VPN

Virtual Private Networks (VPN)

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

1

What Is a Virtual Private Network (VPN)?  The Term VPN can be Broken Down into Common Sense Terms:  Network - A network consists of devices communicating through some arbitrary method. Devices include computers, routers, etc., which may reside in geographically diverse locations.  Private – “Private" means communications between two (or more) devices which is, in some fashion, secret. A private facility restricts access to a defined set of entities, and third parties cannot gain access. Devices NOT privy to the communicated content are unaware of the private relationship altogether. Data privacy and security are key aspects of a VPN. Conversely, a "public" facility is one that is openly accessible.  Virtual – The "virtualization" aspect is similar to the concept of privacy. The private communication is shared by more than a single organization, however, constructed by using logical partitioning of an underlying common, shared resource. These private networks are virtual creations with no private “physical” system. Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

2

What Is a Virtual Private Network (VPN)?  VPNs, while not physically separate, operate in a discrete fashion across a shared infrastructure.  VPNs provide exclusive communication environments that do not share any points of interconnection.

 VPNs can be built between two end systems, between two organizations, between several end systems within a single organization, between individual applications or between multiple organizations across the global Internet, or any combination.  Site may be in more than one VPN as VPNs may overlap.  Not all sites need be connected to the same service provider as a VPN can span multiple providers.  VPNs exist in several flavors including Frame Relay and ATM PVCs, IPSEC VPNs, Layer 2 VPNs, Layer 3 VPNs, and Tunneling Protocols Such as Generic Route Encapsulation (GRE). There are others.

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

3

Why use VPNs?  Need to Virtualize Some Portion, or All, of a Organization’s Network  Render Communications “Invisible” to External Observers  Support Economics of Communication by Bundling Numerous Fixed High Cost and Variable Low Cost Communication Services, into a Common Communications Platform – Amortize the High Cost Components over a Larger Number of Clients  Support Communications Privacy  Ability to Create Heterogeneous Networks Across Multiple Access Technologies and Service Providers

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

4

A VPN Example  Very Common VPN Model of Geographically Diverse Subnetworks  Belong to a Common Administrative Domain Sharing an Infrastructure Outside Their Administrative Control

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

5

Types of VPNs  Network Layer VPNs Based on IP (Layer 3 VPNs)  Overlay/Cut-Through VPNs (Layer 2 VPNs) – ATM, Frame Relay  Tunnels (Layer 2 and Layer 3) – PPP, GRE, PPTP, IPnIP, L2TP  Pseudo wires (Layer 2) –TDM, Ethernet

 MPLS VPNs (Layer 2 or Layer 3)  Transport and Application Layer VPNs  Non-IP VPNs – IPX, AppleTalk, SNA

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

6

Some VPN Types Frame Relay Overlay VPN

L2TP Tunnel

GRE Tunnel Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

7

VPN Tunnels in Mobile Data TCP/IP TCP/IP/PPP TCP/IP/

TCP/IP/PPP/GRE

PPP/GRE

TCP/IP/PPP/GRE/MLPPP

HA PE-1A

IP/MPLS PE-2A PDSN

SONET Channelized MLPPP OC-3/12 Working/ MLPPP Protect

nxT1

MLPPP

IP Services Internet

AAA

MLPPP

MLPPP

MLPPP

MLPPP

MLPPP MLPPP

DO-DOM

DACS

MLPPP

Aggregation Multilayer Router Switch Cisco ESR10008 Cisco 6509-E

RNC Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

EMS/OMC

8

MPLS Layer 2 VPNs  Similar to existing circuit switched environment  Leverage the existing installed gear

 Provide circuit-based services in addition to packet/IP-based services  Provide any-to-any connectivity  Trunking Layer 2 over an MPLS network: Ethernet, Frame Relay, ATM, PPP, HDLC, SONET, TDM

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

9

MPLS Layer 2 VPNs • An L2VPN is comprised of switched connections between subscriber endpoints over a shared network • Non-subscribers do not have access to those same endpoints

SP Interconnection

Provider Edge

Remote Subscriber Location

SP Network

Provider Edge

Pseudowire

FR

ATM

Many subscriber encapsulations supportable

HDLC

PPP Ethernet

Some Layer 1 frame encapsulations are transportable under the framework of L2VPN. This is acceptable because (unlike native L1) Frames can be dropped due to congestion. Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

10

MPLS Layer 3 VPNs  Associate to one or more interfaces on PE to a VPN Privatize an interface i.e., coloring of the interface  Each VPN has its own routing table and forwarding table (CEF)  Each VPN has its own instance for the routing protocol

(static, RIP, BGP, OSPF)  Customer router runs standard routing software  L3VPNs are similar to L2 VLANs in a switching environment

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

11

MPLS Converges Layer 2 & Layer 3 VPNs • Traffic Segmentation/Isolation via VPN Routing and Forwarding (VRF) • QOS Enabled

IP/MPLS Core

• Traffic Engineering

NOC ADMIN

• Secure

Network Management VRF AAA VRF

SS7

SS7oIP VRF Tandem Voice VRF

Si

Extranet VRF Lawful Intercept VRF

LEA 1 LEA 2 LEA 3

Si

Internet VRF

Internet

Mobile Roaming Voice VRF I/T

I/T Voice & Data VRF Content Provider/Partner VRF Corporation x VRF

APP1 APP 2 APP 3

Enterprise

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

12

MPLS Enabled Future Growth and Expansion  MPLS provides scalability, flexibility and modularity to support constant and ongoing change  MPLS increases network reliability – converged VPNs becomes a “system” rather than collection of disparate networks and components  MPLS VPNs enable ongoing convergence with secure traffic segmentation between networks and strict traffic controls  MPLS VPNs reduce costs while enabling and accelerating new revenue streams

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

13

Pop Quiz!  Give two examples of what a VPN is.  Give four examples of different types of VPNs.  What are some benefits of using VPNs?

 What VPN tunnel types are common in Mobile Data networks?  What are two types of MPLS VPNs and what layers of the OSI model can they transport?  What is key difference between the two types of MPLS VPNs?  BONUS: Give four examples of VPNs in your network. Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

14

Presentation_ID

© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Confidential

15