MPLS Networks - Citycom London

advertisement
MPLS Networks
A private IP wide area networking service
Connecting London. Globally.
Vodafone
Product
Description MPLS
IPVPN
Vodafone
MPLS IPVPN
in partnership with
Page
Content
2
1.
Introduction
2
2.
At a glance
3
3.
The service in detail
16
4.
Technical Information
18
5.
Service Support
Vodafone
Product
Description MPLS
IPVPN
1. Introduction
This document is intended to describe the Vodafone MPLS IPVPN Service, its standard and optional
features, optional network based services, technical information, service and support, together with
commercial terms. The service description is intended for technical and non-technical representatives within
the customer’s organisation.
2. At a glance
The Vodafone MPLS IPVPN service has been specifically developed to meet the requirements of multi-site,
small to medium sized enterprises with sites focused within the UK. International sites can be connected, on
a case by case basis, using our international coverage.
Vodafone MPLS IPVPN is provided over our Multi-Service Platform (MSP) which is already used by a number
of major FTSE100 companies, public sector and secure government organisations. Leveraging the latest DSL
and Ethernet access technologies, IPVPN offers UK SMEs a higher speed, private WAN service, scalable to
1Gbps as standard, for a more affordable price.
Our MSP has been built to 99.999% availability within the core and will re-converge in less than 50 milliseconds
in event of routing failure. It is fully scalable and accredited to carry secure government traffic as well as being
ISO27001 compliant. Provided as a wires only service, or with managed customer site routers, our IPVPN
service offers a secure ‘any to any’ or ‘point to multi-point’ converged communications service with quality and
reliability service level guarantees.
No matter whether users connect to the IPVPN from fixed locations, or remotely, they will benefit from a
seamless, secure and consistently high quality, service experience. It is possible to prioritise traffic across up to
3 different network classes of service. This ensures that real time, or delay/jitter sensitive applications, such as
VOIP, Video Conferencing, Citrix and EPOS, are prioritized accordingly to ensure an optimised
communications experience even when the network becomes congested.
The service also benefits from extensive Deep Ethernet Access via BT exchanges and Local Loop
Unbundled access networks, which allow Vodafone to offer a more affordable, higher speed WAN solution,
with assured quality, so giving customers a great opportunity to converge and centralize services and
applications, over a single WAN in order to significantly reduce costs. Vodafone also offers a range of
integrated service options over IPVPN, benefiting our customer’s businesses and saving money by helping
them ‘do more for less’ over a single IPVPN WAN. Integrated service options currently include Network
Based Internet Access (with optional Firewall), a Secure Remote User Access service and SIP Trunking to
allow customers to create a fully converge network for all their communications needs.
Vodafone
Product
Description MPLS
IPVPN
3. The Service in Detail
3.1. Logical Overview
Vodafone MPLS IPVPN is a private IP wide area networking service which is provided over our new
Multi-Service Platform (MSP). An IP Virtual Private Network (VPN) is built and configured between
customer sites connected to the MSP for each customer. MPLS IPVPN can be ordered as a ‘Managed’
or ‘Wires Only’ service. The Managed service option includes Vodafone managed and maintained
customer site routers known as Managed Customer Premises Equipment (MCPE). The Wires Only
service does not include MCPE.
The IPVPN is typically configured as a ‘multi-point to multi-point’ service. It uses multi-protocol label
switching (MPLS), together with DSCP based marking and per-packet scheduling, to manage quality
of service (QoS) and protect sensitive data end-to-end. The IP-VPN technology used is broadly
described in the architecture framework covered in IETF RFC 4364 (2547bis).
The main service components are:
�
Network Access - this connects the Customer site to a site on the MSP. Resilience and
Backup (service failover) options are supported.
�
Service Bandwidth - This is the bandwidth that gives the site access to the MPLS network.
Customers can buy the service bandwidth that they need now and upgrade later.
�
Class of Service - allowing customers to prioritise delay sensitive voice, data and multimedia traffic at a site to ensuring an optimum user experience.
�
Customer Site Routers – sometimes called Managed CPE. Where ordered these will be
installed, configured, managed (remotely for changes where possible) and maintained by
Vodafone. When a customer takes our managed routers, Vodafone offer site to site quality of
service level guarantees and performance reporting where ordered.
�
Optional service features - which can be ordered on a per Customer site basis.
