites on a private tunnel through the cloud and also, MPLS is interface independence hence it can bridge all sites to become connected together (connect any type of connection the service provider support)[4]. MPLS provides QoS because it tags (ToS or DSCP) the packet and the service provider get the tags and translates them to MPLS label as the packet comes to the cloud and the label tells where exactly where it's going. It's really efficient to send data to the cloud without have to open the packet to look at layer 3 and layer 4 data [5]. 5. SERVICE PROVIDER CONFIGURATION PROCESS 5.1 Route protocol 5.2.1 MP-IBGP Configure MP-IBGP neighbor relationship between PEs and enable VPNV4 functions. #router bgp [AS] #no synchronization #bgp log-neighbor-changes #[IP of the neighbor loopback] remote-as [AS neighbor] #neighbor [IP of the neighbor loopback] update-source [ID loopback] #no auto-summary #address-family vpnv4 #neighbor [IP of the neighbor loopback] activate #neighbor [IP of the neighbor loopback] send-community both #exit-address-family #address-family ipv4 vrf [name of VRF] #redistribute connected #redistribute static 5.2.2 VRF Configure VRF instance and relative RD for each VPN at PEs. #ip vrf A #rd [rd number] #route-target [RT] 5.2.3 GRE tunnel Establish side to side tunneling and this is under control of service provider. #interface Tunnel [pick a number] #ip address [] [] #tunnel source [exit ip address of local router or exit interface of it] #tunnel destination [destination ip] #tunnel mode gre 5.3 Traffic engineering a- configure the nodes that require TE feature. Figure 1-8: Basic routing configuration topology 1- Make basic IP addresses configuration on the whole infrastructure. #interface [pick the interface] #ip address [ip] [subnetmask] 2- Make basic configuration of OSPF and MPLS at the core and PE nodes. #router ospf [pro ID] #network [net ID] [WID] area [ID] #interface [pick the interface] #mpls label protocol ldp #mpls ip 5.2 MPLS L3VPN Configure L3VPN instance route allocation control, RT, Export Target and Import Target, route convergence, route restriction and alarm at PEs. #mpls traffic-eng tunnels #router ospf [pro id] #mpls traffic-eng area #mpls traffic router-id loopback [pick a number] #int [pick interface work in mpls domain] #ip rsvp band [bandwidth in Kbps] #mpls traffic-eng tunnels b- Configuration for PE routers to get beneficent of TE. #interface Tunnel [pick a number] #ip unnumbered Loopback [pick number] #mpls ip #tunnel mode mpls traffic-eng #tunnel destination [loopback IP of the other PE] #tunnel mpls traffic-eng autoroute announce #tunnel mpls traffic-eng priority [0-7] [0-7] #tunnel mpls traffic-eng bandwidth [Kbps] #tunnel mpls traffic-eng path-option 1 [explicit dynamic] 14

