10. VPN Requirements IP/IP IPSec GRE L2TP MPLS Multiplexing y y y y Signaling y y y y Security y y Multi-protocol traffic y y y Frame Sequencing y y y Maintenance Large MTUs Minimization of Tunnel overhead Flow/Congestion Control y QoS/Traffic Management y
11.
12.
13.
14.
15.
16. Virtual Leased Lines CPE ISP Edge Router IP Backbone CPE ATM VCC ATM VCC IP Tunnel 10.0.0.5 10.0.0.6 10.0.0.4/30 ISP Edge Router Provides a point to point link between customer’s CPE devices ISP edge binds ATM VCC to a tunnel in IP backbone e.g. AAL5 payload is encapsulated in an IPSEC tunnel in backbone
17. Virtual Private Dial Networks CPE NAS IP Backbone Gateway Dial Up Connection 10.0.0.0 / 16 10.0.0.6 L2TP Tunnel Corporate Network L2TP – Layer 2 Tunneling Protocol LAC - L2TP Access Concentrator LNS – L2TP Network Server PPP frames are tunneled across IP backbone using L2TP L2 connection terminating at LAC avoids long distance dialup connection PPP session terminates at LNS LAC LNS
18.
19. Virtual Private Routed Networks CPE 1 PE Router IP Backbone PE Router CPE 1 10.1.1.0 / 30 PE Router CPE 1 Stub Link Stub Link IP Tunnel IP Tunnel IP Tunnel 10.3.3.0 / 30 Stub Link CPE 2 CPE 2 Stub Link Stub Link 10.2.2.0 / 30 10.5.5.0 / 30 10.6.6.0 / 30 P P P PE – Provider Edge CPE – Customer Premises Equipment P – Provider/Interior 10.1.1.1 10.5.5.1 10.0.0.1 157.0.0.1 Provider Backbone Outer IP Header Destination Address 157.0.0.1 Inner IP Header Destination Address 10.5.5.1 Customer data Encapsulation in IP/IP
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30. VR Model CPE 1 PE Router CPE 1 CPE 1 PE Router PE Router CPE 3 CPE 2 CPE 2 CPE 3 CPE 3 Backdoor Link S T U B L I N K S VPRN 1 VPRN 2 VPRN 3 VRF VRF VRF – VPN Routing and Forwarding Table VR Instance for CE 1 VR Instance for CE 2 VR Instance for CE 3