�
Service options which can be ordered on a per customer network basis.
�
Monitoring and management of the Service up to the Service Demarcation Point for service
affecting faults as defined in the service schedule.
Fault management support 24/7 every day of the year.
�
3.2. The Multi Service Platform (MSP)
MPLS IPVPN is provided over our latest next generation multi-service network platform (MSP). The MSP
forms the strategic data platform for current and future products.
Fully scalable to 1Gbps on a per site basis, the MSP is built to scale up to 20Gbps in the core and can
be upgraded to 40Gbps+ for low incremental cost in the future.
Built to 99.999% availability, the MSP offers guaranteed quality of service for mission critical
communications and is ideally suited for customers looking to improve efficiencies by converging
communications onto a single WAN. The MSP leverages next generation business and support systems
ensuring efficient and accurate order, provide, monitor, assure and billing processes and procedures.
The MSP is CTAS 224 accredited and has ISO27001 certification for Information Security Management.
Its extensive network coverage gives Vodafone the ability to target new and existing customers with a
commercially compelling WAN service. Vodafone can serve over 98% of businesses with best value
symmetric and asymmetric bandwidths using our LLU and Ethernet access platforms. Furthermore, we
provide secure access for remote users and have connected over 16,000 buildings on our own fibre.
Vodafone
Product
Description MPLS
IPVPN
3.3. Network Access
Customer Premises can be connected using a variety of Network Access technologies. Dependant on the
type of Network Access, a range of throttled port bandwidth options can be supported as detailed below:
3.1.1 Leased Line Access
Network
Access
Available Service Bandwidths
Bandwidth
Classes of
Service
Interface(s) for Wires Only
Services
2Mbps
512Kbps,1Mbps, 2Mbps
3
X21 / G703
2x2Mbps
4Mbps
3
X21 / G703
*34Mbps
10, 15, 20, 30, 34Mbps
3
G703
*45Mbps
10, 15, 20, 30, 40,45Mbps
3
G703
*155Mbps
100, 155Mbps
3
G957 (STM1o)
* bespoke request only
3.1.2 Ethernet Access over Copper ( EFM)
Network Access Bandwidth
2,4,6,8,10,15 or 20 Mbps
Available Service
Bandwidths
Interface(s) for
Wires Only
Services
Classes of
Service
2,4,6,8,10,15,20Mbps
3
RJ45
3.1.3Ethernet Access over Fibre
Network Access Bandwidth
Available Service Bandwidths
Classes of
Service
Interface(s) for
Wires Only
Services
10Mbps
2,4,6,8,10Mbps
3
RJ45
100Mbps
10,15,20,30,40,50,60,70,80,90
100Mbps
3
RJ45
1000Mbps
100,150,200,300,400,500,600,
700,800,900,1000Mbps
3
1000BaseSx
(Dual SC)
1000BaseLx
(Dual SC)
Notes:
Ethernet Access may be provided with additional Vodafone supplied Ethernet NTE allowing Vodafone to use next generation
Ethernet management standards to monitor the connections & better isolate and diagnose faults. This will reduce the available
bandwidth on the Network Access by 200Kbps.
In some circumstances, 100Mbps and 1000Mbps Ethernet Access rates may be limited to a maximum of 97Mbps and
997Mbps respectively due to the underlying technology used to deliver the service.
Service Bandwidths are inclusive of all protocol and access network transmission overheads.
The maximum cable distance supported between the LAN interface of the Ethernet NTE & CPE router is 100metres
except where 1000BaseLx Interfaces are ordered.
Vodafone
Product
Description MPLS
IPVPN
3.1.4 DSL Access
The Network Access can also be provided using either symmetric or asymmetric private DSL technology.
Symmetric DSL (SDSL) connections support the same upstream bandwidth into the MSP and downstream
bandwidth into the customer site. SDSL is ideal where your customers wish to send large amount of traffic or
require assurance of upstream bandwidth - for example for peer to peer services such as VOIP or Video.
Asymmetrical DSL (ADSL) supports a greater downstream bandwidth into the customer site.
Symmetric (SDSL) options – these have the same bandwidth both upstream and downstream. They are
delivered via our extensive LLU footprint and are un-contended. SDSL connections are provided over a new,
dedicated line (Metallic Path Facility) within tariff and the line cannot be shared with an analogue voice
service.
