Hierarchical VPNs, Neighbor Discovery and Broadcast Links in Virtual Router Approach
advertisement
Hierarchical VPNs, Neighbor Discovery and Broadcast Links in Virtual Router Approach Karthik Muthukrishnan Senior Consulting Engineer Thomas Walsh Principal Network Consultant Lucent Technologies 26 April 2001 ©2001, Lucent Technologies IP VPN Motivation Realization of multiple private, geographically dispersed IP Networks (transparent and secure private IP interconnection) over a shared provider infrastructure 26 April 2001 © 2001, Lucent Technologies 2 IP VPNs Motivation IP MPLS VPNs Emulate a Private Network Over a Shared IP Network Branch/ Regional Offices Remote Workers Shared IP Network Internet Corporate Headquarters Customers, Suppliers • Layer 3 - Any to Any connectivity • Security, reliability, performance, management • No manual configuration of PVCs or tunnels 26 April 2001 © 2001, Lucent Technologies 3 Multiple IP VPNs Physical Topology View Customer A Headquarters Customer B Dallas Branch CE Router Customer B Headquarters Logical VPN View CE Router CE Router HQ PE PE VNP 20000 VNP 100 VNP 10 VNP 100 Boston VNP 1000 LA VNP 10 VNP 20000 P VNP 100 P PE HQ PE VNP 20000 VNP 10000 VNP 10 VNP 10 CE Router Customer B LA Branch 26 April 2001 Customer A VPN CE Router VNP 10 Customer A LA Branch VNP 10 CE Router Customer A Boston Branch Customer B VPN Dallas LA © 2001, Lucent Technologies 4 IP VPN Features • • • • • • • 26 April 2001 Private Addressing Intranet Extranet Privacy Multiple sites Traffic engineering IP enabled services (including voice) © 2001, Lucent Technologies 5 What are Virtual Routers? • Each Virtual Router (VR) is a cross sectional slice of the hardware and software resources. • Each VR is NOT a separate operating system“task” • Resides only at edge of SP network • Logically equivalent to a physical router (filters, interfaces, routing ports, access lists, configuration, management, monitoring,) • VRs and physical routers in a VPN represent a private routing domain with defined points of connection to the rest of the world • VRs discover each other in the same way physical routers discover each other over a LAN • Use standard link level multicast • No need for an additional membership discovery scheme 26 April 2001 © 2001, Lucent Technologies 6 Hierarchical VPNs [Carrier’s carrier] 26 April 2001 © 2001, Lucent Technologies 7 IP VPN - Green Foods Paris Office Green Foods Berlin Office Green Foods Remote Workers PSTN/Cable/DSL/Wireless Boston Office Green Foods 26 April 2001 Omni Present Provider © 2001, Lucent Technologies 8 IP VPN - Red Foods London Office Red Foods Omni Present Provider PSTN/DSL/Cable/ Wireless 26 April 2001 Internet Paris Office Red Foods © 2001, Lucent Technologies 9 Problem Statement • Omni present provider rarely present.. • Regional providers provide last mile service • National/International carriers provide global connectivity • Need bridge to connect regional and global carriers 26 April 2001 © 2001, Lucent Technologies 10 Hierarchical VPNs - Business Model Paris Office Green Foods London Office Red Foods London Provider Paris Provider International Provider Paris Office Red Foods Berlin Provider Boston Provider Berlin Office Green Foods Boston Office Green Foods 26 April 2001 © 2001, Lucent Technologies 11 Hierarchical VPNs - Network Model Paris Office Green Foods London Office Red Foods London Provider VR VR VR Paris Provider VR VR VR VR VR International Provider VR VR Paris Office Red Foods VR VR VR Boston Provider VR VR Berlin Provider VR VR VR Berlin Office Green Foods Boston Office Green Foods 26 April 2001 © 2001, Lucent Technologies 12 Multi-Level Hierarchical VPNs Level 1 VPNs Level 0 VPN Level 1 VPNs VPN X VPN X VPN Y VPN Y VPN A VPN Z VPN Z Data within a Level 1 VPN is transported transparently across the Level 0 VPN Hierarchies can be extended to more than two Levels 26 April 2001 © 2001, Lucent Technologies 13 Hierarchical VPNs Paris Office Green Foods London Office Red Foods London Provider VR VR VR Paris Provider VR VR VR International Provider VR VR VR VR Paris Office Red Foods VR VR VR VR Boston Provider VR Berlin Provider VR VR VR Berlin Office Green Foods Boston Office Green Foods 26 April 2001 © 2001, Lucent Technologies 14 VPN LSP Tunnels VR VR VR VR Purple VPN’s LSP Tunnel VR 26 April 2001 © 2001, Lucent Technologies 15 Inter VR Links VR VR VR VR Level 1 VPN Level 2 VPN Level 2 VPN VR VR 26 April 2001 © 2001, Lucent Technologies 16 Inter VR Links • Supports hierarchical relationship • Level 1 .. Level 2 .. Level N VPNs • Supports peering relationship • Internet connectivity • Inter VPN [controlled] connectivity – Controlled by standard routing policies at both ends 26 April 2001 © 2001, Lucent Technologies 17 Neighbor Discovery via Broadcast Links 26 April 2001 © 2001, Lucent Technologies 18 Neighbor Discovery Customer A Branch (Boston) Parts DB 165.1.1.1 Switch-B Backbone address =150.202.77.2 VR-B Service Provider’s Network IP Interface (150.1.1.2) IP Interface (150.1.1.1) Inter VR Broadcast Link VR-A Switch-A Backbone address = 150.202.78.12 VR-C IP Interface (150.1.1.3) Switch-C internal Backbone address = 150.202.79.12 Customer A’s Vendor Customer A HQ (Chicago) 185.1.1.1 26 April 2001 © 2001, Lucent Technologies 19 For more information • Muthukrishnan, K. et al, “A Core MPLS IP VPN Architecture”, RFC-2917, September 2000 • Muthukrishnan, K. et al, “A Core MPLS IP VPN Architecture”, <draft-muthukrishnan-rfc2917bis-00.txt>, work in progress in IETF • Kathirvelu, C. et al, “A Core MPLS IP VPN Link Broadcast and Virtual Router Discovery”, <draft-kathirvelu-corevpn-disc-00.txt>, work in progress in IETF • Kathirvelu, C. et al, “Hierarchical VPN over MPLS Transport”, <draft-kathirvelu-hiervpn-corevpn-00.txt>, work in progress in IETF • Draft ITU-T Recommendation Y.1311.1, Network Based IP VPN over MPLS Architecture 26 April 2001 © 2001, Lucent Technologies 20 Thank you! Karthik Muthukrishnan mkarthik@lucent.com 26 April 2001 Thomas Walsh tdwalsh@lucent.com © 2001, Lucent Technologies 21
