VPN
Short Description
VPN...
Description
Virtual Private Networks (VPN)
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
1
What Is a Virtual Private Network (VPN)? The Term VPN can be Broken Down into Common Sense Terms: Network - A network consists of devices communicating through some arbitrary method. Devices include computers, routers, etc., which may reside in geographically diverse locations. Private – “Private" means communications between two (or more) devices which is, in some fashion, secret. A private facility restricts access to a defined set of entities, and third parties cannot gain access. Devices NOT privy to the communicated content are unaware of the private relationship altogether. Data privacy and security are key aspects of a VPN. Conversely, a "public" facility is one that is openly accessible. Virtual – The "virtualization" aspect is similar to the concept of privacy. The private communication is shared by more than a single organization, however, constructed by using logical partitioning of an underlying common, shared resource. These private networks are virtual creations with no private “physical” system. Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
2
What Is a Virtual Private Network (VPN)? VPNs, while not physically separate, operate in a discrete fashion across a shared infrastructure. VPNs provide exclusive communication environments that do not share any points of interconnection.
VPNs can be built between two end systems, between two organizations, between several end systems within a single organization, between individual applications or between multiple organizations across the global Internet, or any combination. Site may be in more than one VPN as VPNs may overlap. Not all sites need be connected to the same service provider as a VPN can span multiple providers. VPNs exist in several flavors including Frame Relay and ATM PVCs, IPSEC VPNs, Layer 2 VPNs, Layer 3 VPNs, and Tunneling Protocols Such as Generic Route Encapsulation (GRE). There are others.
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
3
Why use VPNs? Need to Virtualize Some Portion, or All, of a Organization’s Network Render Communications “Invisible” to External Observers Support Economics of Communication by Bundling Numerous Fixed High Cost and Variable Low Cost Communication Services, into a Common Communications Platform – Amortize the High Cost Components over a Larger Number of Clients Support Communications Privacy Ability to Create Heterogeneous Networks Across Multiple Access Technologies and Service Providers
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
4
A VPN Example Very Common VPN Model of Geographically Diverse Subnetworks Belong to a Common Administrative Domain Sharing an Infrastructure Outside Their Administrative Control
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
5
Types of VPNs Network Layer VPNs Based on IP (Layer 3 VPNs) Overlay/Cut-Through VPNs (Layer 2 VPNs) – ATM, Frame Relay Tunnels (Layer 2 and Layer 3) – PPP, GRE, PPTP, IPnIP, L2TP Pseudo wires (Layer 2) –TDM, Ethernet
MPLS VPNs (Layer 2 or Layer 3) Transport and Application Layer VPNs Non-IP VPNs – IPX, AppleTalk, SNA
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
6
Some VPN Types Frame Relay Overlay VPN
L2TP Tunnel
GRE Tunnel Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
7
VPN Tunnels in Mobile Data TCP/IP TCP/IP/PPP TCP/IP/
TCP/IP/PPP/GRE
PPP/GRE
TCP/IP/PPP/GRE/MLPPP
HA PE-1A
IP/MPLS PE-2A PDSN
SONET Channelized MLPPP OC-3/12 Working/ MLPPP Protect
nxT1
MLPPP
IP Services Internet
AAA
MLPPP
MLPPP
MLPPP
MLPPP
MLPPP MLPPP
DO-DOM
DACS
MLPPP
Aggregation Multilayer Router Switch Cisco ESR10008 Cisco 6509-E
RNC Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
EMS/OMC
8
MPLS Layer 2 VPNs Similar to existing circuit switched environment Leverage the existing installed gear
Provide circuit-based services in addition to packet/IP-based services Provide any-to-any connectivity Trunking Layer 2 over an MPLS network: Ethernet, Frame Relay, ATM, PPP, HDLC, SONET, TDM
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
9
MPLS Layer 2 VPNs • An L2VPN is comprised of switched connections between subscriber endpoints over a shared network • Non-subscribers do not have access to those same endpoints
SP Interconnection
Provider Edge
Remote Subscriber Location
SP Network
Provider Edge
Pseudowire
FR
ATM
Many subscriber encapsulations supportable
HDLC
PPP Ethernet
Some Layer 1 frame encapsulations are transportable under the framework of L2VPN. This is acceptable because (unlike native L1) Frames can be dropped due to congestion. Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
10
MPLS Layer 3 VPNs Associate to one or more interfaces on PE to a VPN Privatize an interface i.e., coloring of the interface Each VPN has its own routing table and forwarding table (CEF) Each VPN has its own instance for the routing protocol
(static, RIP, BGP, OSPF) Customer router runs standard routing software L3VPNs are similar to L2 VLANs in a switching environment
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
11
MPLS Converges Layer 2 & Layer 3 VPNs • Traffic Segmentation/Isolation via VPN Routing and Forwarding (VRF) • QOS Enabled
IP/MPLS Core
• Traffic Engineering
NOC ADMIN
• Secure
Network Management VRF AAA VRF
SS7
SS7oIP VRF Tandem Voice VRF
Si
Extranet VRF Lawful Intercept VRF
LEA 1 LEA 2 LEA 3
Si
Internet VRF
Internet
Mobile Roaming Voice VRF I/T
I/T Voice & Data VRF Content Provider/Partner VRF Corporation x VRF
APP1 APP 2 APP 3
Enterprise
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
12
MPLS Enabled Future Growth and Expansion MPLS provides scalability, flexibility and modularity to support constant and ongoing change MPLS increases network reliability – converged VPNs becomes a “system” rather than collection of disparate networks and components MPLS VPNs enable ongoing convergence with secure traffic segmentation between networks and strict traffic controls MPLS VPNs reduce costs while enabling and accelerating new revenue streams
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
13
Pop Quiz! Give two examples of what a VPN is. Give four examples of different types of VPNs. What are some benefits of using VPNs?
What VPN tunnel types are common in Mobile Data networks? What are two types of MPLS VPNs and what layers of the OSI model can they transport? What is key difference between the two types of MPLS VPNs? BONUS: Give four examples of VPNs in your network. Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
14
Presentation_ID
© 2006 Cisco Systems, Inc. All rights reserved.
Cisco Confidential
15
View more...
Comments