Connection
Method
Upstream
Bandwidth
DownStream
Bandwidth
Classes of
Service
Contention
Interface
SDSL 512Kbps
512Kbps
512Kbps
3
1:1
NTE5
SDSL 1Mbps
1Mbps
1Mbps
3
1:1
NTE5
SDSL 2Mbps
2Mbps
2Mbps
3
1:1
NTE5
Asymmetric (ADSL) options – these have high downstream and low upstream bandwidths. ADSL circuits
are delivered over a PSTN into the customer site. Customers have the option of nominating an existing
PSTN line or ordering a new PSTN service from Vodafone.
Connection Method
Upstream
Bandwidt
h
ADSL16
Up to
1Mbps
ADSL8 Standard
ADSL8 Premium
Downstream
Bandwidth
Classes of Service
Interface
Up to 16Mbps
3
RJ11
Up to
448Kbps
Up to 8Mbps
1
RJ11
Up to
884Kbps
Up to 8Mbps
1
RJ11
Vodafone
Product
Description MPLS
IPVPN
Rate Adaptive ADSL Connections
ADSL16 and ADSL8 connections use rate adaptive technologies based on ADSL2+ and ADSL2 standards
respectively. Although for example it is possible to achieve up to 16Mbps of downstream bandwidth, and
1Mbps of upstream bandwidth with ADSL16, the actual bandwidth achieved will depend on the length of the
copper line and its quality. On request, Vodafone will provide an indication of the expected upstream and
downstream bandwidths available at a particular site; however the actual bandwidth supported will be
determined upon service provision. Following service provision ADSL16 and ADSL8 connections require a
period of up to 10 days to stabilize to their optimum speed.
ADSL 16 Business Elevated
All ADSL16 connections are “business elevated” to provide a higher amount of “assured bandwidth” than
similar products sold as consumer products. We are able to offer all three classes of service over ADSL16 so
allowing these low cost connections to be used to assure the performance of real time or delay sensitive
applications such as VOIP, Client/Server-Citrix, IPCCTV or Video Conferencing.
3.4. Access Resilience
Dependant on the applications and services at a site, and their importance to your business, customers may
request options to improve site availability service levels. Both ‘DSL Backup’ and ‘Dual Access/Dual Parent’
resilience options are available. These come with a higher annual availability SLA as detailed in the Service
Schedule.
As standard, all access resilience options are deployed in an active/standby configuration. However, the
secondary or backup access connection can be configured in an ‘active’ configuration, so it is available for
use during normal conditions, subject to design and where requested prior to order.
3.1.5 DSL Backup
DSL backup uses a lower cost DSL service to maintain connectivity in the event of the Primary access circuit
becoming available. Vodafone offers a higher 99.95% availability target with this resilience option. The DSL
Backup circuit will usually connect to a different Provider Edge (PE) Router on the MSP platform to the
Primary Network Access. Where Vodafone provides MCPE on behalf of the Customer this will be configured
to fail-over to the DSL backup upon failure of the primary connection. Where the Customer provides the CPE
router, configuration guidelines will be provided upon request.
Primary Circuit
MSP Node
DSL Circuit
Customer
Premises
With DSL backup, the standard configuration is to have both the Primary and the Backup circuit connected to
the same customer router but separate routers can be requested. Where a Managed Customer wishes the
DSL backup circuit to have its own router, the second router should be ordered and a connection between the
two routers for failover requested with the order. Wires Only Customers should state at the time of order that
separate routers will be provided by the Customer.
The DSL Backup options supported are detailed in the table below:
Vodafone
Product
Description MPLS
IPVPN
Primary Network Access
DSL Backup Options
2Mbps to 100Mbps including SDSL*
ADSL8, ADSL16
ADSL16
ADSL8
* Any combination of access technologies where the primary access circuit passes through the same unbundled BT exchange equipment
as the backup will not be allowed.
3.1.6 Dual Access, Dual POP
Vodafone offers a 99.99% availability target with this resilience option. A site is connected with both a
Primary and a Secondary Network Access with each circuit going to separate MSP PE routers which are
normally in different MSP Nodes. Where Vodafone provides the MCPE (routers) as part of a Managed
Service, these will be connected together at the customer site using a local ‘heartbeat’ connection.
