Download - © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs
![Page 1: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/1.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1
MPLS VPN Technology
Introducing VPNs
![Page 2: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/2.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-2
Outline
• Overview
• Traditional Router-Based Network Connectivity
• Advantages of VPNs
• VPN Terminology
• What Are the VPN Implementation Models?
• What Are Overlay VPN Technologies?
• What Are Peer-to-Peer VPN Technologies?
• What Are the Benefits of VPNs?
• What Are the Drawbacks of VPNs?
• Summary
![Page 3: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/3.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-3
Traditional Router-Based Networks
Traditional router-based networks connect customer sites through routers connected via dedicated point-to-point links.
![Page 4: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/4.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-4
Virtual Private Networks
• VPNs replace dedicated point-to-point links with emulated point-to-point links sharing common infrastructure.
• Customers use VPNs primarily to reduce their operational costs.
![Page 5: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/5.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-5
VPN Terminology
![Page 6: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/6.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-6
VPN Terminology (Cont.)
![Page 7: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/7.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-7
VPN Implementation Models
VPN services can be offered based on two major models:
• Overlay VPNs, in which the service provider provides virtual point-to-point links between customer sites
• Peer-to-peer VPNs, in which the service provider participates in the customer routing
![Page 8: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/8.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-8
Overlay VPNs: Hub-and-Spoke Topology
![Page 9: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/9.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-9
Overlay VPNs:Redundant Hub-and-Spoke Topology
![Page 10: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/10.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-10
Overlay VPNs:Layer 2 Implementation
This is the traditional switched WAN solution:
• The service provider establishes Layer 2 virtual circuits between customer sites.
• The customer is responsible for all higher layers.
![Page 11: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/11.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-11
Overlay VPNs:IP Tunneling
VPN is implemented with IP-over-IP tunnels:
• Tunnels are established with GRE or IPsec.
• GRE is simpler (and quicker); IPsec provides authentication and security.
![Page 12: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/12.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-12
Overlay VPNs:Layer 2 Forwarding
• VPN is implemented with PPP-over-IP tunnels.
• VPN is usually used in access environments (dialup, digital subscriber line).
![Page 13: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/13.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-13
Overlay VPNs:Layer 3 Routing
• The service provider infrastructure appears as point-to-point links to customer routes.
• Routing protocols run directly between customer routers.
• The service provider does not see customer routes and is responsible only for providing point-to-point transport of customer data.
![Page 14: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/14.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-14
Peer-to-Peer VPNs:Implementation Techniques
![Page 15: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/15.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-15
Peer-to-Peer VPNs:Packet Filters
![Page 16: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/16.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-16
Peer-to-Peer VPNs:Controlled Route Distribution
![Page 17: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/17.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-17
Benefits of VPN Implementations
• Overlay VPN:
– Well-known and easy to implement
– Service provider does not participate in customer routing
– Customer network and service provider network are well-isolated
• Peer-to-peer VPN:
– Guarantees optimum routing between customer sites
– Easier to provision an additional VPN
– Only sites provisioned, not links between them
![Page 18: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/18.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-18
Drawbacks of VPN Implementations
• Overlay VPN:
– Implementing optimum routing requires a full mesh of virtual circuits.
– Virtual circuits have to be provisioned manually.
– Bandwidth must be provisioned on a site-to-site basis.
– Overlay VPNs always incur encapsulation overhead.
• Peer-to-peer VPN:
– The service provider participates in customer routing.
– The service provider becomes responsible for customer convergence.
– PE routers carry all routes from all customers.
– The service provider needs detailed IP routing knowledge.
![Page 19: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/19.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-19
Summary
• Traditional router-based networks connect via dedicated point-to-point links.
• VPNs use emulated point-to-point links sharing a common infrastructure.
• The two major VPN models are overlay VPN and peer-to-peer VPN.
– Overlay VPNs use well-known technologies and are easy to implement.
– Overlay VPN virtual circuits must be provisioned manually.
– Peer-to-peer VPNs guarantee optimum routing between customer sites.
– Peer-to-peer VPNs require that the service provider participate in customer routing.
![Page 20: © 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-1 MPLS VPN Technology Introducing VPNs](https://reader035.vdocuments.net/reader035/viewer/2022062712/56649c9a5503460f94957e10/html5/thumbnails/20.jpg)
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—4-20