5.4 Multicast a- configure sparse mode as a routing protocol #Interface [pick interface] #ip pim spares-mode b- join a multicast group #ip igmp join-group [multicast ip address] 5.5 VOIP a- configure IP SLA on the core routers #ip sla [pick number] #udp-jitter [ip address][udp port number] codec [codec type] advantage-factor [factor] #frequency [pick number] b- configure the other side with responder #ip sla responder udp-echo ipaddress [ip address] port [port number] 6. Security concerns 6.1 MPLS security Configure MPLS labels security on the core nodes to provide protection for customers data transfer. #mpls ldp neighbor [neighbor ip] password [select password] 6.2 OSPF security Configure OSPF security to prevent any internal or external attacks. #ip ospf message-digest-key [key chain number] md5 [password] 6.3 ACLs Configure the following access-lists on interfaces connected to the internet. # Access-list 1xx deny icmp any any echo-request # Access-list 1xx deny icmp any any echo-reply # Access-list 1xx permit icmp any any packet-too-big #Access-list 1xx deny icmp any any host-unreachable #Access-list 1xx deny ip 10.0.0.0 0.255.255.255 any class A #Access-list 1xx deny ip 172.16.0.0 15.0.255.255 any class B #Access-list 1xx deny ip 192.168.0.0 0.0.255.255 any class C #Access-list 1xx deny ip 224.0.0.0 15.255.255.255 any class D Multicast #Access-list 1xx deny ip 255.255.255.255 0.0.0.0 any BROADCAST. # Access-list 1xx deny ip 127.0.0.0 0.255.255.255 any LOOPBACK # Access-list 1xx deny ip 169.254.0.0 0.0.255.255 any Link Local Network 6.4 ASA firewall Make basic Cisco ASA (Adaptive Security Appliance) configuration to provide proactive threat defense that stop attacks before they spread through the network. #class-map inspection_default #match default-inspection-traffic #policy-map type inspect dns preset_dns_map #message-length maximum 512 #policy-map global_policy #class inspection_default #inspect dns preset_dns_map #inspect ftp #inspect h323 h225 #inspect h323 ras #inspect rsh #inspect rtsp #inspect sqlnet #inspect skinny #inspect sunrpc #inspect xdmcp #inspect sip #inspect netbios #inspect tftp #inspect pptp #service-policy global_policy global 7. SERVER PLACEMENT Compute environments are designed with high availability to ensure a predictable degree of operational continuity during production hours. It is imperative that the uptime of businesscritical applications not be compromised by unplanned equipment downtime [6]. At the core of any enterprise data center is some amount of critical data. The servers, operating systems, and infrastructure components are in place to facilitate user access to this data. Today's data center compute environments require a highly available and scalable architecture to support the mission-critical applications of the enterprise. To meets these needs by providing a solution with a simplified, scalable architecture designed with highavailability components throughout the solution. Starting with the server and extending to both storage and Ethernet networks. Network isolation is often recommended as a best practice in the data center. In a Cloud Suite environment, you might have several key VLANs, spanning two or more physical clusters. The network must be designed to meet the diverse needs of many different entities in an organization. These entities include applications, services, storage, administrators, and users. The network design should improve availability. Availability is typically achieved by providing network redundancy [7]. The network design should provide an acceptable level of security. Security can be achieved through controlled access where required and isolation where necessary. Simplify the network architecture by using a leaf and spine design. Configure common port group names across hosts to support virtual machine migration and failover. Separate the network for key services from one another to achieve greater security and better performance. 8. ACKNOWLEDGMENTS Our thanks to the experts Jeremy Cioara and Keith Barker, whose videos and tutorials helped us contributing towards development of this paper. 9. CONCLUSION MPLS is emerging as a widely acceptable technology today. It is important to note that MPLS is not a replacement for IP. The IP Control Plane is a fundamental component of MPLS. The ability to add the ATM, Frame-Relay and other Forwarding Plane makes it extremely attractive to both Service Providers and Enterprises. Service Providers can reduce their time to profitability by deploying MPLS VPNs, MPLS QoS and MPLS TE, rather than only providing the vanilla connectivity of VPNs. Cloud computing is possible implementation for a large-sized enterprise. IT technicians are spearheading the challenge. Several groups have recently been formed, such as the Cloud Security Alliance or the Open Cloud Consortium, with the goal of exploring the possibilities offered by cloud computing and to establish a common language among different providers. In this boiling pot, cloud 15

computing is facing several issues in gaining recognition for its merits. Its security deficiencies and benefits need to be carefully weighed before making a decision to implement it. However, the future looks less cloudy as far as more people being attracted by the topic and pursuing research to improve on its drawbacks. 10. REFERENCES [1] Pultz, Richard., 2004., Analysis of MPLS-Based IP VPN Security: Comparison to Traditional L2VPNs such as ATM and Frame Relay, and Deployment Guidelines [2] Rick Gallaher's MPLS Training Guide: Building Multi Protocol Label Switching Networks Paperback November 20, 2003, Syngress, Rick Gallaher [3] Ghein, Luc De., 2007., MPLS Fundamentals. [4] Advanced MPLS Design and Implementation,Vivek Alwayn, Published by: Cisco Press 201 West 103rd Street Indianapolis, IN 46290 USA [5] International Journal of Computer Applications Evaluating the Performance of MPLS and Frame-Relay using OPNET Modeler Mustapha B. Ibrahim, Shahad H. Zwayen - December 2014. [6] Daugherty B.; Metz C., Multiprotocol label Switching and IP, Part1: MPLS VPNs over IP Tunnels. IEEE Internet Computing [7] Installing and Configuring Windows Server 2012, lan McLean, Microsoft prepress 16

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information