Our standard option is for traffic to be configured to fail over to the Secondary Network Access circuit should
the Primary Network Access circuit become unavailable. However, it is also possible to use both Network
Access circuits at the same time, in a load balanced configuration.
Vodafone will use reasonable endeavours to provide assured diversity (at a cable and also duct level where
possible) between the Primary and Secondary access. At the customer site, a common building entrance
point will be used as standard. Vodafone will consider requests for enhanced resilience on a bespoke basis.
Primary Circuit
MSP Nodes
Secondary
Circuit
Customer
Premises
With Dual Access, Dual PoP, the Primary and the Secondary circuits are normally connected to different MSP
Nodes and to different routers at the customer site.
Primary and Secondary Network Access may use different access technologies. The Secondary Access
bandwidth must not exceed that of the Primary. Options supported are detailed in the table below:
Vodafone
Product
Description MPLS
IPVPN
Primary Network Access
Secondary Network Access Options
2Mbps to 1000Mbps*
2Mbps to 1000Mbps*
* PRIMARY AND SECONDARY ACCESS CIRCUITS MUST BE ROUTED THROUGH DIFFERENT BT EXCHANGES.
3.5 Network Class of Service
Our MPLS IPVPN service uses IP Quality of Service (QoS) to prioritise different types of traffic, ensuring that
business critical and/or real time applications perform effectively should a customer’s IPVPN network
become congested. Customers are able to assign IP packets, as a percentage of their port bandwidth at a
site, across three Classes of Service (CoS) in accordance with defined profiles as detailed later in this
section. With the Managed service, where Vodafone provides the MCPE, each CoS has its own contractual
SLA which applies between sites, as detailed in the Service Schedule, for latency, jitter and packet loss
guaranteed by a service credit scheme. With the Wires Only service, the Service Schedule outlines service
Class of Service
Description
Typical
Applications
Application Characteristics
Premium
The highest
level CoS,
prioritized over
all other traffic
Voice, video
conferencing
Real time, business critical,
designed for voice.
Enhanced
The mid-level
CoS. More
important than
Standard
Enterprise apps
(Citrix, Oracle,
SAP)
Financial
transactions
Streamed video
Important, interactive, less sensitive
to jitter but still delay sensitive
Standard
The lowest level
CoS
E-mail, web
browsing, FTP &
HTTP downloads
Not real time or interactive
Not sensitive to delay/jitter
level targets for latency, jitter and packet loss which apply between MSP Provider Edge (PE) routers.
The table below illustrates the different Classes of Service (CoS) and example usage:
Vodafone
Product
Description MPLS
IPVPN
The number of Classes of Service available at each customer site depends on the site location and network
access technology. The table below provides further information:
Network Access
Number of Classes
Supported
Leased Line
3
Ethernet
3
SDSL (LLU)
3
ADSL16 (LLU)
3
ADSL8 (Standard or
Premium)
1
Customers are able to order a range of pre-configured CoS profiles as detailed below:
Class of Service profiles available with Ethernet, Leased Lines & SDSL Access (%)
Profile No
1
2
3
4
5
6
7
8
9
10
11
12
Premium
0
0
0
0
0
20
20
20
50
40
50
70
Enhanced
0
30
50
60
80
0
30
60
0
60
50
20
Standard
100
70
50
40
20
80
50
20
50
0
0
10
The amounts shown represent a percentage of the IPVPN service bandwidth purchased for the site.
Vodafone
Product
Description MPLS
IPVPN
Class of Service Profiles with ADSL 8 Access
Only COS Profile 1 (all Standard CoS) is available with ADSL8 based connections
Class of Service Profiles with ADSL 16 Access
COS Profile
Downstream class bandwidth (kbps)
Upstream class bandwidth (kbps)
Premium
Enhanced
Premium
Enhanced
COS Profile 10
140
0
140
0
COS Profile 20
0
210
0
250
COS Profile 30
220
0
220
0
COS Profile 40
140
210
140
250
COS Profile 50
220
210
220
60
COS Profile 60
440
0
440
0
COS Profile 70
140
440
140
250
COS Profile 80
220
440
220
250
Note that ADSL16 can also be ordered with 100% Standard Class of Service
General Notes:
�
Typically 1% (or 16Kbps whichever is larger) of bandwidth at a site is reserved for Vodafone
management. However, whilst idle this bandwidth will be dynamically reallocated for the customer to
use.
�
Where only 1 class of service is supported on the access circuit this will be provided as Standard as
default.
�
With the exception of ADSL16, If traffic at a site exceeds the contracted bandwidth allocated to a Class
of Service, then Standard and Enhanced traffic are able to burst up into bandwidth allocated to other
Classes of Service where it is available, otherwise traffic will be dropped. Premium traffic will be
dropped where the sufficient Premium CoS bandwidth is not available. This is described in the table
below:
The consequences if traffic exceeds its bandwidth allocation
Premium CoS
Packets will be dropped. They will not be queued because premium traffic, by its nature,
needs to be transmitted in real time. It is therefore important to have your real-time traffic
needs accurately assessed and adequate bandwidth assigned — it must not exceed its
allocation.
Enhanced CoS
Traffic will burst into Standard and Premium bandwidth if it is available. If there is no
available bandwidth, packets will be dropped using granular congestion avoidance.
Standard CoS
Traffic will burst into Enhanced and Premium bandwidth if it is available. If there is no
available bandwidth, packets will be dropped using congestion avoidance.
Vodafone
Product
Description MPLS
IPVPN
Traffic in each CoS is within contract as long as it does not exceed the specified bandwidth for that class. As
long as traffic is within contract, the service levels for that CoS apply. If traffic exceeds the bandwidth allocated
to it, these service levels cannot be guaranteed.
ADSL16 specific notes:
Where Customer Sites are connected with asymmetric bandwidths using ADSL 16 and the traffic exceeds the
bandwidth limit set out in the CoS Allocation the following provisions shall apply:
� for Premium and Enhanced CoS, packets in excess of the relevant bandwidth limit will be dropped; and
� for Standard CoS, traffic will use any available bandwidth in other CoS levels. Packets will be dropped
if the total available bandwidth is exceeded or in the event of a fault on the Backbone causing
congestion.
.
Where Premium CoS is ordered on ADSL16, our testing implies that the following concurrent VOIP calls should
be supportable:
TESTED VOIPCALLS
260K
450K
G729
(20m s)
G711
(20m s)
16
5
8
3
3.6. Managed Customer Premises Equipment (MCPE)
Where IPVPN is ordered as a Managed Service, Vodafone responsibilities extend to a Managed Customer Site
router. We will install and configure the router in accordance with your order. We will manage and maintain the
router in life as follows:
�
Undertake service change requests, including soft and minor changes which will be remotely
configured, for example changes to routing, IP addressing, class of service or throttled port
bandwidths.
�
Proactive monitoring for critical hard down, unavailability, alarms.
�
Provide 24/7 fault management, including remote fault diagnosis and fault resolution where
possible, and on-site repair or replacement of the Managed Router hardware or software, if
necessary, to resolve faults.
Where the Managed IPVPN service is ordered we offer site to site quality of service level guarantees between
pairs of managed customer site routers. When ordered, our Performance Reporting provides visibility of router
availability, utilization and performance. Where ordered Reporting can also be configured to include quality of
service performance reports between each customer site router and nominated parent (or peer) routers.
Vodafone
Product
Description MPLS
IPVPN
3.7. Optional Service Features
3.7.1 Network Performance Reporting
Network Performance Reporting can currently be only ordered with Managed IPVPN services where
Vodafone provides the Managed CPE (MCPE). A version of Reporting for non-managed customers is being
prepared and is expected to be available by summer 2013.
The reports are accessed via a portal and can be used to monitor historical performance, consider trends
and events, or to review performance at a point in time. The main benefits are summarized below:
Network performance monitoring — provides reports which show the performance of the customer’s IPVPN
network, enabling performance to be monitored in order to optimise routing and CoS allocation, and to check
the effect of changing traffic patterns on the customer’s network.
Capacity planning — historical trend information helps customers to plan network upgrades.
Vodafone
Product
Description MPLS
IPVPN
Available Reports
The different types of report, which are available as standard, are summarized below:
Report
Summary
ADSL 16
ADSL 8
1M to 1G
Symmetri
c
Service Inventory
Sites, access circuits and
managed routers
Y
Y
Y
Core Network
Reports
Round trip delay, packet loss
& jitter performance between
select MSP Routers
Traffic &
Connectivity
Utilisation & availability
Y
Y
Y
Class of Service*
Per CoS utilization and
discards
N^
N
Y
CE to CE
Reporting
Round trip delay, jitter &
packet loss between
nominated sites
N
N
Y
Exceptions
Critical fault alarms
Y
Y
Y
Bandwidt
h
This report is not site/service specific
*Where multiple classes of service are purchased ^ in development. For full details please ask for a copy of the network
Performance reporting user guide.
Single Customer Login
Customers with one or multiple products, whose reports are accessed through our MyStats (Infovista 4)
portal, can view the reports for these products under a single login (Single User Login) to our reporting portal
URL: MYSTATS4.CW.COM.
We will provide up to 3 logins per IPVPN network.
At the top right of the front page, your customers can select the Product against which they want to view
reports. The products are grouped by category; IPVPN is shown under the WAN category.
Multi Customer Login
Partners can gain access their customer’s performance reports via our Partner Portal. It is possible for you to
request access to all your end customer’s MyStats reports using the same login (Multi-User Login).
Vodafone
Product
Description MPLS
IPVPN
3.7.2 Multi-VPN
The Multiple VPN (Multi-VPN) feature allows customers to run separate IPVPN networks over a common
Network Access into a Customer Site. Multi-VPN is often used for security reasons in order to restrict access to
the main corporate VPN. Typical uses are summarized below:
�
Used in connection with the Optional Network Based Internet Access service, providing sites
with access to the internet over a separate VPN to the corporate network.
�
Used to create a separate VPN connecting some or all of a customer’s sites to a third party
application or facility. For example, Vodafone Wholesale Customers may make available a range
of network hosted services to their IPVPN customers.
�
In order to separate branch networks from the network running between the main corporate
head offices and/or data centres.
Multi-VPN is supported where the Network Access is an Ethernet or single Leased Line connection
but is not supported when the Network Access is provided using DSL or multiple 2Mbps Leased
Lines.
It is however possible to connect a site connected via DSL or nx2Mb to any of the individual VPNs.
3.7.3 Network Based Internet Access (NBIA)
Network Based Internet Access (NBIA) provides an internet gateway facility on the MSP network which can
be used to provide the users at any site on the customer’s IPVPN network with access to the public Internet.
This removes the need for customer’s to purchase Dedicated Internet Access Services into one or several
sites on their network. The MSP network is diversely connected to our Global IP Backbone, so it provides a
fast, business quality, resilient and reliable Internet service. NBIA is available at the following
bandwidths:2,4,6,8,10,15,20,25,30,35,40,45,50,55,60,64Mbps. Higher bandwidths may be possible on a per
customer basis.
NBIA can be considered at “pool” that can be used by all of the sites on a customer’s VPN, so if a customer
takes 10Mb of NBIA the combined demand from all that customer’s sites for Internet Access should not
exceed this figure.
Customer’s taking Network Based Internet Access should ensure that each VPN site has sufficient service
bandwidth to handle their normal data traffic and the Internet traffic at each site. For Internet Access, service
bandwidth with Standard Class of Service is recommended.
Customers buying NBIA are also able to use the Mail Relay service, which allows the outbound relay of
emails to the Internet, and our Caching DNS service, which will enable them to make DNS queries.
A range of additional features can be ordered with NBIA to offer improved resilience, security and
service:
�
VRF-Lite (performs a similar function to Multi-VPN) – when ordered with NBIA this allows you to separate
Internet access from the corporate VPN.
�
Resilient Gateways - NBIA will be configured from two gateways for all applicable sites across your IPVPN
QoS network. The internet bandwidth must be the same at each gateway.
�
Network Based Firewall - NBIA must be ordered with a Network Based Firewalls (NBF) facility unless your
customer has her own firewall. Where ordered, you should complete the NBIA questionnaire provided,
and submit this with your order. NBF implements stateful packet filtering technology, ensuring that all
packets routed through the firewall belong to traffic flows that have been allowed by the firewall’s security
Vodafone
Product
Description MPLS
IPVPN
policy. Stateful packet filtering facilitates IP layer security whilst not impacting throughput. Additionally, the
firewall can be configured to allow access to only limited TCP ports on the server – such as port 25 for
SMTP email, ensuring that the server can only be connected to the absolute minimum required ports
providing the specified service. For outbound access, NBF can be configured to restrict use of applications
– both in terms of the type of application and also in terms of the address ranges allowed to use the
application; this enables you to restrict the use of Internet applications to align with company IT or security
policy. Where Multi-VPN is used, NBF can complement the configuration, providing basic border security
services. Firewall rules may be configured based on any combination of the following: Source IP address
(or address range) Destination IP address (or address range), Transport protocol (UDP/TCP etc),
Application type (by destination port and transport protocol). All traffic matching a rule may be permitted or
dropped, as specified by the rule.
�
Separately, you may provide your own dedicated firewall. Where dedicated firewalls are deployed, then
the VRF-Lite feature may be used to route all Internet traffic through the site hosting the firewall.
�
Domain Name Services: our Domain Name Service (DNS) provides a registration, transfer and hosting
service for one or more business, or government, domains. Our DNS Hosting is a high availability domain
name hosting service, ensuring that your domain names are visible at all times. DNS provides a “directory
enquiries” type function for the Internet, mapping the names of Internet computers (such as
www.Vodafone.co.uk) to individual IP addresses. Each name hosted may have an unlimited number of
associated computers (and sub-domains) listed as Address (A) records. We also will also facilitate multiple
Mail eXchanger (MX) records for the delivery of email. Using mail exchange (MX) records in conjunction
with corresponding mail systems, our DNS can also be used to send and receive e-mail. Your customers
are able to specify preference levels, and we will list the primary and secondary Domain Name Server
(DNS) as appropriate. Mail relay is available providing a default point for outbound mails for your e-mail
servers.
�
IP Addresses: we are able to assign public IP addresses provided that the required IP addresses are
acceptable to RIPE or the applicable governing body. Unless Provider Independent IP addresses &/or
Autonomous System Numbers are ordered and assigned, any IP address assigned by Vodafone as part
of the Service will be non-portable and non-transferable. The assignment terminates immediately upon us
ceasing to provide the Service associated with that address.
3.7.4 Secure Remote User Access
Secure Remote User Access (SRUA) allows remote users connected to the Internet to connect securely to
their company’s IPVPN network using IPSec encryption. The service is based on Cisco VPN soft client and
comes with Managed Authentication. We will provide the Cisco VPN client for download and only versions of
the Cisco VPN client provided by us must be used. Whilst SRUA does not offer “end-to-end encryption” –
IPSec is terminated on a network based PE, Multi-VPN can be used to ensure end-to-end security of the
service to a specific customer site.
The following options are available:
�
�
Regular authentication – username/password authentication is used with customers and
tokens/PINs are required for administrators.
Strong authentication – each user requires a secure token and PIN authentication.
SRUA is used in conjunction with the customer’s wireless, broadband (fixed/wireless or mobile access), 3G
(mobile 3G) or dialup access to the Internet. If we are not the provider of these services, then it is the
responsibility of the customer to work with their access provider to resolve any faults or service issues with
the customer's access to the Internet.
Vodafone
Product
Description MPLS
IPVPN
4. Technical Information
MPLS IPVPN is based on an MPLS core, transporting IP traffic. The transmission technology in this network
core is synchronous digital hierarchy (SDH) or wave division multiplexing (WDM).It uses multi-protocol label
switching (MPLS) together with DSCP based marking and per-packet scheduling to manage quality of service
(QoS) and protect sensitive data end-to-end. The IP-VPN technology used is broadly described in the
architecture framework covered in IETF RFC 4364 (2547bis).
4.1. IP Routing
BGP and static IP routing options are supported between the MSP PE Router and the customer
site router where the network access is an Ethernet circuit or a Leased Line. The maximum
number of BGP routes per site is 500 as standard but additional routes may be supported upon
application.
Where DSL Network Access is used, only static IP routing is supported as standard but it may be
possible to support BGP routing in some cases – this on application.
4.2. MTU
As standard, the maximum IP packet size is 1500 bytes.
4.3. Class of Service Mapping
Different EF and AF DSCP code points are used in order to support the three Classes of Service as detailed
in the table below:
Vodafone
Product
Description MPLS
IPVPN
Drop Precedence
Low
Medium
High
Premium Class (Expedited
Forwarding)
Standard Class
(Assured Forwarding)
Enhanced Class (Assured
Forwarding)
AF11
001010 (10)
AF31
011010 (26)
AF12
001100 (12)
AF13
001110 (14)
AF32
011100 (28)
AF33
011110 (30)
EF
101110 (46)
Notes:
�
Each AF class has three drop precedence’s (low, medium, and high). At the onset of congestion, it is the
drop precedence that determines the importance of the packet within the class (drop high before medium
before low).
�
The Enhanced class classifies customer traffic marked with DSCP AF31,32,33 by default however if there is a
technical requirement to classify either the AF21, 22, 23 or AF41, 42, 43 Assured Forwarding markings please
detail this within the Order form. This information can be detailed in the area where the order details how the
traffic can be identified that needs to be marked as Enhanced. This will also need to be detailed if the customer
site router equipment is to be supplied by other than Vodafone.
�
With symmetric bandwidth access circuits, if traffic at a site exceeds the contracted bandwidth allocation to a
CoS, then standard and enhanced traffic are able to burst up into bandwidth allocated to other CoS where it is
available, otherwise traffic will be dropped. Premium traffic will be dropped where the contracted premium CoS
bandwidth is not available.
�
With ADSL16 access circuits, out of contract enhanced and premium traffic will be dropped
�
If Vodafone does not provide and manage the customer site router equipment then the customer is responsible
for configuring the equipment in accordance with the relevant codes, failure to do so will prevent the CoS profile
from working and we shall have no liability in respect of such a failure.
Where Vodafone does not provide and manage the customer site routers, the customer is responsible for CoS
implementation as follows:
�
We will configure the MSP to accept the CoS as ordered by the customer, but will not
guarantee CoS availability or functionality.
�
The customer will configure and deploy CoS on the appropriate CPE, to match the CoS
allocation or profile ordered.
�
We will not be obliged to provide CPE support for implementation or utilization of CoS in
response to a customer request; Vodafone may make a reasonable charge for any such
support provided.
�
The customer will not change its CoS allocation or profile without our written agreement.
4.4 Ethernet first mile (EDM) access technology
Vodafone
Product
Description MPLS
IPVPN
Access circuits of 2-20Mbps may be provided over bonded copper pairs using EFM technology. EFM is
inherently resilience, in that all the copper pairs are required to fail, in order for service to be lost and back up
or resilient access circuits to be used. EFM supports all IPVPN service features. Where sites are provided
with Dual Access, or Single Access and ADSL backup (only ADSL16 or ADSL8 is supported), then if the
primary access circuit is provided using copper EFM technology, the secondary access circuit or ADSL
backup will only become operational should the full access bandwidth capacity become unavailable. The
customer is required to use BGP routing to ensure that traffic fails over onto the DSL backup or secondary
circuit. As EFM uses copper technology we will not be liable for any degradation of performance, or fault to,
the access circuit that occurs as a result of, or in connection with, technical limitations beyond our control.
4.5 Wires only IPCPN router configuration
Where you order a ‘wires only’ IPVPN service, please request a copy of our guide to customer site router
configuration. This guide also provides access to a recommended firmware upgrade which is to be used with
ADSL access circuits which are to be connected to Cisco CPE that is using the ST Micro (STM1) chip set.
5. Service Support
All MPLS IPVPN customers benefit from 24/7, year round, fault management support.
The MSP, its access network platforms and Network Access components are monitored for critical events,
using industry leading systems which often mean we have identified and reacted to a service affecting fault
ahead of the customer calling our Customer Management Centre.
If a customer orders our managed service, they also benefit from end to end, router to router, management
which can save them operating costs from not having to maintain a dedicated resource to manage their own
routers.
For further details please see the associated Service Schedule document for the MPLS IPVPN product.
© (Month Year). Vodafone Limited. Vodafone and the Vodafone logo are trademarks of the Vodafone
Group. Other product and company names mentioned herein may be the trademarks of their respective
owners. The information contained in this publication is correct at the time of going to print. Such
information may be subject to change and services may be modified, supplemented or withdrawn by
Vodafone without prior notice. All services are subject to terms and conditions, copies of which may be
obtained upon request.
Vodafone Limited. Vodafone House, The Connection, Newbury, Berkshire RG14 2FN
Registered in England No. 1471587
Connecting London. Globally.
Citycom Technologies Ltd
70 St. Mary Axe
London EC3A 8BE
Tel: 020 7870 4841
Email: info@citycom.co.uk
www.citycom.co.uk
Download